The proliferation of social network services has produced an extensive leakage of private information. Information related to individuals and organizations can empower attackers in executing client-side attacks (e.g., targeted phishing), network attacks or web-application attacks. Therefore, professional security audits (e.g., penetration tests) must take this into account. Moreover, social network infiltration or engineering can be applied to social-network computer systems in order to break into an organization or group of individuals, and therefore asses the effective security of the latter. This is known in the information security community as open-source intelligence.

This project uncovers some open-source intelligence methods and a tool-set prototype, which we call Exomind, for crawling, indexing, analyzing and interacting with social networks. The main focus of the Exomind project is to create a state-of-the-art attack tool that extensively covers the social networks vector.

Multiple social-network crawling

This is a method for crawling several social networks and combining the harvested information in order to detect aliases, multiple email addresses, etc (e.g., by deducing which information relates to the same individual). Hence, this can be used for phishing in client-side penetration tests.

Social network reconstruction using search-engine distance measures

This is a method that receives a list of individuals and a social network and computes an estimate for the link structure of the social network they belong to, while at the same time solving problems that might arise from repeated names and ambiguous information. The method will use calls to a search engine or any other pre-defined weight to do the cleaning. This method might be applied, for example, to infer which relationships to trust or are more easily exploitable by social engineering.

Subnetwork replication attacks

Using data avaiable from a certain social network Exomind can build custom profiles and relate them to replicate a real user and his contacts. This can be used to lure people, who know the user from another social network or from real life, into trusting the fake profile built by Exomind. The fake subnetwork can then be leveraged into a channel to deliver targeted spear-phishing attacks. This feature can be used by pentesters or security researchers to asses the risk imposed by social networks to an organization or individual who uses them as a communication medium.

Social-network infiltration

This is a method that allows identity theft and impersonation. Our method profiles individuals using the previously mentioned methods plus search engines and a thesaurus to this end. Once the user has gained access to a communication channel this method can be used to deploy a chat bot that will impersonate the target individual and interact with its relationships. In a penetration test, this method can be used to exploit trust, send malicious content through this channel, and compromise new systems in the organization.

Related information