OSINT Wolves of Wall Street - gathering information on companies in open sources

Nowadays, OSINT is most often associated with the analysis of threats, journalistic investigations and the verification of information, for example, from places where military operations are being conducted. However, if we zoom out a bit and look at the phenomenon of collecting publicly available information and analyzing it in order to achieve specific results, it forms the basis of one of the most important institutions of modern economy - the stock exchange. In the model approach, the price of shares of a given company, or more broadly its capitalization, on the stock exchange should be the result of investors' assessment of how much the company is actually worth - and if the price is attractive compared to the real assets of the enterprise, staying on shares leads to an increase in their price and vice versa. versa - if the price seems too high to investors, they sell the shares, which leads to a drop in price. This is, of course, a very large simplification, the share price is primarily valued in the future, i.e. if the share price is currently, e.g. that soon the price will be much higher. Moreover, the value of publicly available information is emphasized and protected by the exchange institution itself. Making transactions on the basis of information available only to a given person, e.g. due to the position they occupy, is so-called insider trading and is a criminal offense.

However, when it comes to the OSINT analysis, stock market analysts move rather in the sphere of the first example - called "value investing"That is, searching for companies whose price on the stock exchange is underestimated in relation tothe real value of its resources. Thus, it can be said that some of the first OSINT analysts were Benjamin Graham and David Dodd, the first to publish "Intelligent Investor"And together they are the authors of"Security Analysis”Which are one of the most important books in the field of value investing. Even if we decide to conduct a thorough analysis of the company's value and compare it with the value on the stock exchange, we cannot, of course, be sure that we will buy shares at a favorable price for us - if it depended on a dry analysis of the available information and mathematical calculation of the value, the stock market would not actually exist in current form. All stocks would be adequately valued by institutional investors, and buying or selling them would not bring tangible returns. Here, for the sake of accuracy, it should be noted that to some extent such a situation may occur. In the 1970s, Graham began to suggest that active management of an asset portfolio would not bring more profits than a passive investment in the stock market index - a collection of instruments such as the SP500 - the 500 largest companies on the US stock market. Similarly, Warren Buffet argued, who in 2008 made a bet that, taking into account the management costs, no active instrument management fund will achieve better results over 10 years than investing in a low-cost fund that only reflects the results of the SP500 index. Buffet won that bet.

However, this post is not about investment strategies, but about collecting and analyzing information. Graham and Dodd would certainly rub their eyes in amazement for a long time seeing how many tools are available today for securities analysts. Since companies are rather public entities, we will omit the directly accessible ones here, which can be obtained by simply entering the name into Google, and we will focus on less obvious sources. Unfortunately, it is difficult to find centralized databases of information about companies, most often in order to obtain accurate information required by regulatory entities, we will have to consult local databases. Let's start, however, with more geographically independent tools.

OpenCorporates.com is the most extensive database of business entities, cataloging companies from around the world. Importantly, OpenCorporates solves the problem of searching for appropriate databases - it will itself provide us with a link to the appropriate national registry. This is not effective in the 100% due to the number of registers and possible frequent changes in their functioning, but even if the link does not lead directly to the local data of the company, it will show us the way of the right search. Let's see how it looks in practice, by entering "polsat" in the search engine, we will find 34 companies, including 14 in Poland and the rest scattered around the world:

If we now switch to "CYFROWY POLSAT SPÓŁKA AKCYJNA", we will see a short record of the entity together with a link to the register:

This is just one of those examples where the link will not lead directly to the equivalent of the entry - as we can see, the link is from 2011, so a lot could have changed in the meantime. However, we will still be correctly directed to the KRS search engine, which will allow us to find the right documentation.

Then we can look at Polsat License Ltd registered in Switzerland:

Here the link leads directly to the appropriate entry in the regional register:

Regardless of the longitude, we can also use techniques that allow you to get a little more out of the search results. We will use the so-called Google Dorks that is, search operators that will help us filter the results. We can start by focusing on documents instead of websites, to make the examples more expressive, we will take the American aviation company Boeing and the "filetype" operator that will allow us to search for selected types of files, so the search focused on documents will look like this:

boeing filetype: pdf OR filetype: doc OR filetype: docx OR filetype: xls OR filetype: xlsx OR filetype: ppt OR filetype: pptx

Personally, I like to focus on PowerPoint and Word files the most - PDFs are very often various types of advertising folders, while finding dry Office files can sometimes lead to materials that are not necessarily meant to be published. Additionally, to make the query even more attractive, we can add words related to classified documents:

boeing (filetype: ppt OR filetype: pptx OR filetype: doc OR filetype: docx) AND (internal | sensitive | secret | top secret)

Unfortunately (or for those collecting information fortunately) it is still a common practice to leave documents on open S3 buckets, we can similarly look around for interesting documents:

boeing site: http: //s3.amazonaws.com confidential | top secret | classified | undisclosed

Here, for example, we could find a letter from the POGO (Project On Government Oversight) attorney-at-law regarding breaches of the regulations identified so far by Boeing and the company's lack of response:

The analysis will also help us irreplaceable Maltego, which of course you'll find in Ronan. By default, Maltego has two sets of transformations (called machines) that will help us collect data. in the case of both of them, it is enough to add one object of the domain type and indicate the domain of the selected company there. The machines can be found in the lower right corner of the interface:

The first, with the sonorous name "Company Stalker", collects e-mail addresses and documents from a given site and tries to extract metadata from them.

