Research by the method of an extended systematical literature review E-SLR the problem of ensuring the security of personal data when using OSINT

Objective. The amount of personal data in open sources increases, which makes it possible for third parties to access it using open source intelligence (OSINT) methods, which can be used for malicious purposes. The aim of the work is to identify threats and existing methods and means of ensuring the security of a user's personal data and his reputation when using OSINT by intruders, as well as to identify the main problems in protecting user PD taking into account OSINT. Method. The study uses an extended method of systematic literature review (e-SLR), which is a systematic literature review (SLR) supplemented by responses from ChatGPT, GigaCHAT, YndexGPT neural networks. Result. 41 sources were received for the analysis of the problem, on the basis of which threats to personal data were identified: violation of the confidentiality of personal data and the operation of information systems, targeted attacks using social engineering, password disclosure, espionage; protection tools: data processing before publication, anonymization and depersonalization, limitation of personal data, selection of sites, protection using OSINT, creation of complex passwords, use of protection tools, organizational measures; problems in the development of protection tools: working with big data, unreliability of information and sources, labor-intensiveness of data analysis, technical limitations, bias, ethical and legal aspects. Conclusion. The results were used to develop models for protecting personal data in open sources, methods and means for detecting and preventing violations of their security.

1. Gryzunov V. V. Features of the application of technological methods in social engineering. V. V. Gryzunov, O. S. Shkreba. Technical and technological problems of service. 2018:4 (46): 90-94. (In Russ)

2. Selection of trust models in the integration of distributed information systems of critical application.V. V. Gryzunov, A. A. Kornienko, M. L. Glukharev, A. S. Kryukov. Problems of information security. Computer systems. 2021; 4:. 79-90. - DOI 10.48612/jisp/ev3e-fmtu-x25h. (In Russ)

3. Romanova, N. N., V. V. Gryzunov Features of the organization of safe application development using extreme programming methods. Information technologies and systems: management, economics, transport, law. 2022;4 (44): 78-86. (In Russ)

4. Gryzunov, V. V. Model of targeted aggressive actions on the information and computing system / V. V. Gryzunov // The human factor in complex technical systems and environments (Ergo-2018): Proceedings of the Third international scientific and practical conference, St. Petersburg, July 07, 2018 / Edited by A. N. Anokhin, A. A. Oboznov, P. I. Paderno, S. F. Sergeev. - St. Petersburg: Interregional public organization "Ergonomic Association", 2018; 300-305. (In Russ)

5. Dvoryankin O. A. OSINT, Pentest and Netstalking Information Technologies of the Internet. National Association of Scientists. 2022; 84-2: 6-13. (In Russ)

6. Gryzunov, V. V. Conceptual Model of Adaptive Control of a Geoinformation System in the Context of Destabilization. Problems of Information Security. Computer Systems. 2021;1: 102-108. (In Russ)

7. Hwang Y. W. et al. Current Status and Security Trends of OSINT. Wireless Communications and Mobile Computing. 2022; 2022.

8. Gryzunov, V. V. Structural and Functional Synthesis of an Intrusion Prevention System Model. Problems of Information Security. Computer Systems. 2006; 2:31-38. (In Russ)

9. Unguryanu T.N., Zhamalieva L.M., Grzhibovsky A.M. Brief recommendations for preparing systematic reviews for publication. West Kazakhstan Medical Journal. 2019. No. 1 (61)., URL: https://cyberleninka.ru/article/n/kratkierekomendatsii-po-podgotovke-sistematicheskih-obzorov-k-publikatsii (date of access: 21.11.2023).

10. Modern technologies for searching information in open sources Dvoryankin O.A., Klochkova E.N. In the collection: Information security: yesterday, today, tomorrow. Collection of articles based on the materials of the VI All-Russian scientific and practical conference. Moscow, 2023; 64-68. (In Russ)

11. Șandor A. An Intelligence Perspective on Privacy and Data Protection Risks in Social Media. International confer-ence knowledge-based organization. 2020; 26(1): 151-156.

12. Kolosov D. V. Development of a system for searching for information about individuals based on open data using artificial intelligence technologies. 38.03. 05 Business Informatics. 2021. (In Russ)

13. Identification of sources of threats to the information security of state information systems based on open data on the Internet Gladnev V.V., Maly M.V., Stoychin K.L., Ponomareva O.A. Identification of sources of threats to the information security of state information systems based on open data on the Internet. In the collection: Security of information space. Supplement to the collection of scientific papers of the XXI All-Russian scientific and practical conference of students, graduate students and young scientists. Ekaterinburg, 2023;31-34. (In Russ)

14. Pastor-Galindo J. et al. The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends // IEEE Access. 2020; 8:10282-10304.

15. Abramova A. G. Modern problems of implementing personal data protection on the network: fundamental principles of personal data protection. Region and the World. 2020;4:21-25. (In Russ)

16. Kolomytsev A. S., Verdiev O. R. How to prevent personal data leakage. StudNet. 2022; 5.(7): 7857-7864. (In Russ)

17. Borisov R. S., Efimenko A. A. Protocol for anonymizing data sets for publication in open sources. Legal informatics. 2023; 2. (In Russ)

18. Volozhanina D. N. Revision of the procedure for assessing security using OSINT methods in an unstable international political situation. Actual problems of aviation and cosmonautics. 2022; 261-264. (In Russ)

19. Evangelista J. R. G. et al. Systematic literature review to investigate the application of open source intelligence (OSINT) with artificial intelligence. Journal of Applied Security Research. 2021; 16(3): 345-369.

