Once a tester has input this data into Social Mapper, it begins to search for the employee’s online profiles
Information Security company Trustwave will launch an open-source intelligence tool that utilises facial recognition software to correlate social media profiles in order to preform penetration tests.
A robust IT security infrastructure utilises penetration tests and red teams. Red teams are independent groups that probe your companies IT security to find vulnerabilities in your system.
Part of the testing process is finding and exploiting personal breaches that fail to adhere to the company’s security policy and will open your system to threat actors.
This can be done by tricking the employee on social media into divulging their email or phone number with voucher offers or similar perks. It could be as simple as getting them to click on a link that downloads malware onto your network.
Trustwave’s social mapper provides the automation tools for red teams to search popular social media sites for company employees, it then correlates all of that employee’s online presence into an easily readable categorisation.
Compiling a List of Targets
Writing on their blog, Trustwave’s Jacob Wilkin states how the first step is: “Target parsing, it creates a list of targets based on the input you give it.”
“A social mapper target consists of a name and a picture of that person. These can be provided via links in a csv file, images in a folder or via people registered to a company on LinkedIn.”
Once a tester has input this data into Social Mapper, it begins to search for the employee’s online profiles on popular sites such as Facebook, Twitter, Google+, Instagram and even Weibo.
“It does this by instrumenting the Firefox browser, logging into the afore mentioned supported social media sites and begins searching for targets by name,” Wilkin states.
Once it has completed its search, Social Mapper then starts to generate data points and reports. It makes a csv file which links to the profile pages of your target list and creates a visual HTML report that can be continually used to verify and check its results.
Wilkin notes how this can be then used in: “phishing campaigns, knowing that this person has a social media profile on a specific site and can then be targeted with pretexts that include their profile picture for added realism.”
However, the search process of the Mapper is computationally heavy and time consuming. For a target list of 1000 people, the tool can take over 15 hours to perform the task.
Wilkin admits that it also uses quite a lot of bandwidth and comments: “I would recommend running the tool overnight on a machine with a good internet connection for these reasons.”
Social Mapper is expected to be launched by Trustwave on the 9 August 2018.