{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T13:51:24Z","timestamp":1772113884708,"version":"3.50.1"},"reference-count":33,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2024,8,13]],"date-time":"2024-08-13T00:00:00Z","timestamp":1723507200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Commonwealth Cyber Initiative","award":["SWVA2023-2024"],"award-info":[{"award-number":["SWVA2023-2024"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data with requested content that is representative of what is sent to second parties. The mechanism for performing this is based on the sharing of falsified personal information through one-time online transactions that facilitate signup for newsletters, establish online accounts, or otherwise interact with resources on the Internet. The work has resulted in the real-time Use and Abuse of Personal Information OSINT collection engine that can ingest email, SMS text, and voicemail content at an enterprise scale. Foundations of this OSINT collection infrastructure are also laid to incorporate an artificial intelligence (AI)-driven interaction engine that shifts collection from a passive process to one that can effectively engage with different classes of content for improved real-world privacy experimentation and quantitative social science research.<\/jats:p>","DOI":"10.3390\/jcp4030027","type":"journal-article","created":{"date-parts":[[2024,8,14]],"date-time":"2024-08-14T06:23:05Z","timestamp":1723616585000},"page":"572-593","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine"],"prefix":"10.3390","volume":"4","author":[{"given":"Elliott","family":"Rheault","sequence":"first","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mary","family":"Nerayo","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jaden","family":"Leonard","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4313-1249","authenticated-orcid":false,"given":"Jack","family":"Kolenbrander","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5769-2590","authenticated-orcid":false,"given":"Christopher","family":"Henshaw","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Madison","family":"Boswell","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2437-3410","authenticated-orcid":false,"given":"Alan J.","family":"Michaels","sequence":"additional","affiliation":[{"name":"Virginia Tech National Security Institute, Blacksburg, VA 24060, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,13]]},"reference":[{"key":"ref_1","unstructured":"Roesner, F., Kohno, T., and Wetherall, D. (2012, January 3\u20135). Detecting and Defending against Third-Party Tracking on the Web. Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12), San Jose, CA, USA. Available online: https:\/\/www.usenix.org\/conference\/nsdi12\/technical-sessions\/presentation\/roesner."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Nguyen, T., Yeates, G., Ly, T., and Albalawi, U. (2023). A Study on Exploring the Level of Awareness of Privacy Concerns and Risks. Appl. Sci., 13.","DOI":"10.3390\/app132413237"},{"key":"ref_3","unstructured":"Kost, E. (2024, May 31). 10 Biggest Data Breaches in Finance. Available online: https:\/\/www.upguard.com\/blog\/biggest-data-breaches-financial-services."},{"key":"ref_4","unstructured":"Shoop, T. (2024, March 31). OPM To Send Data Breach Notifications to Federal Employees Next Week, Available online: https:\/\/www.govexec.com\/technology\/2015\/06\/opm-send-data-breach-notifications-federal-employees-next-week\/114556\/."},{"key":"ref_5","unstructured":"Ekran System (2024, July 09). 7 Examples of Real-Life Data Breaches Caused by Insider Threats. Available online: https:\/\/www.ekransystem.com\/en\/blog\/real-life-examples-insider-threat-caused-breaches."},{"key":"ref_6","unstructured":"Clement, N. (2023, January 5\u20138). M&A Effect on Data Breaches in Hospitals: 2010\u20132022. Proceedings of the 22nd Workshop on the Economics of Information Security, Geneva, Switzerland. Available online: https:\/\/weis2023.econinfosec.org\/wp-content\/uploads\/sites\/11\/2023\/06\/weis23-clement.pdf."