Who is tweeting from the NSA's parking lot?
- — 17 October, 2012 06:19
From Google Maps, the U.S. National Security Agency's parking lot has a larger footprint than the building itself. And for the high secrecy surrounding what goes on inside, there is plenty of information flowing just outside.
In a demonstration on Wednesday at the Breakpoint security conference, Roelof Temmingh, who founded the company Paterva, showed how his company's application, called Maltego, can scoop up scattered online clues, quickly providing an insightful picture of individuals or organizations.
What Maltego does is quickly and succinctly draws on public data sources to put together a graphical digital footprint. Temmingh and four people developed Maltego, a made-up name with no special meaning, from a converted 105-year-old barn in South Africa.
Before his demonstration, Temmingh stressed that all of the information collected by Maltego is from public sources.
"No controls were broken to get to the information that we got," he said. "This is the information that's out there on the net. We just kind of put it together in a nice way."
Maltego is highly efficient at quickly assembling digital crumbs and linking those pieces together, which would be tedious work otherwise. Temmingh used Maltego to search Twitter with coordinates for the vicinity of the NSA's parking lot. Twitter is capable of labeling messages with geo-location data, which then can be searched, although Twitter's geo-location API (application programming interface) isn't that accurate.
Maltego pulled up a web of scattered tweets in Maltego. He picked out one person. First, he said it is prudent to check if the Twitter messages from a particular person actually fit in context of them being in certain place. For the person he chose, it appeared the person lived or worked in the area.
Then Maltego combed social networking sites, checking sources such as Facebook, MySpace and LinkedIn. An identical photo linked the person's Facebook and MySpace page. From there, Maltego spotted more information. After a day of searching, Maltego discovered the person's email address, date of birth, travel history, employment and education history.
"This is about a day's worth of digging around," Temmingh said. "It's not weeks and weeks."
Other interesting information can come from EXIF (exchangeable image file) data, which is information often embedded in a photograph that can include timestamps and the make and model of the camera or mobile device used to take a photo. The photos can be pulled from social networking sites.
With all of that information, it would be easy for an attacker to target the person with a convincing email, asking the person to click on a link causing malicious software to be downloaded to their computer.
When used to analyze large organizations, Maltego makes it much easier to create detailed graphics of, for example, how a company's network is structured, the addresses of mail servers, IP address blocks and what providers support their internet connectivity. It shines a light on an organization's "attack surface," a term used describe the potential weaknesses in a network.
Interestingly, Temmingh has also pointed Maltego at North Korea. The country, which heavily restricts Internet access, has almost no Internet presence. Its attack surface is really small, resembling that of just one company.
The graphic of the country's networks in Maltego "fits on one page," Temmingh said. "There's nothing there to attack."
But the lesson isn't to withdraw from the Internet, which could invite other problems, such as impersonators. "You should choose what you expose really carefully. But you can't put nothing up there," Temmingh said.
Paterva is releasing a new version of its application, dubbed Maltego Radium, which allows people to run automated queries in a sequence. Maltego can perform some 150 kinds of queries, and the automation improves the speed at which information can be obtained and makes the application easier to use.
"We find that a lot of people find the entry point to Maltego really steep," he said.
Maltego's community edition is free to use. Paterva also has a commercial edition, which gets the latest updates immediately. The community edition gets the latest features about three months or so after they've gone in the commercial product.
The commercial edition costs $650 the first year, then $320 per year in subsequent years.
Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk
Get exclusive access to CSO, invitation only events, reports & analysis. 
