USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER

Presented at Black Hat USA 2013, Aug. 1, 2013, 2:15 p.m. (60 minutes).

Every day we produce tons of digital breadcrumbs through our activities in online services - from social networks, photo sharing, mailing lists, online forums and blogs to more specialized tools, such as commits to open source projects, music listening services and travel schedules. These have long been known to provide useful information when profiling a target for social engineering purposes, especially due to the frantic pace and often uncensored way at which we generate such content.

Our talk takes a tool-oriented approach to these profiling activities. By using data mining techniques combined with natural language processing, we can determine patterns in the way a user interacts with other users, his usual choice of vocabulary and phrasing, the friends/colleagues he most frequently communicates with as well as the topics discussed with them. By consuming publicly available data, using both official APIs and scraping web pages, our profile can be used to validate how close forged content is to actual target-generated data.

We will discuss the indexing of unstructured content, including issues such as the legal and technical implications of using official APIs versus scraping, how to build user relationship graphs and how to add temporal references to the collected data.

We will also release a tool that automates the data mining and natural language processing (NLP) of unstructured information available on public data sources, as well as comparing user created content against a generated profile using various criteria, including: Network of friends/colleagues; Frequency of communication with friends/colleagues; Shared interests between target and friends/colleagues; Hobbies and personal activities; Upcoming and past trips; Frequency of use of verbs; Frequency of use of adjectives; Frequency of use of nouns; Average number of words per sentence or paragraph.


Presenters:

  • Joaquim Espinhara - Trustwave
    Joaquim Espinhara is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has seven years experience and has done security research and presented talks at security conferences (H2HC, YSTS, Silver Bullets) in the areas of Wireless and Network Penetration Testing, SAP Security, Database Security. Also has an interest in reverse code engineering and vulnerability research. Enthusiast in cyberwar.
  • Ulisses Albuquerque - Trustwave
    Ulisses Albuquerque is a Security Consultant within the Application Security practice at Trustwave's SpiderLabs. Ulisses has a strong software engineering background, with experiences ranging from Linux device driver development for embedded systems to the design and implementation of a mission critical MSS software ecosystem. Ulisses has a large experience with both application and network testing, and is particularly interested in more obscure/niche platforms. He has a long time relationship with various FOSS projects, and has worked extensively with various open security tools. Ulisses has also taught various courses on network security, buffer-overflows and secure web application development on various post-graduate courses.

Links:

Similar Presentations: