Could Googling Take Down a President, a Prime Minister, or an Average Citizen?

Presented at DEF CON 16 (2008), Unknown date/time (Unknown duration)

Every time we use the web, we disclosure tremendous amounts of information to ISPs, Internet backbone providers, and online companies; information that will be shared and data mined, but rarely discarded. Email addresses, phone numbers, aggregated search queries, cookies, IP addresses - any unique feature of our behavior provides a mechanism to link, profile, and identify users, groups, and companies. From these revelations all aspects of our daily lives emerge, including our activities, locations, and social networks. Making matters worse, ubiquitous advertising networks, dominant online companies, complicit network providers, and popular web analytic services possess the ability to track, and in some cases, eavesdrop on and modify our online communications. The AOL dataset debacle and subsequent public outrage illustrated one facet of the problem - Search. This talk covers all aspects of the problem, including end user computers, network providers, online companies, and advertising networks. It also includes countermeasures to help protect your personal and organizational privacy. It is important to note that the research presented is the inverse of Google Hacking, which strives to retrieve sensitive information from the databases of search engines. This talk instead focuses on what information online companies can pull from you, as well as what network providers can see and modify. The long-term implications of web-based information disclosure are profound. Interaction by interaction we are ceding power to ISPs and online companies, disclosures which may one day alter the course of elections, remove world leaders from power, or cause the outspoken citizen to disappear from the web.

Presenters:

  • Greg Conti - United States Military Academy
    Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy, West Point, NY. His research includes security data visualization and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press) and the forthcoming Googling Security (Addison-Wesley). His work can be found at www.gregconti.com and www.rumint.org.

Links: