USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER

Black Hat USA 2013

Presented by: Ulisses Albuquerque, Joaquim Espinhara
Date: Thursday August 01, 2013
Time: 14:15 - 15:15
Location: Roman 2

Every day we produce tons of digital breadcrumbs through our activities in online services – from social networks, photo sharing, mailing lists, online forums and blogs to more specialized tools, such as commits to open source projects, music listening services and travel schedules. These have long been known to provide useful information when profiling a target for social engineering purposes, especially due to the frantic pace and often uncensored way at which we generate such content.

Our talk takes a tool-oriented approach to these profiling activities. By using data mining techniques combined with natural language processing, we can determine patterns in the way a user interacts with other users, his usual choice of vocabulary and phrasing, the friends/colleagues he most frequently communicates with as well as the topics discussed with them. By consuming publicly available data, using both official APIs and scraping web pages, our profile can be used to validate how close forged content is to actual target-generated data.

We will discuss the indexing of unstructured content, including issues such as the legal and technical implications of using official APIs versus scraping, how to build user relationship graphs and how to add temporal references to the collected data.

We will also release a tool that automates the data mining and natural language processing (NLP) of unstructured information available on public data sources, as well as comparing user created content against a generated profile using various criteria, including:

Joaquim Espinhara

Joaquim Espinhara is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has seven years experience and has done security research and presented talks at security conferences (H2HC, YSTS, Silver Bullets) in the areas of Wireless and Network Penetration Testing, SAP Security, Database Security. Also has an interest in reverse code engineering and vulnerability research. Enthusiast in cyberwar.

Ulisses Albuquerque

Ulisses Albuquerque is a Security Consultant within the Application Security practice at Trustwave's SpiderLabs. Ulisses has a strong software engineering background, with experiences ranging from Linux device driver development for embedded systems to the design and implementation of a mission critical MSS software ecosystem. Ulisses has a large experience with both application and network testing, and is particularly interested in more obscure/niche platforms. He has a long time relationship with various FOSS projects, and has worked extensively with various open security tools. Ulisses has also taught various courses on network security, buffer-overflows and secure web application development on various post-graduate courses.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats