Hacker Hijinks Human Ways to Steal Your Business Data · Incident Response & Digital Forensics...
Transcript of Hacker Hijinks Human Ways to Steal Your Business Data · Incident Response & Digital Forensics...
8/23/2018
1
Hacker Hijinks –Human Ways to Steal Your Business Data
Who We Are?
Ethical Hackers & Penetration Testers
Incident Response & Digital Forensics
Digital Intelligence Analysts
Businesses & People Get “Hacked” Everyday
56 Million Credit
Card Owners
32 Million Personal Identities/ Divorces? 80 Million Personal Identities & Healthcare Data
Too Many To Count 3 Billion Accounts
Hundreds of Millions
8/23/2018
2
Hack In From Wireless
Hack In From The Internet
Hack Over the Phone Lines
Hack Web Applications
Hack Cloud Based Applications
Hack Via Social Engineering
Methods of Hacking
Hack Via Available & Recycled Data
AboutThis Presentation
Steal an Identity
Mine Internet Intelligence
Hack a Bank Network
Break into the Building
Methods of Intelligence Gathering
ELECTRONIC INTELLIGENCE - ELINT
COMMUNICATIONS INTELLIGENCE - COMINT
SIGNAL INTELLIGENCE-SIGINT
HUMAN INTELLIGENCE - HUMINT
8/23/2018
3
Methods of Intelligence Gathering
OSINT
Anything Publically Available
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD),as "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement
Open Source Intelligence
OSINT
''Using this public source openly and without resorting to illegal means, it is possible to gather at least 80% of information about the enemy.''
Open Source Intelligence
OSINT
Al-Qaeda, Encyclopedia of Jihad
8/23/2018
4
OSINT & Inspire
“Open Source Jihad”
Terrorists Adopted the Methodology
PROCESS
OSINT
8/23/2018
5
OSINT Process
Attaching the Person to a Digital Entity
Username
Phone Number
Anchor Points
OSINT Process
Username
Phone Number
Internet
Attaching the Person to a Digital Entity
Attaching the Person to Digital Content or Analog Data
8/23/2018
6
Business Uses
OSINT
Human Resources
Hiring Decisions
YOU’REHIRED
NOT HIRED
Litagation
Legal Industry
Employee
Lawyers
EmployerYou’re Being Sued
8/23/2018
7
FOR THESE BUSINESS PURPOSES
THESE ARE NOT ALLOWED
Any Communication
Pretexting
Phishing
Collaboration
Reconnaisancefor
Defeating Security
OSINT
FOR TESTING SECURITY
Pretexting
Phishing
THESE ARE ALLOWED
Any Communication
Collaboration
Deception
8/23/2018
8
Sources of Intelligence
OSINT
Your Personal Data
Leverage All Personal Information
Social Networking / Media Sites
Blog Sites
8/23/2018
9
What Do You Look For?
Anything You Can Use…
Social Networking Sites Blog Sites
Web Sites Email Addresses
Login User Names Domain Ownership
Anything Publically Visible on the Internet
Phone Numbers Personal Relationships
TOOLS
OSINT
OSINT Tools & Resources
SNT Copyright 2004. Secure Network Technologies, Inc. All rights reserved.
8/23/2018
10
OSINT Tools & Resources
PEOPLE DATABASES
OSINT
OSINT PEOPLE DATABASES
Paris Hilton
Hi Everybody
PHONE NUMBERS
EMAIL ADDRESSES
RESIDENCES
8/23/2018
11
Database Results
RESIDENCES
PHONE NUMBERS
MOBILE PHONE NUMBERS
RELATIVES
EMAIL ACCOUNTS
MY DATA!PEOPLE DATABASES
IMAGERELATIONSHIP
TOOLS
OSINT
OSINT - Image Tools
8/23/2018
12
METADATATOOLS
OSINT
OSINT Tools-Meta Data
•••
100101000
Email Addresses
Usernames
Document Author
OSINT Tools-Meta Data
8/23/2018
13
Other Resources…
http://rr.reuser.biz/
Dark Web
Internet/Public WebUnderstanding The Layers
The Iceberg Model
DeepWeb
• Medical Records
• Academic Information• Scientific Report• Government Data• Legal Documents• Social Media• Not Crawled by Search
Engines
DarkWeb
• Private Communication
• Illegal Pornography• Contraband• Drug Trafficking• Lots of Bad Stuff
8/23/2018
14
Dark NetBlack SUV-Not Good
Internet
How Not To Get To The DarkWeb/DarkNet
How To Get to the DarkWeb
Burner Laptop Tor Client Software
Download From…
https://www.torproject.org/download/download-easy.html.en
Your Path to the DarkWeb
How To Get to the DarkWeb
Burner Laptop Tor Client Software
Install it on the Virtual Machine
https://www.torproject.org/download/download-easy.html.en
8/23/2018
15
Tails Screen Shot
Searching the DarkWeb
Searching the DarkWeb
Searching the DarkWeb
8/23/2018
16
Tails Screen Shot
Searching the DarkWeb
Hitman
Services
Fake ID’s
Firearms
Credit Cards
Dark Markets
PASSWORDDATABASES
OSINT
8/23/2018
17
Accounts in the Database
8/23/2018
18
Steal an Identity
Use a False Identity
8/23/2018
19
Target Your Victim NAME
Home Town
Plays Hockey
Music
Male
SNT Copyright 2004. Secure Network Technologies, Inc. All rights reserved.
