'Spear-Phishing' Peddlers Urge Importance of Online Privacy

As hundreds of thousands of children write their letters to Santa this holiday season, Infopackets.com weighs in on two possible phish-friendly tools that would top the wish list of any hacker.

These particular tools of interest are able to scour the Internet and collect snippets of personal information from people via social networking sites and other public sources. The end result is a detailed profile with information voluntarily provided.

Hackers May Look To "Bigger Picture"

Rather than target certain people, hackers could use this stolen information as part of a bigger "spear-phishing" scam to infect other individuals and enterprises with malware.

The companies who sell these applications are on a crusade to spread warnings about protecting one's privacy to all Internet users. Core Security Technologies Inc., with its Exomind application, and Paterva, with its Maltego product are now available for download.

Exomind, Paterva and Maltego

Exomind is designed to find, combine and correlate information on individuals and groups of individuals from across multiple social networking sites. Maltego, on the other hand, is described as an open source intelligence and forensics application that can import and correlate data from almost any available public source. These sources can include social networks, search engines and PGP (Pretty Good Privacy) key databases. (Source: computerworld.com)

In addition to finding connections between people via social networking, both Exomind and Maltego can dig up links between domains, DNS names, IP addresses and even documents and files stored over the Internet.

Exomind was not created with the intent of appealing to online evildoers. Rather, its original purpose was to understand the negative impact of social networking on privacy.

While many people offer up pertinent information about themselves on social networking sites, the biggest fear for security officials is that these same people, in their position as employees of high-profiled corporations, will just as readily divulge private information concerning the companies they work for.

Social Network Behaviors Tell Story

Even if the person does not offer classified information directly, their social networking behaviors can still tell a bigger story. For example, new social relationships between employees of rival companies could signal an impending partnership between enterprises. (Source: infoworld.com)

While this is of course a bit of a stretch, raising public awareness is always the most crucial step in the prevention of phishing campaigns and other forms of malware.