Figure 1-10. Facebook’s response
Twitter
Twitter is
a microblogging application. A microblog consists of small entries that users
post from “connected” devices. More and more people are using Twitter to collect their
thoughts about different things they encounter and post them to the Internet. Messages
on Twitter are often unedited, informal, and off-the-cuff. Because of this, the informa-
tion has a tendency to be very accurate and genuine.
An attacker can use Twitter’s search interface, , to search Twit-
ter messages given a specific keyword. Depending on the target, it may be beneficial
for attackers to seek information about a specific individual or organization.
In February 2009, Pete Hoekstra, a member of the U.S. House of Representatives, used
Twitter to update his precise whereabouts while traveling to Iraq. Figure 1-12 shows
Hoekstra’s message.
It is clear from this example how the information individuals put on microblogging
channels can aid attackers. In this case, the information Hoekstra twittered could have
aided terrorist efforts that may have jeopardized his security. Messages posted on mi-
croblogging channels such as Twitter are therefore extremely important and useful to
attackers.
Figure 1-11. Description of how the attacker obtained access to Sarah Palin’s Yahoo! account
Leveraging Social Networks | 15
Download at WoWeBook.Com
For more information on the Pete Hoekstra incident, see “Pete Hoekstra
Uses
Twitter
to Post from Iraq about Secret Trip” at ia
mouse.org/news/2009/02/pete-hoekstra-twitter-iraq.php.
Tracking Employees
Attackers do not necessarily limit their attacks to organizations. Often, the attacks are
aimed at specific employees and business units of the target organization. The human
factor is still the weakest part of the organization.

* *
*************************************
Searching for example.com in google :
========================================
Total results: 326000000
Limit: 1000
Searching results: 0
Searching results: 100
Searching results: 200
Searching results: 300
Searching results: 400
Searching results: 500
Searching results: 600
Searching results: 700
Searching results: 800
Searching results: 900
Accounts found:
====================





====================
Total results: 5
theHarvester is available on BackTrack 3 under the /pentest/enumera-
tion/google directory
and is named goog-mail.py. It is also available for
download at />Tracking Employees | 17
Download at WoWeBook.Com

Download at WoWeBook.Com
Figure 1-13. Resumé with information that could potentially help an attacker
Job Postings
In addition
to resumés, job postings can lead attackers to useful information. Job post-
ings are often found on corporate websites or through job search sites (for example,
Monster.com). Some job postings contain information such as hiring managers’ names,
corporate email addresses, or additional information that can aid attackers in tracking
down employees.
Using information gathered from a simple job posting, along with ideas we presented
earlier in the chapter, we will demonstrate how we were able to track down a target
employee. Our first step was to search a job posting site looking for hiring managers.
After searching Monster.com for a hiring manager from the target organization, we
acquired the email address shown in Figure 1-14.
Figure 1-14. Job posting listing the hiring manager’s email address
Once we
obtained the email address, we used Google to track down information on
the hiring manager, as illustrated in Figure 1-15. The information we obtained identi-
fied the hiring manager’s name and work phone number. We found this information
on the company’s corporate website.
Tracking Employees | 19
Download at WoWeBook.Com
Figure 1-15. A Google search revealing the hiring manager’s full name and work extension
Now we had a work number and extension. What other information can we dig up?
Using LinkedIn,
we searched for the hiring manager along with the name of the or-
ganization. We successfully identified the hiring manager’s profile, which gave us more
information about her. Figure 1-16 is a screenshot of the hiring manager’s LinkedIn
page, which contains a wealth of information that we could use for nefarious purposes.
Figure 1-16. The hiring manager’s LinkedIn profile

shows another conference call, but outlines more detail about the call. The
description states that three vendors will be making their final pitches to the organiza-
tion. The description goes on to say that the company is not informing the vendors
about the other phone calls to avoid having them “listen in” on their competition’s
calls. Why did someone put this in his public calendar for the world to see? It is clear
how this may aid an attacker and a competitor.
Tracking Employees | 21
Download at WoWeBook.Com
What Information Is Important?
What kind
of information is important to an attacker and what isn’t? All information
that an attacker can find can be used for some purpose. From the attacker’s perspective,
all information is important. Some information can be more critical than other infor-
mation. Information that could be deemed critical for an attacker to have would
include:
• An employee’s personally identifiable information (PII), such as work and home
phone numbers, work and home addresses, criminal history, Social Security num-
bers, and credit reports
• Network layouts, including the number of web servers and mail servers, their lo-
cations, and the software versions they run
• Company files, including database files, network diagrams, internal papers and
documentation, spreadsheets, and so forth
• Company information such as mergers and acquisitions, business partners, hosting
services, and so forth
• Organizational information, including organizational charts detailing the corpo-
rate structure of who reports to whom
• Work interactions detailing such information as who gets along at the office, how
often direct reports communicate with their managers, how often managers com-
municate with their subordinates, how they communicate (e.g., via email, phone,
BlackBerry), and so forth