E-Book
E-Book, Englisch, 258 Seiten
Shimonski Cyber Reconnaissance, Surveillance and Defense
1. Auflage 2014
ISBN: 978-0-12-801468-4
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 258 Seiten
ISBN: 978-0-12-801468-4
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
At a time when online surveillance and cybercrime techniques are widespread, and are being used by governments, corporations, and individuals, Cyber Reconnaissance, Surveillance and Defense gives you a practical resource that explains how these activities are being carried out and shows how to defend against them. Expert author Rob Shimonski shows you how to carry out advanced IT surveillance and reconnaissance, describes when and how these techniques are used, and provides a full legal background for each threat. To help you understand how to defend against these attacks, this book describes many new and leading-edge surveillance, information-gathering, and personal exploitation threats taking place today, including Web cam breaches, home privacy systems, physical and logical tracking, phone tracking, picture metadata, physical device tracking and geo-location, social media security, identity theft, social engineering, sniffing, and more. - Understand how IT surveillance and reconnaissance techniques are being used to track and monitor activities of individuals and organizations - Find out about the legal basis of these attacks and threats - what is legal and what is not - and how to defend against any type of surveillance - Learn how to thwart monitoring and surveillance threats with practical tools and techniques - Real-world examples teach using key concepts from cases in the news around the world
Robert Shimonski is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his role at Northwell Health, Rob is a decision maker and strategy planner for information systems operations and technology services. In his current role, Rob is responsible for bringing operational support into the future with the help of new technologies such as cloud and Artificial Intelligence. He is a best-selling author and editor with over 15 years' experience developing, producing, and distributing print media in the form of books, magazines, and periodicals. Rob's professional experience includes work for CompTIA, Entrepreneur Magazine, Microsoft, McGraw-Hill Education, Cisco, the US National Security Agency, and Digidesign. Rob has a diverse background in the publishing, including roles such as author, co-author, technical editor, copy editor, and developmental editor. Since print media shifted to the digital domain, Rob has focused the past decade on developing the needed skills to produce professional audio and video media. His research interests are focused on innovation and developing new solutions to create efficiency and bringing forth better outcomes through technology solutions. Rob has a master's degree in IT Management and a master's degree in Industrial Psychology. He is author of Cyber Reconnaissance, Surveillance and Defense, Introduction to Microsoft Certification and Study Skills, and MCSA Windows Server 2003 Upgrade to Server 2008 Technology Specialist Exam Prep from Syngress/Elsevier.
Robert Shimonski is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his role at Northwell Health, Rob is a decision maker and strategy planner for information systems operations and technology services. In his current role, Rob is responsible for bringing operational support into the future with the help of new technologies such as cloud and Artificial Intelligence. He is a best-selling author and editor with over 15 years' experience developing, producing, and distributing print media in the form of books, magazines, and periodicals. Rob's professional experience includes work for CompTIA, Entrepreneur Magazine, Microsoft, McGraw-Hill Education, Cisco, the US National Security Agency, and Digidesign. Rob has a diverse background in the publishing, including roles such as author, co-author, technical editor, copy editor, and developmental editor. Since print media shifted to the digital domain, Rob has focused the past decade on developing the needed skills to produce professional audio and video media. His research interests are focused on innovation and developing new solutions to create efficiency and bringing forth better outcomes through technology solutions. Rob has a master's degree in IT Management and a master's degree in Industrial Psychology. He is author of Cyber Reconnaissance, Surveillance and Defense, Introduction to Microsoft Certification and Study Skills, and MCSA Windows Server 2003 Upgrade to Server 2008 Technology Specialist Exam Prep from Syngress/Elsevier.
Shimonski
Cyber Reconnaissance, Surveillance and Defense jetzt bestellen!
Autoren/Hrsg.
Weitere Infos & Material
Chapter 2
Information Gathering
Abstract
In this chapter, we learn about why information gathering physically and logically is so relevant to spying, reconnaissance, and surveillance. Why a majority of spying is easily conducted over the public Internet. We discuss social media topics, National Security Agency topics (Snowden), how to conduct information gathering using simply found tools, and how to start spying on a user, group, or entity. We also discuss how to mitigate and the legal and ethical concerns that are raised.
Keywords
Backtrack
Wiretapping
Facebook
Digital Footprint
Social Media
Information Gathering
Mitigate
Identity Theft
Infiltration
Invasion of Privacy
Packet Analysis
Internet
Twitter
Wireless Networking
Maltego
Information gathering
When conducting digital surveillance and reconnaissance, one of the priorities of these tasks is to gather information on a target or a group of targets. No simple task, however, within the digital world, it makes it much easier to do and it can be done from afar. If you know how to cover your tracks, it can also be done privately without concern of being discovered. Prior to using technology, to gather information you would need to physically be on location and hope to not be seen or get caught. As technology became more available, it could then be tapped to reveal information about targets. For example, a phone could be “bugged” with a device to listen to a conversation and recorded. This technique was used to leverage the weaknesses in the old publically switched telephone network that operated with analog technology. Now, with the progress made in the digital realm, you can be at a computer terminal or on your mobile device anywhere in the world, connect to the public Internet, and gather a large amount of information on a variety of targets within minutes all while remaining undetected. This chapter covers many of the methods in which this can be done.