20. Tundis A., Ruppert S., Mühlhäuser M. A feature-driven method for automating the assessment of OSINT cyber threat sources // Computers & Security. 2022; 113: 102576.

21. Stodelov D., Miloslavskaya N. Open Source INTelligence Tools.Procedia Computer Science. 2022; 213: 83-88.

22. Bryushinin A. O., Dushkin A. V., Melshiyan M. A. Automation of the Information Collection Process by Osint Methods for Penetration Testing During Inf.

23. Ensuring Information Security Using Open Source Intelligence (OSINT) Sharmaev V.I., Andreeva Ya.A., Vasilevsky K.A. Information Security Issues. 2022; 2 (137): 45-50. (In Russ)

24. Godunov D.A., Gunaev A.I. Information Security on the Network, Methods of Conducting Cyber Intelligence and Protecting Against It. Scientific Aspect. 2021; 2( 2):179-189. (In Russ)

25. Oleksii Kuchmai T.S. Using open source intelligence (OSINT) as one of the effective and legitimate ways to avoid threats to the corporation // Scientific and practical cyber security journal. 2021.

26. Danilenko, V. P. Using open data (OSINT) in targeted attacks. Automation in industry. 2023;7:30-31. (In Russ)

27. Detection of targeted attacks by a web-oriented deception system based on the anti-classification algorithm Vishnevsky A.S., Klyucharev P.G. Neurocomputers: development, application. 2020; 22(3): 5-17. (In Russ)

28. Matetsky M.A.Tools for counteracting organizational data security. School of Young Innovators. 2023:80-83(In Russ)

29. Kanta A., Coisel I., Scanlon M. A survey exploring open source Intelligence for smarter password cracking. Forensic Science International: Digital Investigation. 2020: 35: 301075.

30. Kanta A., Coisel I., Scanlon M. Smarter password guessing techniques leveraging contextual information and OSINT. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, 2020; 1-2.

31. Mironova N. G. Arsenal of technologies and methods of information counteraction. Current aspects of the development of science and society in the era of digital transformation. 2023;120-128. (In Russ)

32. Repetiy, E.O. Ways to protect personal data on the Internet. Scientific aspect. 2023; 8( 3): 963-968. (In Russ)

33. Sidorova, M. E. Open source intelligence and its application to solving cybersecurity problems / M. E. Sidorova, A. R. Kuzmin // Bulletin of the Russian New University., Series: Complex systems: models, analysis and management. 2023; 1:61-74. – DOI 10.18137/RNU.V9187.23.01.P.61. – EDN KKCSVG. (In Russ)

34. Kassim S. R. B. M., Li S., Arief B. How national CSIRTs leverage public data, OSINT and free tools in operational practices: An empirical study. Cyber Security: A Peer-Reviewed Journal. 2022;5(3):251-276.

35. Riebe T. et al. Values and Value Conflicts in the Context of OSINT Technologies for Cybersecurity Incident Re-sponse: A Value Sensitive Design Perspective.Computer Supported Cooperative Work (CSCW). 2023;1-47.

36. Govardhan D. et al. Key Challenges and Limitations of the OSINT Framework in the Context of Cybersecurity // 2023 2nd International Conference on Edge Computing and Applications (ICECAA). – IEEE, 2023;236-243.

37. González-Granadillo G. et al. ETIP: An Enriched Threat Intelligence Platform for improving OSINT correlation, analysis, visualization and sharing capabilities. Journal of Information Security and Applications. 2021;58:102715.

38. AlKilani H., Qusef A. OSINT techniques integration with risk assessment ISO/IEC 27001.International Conference on Data Science, E-Learning and Information Systems 2021; 2021: 82-86.

39. Lee D., Lee H. K. Study on OSINT-Based Security Control Monitoring Utilization Plan.International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel, Distributed Computing. Cham: Springer International Publishing, 2022; 161-172.

40. Using OSINT to Monitor Threats Zhulev A.S. In the book: Information Security Issues in Modern Conditions. Proceedings of the Student Scientific and Practical Conference. Samara, 2022;8. (In Russ)

41. Ivanov V. Yu. Using OSINT in Detecting and Investigating Crimes. Bulletin of the Ural Law Institute of the Ministry of Internal Affairs of Russia. 2023;1(37):62-66. (In Russ)

42. Hubbard J., Bendiab G., Shiaeles S. IPASS: A Novel Open-Source Intelligence Password Scoring System // 2022 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 2022; 90-95.

43. Tarakdzhi M. Ya., Ortiz S., Payusova T. I. Ensuring data protection from leaks through open sources // Mathematical and information modeling. 2023; 388-399. (In Russ)

44. Characteristics of OSINT and the effectiveness of its use Bondarenko N.A., Guseva T.M. In the collection: Problems of design, application and security of information systems in the digital economy., Proceedings of the XXII International Scientific and Practical Conference. Rostov-on-Don. 2022;322-327. (In Russ)

45. Kachalov, A. G. Training of specialists in working with open data on the Internet (OSINT) in civil and departmental universities / A. G. Kachalov, M. M. Lantaev. Legal science: history and modernity. 2021;9: 98-106. – EDN MXKJOE.

46. Khan S., Wallom D. A system for organizing, collecting, and presenting open-source intelligence. Journal of Data, Information and Management. 2022; 4(2): 107-117.

47. Filatova D.K., Oblasov A.A. The Role of Artificial Intelligence in Open Source Intelligence (OSINT) // Science, Innovation and Technology: from Ideas to Implementation. 2022: 297-299. (In Russ)

48. Suryotrisongko H. et al. Robust botnet DGA detection: Blending XAI and OSINT for cyber threat intelligence shar-ing. IEEE Access. 2022; 10: 34613-34624.