Assess targeting options

An adversary may assess a target's operational security (OPSEC) practices in order to identify targeting options. A target may share different information in different settings or be more of less cautious in different environments. [1] [2]

ID: T1296
Sub-techniques:  No sub-techniques
Tactic: People Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender does not have access to information stored outside of defenders scope or visibility (e.g., log data for Facebook is not easily accessible). Defender has very infrequent visibility into an adversary's more detailed TTPs for developing people targets.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Information is out in the open for items that are available - part of this is ease of use for consumers to support the expected networking use case. OSINT can provide many avenues to gather intel which contain weaknesses. Developing and refining the methodology to exploit weak human targets has been done for years (e.g., spies).


  1. Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017.
  1. Brian Everstine. (2015, June 04). Carlisle: Air Force intel uses ISIS 'moron's' social media posts to target airstrikes. Retrieved March 9, 2017.