{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:37:00Z","timestamp":1767339420703,"version":"3.41.2"},"reference-count":44,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2022,4,26]],"date-time":"2022-04-26T00:00:00Z","timestamp":1650931200000},"content-version":"vor","delay-in-days":115,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000159","name":"Natural Resources Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000159","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,1,28]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>In order to efficiently manage and operate industrial-level production, an increasing number of industrial devices and critical infrastructure (CI) are now connected to the internet, exposed to malicious hackers and cyberterrorists who aim to cause significant damage to institutions and countries. Throughout the various stages of a cyber-attack, Open-source Intelligence (OSINT) tools could gather data from various publicly available platforms, and thus help hackers identify vulnerabilities and develop malware and attack strategies against targeted CI sectors. The purpose of the current study is to explore and identify the types of OSINT data that are useful for malicious individuals intending to conduct cyber-attacks against the CI industry. Applying and searching keyword queries in four open-source surface web platforms (Google, YouTube, Reddit, and Shodan), search results published between 2015 and 2020 were reviewed and qualitatively analyzed to categorize CI information that could be useful to hackers. Over 4000 results were analyzed from the open-source websites, 250 of which were found to provide information related to hacking and\/or cybersecurity of CI facilities to malicious actors. Using thematic content analysis, we identified three major types of data malicious attackers could retrieve using OSINT tools: indirect reconnaissance data, proof-of-concept codes, and educational materials. The thematic results from this study reveal an increasing amount of open-source information useful for malicious attackers against industrial devices, as well as the need for programs, training, and policies required to protect and secure industrial systems and CI.<\/jats:p>","DOI":"10.1093\/cybsec\/tyac003","type":"journal-article","created":{"date-parts":[[2022,4,26]],"date-time":"2022-04-26T16:45:12Z","timestamp":1650991512000},"source":"Crossref","is-referenced-by-count":7,"title":["Accessible from the open web: a qualitative analysis of the available open-source information involving cyber security and critical infrastructure"],"prefix":"10.1093","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0073-3437","authenticated-orcid":false,"given":"Yuxuan (Cicilia)","family":"Zhang","sequence":"first","affiliation":[{"name":"International CyberCrime Research Center (ICCRC), School of Criminology, Simon Fraser University , 8888 University Drive, Burnaby, BC, V5A 1S6, Canada"}]},{"given":"Richard","family":"Frank","sequence":"additional","affiliation":[{"name":"International CyberCrime Research Center (ICCRC), School of Criminology, Simon Fraser University , 8888 University Drive, Burnaby, BC, V5A 1S6, Canada"}]},{"given":"Noelle","family":"Warkentin","sequence":"additional","affiliation":[{"name":"International CyberCrime Research Center (ICCRC), School of Criminology, Simon Fraser University , 8888 University Drive, Burnaby, BC, V5A 1S6, Canada"}]},{"given":"Naomi","family":"Zakimi","sequence":"additional","affiliation":[{"name":"International CyberCrime Research Center (ICCRC), School of Criminology, Simon Fraser University , 8888 University Drive, Burnaby, BC, V5A 1S6, Canada"}]}],"member":"286","published-online":{"date-parts":[[2022,4,26]]},"reference":[{"key":"2022121515104631300_bib1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2018\/3794603","article-title":"Vulnerability analysis of network scanning on SCADA systems","volume":"2018","author":"Coffey","year":"2018","journal-title":"Secur Commun Netw"},{"key":"2022121515104631300_bib2","doi-asserted-by":"crossref","first-page":"4986","DOI":"10.1007\/s11227-018-2337-2","article-title":"Security threats to critical infrastructure: the human factor","volume":"74","author":"Ghafir","year":"2018","journal-title":"J Supercomp"},{"key":"2022121515104631300_bib3","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.ijcip.2019.01.002","article-title":"Extending the cyber-attack landscape for SCADA-based critical infrastructure","volume":"25","author":"Rodofile","year":"2019","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2022121515104631300_bib4","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1109\/MIS.2018.111145022","article-title":"Identifying SCADA systems and their vulnerabilities on the Internet of Things: a text-mining approach","volume":"33","author":"Samtani","year":"2018","journal-title":"IEEE Intell Syst"},{"key":"2022121515104631300_bib5","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1177\/0894439310392197","article-title":"Cyber-security and risk management in an interoperable world: an examination of governmental action in North America","volume":"30","author":"Quigley","year":"2012","journal-title":"Soc