Who is tweeting from the NSA's parking lot?

The open source intelligence platform Maltego shows the power of collating publicly available information

From Google Maps, the U.S. National Security Agency's parking lot has a larger footprint than the building itself. And for the high secrecy surrounding what goes on inside, there is plenty of information flowing just outside.

In a demonstration on Wednesday at the Breakpoint security conference, Roelof Temmingh, who founded the company Paterva, showed how his company's application, called Maltego, can scoop up scattered online clues, quickly providing an insightful picture of individuals or organizations.

What Maltego does is quickly and succinctly draws on public data sources to put together a graphical digital footprint. Temmingh and four people developed Maltego, a made-up name with no special meaning, from a converted 105-year-old barn in South Africa.

Before his demonstration, Temmingh stressed that all of the information collected by Maltego is from public sources.

"No controls were broken to get to the information that we got," he said. "This is the information that's out there on the net. We just kind of put it together in a nice way."

Maltego is highly efficient at quickly assembling digital crumbs and linking those pieces together, which would be tedious work otherwise. Temmingh used Maltego to search Twitter with coordinates for the vicinity of the NSA's parking lot. Twitter is capable of labeling messages with geo-location data, which then can be searched, although Twitter's geo-location API (application programming interface) isn't that accurate.

Maltego pulled up a web of scattered tweets in Maltego. He picked out one person. First, he said it is prudent to check if the Twitter messages from a particular person actually fit in context of them being in certain place. For the person he chose, it appeared the person lived or worked in the area.

Then Maltego combed social networking sites, checking sources such as Facebook, MySpace and LinkedIn. An identical photo linked the person's Facebook and MySpace page. From there, Maltego spotted more information. After a day of searching, Maltego discovered the person's email address, date of birth, travel history, employment and education history.

"This is about a day's worth of digging around," Temmingh said. "It's not weeks and weeks."

Other interesting information can come from EXIF (exchangeable image file) data, which is information often embedded in a photograph that can include timestamps and the make and model of the camera or mobile device used to take a photo. The photos can be pulled from social networking sites.

With all of that information, it would be easy for an attacker to target the person with a convincing email, asking the person to click on a link causing malicious software to be downloaded to their computer.

When used to analyze large organizations, Maltego makes it much easier to create detailed graphics of, for example, how a company's network is structured, the addresses of mail servers, IP address blocks and what providers support their internet connectivity. It shines a light on an organization's "attack surface," a term used describe the potential weaknesses in a network.

Interestingly, Temmingh has also pointed Maltego at North Korea. The country, which heavily restricts Internet access, has almost no Internet presence. Its attack surface is really small, resembling that of just one company.

The graphic of the country's networks in Maltego "fits on one page," Temmingh said. "There's nothing there to attack."

But the lesson isn't to withdraw from the Internet, which could invite other problems, such as impersonators. "You should choose what you expose really carefully. But you can't put nothing up there," Temmingh said.

Paterva is releasing a new version of its application, dubbed Maltego Radium, which allows people to run automated queries in a sequence. Maltego can perform some 150 kinds of queries, and the automation improves the speed at which information can be obtained and makes the application easier to use.

"We find that a lot of people find the entry point to Maltego really steep," he said.

Maltego's community edition is free to use. Paterva also has a commercial edition, which gets the latest updates immediately. The community edition gets the latest features about three months or so after they've gone in the commercial product.

The commercial edition costs $650 the first year, then $320 per year in subsequent years.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts