As corporate espionage becomes a taboo term, the suggestion of competitive intelligence, competitor intelligence, and business intelligence is beginning to find strong acceptance throughout the battlefields of the boardrooms, industrial complexes, and social networking events.
Competitive intelligence is the systematic examination of competitors’ strategies, service offerings, strengths, and weaknesses. It is the acquisition of a competitor’s critical information, such as strategic decisions, financial performance, and productivity, to name a few. Additional information acquired, which is not considered competitive in nature is referred to as business intelligence.
The information obtained, no matter the title was given, has strategic implications in the business environment, and today, it is considered a vital necessity in the recruitment industry.
The acquisition of the information in the realm of competitive intelligence is often acquired from publicly available resources. Often, many individuals believe that competitive intelligence is collected solely from journals, articles, employment notices, internet pages, and other written publications, which may provide data points for analysis. What many fail to realize is that, although collection from these sources is important, many other sources are overlooked. They could be the significant source that will reveal information about your competitors, candidates and, sometimes, will show you things that you can’t find through Google.
Competitive Intelligence from An Unusual Source
One of the sources of this information is going to be more popular in the future, so it’s time to start using it. The source I have in mind is the SSL certificate. SSL certificates are all around us, they protect our communication, data, and they keep us more secure. But as I mention, they are also a great source for competitive intelligence.
Before I am going to show how to use SSL certificate in competitive intelligence, you should learn a little bit more about these certificates, especially if you don’t have enough information about them.
What is an SSL Certificate?
The answer that I am using to describe the SSL to my mom is that it’s the extra “s” after “HTTP” and it has a green color. The better explanation is: SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. These certificates are small data files that digitally bind a cryptographic key to an organization’s details.
SSL is used to secure data transfer and logins, credit card transactions, and more recently is becoming the norm when securing browsing of social media sites. SSL is going to be the standard in the future.
There are few types of SSL Certificates:
- Single-name – secures one fully-qualified domain name or subdomain name. For example, if you purchase a certificate for www.example.com, it will not secure docs.example.com.
- Wildcard – covers one domain name and an unlimited number of its subdomains. This certificate for *.example.com will secure one.example.com, two.example.com, etc. However, it will not secure one.two.example.com. And these are the certificates that are the source of competitive intelligence.
- Multi-Domain – secures multiple domain names. These SSL certificates protect different domains with a single certificate, using the SAN extension. For this reason, these certificates are often referred to as SAN certificates. You can secure a combination of different hostnames, from the same or different domains. These certificates are also the source of competitive intelligence.
When I heard, for the first time, that Google slowly requires HTTPS from sites, I was quite happy. First of all, our communication and data are going to be more private, and we will receive more security than before. The second reason is that some certificates provide great competitive intelligence.
Since I enjoy turning any tool into sourcing tool, here is a step-by-step manual on how to get information from the SSL certificate. It is very straightforward.
For this step, you will need to use one of the SSL Checkers that are available. I recommend:
Type the URL. Try, for example, alexa.com, and that’s it. (I told you that this is a standard manual.)
If you target domain name that has only single name certificate, you will not get the information that you will need. Example:
When you have a little luck, and find the wildcard or multi-domain SSL certificate, you can get the list of subdomains that are listed on the SSL certificate.
Try, for example, cnn.com SSL certificate.
This is the result:
(I change the domain name on this picture to protect the owner. I also informed him that his subdomain docs were not protected.)
This is the example of a domain that I found when I was trying to find contact details for a designer who hides the domain owner for this domain, but he has unprotected docs.example.com with two files, and one of the files was his resume.
If you tried to Xray some website that has SSL certificate, it is good to check how the subdomain appears. Some of these subdomains can be invisible to Google and other search engines. You can also learn other websites that you can Xray, which you likely didn’t know about before this trick.
Two companies are highly visible regarding the free SSL certificates.
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). It’s providing free SSL certificate that is valid for a few months, and it’s automatically refreshed; however, they don’t offer wildcard certificates. So you are not going to get more info from these certificates.
Wikipedia describes CloudFlare as a company that provides a content delivery network, Internet security services, and distributed domain name server services, sitting between the visitor and the CloudFlare user’s hosting provider, acting as a reverse proxy for websites.
It is an excellent service, and they are also offering free SSL certificates and, because of that, many sites use this to make their site faster and more secure. Their SSL are free and can disclose the information about other domains that are sharing the same SSL.
Also, eremedia.com is using them. And if you check the SSL, you will get these data. Sometimes, you can find information about similar websites that one company or person owns, but not all these sites belong to the one owner.
This is just an example how the CloudFlare SSL showing info about other websites sharing the same certificate, eremedia.com is not connected with any of these sites in this example.
SSL certificates are protecting our data, but information from these certificates could give us interesting information about companies and users. They could lead to sites that are not indexed and could be a source of valuable data. It could also disclose the information about new projects that your competitors have or are planning to do, etc.
The goal is to turn data into information, and information into insight.
This article was first published on eremedia.com