Thursday, July 21, 2011

Information Gathering

Posted by OurTech Team | Thursday, July 21, 2011 | Category: , , , |

War is ninety percent information.
—Napoleon Bonaparte
It has been said that no information is irrelevant. Those words ring true when it comes to this chapter on
information gathering. Even the slightest detail can lead to a successful social engineering breach.
My good friend and mentor, Mati Aharoni, who has been a professional pentester for more than a
decade, tells a story that really drives this point home. He was tasked with gaining access to a company
that had an almost nonexistent footprint on the Web. Because the company offered very few avenues to
hack into, gaining this access would prove to be very challenging.
Mati began scouring the Internet for any details that could lead to a path in. In one of his searches he
found a high-ranking company official who used his corporate email on a forum about stamp collecting
and who expressed an interest in stamps from the 1950s. Mati quickly registered a URL, something like, and then found a bunch of old-looking 1950 stamp pictures on Google.
Creating a quick website to show his “stamp collection,” he then crafted an email to the company official:
Dear Sir,
I saw on you are interested in stamps from the 1950s. Recently my
grandfather passed away and left me with a stamp collection that I would like to sell. I have
a website set up; if you would like to see it please visit
Before he sent the email to the target, he wanted to ensure there would be maximum impact. He took
the office number from the forum post and placed a phone call to the man. “Good morning, sir, this is
Bob. I saw your posting on My grandfather recently passed and he left me a bunch of
stamps from the 1950s and 60s. I took pictures and made a website. If you are interested I can send you
the link and you can take a look.”
The target was very eager to see this collection and readily accepted the email. Mati sent the man the
email and waited for him to click the link. What Mati did was embed a malicious frame on the website.
This frame had code in it that would exploit a vulnerability then known in the popular Internet Explorer
browser and give control over the target’s computer to Mati.
The wait was not long: as soon as the man received the email he clicked the link and the company’s
perimeter was compromised.
A tiny piece of information—the corporate email this man used to look for stamps—is what led to this
compromise. No piece of information is irrelevant. With that knowledge in mind, here are questions that
come up with regard to information gathering:

Currently have 0 Comments:

Leave a Reply