Gathering Open Source Intelligence Anonymously Ntrepid Corporation. All rights reserved. PROPRIETARY

Size: px

Start display at page:

Lesley Preston
6 years ago
Views:

1 Gathering Open Source Intelligence Anonymously

2 Background Founded Anonymizer in 1995 Creating Solutions Since 1992 Known for Consumer Privacy Service Major Corporate and Government Customers 2

3 Exposed Field of Operations 3

4 The Real World is Anonymous 4

5 A Search History is Forever 5

6 6

7 The Threats Profiling Blocking Cloaking e-identity discovery Hostile environments Malware 7

8 Profiling Cyber counterintelligence Focus of interest Activities Plans 8

9 Search & Ads 9

10 Blocking Unprotected IP 10

11 Cloaking American IP 11

12 Cloaking Middle Eastern IP 12

13 Pricing through the standard IP on hotels.com is $91 less expensive than the pricing through the Geo Distribution IP Standard IP: $179 (EU 139) Geographic Distribution IP: $270 (EU 211) 13

14 e-identity Discovery Extended duration High visibility Google background 14

15 Hostile Environments Traffic analysis Forensics (capture of physical hardware) 15

16 Facebook Hijack Anyone at an open Wi-Fi can read all of your unencrypted traffic Attacker can intercept personal information Attacker can capture and use: Username Password Authentication cookies 16

17 Malware Exposed Internet activities leave internal networks vulnerable to compromise 17

18 How do they know? 18

19 What is an IP address? Your computerʼs street address on the Internet 19

20 WHOIS Name: Address: City: State: Postal Code: Country: Reg Date: Updated: Net Range: Org Tech Name: Org Tech Phone: Org Tech DRUG ENFORCEMENT ADMIN-DJDEA 800 K STREET #500 WASHINGTON DC US Network Operations Center noc@atlantech.net 20

21 Published IP Addresses 21

22 Exposed IP Addresses Total IP addresses worldwide: Over 4 billion IP addresses tracked on monitored lists: Over 2.5 billion 59% of all IPs are published Source: Blocklist Manager 22

23 Geolocation Based on: Fargo, ND IP address GPS Cell Towers Wi-Fi Behavior 23

24 Illegal Anonymity is Easy Buy access with stolen credit card Use stolen access account Bot Net Malware/Phishing 24

25 Non-Attribution is Not Enough Overt Attribution Zero Attribution 25 Blend In

26 Philosophical Approach Look like them Act like them Leave no unintended patterns Isolate research network from analysis Consider how you look at your end as well as to targets 26

27 Non-Attribution Looking Like Nobody In Particular Usually geographically specific No particular identity Minimize patterns Techniques Random identities Long recurrence Wipe history 27

28 High Volume Non-Attribution Hiding the Spotlight Automated search or harvesting generates massive traffic Detectable even if non-attributed Key metric Hits per target per source per day Techniques Many sources Rate limited Human-like click patterns 28

29 Misattribution Working in Alias Communications are trackable to a specific entity Long lifetime aliases require special treatment Born yesterday problem 29

30 Location Non-Attribution Second biggest targeting factor (after identity) Must look like a local When in Rome... Technical and human blending Which social networking site? Which chat rooms? 30

31 HTTP Metadata System capable of changing: Country or region of origin Language Character set Operating system Browser type and version 31

32 Isolate Your Activity From Your Network Customer Network Virtual Computer for Online Research Internet User s Computer with Sensitive Information on Internal Network No Information, No Access to Internal Network Fire Wall 32

33 Best Practices to Protect Yourself 1. Think before you type. Your brain is your best security tool. 7. Do not conduct any personal business on operational computers. 2. Use a different address for every website and for each activity. 8. Work in a virtualized environment, and revert to a baseline image frequently. 3. Use unique usernames and passwords for every site and for each activity. 9. Never keep sensitive or work information on the machine (or Virtual Machine Image) used for Internet operations/investigations. 4. Clear private data and history from your browsers after every session. 10. Make sure your Internet activities can never be traced back to you or your organization. 5. Use and maintain firewall and anti-malware tools. 6. When engaged in Web harvesting, use a large number of source IP addresses. 33

34 Thank You Lance Cottrell CTO, Ntrepid Exhibit Booth #209 34

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging