Dhanjani, Rios and Hardin can be ordered from many sites but I get mine free through my company's Safari online account. I get 60 free tokens per month that I can use for downloading into PDF formats. 1 entire book like Pro Spring 2.5 cost 30 tokens but you can spend like 10 tokens for a chapter. Of course, you don't have to spend a single token while reading online.
A good service which I am appreciable for.
Anyway, back to the book and the chapter "Intelligence gathering on your attack targets.". I previously listed ways to gain valuable information on hacking targets using little work and no dumpster diving. The previous post was geared towards attacks computer systems but not human targets.
What is a little more interesting is attacking specific people. This is one of the key issues behind Facebook' recent privacy issues. Never mind a user setting a "privacy filter" on their profile, they show it to friends. Is it easy to become a friend?
For my example I select a particular target which was a former CIO of mine in the past. (I never act upon this information, merely as a proof of concept.) It was pretty easy.
1) First of all, Wake County Real estate listings will give you the person's home address, a picture of the place (for god's sake) and what the dude payed for it among other things.
2) Second, Linked - In: The professional's information database. Oh man, this site is a treasure trove of information.
Linked in..... with the bad recession and job losses many people are looking for ways to network with others to find that next job. Hackers can also use it to build a dossier of an attack target. I went to Linked in and created a fake account. You have to have an account to be able to get more information on a target.
I searched and found my former CIO. What do I see? I see his complete work history, education history and other nuggets of valuable personal information. Combine that with the fact that most people choose passwords based upon their personal information, it wouldn't be hard to plug this into a brute force password cracker.
What else on Linked in? Well, this guy listed his personal website on his profile. I visited this site and, my-oh-my, it's a family photo website. Now, I have pictures of his wife, kids, grandparents and friends. I also get the names of his family so I can match the picture with the name.
With those two sites, I now have almost a complete history of this guy with pictures! The fun a real hacker could have with this information.
No comments:
Post a Comment