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ablon, L., Heaton, P., Lavery, D.C., and Romanosky, S. (2016). Consumer Attitudes towards Data Breach Notifications and Loss of Personal Information, RAND Corporation. Technical Report.","DOI":"10.7249\/RR1187"},{"key":"ref_8","unstructured":"Staniforth, A. (2024, July 08). Big Data and Open Source Intelligence\u2014A Game-Changer for Counter-Terrorism. Available online: https:\/\/trendsresearch.org\/insight\/big-data-and-open-source-intelligence-a-game-changer-for-counter-terrorism\/."},{"key":"ref_9","unstructured":"Gill, R. (2024, May 31). What Is Open Source Intelligence?. 2023., Available online: https:\/\/www.sans.org\/blog\/what-is-open-source-intelligence\/."},{"key":"ref_10","unstructured":"Sanghani Center for Artificial Intelligence & Data Analytics (2024, July 09). IARPA EMBERS. Available online: https:\/\/dac.cs.vt.edu\/research-project\/embers\/."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Ramakrishnan, N., Butler, P., Muthiah, S., Self, N., Khandpur, R., Saraf, P., Wang, W., Cadena, J., Vullikanti, A., and Korkmaz, G. (2014, January 24\u201327). \u2018Beating the news\u2019 with EMBERS: Forecasting civil unrest using open source indicators. Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD\u201914), New York, NY, USA.","DOI":"10.1145\/2623330.2623373"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"223","DOI":"10.3390\/jcp4020011","article-title":"Trustworthiness of Situational Awareness: Significance and Quantification","volume":"4","author":"Munir","year":"2024","journal-title":"J. Cybersecur. Priv."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"689","DOI":"10.1016\/j.bushor.2018.02.001","article-title":"Open-source intelligence for risk assessment","volume":"61","author":"Hayes","year":"2018","journal-title":"Bus. Horiz."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alzahrani, I., Lee, S., and Kim, K. (2024). Enhancing Cyber-Threat Intelligence in the Arab World: Leveraging IoC and MISP Integration. Electronics, 13.","DOI":"10.3390\/electronics13132526"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Herrera-Cubides, J.F., Gaona-Garc\u00eda, P.A., and S\u00e1nchez-Alonso, S. (2020). Open-Source Intelligence Educational Resources: A Visual Perspective Analysis. Appl. Sci., 10.","DOI":"10.3390\/app10217617"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1007\/s42488-022-00068-4","article-title":"A system for organizing, collecting, and presenting open-source intelligence","volume":"4","author":"Khan","year":"2022","journal-title":"J. Data Inf. Manag."},{"key":"ref_17","unstructured":"Mahlangu, T., January, S., Mashiane, T., Dlamini, M., and Ngobeni, S. (March, January 28). \u2018Data Poisoning\u2019\u2014Achilles Heel of Cyber Threat Intelligence Systems. Proceedings of the 14th International Conference on Cyber Warfare and Security (ICCWS 2019), Stellenbosch, South Africa. Available online: https:\/\/researchspace.csir.co.za\/dspace\/handle\/10204\/10853."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"tyac003","DOI":"10.1093\/cybsec\/tyac003","article-title":"Accessible from the open web: A qualitative analysis of the available open-source information involving cyber security and critical infrastructure","volume":"8","author":"Zhang","year":"2022","journal-title":"J. Cybersecur."},{"key":"ref_19","first-page":"102715","article-title":"ETIP: An Enriched Threat Intelligence Platform for improving OSINT correlation, analysis, visualization and sharing capabilities","volume":"58","author":"Faiella","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1027","DOI":"10.1007\/s11948-013-9473-0","article-title":"Ethical Considerations when Employing Fake Identities in Online Social Networks for Research","volume":"20","author":"Elovici","year":"2014","journal-title":"Sci. Eng. Ethics"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Elishar, A., Fire, M., Kagan, D., and Elovici, Y. (2012, January 14\u201316). Organizational Intrusion: Organization Mining Using Socialbots. Proceedings of the 2012 International Conference on Social