Embed Size (px)
Citation preview
Social Media and Cybersecurity:
You Are Already Owned
Objective
2
To Freak You Out!!
…and more specifically to understand why
you should be concerned about cybersecurity,
and to understand what specific steps you can
follow to better protect yourself online.
What is possible to capture in 1 hour?
3
Info on You
Name, Job, Age, Phone numbers, Email addresses, Vehicles, Address, Social
media profiles, Loved ones, Your church
Info on Your Family Members
Names, Photos, Jobs, Ages, Interests, Sport schedules
Info on Your Neighbors
Names, Addresses
Info on Your Coworkers
Everything we need to exploit your coworkers: Names, Phone numbers,
Email addresses, Social media profiles
Breaches That Exposed You
Info on who spilled your beans, when, and how
What can a hacker get with one email address with an
hours worth of time…
+13 More Pages
What does it mean?
5
• You are not invisible
• Rampant connectedness has made it where one
email address can be enough to unearth an
details of an entire life
• Your information is out there!
You need to be aware of your online
presence.
How did we get it?
6
SkrappStarting
Point
Full
Contact.io
New Car
Loans +
Background
Check
Social
Media
Maps +
HousingHuntr.io Digging
Address
vin.place
Neighbor
Info
Jamie Miller
President / CEO
256-829-8859 (Office)
202-390-8919 (Mobile)
201 Eastside Sq., Ste. #2
Huntsville, AL 35801
Starting Point
7
Meet/Target
Someone
• You can start anywhere…
• You just need one piece of information
• Personal preference is LinkedIn
Business Card
(000) 333-1111
Phone Number Email Address
How did we get it?
8
Skrapp
Address
• Quick option if need to capture an email address from a LinkedIn Profile
https://www.linkedin.com/in/jamiemiller7/
How did we get it?
9
Full
Contact.io
• Ability to access all public info on Facebook, LinkedIn, Twitter…80+ social
networks…you can get up to 250 searches for free
https://dashboard.fullcontact.com/try
How did we get it?
10
Social
Media
• Anyone can observe you on social media…Do not comment!
You all knew I was going to be at this event!
How did we get it?
11
New Car
Loans +vin.place
• Ability to use python scripts to data dump raw HTML and search by state (or
other fields) to populate a sortable list
• http://vin.place/
How did we get it?
12
Huntr.io
• Provides a view into list of potential colleagues
email information that can be used for phishing
attacks
https://hunter.io/search
How did we get it?
13
Background
Check
• Ability to use combination of name and city information to run background check
• Anywhere from $2 to $25
https://www.instantcheckmate.com
How did we get it?
14
• Sites like Nuwber.com allow you find your neighbors names, addresses, and
phone numbers
Neighbor
Info https://nuwber.com/
How did we get it?
15
Maps +
Housing
• Sites like Zillow.com provide comprehensive information on: property values, # of
bathrooms, school zones, and even pictures of the interior of your house
Validation ofHigh-value target
https://www.zillow.com/
How did we get it?
16
Digging
• The 8 tools that we’ve shown are free, and the barrier to entry for targeting
hacking is zero!
• The more time an adversary has, the more information they can collect about you
• There are countless other free sites that hackers can use to get even more intel:
• https://hackertarget.com/ -- Provides free hosted hacking tools
• www.ViewDNSInfo.com – Can find geographic location of servers, etc.
Why you should be scared
17
• In the wrong hands, this information is more than enough to
steal money and cause significant and last damage
• A near complete profile of you can result from:
• One Email Address
• One Hacker
• One Hour
• Imagine what we could find with a little more time (and no
moral compass)
• Your position can put a target on your back and the backs of
your family
Your personal information is out there!
What you can do about it
18
• Eliminate as much public record of yourself as possible
• Make social media profiles private
• Watch what information you post to friends on social
media,
• Names, times, locations and events should be always
transmitted in private
• Close and delete unused accounts
• Unnecessary internet footprint allows for the
correlation of historical data
• Check
• Disassociate any information that could have been
leaked from any of your currently used accounts
https://haveibeenpwned.com/
The People Who Did It
19
• Headquartered in Huntsville, AL
• Founded in 2014
• HUBZone certified small business
• Provides full spectrum of holistic IT and Cybersecurity Solutions to
government and commercial clients
• Assessment
• Governance
• Engineering
• Operations
• Change Management
Our Vision
To multiply the success that our clients achieve against their respective
missions, while simultaneously enabling the missions of our employees – with
the end result of enriching and securing the communities we serve.
Mission Multiplier
2017 Small Business of the
Year Award Nominee
• RMF & DFARS Compliance
• HIPPA Compliance
• Pen Testing
• ISSO-as-a-Service
How to Contact Us
10
For more information about Mission Multiplier, please visit us at:
www.missionmultiplier.com
Jamie Miller
President / CEO
256-829-8859 (Office)202-390-8919 (Mobile)
201 Eastside Sq., Ste. #2Huntsville, AL 35801
