PKI Book

When developing MET back in 2005, I stumbled upon a very useful technique for discovering e-mail address of individuals who work for a company of interest. The technique is based on querying PKI databases such as pgp.mit.edu. All you have to do is to type the company domain and those users who have used PGP or other type of privacy software will show up. Pretty neat!

A PKI (public key infrastructure) enables users of a basically insecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Primode

Here is an example which shows a bunch of Google employees: http://pgp.mit.edu:11371/pks/lookup?search=google.com&op=index.

This method is quite accurate and also gives you a lot more then initially expected. Sometimes, users link the same key to more then one e-mail address. If you play a bit more with the service, you will find how easy it is to trace someone’s background without even touching sites such as LinkedIn. Just by having a look at all email accounts that are assigned for each individual key and you will be able to obtain information about the university this person has attended, their current personal e-mail account, where they work, where they used to work, etc.

So I decided to give this idea a spin. I though, why not link these e-mail addresses to social networking profiles and see what we are going to end up with. Moreover, just for the sake of experimentation, I decided to use JavaScript. However, due to the fact that JavaScript cannot make requests outside of its origin, I needed to use services such as Yahoo Pipes and Dapper. The result is delivered as JSON so we are still in JavaScript land.

Why on earth we need this? Well, from the attacker’s prospective they have to do this in order to get an idea about the target. Very often the attacker will sneak through the backdoor, as we like to call it (i.e. they will exploit unaware employee and as such gain access to his/her company network). On the other hand, companies are interested to know what their employees are after. Linking the corporate e-mail account to some social networking website is not a good idea at all, especially when we are talking about MySpace.

So, give this experimental tool a try and see what you can find. If you find it any useful drop us a line.

Comments

pdp responds:

google.com is quite interesting in particular.

pdp responds:

wow, someone from HSBC has MySpace account…

ntp responds:

just use jigsaw

pdp responds:

well, you can use MET or Paterva for that matter but it is not like you are doing it via JavaScript, all dynamic and based on-line. Moreover, I don’t know why but Paterva didn’t perform very well on this task. In fact, it didn’t find anything. I don’t know why. On the other hand, this tool is very simple and it gets straight to the point. And because it is written in JavaScript, it shows that AJAX worms can perform these types of data manipulation and information gathering attacks. Scary, uh?

chucky responds:

thats some interesting stuff, I’m gonna play around with it

s4mustdi3 responds:

this is nice….

GNUCITIZEN

Navigation

Comments

Respond

The Others

External Projects

Recent Posts

Random Posts

From The Cutting-edge Network