The second machine, which will provide us with strictly technical information about the company's infrastructure, is the Footprint. This machine is available in three versions - L1, L2, L3, depending on how many infrastructural connections we want to find. In the L2 version, which should be suitable for initial reconnaissance, it finds related domains on the basis of NS (name servers) and MX (e-mail servers) server registers, collects their IP addresses and assigns them to specific ASNs and service providers. So we can discover other domains related to the company and who is providing the company's network services (or that it hosts the services for itself). A detailed description of the differences between the machines can be found in Malte's documentation.

Now let's take a closer look at the documentation of American companies. The choice of this country does not result from its popularity in mass culture or personal preferences, but from ordinary mathematics. The US stock market accounts for roughly 56% of the global stock marketwhich is clearly visible if we compare the results of the VT (Vanguard Total) fund, which is to follow the global stock market with the SP500 index - we will see a very clear correlation (VT on the candlestick chart, SP500 is the orange line):

As we can see, the condition of the global stock market depends to a large extent on the stock market in the United States. So let's start with the official source of information about the condition of companies listed on American stock exchanges - the Securities and Exchange Commission. Every listed company is required to submit regular reports on the situation. The most extensive of these documents is called 10-K and is an annual report on, among others, financial condition, history, organizational structure, management personnel, and business risks. Additionally, companies after the first three quarters of the year must submit a quarterly 10-Q report with a similar scope of information. Another required document is the 8-Q, which must be published in the event of significant events such as changes in management personnel, acquisitions or incurring significant liabilities. Finally, we also have the Annual Report, which is a kind of simplified version of 10-K. In the annual report, instead of dry data, we often find graphics, a summary in the form of tables and comments, such as a letter from the company's president to shareholders. Therefore, the basic document for an insightful analyst will be the 10-K report in the first place. How to navigate efficiently and where to find it?

When it comes to document sources, we can choose EDGAR - the official SEC document search engine, or visit the company's website in the investor section. For regulatory reasons, it is in the interest of the company that they are easily accessible, so we shouldn't have any problems with that. So we can also find them on the company's website ("investor relationships" department or similar), and often we will also find the option of ordering paper copies for free - useful if we want to carefully look at the company's finances, and we are fed up with looking at the monitor.

The 10-K itself consists of four main parts:

1. In the first one, we will find an outline of the company's activities, starting with a description of its activities, products and services it offers and the conditions in which it operates - e.g. in relation to legal regulations that affect its activities or the situation of competition in a given sector. The following is a description of risk factors that may affect the activities or conditions of the securities. Risk factors are usually ranked from the most important to the least important and are rather descriptive, i.e. it is not indicated which entity intends to approach each problem. This section also includes information on physical properties such as factories, mines, major properties, and legal proceedings pending or about to begin. If necessary, the first part also includes SEC queries that have not been addressed so far and information on safety in mines.
2. The second part is primarily financial information. Here we will find data on securities such as the number of shareholders, dividends, share buyback plan by the company. At this point, we can often find a chart of investors' profits or losses due to changes in the price of the instrument. The second part is also the so-called "MD&A" - Managements's Discussion and Analysis of Financial Condition and Results of Operations. At this point, the management board of the entity can present its perspective on the company's results in the past year and address shareholders' concerns regarding the challenges facing the business. It will also present the assessments and assumptions that formed the basis for the calculation of revenues, income and assets. Next, we find two items strictly related to the financial situation. The first is to list market risk factors such as changes in the exchange rate or interest rates. The second is the financial statement that, importantly, must be independently audited. Regarding the audit, it is worth noting the two categories of auditor assessments - unqualified opinion and qualified opinion - which have nothing to do with whether the auditor was qualified to evaluate the report. "Unqualified opinion" means that, in the opinion of the reviewer, financial statements adequately reflect the company's financial condition in accordance with GAAP (Generally Accepted Accounting Principles). Qualified opinion, in turn, means that the scope of data provided was too limited or deficiencies were found in the application of GAAP, but only in relation to individual elements of the audit. Additionally, there are two categories with a more negative connotation. In the case of insufficient data to complete the audit, a "disclaimer of opinion" may be issued, that is to say withholding from the assessment of the report, and when the report in an unreliable or misleading way presents the financial situation of the company, there may be an "adverse opinion". The latter is a serious objection to the company's accounting practices that could have a significant impact on, for example, the share price. Further in the second part, changes in the accounting staff and differences in the assessment of the company's condition between accountants must be indicated. The last subsections of the second part concern the procedures of internal control over finances and the inclusion of other information that would have to be published in the 8-K statement for the fourth quarter (as mentioned above, the 10-K statement replaces this document in a way).
3. The third part concerns mainly management personnel. There you will find information about the professional experience and education of the directors as well as the rules of conduct in the company. Separate sections are devoted to remuneration, taking into account the remuneration policy, such as payments in shares in the company, as well as specific amounts; and information on the number of shares held by members of the management board. This section must also disclose transactions in which persons from the family of the company's representatives were parties. After all, the fees and salaries paid for accounting services during the year must be stated.
4. The last, fourth part contains the documentation on which the testimony is based. So we can find here financial statements, copies of contracts, a list of subsidiaries or internal documentation.

Business analysis is an extremely complex issue - unlike looking for information about people or events, searching for information about even a medium-sized entity will quickly generate a lot of threads that we can pull on. You can exchange information about employees, the technology used, the range of services, the largest customers and so on. However, I hope this post will help you find some starting points for your research.