From the point of view of security experts: powerful hacking tools

Technologie
Who is who in your company? Who knows whom? How can hackers win the trust of employees that are of decisive significance for them, so that they can use them as their tools? As easy as pie: by finding out everything about them in advance.

“Transparent” employees – this is how hackers prepare for their attacks

As mobile phone or facebook users, we leave data traces on the web every day. The tools for analysing and linking such data are available for anyone on the Internet. They have been refined for years and are being used by law enforcement authorities and intelligence agencies. Another large group of users: hackers preparing for their attacks.

A commonly used tool is Maltego, a data mining and visualisation tool. It can be used to draw conclusions from e-mail and network addresses regarding personal and professional information, social networks, relationships and behaviour. The software gradually processes huge amounts of data and presents the conclusions in neatly arranged graphs. These analyses allow to expose the social relationships of individuals of whom originally nothing but their name was known.

Does this work for “heavy internet users” only?

We google the latest business data, we do research on potential customers and new markets or potential products offered by competitors. In between, we watch the funny video found by our colleagues, we browse through the most recent bargains in the supermarket around the corner or look for ways to invest our money. We use Google and the like as encyclopedias for nearly everything we want to look up right this minute.

We communicate via e-mail, receive newsletters, send enquiries to other companies, we use Skype, chats, instant messaging and online banking. The largest identity databases in the world – such as facebook – know our real names, our school, our university, our “likes”, our style of writing. We link the photo collection (that is read using facial recognition) in social media to the profiles of colleagues and friends, and even if we don’t – the networks are collecting data about us. We also use some of our best pics for pseudonymous profiles. Then there is the photo of the final-year class, the team photo of the employer on LinkedIn, the brief CV with my salary requirement for potential employers on LinkedIn. The position of my computer or – even more accurate – the GPS sensors in my smartphone reveal where I am at this precise moment.

Do you still refuse to believe that your e-mail address can be (mis)used for a lot of things?