Footprinting via Social Networking

Social networking websites are public internet services that enable users to interact and develop interpersonal relationships. Sites like Facbook, Instagram, Twitter, YouTube, Pinterest, and LinkedIn are being used more frequently as a result of being able to connect with friends and family on one and exchange professional profiles on another. 

Attackers can leverage these websites to their advantage because people usually maintain profiles on social networking sites to provide basic information of themselves like, names of spouses, dates of birth, educational backgrounds, and career histories to maintain connections with others. Organisations frequently publish information about partners they might work with, websites, and forthcoming company news.

The following table provides a summary of user activity on social networking sites and the associated data that an attacker may get. 

What Users Do What Attacker Gets
Maintain Profile Contact Infomation, friends information, information about family members, interests, and activities
Connect to friends, chat Friends list, sensitive information via chatting
Share photos and videos Identity of family members, interests, and related information
Play games, join groups Interests
Create Events to notify about upcoming occassions User's Activities

Social networking websites are also used by organisations to communicate with customers, advertise their products and services, and get customer feedback. The table below provides a summary of an organization's social networking activities and the information that an attacker may obtain from them.

What Organizations Do What Attacker Gets
User Surveys Business Strategies
Promote Products Product Profile
User Support Social Engineering
Recruitment Platform/technolgoy information
Background check to hire employees Type of business

There are numerous online tools and services that can help you collect important data about a target from one or more social media platforms. These services give hackers the ability to follow accounts and URLs on numerous social media sites, find the most popular content shared across social media sites by using hashtags or keywords, find a target's email address, etc. Attackers can use this information to carry out phishing, social engineering, and other forms of assaults. 

  • Tools like Google Trends, Hashatit, BuzzSumo, and Ubersuggest can be use to locate information.
  • Tools like Hootsuite, Followeronk, and Sysomos can be use to search for both geotagged and non-geotagged information. 
  • Tools like Social Searcher, Sherlock, theHarvester, UserRecon can be use to gather sensitive information about the target via footprinting social networking sites. 

No comments:

Post a Comment