Physical Address
OSINT Process
Persons name and another detail is needed.
Use Home Town
Phone Numbers
Email Address
Additional Data is Often Tied to the Residence
Physical Addresses
Relatives
Pictures
Maiden Name & Alias
WhatsTied to the Physical Address
Where WillYou Get That?
8/23/2018
20
Same Address Location
Compare Database Content for Validation
Same Phone Numbers
Same Email Accounts
Refine Your Search Using Available Databases
I Live There
Input Your Targets Digital Identifiers
Investigate Digital Relationships
8/23/2018
21
EXAMINE DIGITAL RELATIONSHIPS
EXAMINE ALUMNI PORTAL
USE FIND MY RECORD
INVESTIGATE THE REGISTRATION PROCESS
CONFIRMATION OF IDENTITY?
WE NEED HIS BIRTHDATE
8/23/2018
22
LOCATE HIS BIRTHDATE
STATS INCLUDE DOB
CONFIRMATION OF IDENTITY?
WE NOW HAVE HIS BIRTHDATE
FINISH THE REGISTRATION PROCESS
CREATE CREDENTIALS
SECURITY WORD?
AGREE TO T’s & C’s
8/23/2018
23
REVIEW AND MODIFY PERSONAL INFORMATION
COMPLETE HIS PROFILE
ADD CONTACT DATA
FAMILY FIELDS COMPLETED
REQUEST FOR MORE INFORMATION
Registrars Office
I NEED MY STUDENT
INFO
PLEASE FILL OUT THIS
FORM
REQUEST FOR MORE INFORMATION
TRANSCRIPT REQUEST
FORM
8/23/2018
24
RECEIVE TRANSCRIPT VIA FAX
THOSE ARE MY GRADES!
AND MY SOCIAL SECURITY NUMBER!
Hacker CollectsBanking Credentials
Apply for Credit at These Fine Retailers
…All on Scotts Identity
Hack the Network
8/23/2018
25
Investigate Digital Relationships
SCOTT WORKS AT BANK
FACEBOOK RELATIONSHIPS
LINKEDIN RELATIONSHIPS
Use Company Stalker in Maltego
Investigate Social Networking Sites
8/23/2018
26
Use Fake Social Networking Identities
Become “Friended” by Bank Employees
Harvest Data from a Victim
Company Email Addresses
Personal Email Addresses
Occupation
Home Address
Business Address
Phone Numbers
Note Activities or Special Groups
Pictures
8/23/2018
27
Scour LinkedIn for Email Victims
MANUAL EFFORT TIME CONSUMING
LinkedIn RESTRICTS VISBILITY
VICTIM MAY SEE ACTIVITY
Harvest Emails Using Automation
DOMAINS
SEARCH
ENGINES
8/23/2018
28
Register a Bank-Benefits.com
Purchase an SSL Certificate
Steal The Company Web Page
8/23/2018
29
The Completed Phishing Site
Send out the Email Phish
This email name was intentionally chosen to be slightly suspicious looking. [email protected]
Acknowledgement Page
8/23/2018
30
The Completed Phishing Site
Results of the Phish
On A Sunday Night ~460 email addresses were sent out
By 11:30 on Monday Morning over 39% provided user names and passwords
By 12:00 on Monday we had to stop the exerciseAnd bring down the website
External Systems Compromised
VPNConnections
Online Bank Systems
Email Systems
Leverage Your Findings
8/23/2018
31
Defeat Physical Security
Use CaseFileTo Manage Analog Findings
Building Location
Property Details
Security Concerns
Leverage Management Company
8/23/2018
32
Building Map
Office Space Layout
Look for Phone Numbers Based on Company
& Domain Name
Use Maltego To Manage Digital Process
8/23/2018
33
Use WarVoxTo Dial Phone Systems
Identify an Employee from FB
Badge Printer
Print a Badge
8/23/2018
34
Print Credentials
Enter the Building
Enter the Building
8/23/2018
35
Bring in the Crew
We Spent One Week in the Building
Questions?
Thank You.