Why is this so important? For one, to be able to attack, you need to find vectors in which you can breech your target. The old analog phone example is a good one to understand the increasing attack vector. Now with digital technology, your telephone conversation can be stored digital within a private branch exchange device, locally to the phone or captured in transmission. Applications can be placed on the receiver device to capture or listen to the conversation. There are more points in the transmission to capture data and more locations in which it is stored.
Now that you are aware of the fact that information can be gathered and it can be quickly and easily acquired, we should consider all of the points in which it can be collected. As well, is all information gathering malicious? Once you understand the attack vector, you can consider if your information is truly private and you can learn to protect yourself and mitigate attack.
Am I Being Spied On?
The first question to ask is, “am I being spied on?” This is a question that just invites paranoia into the minds of many. However, it is a good question to ask because by doing so, it makes you think about protecting yourself, your data, and your interests. It also gets you to consider your digital footprint, that is, where you leave your mark in the digital world. For example, sending a simple e-mail from work to another recipient. Consider that the recipient is also at work. If you are concerned about your information being private, you do not need to look any further than your organizations security policy and specifically on e-mail usage and retention. The fact is, if your policy states that the data you send and receive is by default owned by the organization when using their systems, then the answer is no. Your communications are not private. Now, let’s consider that you are under investigation by Human Resources for a workplace matter. If an issue, complaint, or security violation is suspected, your e-mail can be reviewed by appropriate parties. Something as harmless as showing interest in co-workers and asking them out for a drink could easily turn into a sexual harassment case.
Now let’s consider if you send a private communication from your personal e-mail account to another recipient. Is your communication truly private? The answer is no. Quite simply, if you’re under investigation, your data can be subpoenaed by the judge for forensic review within the court. The Internet Service Provider (ISP) who holds your e-mail account would need to comply.
Another consideration is what if I wasn’t at work and I wasn’t involved in a legal case? Is my transmission private? It could be, however, according to data released on the National Security Agency, data transmissions are captured and filtered. This simple example of an e-mail transmission continues on if you consider that your device could be stolen. You could be hacked or it’s possible someone or something has tampered with your system and collecting your data.
The answer to the question, “Am I being spied on?” is not easily provided. The answer could be your data is never truly private and could be collected at any time for just about any reason, legally or maliciously. If maliciously, you may or may not know your privacy is being violated. Attackers wish to remain anonymous, so they usually conduct surveillance activities with the intentions of remaining anonymous and/or going undetected. Also, governments collecting information on their citizens generally do not want to advertise such activity.
How Private Is Your Life?
As we learned in Chapter 1, everything you do within the digital domain can potentially be stored to include video footage of you going to a local store, when you use your mobile phone and it connects to a cell tower, when you access your favorite social media site, or if you log in to your bank to pay a bill.
In Figure 2.1, we provide an extremely high-level view of the digital landscape and all of the points within it that data is or can be stored. Every one of these points can also be used for information gathering.
Figure 2.1 Information gathering points.
In this example, we see digital devices such as a laptop or a phone accessing a network to use a resource. These resources can include going to a website to purchase goods, to send an e-mail, to upload a file, or to text with a friend. Every transmission from source to destination leaves residual evidence of the transaction in logs if configured. Data and transmissions are time stamped and a digital forensics expert can uncover a complete map of activity.
As seen in the figure, you can use any device to connect through any network to any resource and your activity can be captured. Marketing firms work very hard to conduct tracking activities to know how to track your buying habits in an effort to show you only the items you may be interested in or have an impulse to buy. This does not necessarily mean that someone or an entity is spying on you in a way that seems to imply that you are in danger; however, it does open your mind to the fact that your habits are tracked and if this data was to get into the wrong hands, could be used against you. For example, within social media sites such as Facebook, by simply “liking” a post, it is added to Facebook internal databases and if what you like is something that may be deemed offensive to some, could impact your privacy since it can be freely searched by others.
This is where surveillance activities can also tie in. If someone was looking to gather information about you in hopes to conduct an attack such as identity theft or password cracking of your protected data, understanding what you like gives attackers a foothold on being able to conduct these types of attacks.
Another problem with data stored on systems is that it could come back to haunt you. For example, if 10 years ago you were involved in criminal behavior but have had your charges expunged, it will not matter when that data is found by prospective job search recruiters looking for viable candidates for an open position. This is a simple example of the many ways that data can be mined in hopes to conduct an attack.
Hacker Site Hacked
In 2014, the EC-Council website (http://www.eccouncil.org) was defaced to not only embarrass the organization itself but also in hopes to bring light to the fact that Edward Snowden was involved with them. Edward Snowden applied for the Certified Ethical Hacker credential and by doing so sent e-mails to EC-Council with personal information within it in hopes to bring notice to Ed’s activities. Within that defacement activity, the hacker(s) posted private e-mails and even a snapshot of Edward Snowden’s passport as seen in Figure 2.2.
Figure 2.2 Edward Snowden’s passport.
Edward Snowden likely did not think that by sending his personal information to a reputable organization would ever wind up publically distributed; however, it did. Therefore, it’s safe to say that because of Ed’s worldwide fame, he increased his likelihood of becoming a target of information gathering and because its proven that most,...
Bitte ändern Sie das Passwort
