Bowers Google Hacking Comp Intel 2008 - Usenix

Google HackingMaking CompetitiveIntelligence Work for YouCopyright 2008 Security Constructs, LLCAll rights ReservedTom BowersPresident Philadelphia InfraGardManaging Director, Security Constructs, LLC

Competitive Intelligence1.2.3.4.What is it?How is it done?Is it legal?How do we prevent it?Copyright 2008 Security Constructs, LLCAll rights Reserved

AskingQuestionsBasics– Who– What– When– Why– Where– HowCopyright 2008 Security Constructs, LLCAll rights Reserved“Godiva Chocolatier Inc”– What business is it in?– How big is it?– Where are theylocated?– Is it publicly traded?– What are the annualsales and growth?– Pending legal issues?– Who are the decisionmakers?

RefiningtheSearch1. Use “intitle” versus “inurl” (looking fordirt)2. Scour news sites and newsgroups3. Check financial filings4. Check security analyst reports5. Use Google Groups and BlogsCopyright 2008 Security Constructs, LLCAll rights Reserved

Google ToolsGoogle Answers (retired)answers.google.comGoogle Scholarscholar.google.comGoogle Earthearth.google.comGoogle Patent Searchwww.google.com/patentsGoogle Blog Searchblogsearch.google.comGoogle Alertswww.google.com/alertsGoogle Mapsmaps.google.comCopyright 2008 Security Constructs, LLCAll rights Reserved

Google OptionsCopyright 2008 Security Constructs, LLCAll rights Reserved

Google MapsCopyright 2008 Security Constructs, LLCAll rights Reserved

Google Maps – SatelliteCopyright 2008 Security Constructs, LLCAll rights Reserved

Google Maps – SatelliteCopyright 2008 Security Constructs, LLCAll rights Reserved

Google Earth – 3D Satellite3 Levels:FreePlus - 20Pro - 400Copyright 2008 Security Constructs, LLCAll rights Reserved

Google Maps - Intel1. Auto traffic1.2.Manufacturing schedulesProduction cycles2. Parking lot analysis – personnel1.2.3.4.Executives – dedicated parkingDepartment Heads – early arrivalsSecurity arrangementsPlant expansionCopyright 2008 Security Constructs, LLCAll rights Reserved

Looking InsideView Operationally:Type of EquipmentOS used / vulnerabilitiesPersonnel trafficBusiness OperationsCopyright 2008 Security Constructs, LLCAll rights Reserved

Google AlertsConstant Information Leakage Monitoring(counter-intelligence)Note thatsomesearchterms are“explicit”andothersare not.Copyright 2008 Security Constructs, LLCAll rights Reserved

Additional Google Related Tools Open Directory Projectdmoz.org ResearchBuzzwww.researchbuzz.org TouchGraph mlCopyright 2008 Security Constructs, LLCAll rights Reserved

Open Directory ProjectCopyright 2008 Security Constructs, LLCAll rights Reserved

ResearchBuzzCopyright 2008 Security Constructs, LLCAll rights Reserved

TouchGraphCopyright 2008 Security Constructs, LLCAll rights Reserved

Document GrindingUsername password emailFiletype:xlsNotice that this isa spreadsheetWith the searchterms highlightedCopyright 2008 Security Constructs, LLCAll rights Reserved

Metadata analysisUsing Metadata AssistantAuthorCreation dates Hidden HyperlinksAdditional points of data leakageCopyright 2008 Security Constructs, LLCAll rights Reserved

Counter CompetitiveIntelligence1. Conduct CI on yourself – your competitors are1. Build a competitive profile2. Who are the movers and shakers3. Lines of business .2. What type of information is leaking and from where?3. Can a business process be modified?4. Active disinformation? (running equipment at odd times )5. Will a new policy help? (business or security)6. Can I leverage existing security technologies?7. Are there new technologies?Copyright 2008 Security Constructs, LLCAll rights Reserved

Case Study1. Los Alamos and Oak Ridge Spear Phishing attack1. Visitor database only2. 12 different attackers, 7 emails to 1000's of employees3. Which scientist visited, how often and what is their expertise.4. Allows us to build a competitive profile of the type of research being done at thesefacilities and by extension what type of research these facilities are capable of.2. What about your business?1. Whaling Attack – phishing your executives2. Specific companies3. Specific groups within a company1. Who are the movers and shakers2. Email addressing schema (look and feel)3. Who do these people normally talk to4. Detailed contact information5. Similar to Executive Recruiters todayCopyright 2008 Security Constructs, LLCAll rights Reserved

What Can I Learn?Copyright 2008 Security Constructs, LLCAll rights Reserved

InterpretationCopyright 2008 Security Constructs, LLCAll rights Reserved

Flexible uresContractsVendor selectionAuditingActive ProtectionsPassive ProtectionsCopyright 2008 Security Constructs, LLCAll rights Reserved

Johnny.ihackstuff.comGoogle Hacking for Penetration TestersJohnny LongBuilding Research Tools with Google for DummiesHarold DavisCopyright 2008 Security Constructs, LLCAll rights Reserved

Conclusions If its on Google its probably public information Google has many tools built in Many tools are built on Google APIs Always start with "the question.”Then refine, research, refine. Don't forget the documents themselves Build a profile, use it to improve your securityCopyright 2008 Security Constructs, LLCAll rights Reserved

ht 2008 Security Constructs, LLCAll rights Reserved

Google Hacking Making Competitive Intelligence Work for You Google Hacking Making CompetitiveMaking Competitive Intelligence Work for YouIntelligence Work for You Tom Bowers President Philadelp