--> Paterva Evolution - Impersonation Failure
29 August 2007

Paterva Evolution

I'm usually a little skeptical presentations about internet security. Not because it doesn't concern me but typically these talks revolve around not handing out your credit card details to strangers, avoiding lengthy email exchanges with foreigners who claim to be keeping millions for you and in general just the same common sense warnings your typical internet user gets bombarded with.

However Monday evening's 27Dinner, the first in Pretoria, was a completely different kettle of fish and very unlike the boring security talks we typically see. Below the short blurb cut from the 27Dinner site...

Roelof Temmingh - Attacking and Defending your privacy on today's internet.

Born in South Africa, Roelof studied at the University of Pretoria and completed his Electronic Engineering degree in 1995. His passion for computer security had by then caught up with him and manifested itself in various forms. He worked as developer, and later system architect at an information security engineering firm from 1995 to 2000. Early in 2000 he started the security assessment and consulting firm SensePost along with some of the leading thinkers in the field. During his time at SensePost he was the Technical Director in charge of the assessment team and later headed the Innovation Centre for the company. Roelof spoke at various international conferences such as Blackhat, Defcon, RSA, Ruxcon, Hack-in-the-box and FIRST (2003). He also contributed to books such as “Stealing the network: How to own a continent”, “Penetration Tester's Open Source Toolkit” and was one of the lead trainers in the “Hacking by Numbers” training course. Roelof also authored several well known security testing applications like Wikto, Crowbar, BiDiBLAH and Suru. At the start of 2007 Roelof founded Paterva in order to pursue R&D in his own capacity. Paterva will be a vehicle for exploring a new train of thought in the information security industry.

Instead of focusing on statistics and theory Roelof's talk used actual examples from the crowd visually represented in Evolution to demonstrate just how much information is available about someone on the internet. And unlike some of the people search engines like Spock etc the tool focused on a much much broader spectrum of information to build up a complete picture of what is available out there about you. The only information I found lacking was that it didn't pick up my favorite beer from coastr.com but I'm sure this was just an oversight in the current version.

There's been a lot of talk on the internet lately about social network portability and decentralized community owned social graphs generated from information publicly available about you. While we're all enjoying this openness and convenience that comes from being so socially inter-connected online there is also darker side to having all this information about you freely available. It makes social engineering and identity theft a whole lot simpler and the possibilities for this is very well illustrated with the Evolution tool.

In the example below starting with only my name, and limiting results to 5 per query, in a couple of minutes I was able to very quickly build up a visually where I work, my phone number, sites I'm involved with, email addresses and people I know and the connections (or transforms in Evolution) between all these entities. Someone interested in using this maliciously would very quickly be able to see that to get close to me, based on the 5 friends returned, their best bet would probably be to start with JP and work their way closer to me through him as that seems to be the strongest link in this small set.

Picture 2I think most people are aware of the fact that a lot of information about them is publicly available on the internet but seeing this graphed visually helps form a much better picture about what exactly is out there that someone can potentially use to get closer to or spoof you or your company's identity.

The tool is available as a free download from the Paterva site and I would really recommend anyone looking to understand their current exposure download it or have a look at the web version.

There's also a very interesting article "Social Engineer Social Networking Services: A LinkedIn Example" on O'Reilly that is well worth a read.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Comments

# brian said:

Interesting info :) - I suppose this is where having a common name (like mine) can be a great way to hide, especially when it's also shared by many popular people!  Searching for me revealed one relevant hit for FaceBook, and I had to know what I was looking for...  Will look into this further though :)

Wednesday, August 29, 2007 2:30 PM