New app can collect scattered online clues to provide a picture of individuals or organizations.
A new app can collect scattered online clues to provide a picture of individuals or organizations; the application draws on public data sources in order to put together a graphical digital footprint.
In a demonstration on Wednesday at the Breakpoint 2012 Security Conference, being held in Melbourne, Australia, Roelof Temmingh, founder of the company Paterva, showed how his company’s application, called Maltego, can collect scattered online clues to provide a picture of individuals or organizations.
Maltego draws on public data sources in order to put together a graphical digital footprint. At the start of his demonstration, Temmingh stressed that all of the information collected is from public sources.
“No controls were broken to get to the information that we got,” Temmingh told the audience. “This is the information that’s out there on the net. We just kind of put it together in a nice way.”
Computerworld reports that Maltego pulled up several scattered tweets in the system. From there Temmingh picked one at random and checked to see whether the person fit in the context of them living and working in a certain area, which appeared to be true.
Then Maltego searched through Facebook, MySpace, and other social networking sites. An identical photo linked the persons Facebook and MySpace page, and from there Maltego was able to gather more information. After just one day of searching, Maltego discovered the person’s e-mail address, date of birth, travel, employment, and educational history.
“This is about a day’s worth of digging around,” Temmingh said. “It’s not weeks and weeks.”
Computerworld notes that with that much information, it would be easy for an attacker to target a person with a convincing e-mail and use social engineering to ask the person to click on a link causing malicious software to be downloaded to their computer.
If used to analyze a large organization, it would be much easier for Maltego to create detailed graphics of how a company’s network is structured, the addresses of mail servers, IP address blocks, and what providers support their Internet connectivity. It shines a light on an organization’s “attack surface,” a term used describe the potential weaknesses in a network.
http://www.homelandsecuritynewswire.com/dr20121018-new-app-uses-scattered-public-information-to-put-together-a-digital-footprint-of-individuals-organizations