Cybersecurity Awareness and Training through a Multidisciplinary OSINT Course Project

Alyssa Mendlein; Aunshul Rege; Thuy-Trinh Nguyen

Download Paper | Permalink

Conference: 2020 ASEE Virtual Annual Conference Content Access
Location: Virtual On line
Publication Date: June 22, 2020
Start Date: June 22, 2020
End Date: June 26, 2021
Conference Session: Computing and Information Technology Division Technical Session 2
Tagged Division: Computing and Information Technology
Tagged Topic: Diversity
Page Count: 14
DOI: 10.18260/1-2--34367
Permanent URL: https://peer.asee.org/34367
Download Count: 471

Request a correction

Paper Authors

biography

Alyssa Mendlein Temple University

visit author page

Alyssa is a PhD student in the Department of Criminal Justice at Temple University. She earned a Bachelor of Arts in Psychology from Boston University and a Master of Philosophy in Criminological Research from the University of Cambridge. She is now working on an NSF CAREER grant for Dr. Aunshul Rege, exploring adversarial decision-making and cybersecurity education innovation.

visit author page

biography

Thuy-Trinh Nguyen Temple University

visit author page

Trinh is a PhD student in the Department of Criminal Justice at Temple University. She earned a Bachelor of Arts in Criminology, Law, and Society from the University of California, Irvine and a Master of Science from the California State University, Long Beach in Criminology and Criminal Justice. She is currently working on the NSF CAREER grant for Dr. Aunshul Rege, exploring adversarial decision-making and cybersecurity education innovation.

visit author page

biography

Aunshul Rege Temple University

visit author page

Dr. Rege is an Associate Professor with the Department of Criminal Justice at Temple University. Her National Science Foundation sponsored research projects address critical infrastructure and proactive cybersecurity, cyberadversarial decision-making and adaptations across intrusion chains, cyber and cyber-physical security, and advancing cybersecurity education in multiple STEM fields.

visit author page

Download Paper | Permalink

Abstract

Open Source Intelligence (OSINT) is the process of gathering information that is readily obtainable through free access to public resources, and it has particular value currently as technological advances have increased the amount and accessibility of publicly available material. OSINT can be used offensively or defensively, such as by malicious actors or law enforcement; in fact, government agencies can, and do, use OSINT in both ways. Because of the importance of OSINT in offensive and defensive maneuvers in both the public and private spheres, there is utility in teaching students who could work in a variety of fields about the advantages and dangers of OSINT. This paper shares one educator’s experience creating and implementing an OSINT-inspired undergraduate classroom activity.

The following case study includes a detailed undergraduate course project description, with the logistics and scope for both technical OSINT and physical OSINT components. In the first part, student teams were given eight clues, which they could solve using any basic internet search engines. Each clue’s answer was a two-digit code; the clues were then assembled sequentially to reveal the latitude and longitude of a building on campus. In the second part, teams had to visit the identified building and complete physical observations, including typical clothing worn by occupants, ingress and egress points, entry requirements, and security protocols. They also had to locate a specific target within the building using a unique image as a clue that was provided by the educator. The goal for this project was for students to understand how information publicly available online could be harvested and pieced together to create individual profiles, identify schedules, and even design spear (targeted) phishing attacks. The course project was conducted in the Spring 2019 semester, with multidisciplinary undergraduate students. Both of the technical and physical OSINT projects were allotted 80 minutes. Student teams provided an in-class presentation and a final report about their experiences, and also completed an online evaluation survey asking them to rate the OSINT projects. This project was approved by the university’s ethics board.

Overall, students thought the project was fun and interesting, with many students enjoying the “scavenger hunt” aspect of the activity the best. Most students felt that the project went well, and they had few failures or challenges. Interestingly, most students recommended increasing the project difficulty. A key survey finding was that students indicated an increased awareness of the accessibility of public information, and some students mentioned that they could see how this information could be utilized for malicious or positive purposes, such as in the course of cybercrime or law enforcement. Finally, this paper summarizes lessons that were learned by the educator, including those related to ethical considerations, project design, and modifications for future implementations. The authors hope that this case study encourages educators across multiple disciplines to include OSINT-related activities within their curriculum to not only raise awareness about the many uses of OSINT, but also better prepare students for future employment across a variety of important fields.

Citation
Format

Mendlein, A., & Nguyen, T., & Rege, A. (2020, June), Cybersecurity Awareness and Training through a Multidisciplinary OSINT Course Project Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34367

TY  - CPAPER
AB  - Open Source Intelligence (OSINT) is the process of gathering information that is readily obtainable through free  access to public resources, and it has particular value currently as technological advances have increased the amount and accessibility of publicly available material. OSINT can be used offensively or defensively, such as by malicious actors or law enforcement; in fact, government agencies can, and do, use OSINT in both ways. Because of the importance of OSINT in offensive and defensive maneuvers in both the public and private spheres, there is utility in teaching students who could work in a variety of fields about the advantages and dangers of OSINT. This paper shares one educator’s experience creating and implementing an OSINT-inspired undergraduate classroom activity. 

The following case study includes a detailed undergraduate course project description, with the logistics and scope for both technical OSINT and physical OSINT components. In the first part, student teams were given eight clues, which they could solve using any basic internet search engines. Each clue’s answer was a two-digit code;  the clues were then assembled sequentially to reveal the latitude and longitude of a building on campus. In the second part, teams had to visit the identified building and complete physical observations, including typical clothing worn by occupants, ingress and egress points, entry requirements, and security protocols. They also had to locate a specific target within the building using a unique image as a clue that was provided by the educator. The goal for this project was for students to understand how information publicly available online could be harvested and pieced together to create individual profiles, identify schedules, and even design spear (targeted) phishing attacks. The course project was conducted in the Spring 2019 semester, with multidisciplinary undergraduate students. Both of the technical and physical OSINT projects were allotted 80 minutes. Student teams provided an in-class presentation and a final report about their experiences, and also completed an online evaluation survey asking them to rate the OSINT projects. This project was approved by the university’s ethics board.

Overall, students thought the project was fun and interesting, with many students enjoying the “scavenger hunt” aspect of the activity the best. Most students felt that the project went well, and they had few failures or challenges. Interestingly, most students recommended increasing the project difficulty. A key survey finding was that students indicated an increased awareness of the accessibility of public information, and some students mentioned that they could see how this information could be utilized for malicious or positive purposes, such as in the course of cybercrime or law enforcement. Finally, this paper summarizes lessons that were learned by the educator, including those related to ethical considerations, project design, and modifications for future implementations. The authors hope that this case study encourages educators across multiple disciplines to include OSINT-related activities within their curriculum to not only raise awareness about the many uses of OSINT, but also better prepare students for future employment across a variety of important fields.

AU  - Alyssa Mendlein
AU  - Thuy-Trinh Nguyen
AU  - Aunshul Rege
CY  - Virtual On line 
DA  - 2020/06/22
PB  - ASEE Conferences
TI  - Cybersecurity Awareness and Training through a Multidisciplinary OSINT Course Project
UR  - https://peer.asee.org/34367
DO  - 10.18260/1-2--34367
ER  -