Joe* wakes up every morning at 7:45, and usually has trouble falling back asleep when he wakes up in the middle of the night.
Joe also loves horror TV shows. He watches them almost every night before falling asleep. He frequently listens to Shania Twain on Pandora, and runs a blog about books he reads and hikes he does.
All of this information is freely and publicly accessible through Open Source Intelligence (OSINT). Also accessible through OSINT was EXIF data from his camera, showing where he lives and places he visits frequently, his entire Twitter account, and messages that had been deleted—as well as his company’s email format and private IP addresses.
Security researcher Zee Abdelnabi found all of this information within 45 minutes. She had no prior knowledge of Joe.
In today’s world of social media and online connectivity, we’re dumping information faster than we can protect it. Identity theft through OSINT is one of the biggest problems that people are facing.
At the 15th annual SecureWorld Detroit conference, Zee will be giving a presentation on her independent research into OSINT gathering.
“It’s like doing packet capturing and looking for logins over HTTP. In this case it’s an HTTP dump of humans,” she said in an interview with SecureWorld.
By randomly selecting a target on Google, Zee was able to use tools to create an expansive profile on Joe, primarily using search engines and social media. All of her information was taken from public sources.
However, it’s not just those most active on the internet that are vulnerable. “Even the most technologically disconnected people are frequently searchable,” Zee explains.
All of the data she collected from his profiles, his Fitbit, his Pandora subscription, etc., could have allowed her to take over his identity in order to gain access to his company network, which allows BYOD devices.
Her talk will highlight ways in which you can better prepare and protect yourself—both for your personal life and for your company. It’s an equally important reminder to think critically about what information you’re posting online.
“Do you really want any casual stranger to know your home address, phone numbers, email addresses, and the names and ages of your kids?” she asks.
~
Zee Abdelnabi will lead a session entitled “Identity Theft Through OSINT/Social Engineering” at SecureWorld Detroit on September 13, 2017. For more details, see the conference agenda here.
*Target name chosen at random.