Sci Comp Rev"},{"journal-title":"National Strategy for Critical Infrastructure","year":"2009","author":"Public Safety Canada","key":"2022121515104631300_bib6"},{"key":"2022121515104631300_bib7","doi-asserted-by":"crossref","DOI":"10.21236\/ADA603165","volume-title":"Cyberterrorism after Stuxnet","author":"Chen","year":"2014"},{"key":"2022121515104631300_bib8","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/2380790.2380805","article-title":"A survey SCADA of and critical infrastructure incidents","volume-title":"Proceedings of the First Annual Conference on Research in Information Technology","author":"Miller","year":"2012"},{"volume-title":"Supplemental information for the interagency report on strategic U.S. Government engagement in international standardization to achieve U.S. objectives for cybersecurity","year":"2015","author":"National Institute of Standards and Technology","key":"2022121515104631300_bib9"},{"key":"2022121515104631300_bib10","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1016\/j.procs.2019.08.086","article-title":"Securing SCADA-based critical infrastructures: challenges and open issues","volume":"155","author":"Tariq","year":"2019","journal-title":"Proc Comp Sci"},{"key":"2022121515104631300_bib11","doi-asserted-by":"crossref","first-page":"860","DOI":"10.1109\/ASONAM.2016.7752338","article-title":"CyberTwitter: using Twitter to generate alerts for cybersecurity threats and vulnerabilities","author":"Mittal","year":"2016","journal-title":"Proceedings of the 2016 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)"},{"key":"2022121515104631300_bib12","doi-asserted-by":"crossref","first-page":"386","DOI":"10.1177\/1477370819849677","article-title":"Do cyber-birds flock together? Comparing deviance among social network members of cyber-dependent offenders and traditional offenders","volume":"18","author":"Kranenbarg","year":"2021","journal-title":"Eur J Criminol"},{"key":"2022121515104631300_bib13","doi-asserted-by":"crossref","first-page":"10282","DOI":"10.1109\/ACCESS.2020.2965257","article-title":"The not yet exploited goldmine of OSINT: opportunities, open challenges and future trends","volume":"8","author":"Pastor-Galindo","year":"2020","journal-title":"IEEE Access"},{"key":"2022121515104631300_bib14","doi-asserted-by":"crossref","first-page":"418","DOI":"10.1016\/j.cose.2012.02.009","article-title":"SCADA security in the light of cyber-warfare","volume":"31","author":"Nicholson","year":"2012","journal-title":"Comp Secur"},{"key":"2022121515104631300_bib15","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1016\/j.ijcip.2015.08.003","article-title":"A multi-layered and kill-chain based security analysis framework for cyber-physical systems","volume":"12","author":"Hahn","year":"2015","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2022121515104631300_bib16","first-page":"113","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill-chains","author":"Hutchins","year":"2010","journal-title":"Proceedings of the 6th International Conference on Information Warfare and Security"},{"key":"2022121515104631300_bib17","doi-asserted-by":"crossref","first-page":"1023","DOI":"10.1080\/07421222.2017.1394049","article-title":"Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence","volume":"34","author":"Samtani","year":"2017","journal-title":"J Manag Inf Syst"},{"key":"2022121515104631300_bib18","doi-asserted-by":"crossref","first-page":"689","DOI":"10.1016\/j.bushor.2018.02.001","article-title":"Open-source intelligence for risk assessment","volume":"61","author":"Hayes","year":"2018","journal-title":"Bus Horiz"},{"key":"2022121515104631300_bib19","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1016\/j.ijcip.2014.03.001","article-title":"Evaluation of the ability of the Shodan search engine to identify internet-facing industrial control services","volume":"7","author":"Bodenheim","year":"2014","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2022121515104631300_bib20","doi-asserted-by":"crossref","first-page":"75359","DOI":"10.1109\/ACCESS.2020.2988691","article-title":"Exploring Shodan from the perspective of industrial control systems","volume":"8","author":"Chen","year":"2020","journal-title":"IEEE Access"},{"key":"2022121515104631300_bib21","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/1290958.1290968","article-title":"Social phishing","volume":"50","author":"Jagatic","year":"2007","journal-title":"Commun ACM"},{"key":"2022121515104631300_bib22","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1145\/2808705.2808717","article-title":"The impact of social engineering on industrial control system security","author":"Green","year":"2015","journal-title":"Proceedings of the 1st ACM Workshop on Cyber-physical Systems \u2013 Security and\/or Privacy"},{"key":"2022121515104631300_bib23","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1109\/CSE.2009.205","article-title":"Towards automating social engineering using social networking sites","volume":"3","author":"Huber","year":"2009","journal-title":"Proceedings of the 2009 International Conference on Computational Science and Engineering"},{"key":"2022121515104631300_bib24","first-page":"16","article-title":"Critical