Informatics, Alexandria, VA, USA.","DOI":"10.1109\/SocialInformatics.2012.39"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Bos, N., Karahalios, K., Musgrove-Ch\u00e1vez, M., Poole, E.S., Thomas, J.C., and Yardi, S. (2009, January 4\u20139). Research ethics in the Facebook era. Proceedings of the CHI \u201909 Extended Abstracts on Human Factors in Computing Systems, New York, NY, USA.","DOI":"10.1145\/1520340.1520402"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. (2009, January 20\u201324). All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks. Proceedings of the 18th International Conference on World Wide Web (WWW\u201909), New York, NY, USA.","DOI":"10.1145\/1526709.1526784"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"708","DOI":"10.1089\/cyber.2012.0334","article-title":"Ethics of Social Media Research: Common Concerns and Practical Considerations","volume":"16","author":"Moreno","year":"2013","journal-title":"Cyberpsychol. Behav. Soc. Netw."},{"key":"ref_25","unstructured":"Homeland Security Public-Private Analytic Exchange Program (2024, July 08). Ethics & OSINT Scorecard, Available online: https:\/\/www.dhs.gov\/sites\/default\/files\/2023-09\/23_0829_oia_Ethics-OSINT-Scorecard_508.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Kolenbrander, J., Husmann, E., Henshaw, C., Rheault, E., Boswell, M., and Michaels, A. (2024). Robust Generation of Fake IDs for Privacy Experimentation. J. Cybersecur. Privacy Spec. Issue Build. Community Good Pract. Cybersecur., accepted.","DOI":"10.3390\/jcp4030026"},{"key":"ref_27","unstructured":"Michaels, A.J. (August, January 31). Use and Abuse of Personal Information. Proceedings of the Blackhat USA 2021, Virtual. Available online: https:\/\/i.blackhat.com\/USA21\/Wednesday-Handouts\/us-21-Michaels-Use-And-Abuse-Of-Personal-Information-wp.pdf."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Harrison, J., Lyons, J., Anderson, L., Maunder, L., O\u2019Donnell, P., George, K.B., and Michaels, A.J. (2021, January 2\u20133). Quantifying Use and Abuse of Personal Information. Proceedings of the 2021 IEEE International Conference on Intelligence and Security Informatics (ISI), San Antonio, TX, USA.","DOI":"10.1109\/ISI53945.2021.9624816"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Sharma, V., Saxena, H.K., and Singh, A.K. (2020, January 5\u20137). Docker for Multi-containers Web Application. Proceedings of the 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Bangalore, India.","DOI":"10.1109\/ICIMIA48430.2020.9074925"},{"key":"ref_30","unstructured":"Mili, H., Elkharraz, A., and Mcheick, H. (2004, January 22\u201326). Understanding separation of concerns. Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, Lancaster, UK. Available online: https:\/\/citeseerx.ist.psu.edu\/document?repid=rep1&type=pdf&doi=4b53c4af6254e7530fa4652d6fb0013680835ab1#page=76."},{"key":"ref_31","first-page":"11756","article-title":"MERN Stack Web Development","volume":"25","author":"Mehra","year":"2021","journal-title":"Ann. RSCB"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Chen, Y.C., and Wu, S.F. (2018, January 26\u201328). FakeBuster: A Robust Fake Account Detection by Activity Analysis. Proceedings of the 2018 9th International Symposium on Parallel Architectures, Algorithms and Programming (PAAP), Taipei, Taiwan.","DOI":"10.1109\/PAAP.2018.00026"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Kondeti, P., Yerramreddy, L.P., Pradhan, A., and Swain, G. (2021). Fake Account Detection Using Machine Learning. Evolutionary Computing and Mobile Sustainable Networks, Springer.","DOI":"10.1007\/978-981-15-5258-8_73"}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/3\/27\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:35:54Z","timestamp":1760110554000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/3\/27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,13]]},"references-count":33,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,9]]}},"alternative-id":["jcp4030027"],"URL":"https:\/\/doi.org\/10.3390\/jcp4030027","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,13]]}}}