So, you wanna network online too?

Wednesday, December 30, 2009

Fred Williams

D5e39323dd0a7b8534af8a5043a05da2

Cross linked from my outside blog: http://rtpsecurity.blogspot.com/2009/12/dhanjani-rios-and-hardin-can-be-ordered.html

I previously listed ways to gain valuable information on hacking targets using little work and no dumpster diving. The previous post was geared towards attacks computer systems but not human targets.

What is a little more interesting is attacking specific people. This is one of the key issues behind Facebook' recent privacy issues. Never mind a user setting a "privacy filter" on their profile, they show it to friends. Is it easy to become a friend?

For my example I select a particular target which was a former CIO of mine in the past. (I never act upon this information, merely as a proof of concept.) It was pretty easy.

1) First of all, Wake County Real estate listings will give you the person's home address, a picture of the place (for god's sake) and what the dude payed for it among other things.

2) Second, Linked - In: The professional's information database. Oh man, this site is a treasure trove of information.

Linked in..... with the bad recession and job losses many people are looking for ways to network with others to find that next job. Hackers can also use it to build a dossier of an attack target. I went to Linked in and created a fake account. You have to have an account to be able to get more information on a target.

I searched and found my former CIO. What do I see? I see his complete work history, education history and other nuggets of valuable personal information. Combine that with the fact that most people choose passwords based upon their personal information, it wouldn't be hard to plug this into a brute force password cracker.

What else on Linked in? Well, this guy listed his personal website on his profile. I visited this site and, my-oh-my, it's a family photo website. Now, I have pictures of his wife, kids, grandparents and friends. I also get the names of his family so I can match the picture with the name.

With those two sites, I now have almost a complete history of this guy with pictures! The fun a real hacker could have with this information.

Possibly Related Articles:
8366
Security Awareness Impersonation Privacy
Privacy Social Networking Social Engineering
Post Rating I Like this!
D5e39323dd0a7b8534af8a5043a05da2
Fred Williams I know that I am a creature of habit and sometimes throw printouts in the trash rather than take them to the shredder - good point.
1262624197
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.