infrastructure: understanding the threat","volume":"7","author":"Mansfield-Devine","year":"2018","journal-title":"Comp Fraud Secur"},{"key":"2022121515104631300_bib25","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2016.12.013","article-title":"Panning for gold: automatically analysing online social engineering attack surfaces","volume":"69","author":"Edwards","year":"2017","journal-title":"Comp Secur"},{"key":"2022121515104631300_bib26","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1007\/978-3-319-47671-1_8","article-title":"OSINT and the Dark Web","volume-title":"Open-Source Intelligence Investigation: From Strategy to Implementation","author":"Kalpakis","year":"2016"},{"article-title":"Policies for content posted by users on Search","year":"2021","author":"Google Search Help","key":"2022121515104631300_bib27"},{"article-title":"Harmful or dangerous content policy","year":"2021","author":"YouTube Help","key":"2022121515104631300_bib28"},{"article-title":"Reddit content policy","year":"2021","author":"Reddit","key":"2022121515104631300_bib29"},{"year":"2021","author":"Tor","key":"2022121515104631300_bib30"},{"year":"2021","author":"DuckDuckGo","key":"2022121515104631300_bib31"},{"key":"2022121515104631300_bib32","first-page":"303","article-title":"Text, image, audio, and video: making sense of non-numeric data","volume-title":"Research Decisions: Quantitative, Qualitative, and Mixed Method Approaches","author":"Palys","year":"2013","edition":"5th edn"},{"key":"2022121515104631300_bib33","first-page":"1","article-title":"IoT and the risk of internet exposure: Risk assessment using Shodan queries","author":"Albataineh","year":"2019","journal-title":"Proceedings of the 2019 IEEE 20th International Symposium on \u201cA World of Wireless, Mobile and Multimedia Networks\u201d (WoWMoM)"},{"key":"2022121515104631300_bib34","doi-asserted-by":"crossref","first-page":"0494","DOI":"10.1109\/CCWC47524.2020.9031172","article-title":"Privacy violating opensource intelligence threat evaluation framework: a security assessment framework for critical infrastructure owners","author":"Cartagena","year":"2020","journal-title":"Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC)"},{"journal-title":"Cybersecurity Threatscape: Q4 2018","year":"2018","author":"Positive Technologies","key":"2022121515104631300_bib35"},{"key":"2022121515104631300_bib36","doi-asserted-by":"crossref","first-page":"15.751.1","DOI":"10.18260\/1-2--16830","article-title":"Instructional algorithms enhance student understanding of PLC ladder logic programming","author":"Rehg","year":"2010","journal-title":"Proceedings of the 2010 Annual Conference and Exposition"},{"key":"2022121515104631300_bib37","article-title":"Project Basecamp at S4","author":"Peterson","year":"2012","journal-title":"Dale Peterson"},{"key":"2022121515104631300_bib38","article-title":"Project Basecamp \u2013 PLC Hacking Intro","author":"S4 Events","year":"2016","journal-title":"YouTube"},{"article-title":"Threat landscape for industrial automation systems: H2 2019","year":"2020","author":"Kaspersky ICS CERT","key":"2022121515104631300_bib39"},{"key":"2022121515104631300_bib40","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-018-0018-3","article-title":"From proof-of-concept to exploitable","volume":"2","author":"Wang","year":"2019","journal-title":"Cybersecur"},{"article-title":"Black hat highlights real danger of script kiddies","year":"2001","author":"Verton","key":"2022121515104631300_bib41"},{"key":"2022121515104631300_bib42","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1080\/0735648X.2010.9721287","article-title":"Social learning and cyber-deviance: examining the importance of a full social learning model in the virtual world","volume":"33","author":"Holt","year":"2010","journal-title":"J Crime Just"},{"key":"2022121515104631300_bib43","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s12103-021-09655-4","article-title":"Cybercrime, differential association, and self-control: knowledge transmission through online social learning","volume":"46","author":"Dearden","year":"2021","journal-title":"Am J Crim Just"},{"key":"2022121515104631300_bib44","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1177\/1362480614538645","article-title":"Digital drift and the criminal interaction order","volume":"19","author":"Goldsmith","year":"2015","journal-title":"Theor Criminol"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac003\/47918912\/tyac003.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac003\/47918912\/tyac003.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T23:09:05Z","timestamp":1671145745000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyac003\/6574440"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,1]]},"references-count":44,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1,28]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyac003","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"type":"print","value":"2057-2085"},{"type":"electronic","value":"2057-2093"}],"subject":[],"published-other":{"date-parts":[[2022,1,1]]},"published":{"date-parts":[[2022,1,1]]},"article-number":"tyac003"}}