Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:22 AM
Connect Directly

Microsoft Blue Hat: Researcher Demos No-Hack Attack

Wealth of available online data on individuals, businesses can be used in targeted attacks

A researcher at Microsoft's closed-door Blue Hat summit last week demonstrated how seemingly mundane information available online about an individual or a business can be used against them in a targeted attack.

Roelof Temmingh, founder of Paterva, demonstrated how hackers don't eed traditional hacking tools given all of the information that' freely available about people and organizations on the Internet. With a little reconnaissance and the use of a handy information-collection, correlation, and visualization tool he built called Maltego, Temmingh showed how an attacker wouldn't have to bother with a port scan or other hacking tools to hack a person or a business.

Maltego is not a hacker tool -- it's for gathering, organizing and visualizing information from the Internet. It basically collects that accessible information online about an individual -- his email address, blogs, Facebook friends, hobbies, geographic location, job description -- and presents it in a usable, comprehensive profile of a potential target. "When I started developing this tool... I had the idea that all pieces of information out there were connected in some way or another," Temmingh says. "This tool proves that [they are]."

The problem, of course, is that users want instant access to information, and to be accessible via social networking sites and other online resources. And there's always a way for someone to abuse that interconnected information.

Attackers hack either to get control over a system, or to grab data. "You don't [necessarily] need to break into anything to get the information you need; it may be just a click," he says. "With some applications, the data you can get from them is the vulnerability."

Even PGP-encrypted email messages between two organizations can leak some useful clues. Piecing together the email addresses in the domain and the signed keys by specific email addresses can provide useful information, he says. "If five people at one organization sent mail to five others at a second organization and all mail was PGP-encrypted, this is telling us" something about the relationship between these two organizations, he says.

"If you think about an attack, the exploit itself is maybe 5 percent of the whole equation," Temmingh says. "It doesn't have to end in 'now you can ‘own’ someone.'"

Temmingh also demonstrated at Blue Hat how easy it is for an attacker to manipulate the inherent trust on the Internet -- and the lack of real identity verification. "If you're not on Facebook, I can [pose as you] on Facebook and put up content," he says. "I can invent anyone I want using your name and information gathered, he says.

Bottom line: There's no real enforcement for privacy on the Internet today, he says. "If you want to keep something private, keep it off the Internet. Even if you encrypt it... you could be leaking more information," like with the PGP-encrypted email example, he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Microsoft Corp. (Nasdaq: MSFT)

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    44% of Security Threats Start in the Cloud
    Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
    Zero-Factor Authentication: Owning Our Data
    Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
    Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
    Robert Lemos, Contributing Writer,  2/20/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    How Enterprises Are Developing and Maintaining Secure Applications
    How Enterprises Are Developing and Maintaining Secure Applications
    The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-02-23
    An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
    PUBLISHED: 2020-02-23
    An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
    PUBLISHED: 2020-02-23
    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
    PUBLISHED: 2020-02-23
    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
    PUBLISHED: 2020-02-23
    danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.