Social Media and Cybersecurity: You Are Already Owned · •Personal preference is LinkedIn...

Social Media and Cybersecurity:

You Are Already Owned

Objective

2

To Freak You Out!!

…and more specifically to understand why

you should be concerned about cybersecurity,

and to understand what specific steps you can

follow to better protect yourself online.

What is possible to capture in 1 hour?

3

Info on You

Name, Job, Age, Phone numbers, Email addresses, Vehicles, Address, Social

media profiles, Loved ones, Your church

Info on Your Family Members

Names, Photos, Jobs, Ages, Interests, Sport schedules

Info on Your Neighbors

Names, Addresses

Info on Your Coworkers

Everything we need to exploit your coworkers: Names, Phone numbers,

Email addresses, Social media profiles

Breaches That Exposed You

Info on who spilled your beans, when, and how

What can a hacker get with one email address with an

hours worth of time…

+13 More Pages

What does it mean?

5

• You are not invisible

• Rampant connectedness has made it where one

email address can be enough to unearth an

details of an entire life

• Your information is out there!

You need to be aware of your online

presence.

How did we get it?

6

SkrappStarting

Point

Full

Contact.io

New Car

Loans +

Background

Check

Social

Media

Maps +

HousingHuntr.io Digging

Email

Address

vin.place

Neighbor

Info

Jamie Miller

President / CEO

256-829-8859 (Office)

202-390-8919 (Mobile)

jmiller@missionmultiplier.com

201 Eastside Sq., Ste. #2

Huntsville, AL 35801

Starting Point

7

Meet/Target

Someone

• You can start anywhere…

• You just need one piece of information

• Personal preference is LinkedIn

Business Card

(000) 333-1111

Phone Number Email Address

name@workplace.com

How did we get it?

8

Skrapp

Email

Address

• Quick option if need to capture an email address from a LinkedIn Profile

https://www.linkedin.com/in/jamiemiller7/

How did we get it?

9

Full

Contact.io

• Ability to access all public info on Facebook, LinkedIn, Twitter…80+ social

networks…you can get up to 250 searches for free

https://dashboard.fullcontact.com/try

How did we get it?

10

Social

Media

• Anyone can observe you on social media…Do not comment!

You all knew I was going to be at this event!

How did we get it?

11

New Car

Loans +vin.place

• Ability to use python scripts to data dump raw HTML and search by state (or

other fields) to populate a sortable list

• http://vin.place/

How did we get it?

12

Huntr.io

• Provides a view into list of potential colleagues

email information that can be used for phishing

attacks

https://hunter.io/search

How did we get it?

13

Background

Check

• Ability to use combination of name and city information to run background check

• Anywhere from $2 to $25

https://www.instantcheckmate.com

How did we get it?

14

• Sites like Nuwber.com allow you find your neighbors names, addresses, and

phone numbers

Neighbor

Info https://nuwber.com/

How did we get it?

15

Maps +

Housing

• Sites like Zillow.com provide comprehensive information on: property values, # of

bathrooms, school zones, and even pictures of the interior of your house

Validation ofHigh-value target

https://www.zillow.com/

How did we get it?

16

Digging

• The 8 tools that we’ve shown are free, and the barrier to entry for targeting

hacking is zero!

• The more time an adversary has, the more information they can collect about you

• There are countless other free sites that hackers can use to get even more intel:

• https://hackertarget.com/ -- Provides free hosted hacking tools

• www.ViewDNSInfo.com – Can find geographic location of servers, etc.

Why you should be scared

17

• In the wrong hands, this information is more than enough to

steal money and cause significant and last damage

• A near complete profile of you can result from:

• One Email Address

• One Hacker

• One Hour

• Imagine what we could find with a little more time (and no

moral compass)

• Your position can put a target on your back and the backs of

your family

Your personal information is out there!

What you can do about it

18

• Eliminate as much public record of yourself as possible

• Make social media profiles private

• Watch what information you post to friends on social

media,

• Names, times, locations and events should be always

transmitted in private

• Close and delete unused accounts

• Unnecessary internet footprint allows for the

correlation of historical data

• Check

• Disassociate any information that could have been

leaked from any of your currently used accounts

https://haveibeenpwned.com/

The People Who Did It

19

• Headquartered in Huntsville, AL

• Founded in 2014

• HUBZone certified small business

• Provides full spectrum of holistic IT and Cybersecurity Solutions to

government and commercial clients

• Assessment

• Governance

• Engineering

• Operations

• Change Management

Our Vision

To multiply the success that our clients achieve against their respective

missions, while simultaneously enabling the missions of our employees – with

the end result of enriching and securing the communities we serve.

Mission Multiplier

2017 Small Business of the

Year Award Nominee

• RMF & DFARS Compliance

• HIPPA Compliance

• Pen Testing

• ISSO-as-a-Service

How to Contact Us

10

For more information about Mission Multiplier, please visit us at:

www.missionmultiplier.com

Jamie Miller

President / CEO

256-829-8859 (Office)202-390-8919 (Mobile)

jmiller@missionmultiplier.com

201 Eastside Sq., Ste. #2Huntsville, AL 35801