Open Source and Passive Information Gathering
As far as intelligence gathering goes, open source or passive information gathering is the least aggressive. Basically the process relies on obtaining information from those sources that are typically publicly available and out in the open. Potential sources include newspapers, websites, discussion groups, press releases, television, social networking, blogs, and innumerable other sources.
With a skilled and careful hand, it is more than possible to gather operating system and network information, public IP addresses, web server information, and TCP and UDP data sources, just to name a few.
Active Information Gathering
Active information gathering involves engagement with the target through techniques such as social engineering. Attackers tend to focus their efforts on the “soft target,” which tends to be human beings. A savvy attacker engages employees under different guises under various pretenses with the goal of socially engineering an individual to reveal information.
Pseudonymous involves gathering information from online sources that are posted by someone from the target but under a different name or in some cases a pen name. In essence the information is not posted under a real name or anonymously; it is posted under an assumed name with the intention that it will not be traced to the actual source.
A pretty straightforward method of gaining information is to just use the Internet. I’m talking about using techniques such as Google hacking (which uses Google Search and other Google apps to identify security holes in websites’ configuration and computer code) and other methods to find out what your target wants to hide (or doesn’t know is public information) that a malicious party can easily obtain and use.