Maltego ® -- a New Threat of Privacy Disclosure
description
Transcript of Maltego ® -- a New Threat of Privacy Disclosure
1
Maltego® -- a New Threat of Privacy Disclosure
Jingjing GaoDepartment of Computer Science and Engineering
April 16th,2014
2
Outline
Introduction of Maltego®
Maltego® in Information Warfare
Threats caused by Maltego®
Accountability
3
Introduction of Maltego® Maltego® is a kind of software which gathers open sources information online and analyzes them intellectually with an outcome of a graphical way.
4
Introduction of Maltego®Gathering a bunch of data with regard to:
PeopleGroups of people (social networks)CompaniesOrganizationsWeb sitesInternet infrastructure such as: Domains, DNS names,
Netblocks and IP address.AffiliationsDocuments and files
5
Outline
Introduction of Maltego®
Maltego® in Information Warfare
Threats caused by Maltego®
Accountability
6
Maltego® in Information Warfare
National Security Defensive Operation
Commercial Competitive Application
Social Engineering and Forensic
Application toward Individuals
7
Maltego® in Information WarfareNational Security Defensive Operation
“Who is tweeting from NSA’s parking lot?” [1]
Figure 1: Twitter[2]
8
Maltego® in Information WarfareCommercial Competitive Application
Figure 2. Graph of BOA Location[3] Figure 3. Graph of BOA Department[3]
9
Maltego® in Information WarfareSocial Engineering and Forensic Application toward IndividualsProvide context for social Engineering e.g. the language the target person use.Forensic application Show internal relations between different persons and different organizaitons.
10
Outline
Introduction of Maltego®
Maltego® in Information Warfare
Threats caused by Maltego®
Accountability
11
Threats Result from Maltego®
Violation of Privacy
Reliability of Maltego® as a Forensic Application
12
Violation of Privacy
Threats Result from Maltego®
13
Threats Result from Maltego® Violation of Privacy
14
Threats Result from Maltego® Violation of Privacy
Easy and convenient for malicious social engineering attack, e.g. Phishing Emails, account guessingOpen type Mailing lists are vulnerable target’s interests, concerns
15
Threats Result from Maltego® Reliability of Maltego® as a Forensic Application
Unreliable Twitter Geo-location
Mislead
16
Threats Result from Maltego® Reliability of Maltego® as a Forensic ApplicationUnreliable Twitter Geo-location
Various of app especially for Android system
Not authorized officially
17
Threats Result from Maltego® Reliability of Maltego® as a Forensic ApplicationMislead
18
Outline
Introduction of Maltego®
Maltego® in Information Warfare
Threats caused by Maltego®
Accountability
19
AccountabilityGovernment and Organization Accountability• Need new regulations for collections of integrated personal information• Specify the usage of different part of personal information• Appeal to whole society to protect privacyIndividual Accountability• Be aware of innocuous information may lead to privacy disclosure• Pay attention to privacy settings of the app in your smart phone and PC• Form good use habit e.g. When leave the local wifi connection, click “forget this network”
20
References[1] Jeremy Kirk, (2014, March 11), “Who is tweeting from NSA’s parking lot?” Computer World, [Online], Available: http://www.computerworld.com/s/article/9232476/Who_is_tweeting_from_the_NSA_39_s_parking_lot[2] video-gillen-twitter-articleLarge.jpg, https://www.google.com/search?q=twitter&espv=2&es_sm=93&source=lnms&tbm=isch&sa=X&ei=mLlOU_2zHYq-sQS7poLgCQ&ved=0CAkQ_AUoAg&biw=1366&bih=600#facrc=_&imgdii=_&imgrc=pZeQN_7zq2lhOM%253A%3BUIvMeomJTRpZYM%3Bhttp%253A%252F%252Fgraphics8.nytimes.com%252Fimages%252F2013%252F10%252F28%252Fbusiness%252Fvideo-gillen-twitter%252Fvideo-gillen-twitter-articleLarge.jpg%3Bhttp%253A%252F%252Fwww.nytimes.com%252F2013%252F11%252F07%252Ftechnology%252Ftwitter-prices-ipo-at-26-a-share.html%3B600%3B338[3] Csitech, (2014, March 8), “Mapping Corporate infrastructure with open source data”, CSITECH, [Online], Available: http://www.csitech.co.uk/mapping-corporate-infrastructure-with-open-source-data/
21
Thank You!