1

Maltego® -- a New Threat of Privacy Disclosure

Jingjing GaoDepartment of Computer Science and Engineering

April 16th,2014

2

Outline

Introduction of Maltego®

Maltego® in Information Warfare

Threats caused by Maltego®

Accountability

3

Introduction of Maltego® Maltego® is a kind of software which gathers open sources information online and analyzes them intellectually with an outcome of a graphical way.

4

Introduction of Maltego®Gathering a bunch of data with regard to:

PeopleGroups of people (social networks)CompaniesOrganizationsWeb sitesInternet infrastructure such as: Domains, DNS names,

Netblocks and IP address.AffiliationsDocuments and files

5

Outline

Introduction of Maltego®

Maltego® in Information Warfare

Threats caused by Maltego®

Accountability

6

Maltego® in Information Warfare

National Security Defensive Operation

Commercial Competitive Application

Social Engineering and Forensic

Application toward Individuals

7

Maltego® in Information WarfareNational Security Defensive Operation

“Who is tweeting from NSA’s parking lot?” [1]

Figure 1: Twitter[2]

8

Maltego® in Information WarfareCommercial Competitive Application

Figure 2. Graph of BOA Location[3] Figure 3. Graph of BOA Department[3]

9

Maltego® in Information WarfareSocial Engineering and Forensic Application toward IndividualsProvide context for social Engineering e.g. the language the target person use.Forensic application Show internal relations between different persons and different organizaitons.

10

Outline

Introduction of Maltego®

Maltego® in Information Warfare

Threats caused by Maltego®

Accountability

11

Threats Result from Maltego®

Violation of Privacy

Reliability of Maltego® as a Forensic Application

12

Violation of Privacy

Threats Result from Maltego®

13

Threats Result from Maltego® Violation of Privacy

14

Threats Result from Maltego® Violation of Privacy

Easy and convenient for malicious social engineering attack, e.g. Phishing Emails, account guessingOpen type Mailing lists are vulnerable target’s interests, concerns

15

Threats Result from Maltego® Reliability of Maltego® as a Forensic Application

Unreliable Twitter Geo-location

Mislead

16

Threats Result from Maltego® Reliability of Maltego® as a Forensic ApplicationUnreliable Twitter Geo-location

Various of app especially for Android system

Not authorized officially

17

Threats Result from Maltego® Reliability of Maltego® as a Forensic ApplicationMislead

18

Outline

Introduction of Maltego®

Maltego® in Information Warfare

Threats caused by Maltego®

Accountability

19

AccountabilityGovernment and Organization Accountability• Need new regulations for collections of integrated personal information• Specify the usage of different part of personal information• Appeal to whole society to protect privacyIndividual Accountability• Be aware of innocuous information may lead to privacy disclosure• Pay attention to privacy settings of the app in your smart phone and PC• Form good use habit e.g. When leave the local wifi connection, click “forget this network”

20

References[1] Jeremy Kirk, (2014, March 11), “Who is tweeting from NSA’s parking lot?” Computer World, [Online], Available: http://www.computerworld.com/s/article/9232476/Who_is_tweeting_from_the_NSA_39_s_parking_lot[2] video-gillen-twitter-articleLarge.jpg, https://www.google.com/search?q=twitter&espv=2&es_sm=93&source=lnms&tbm=isch&sa=X&ei=mLlOU_2zHYq-sQS7poLgCQ&ved=0CAkQ_AUoAg&biw=1366&bih=600#facrc=_&imgdii=_&imgrc=pZeQN_7zq2lhOM%253A%3BUIvMeomJTRpZYM%3Bhttp%253A%252F%252Fgraphics8.nytimes.com%252Fimages%252F2013%252F10%252F28%252Fbusiness%252Fvideo-gillen-twitter%252Fvideo-gillen-twitter-articleLarge.jpg%3Bhttp%253A%252F%252Fwww.nytimes.com%252F2013%252F11%252F07%252Ftechnology%252Ftwitter-prices-ipo-at-26-a-share.html%3B600%3B338[3] Csitech, (2014, March 8), “Mapping Corporate infrastructure with open source data”, CSITECH, [Online], Available: http://www.csitech.co.uk/mapping-corporate-infrastructure-with-open-source-data/

21

Thank You!