What can I find out about an organisation from public information?

In a previous post I discussed America the Vulnerable by Joel Brenner which raises a point around the increasingly transparent world we live in and what this means for information security for governments and organisations. In this article I briefly mentioned that security of a system should not be dependent on the secrecy of its implementation or components. Just to provide a view of how much information you can obtain from public sources and how these can potentially be used compromise the confidentiality, integrity or availability of your systems; here’s a brief glimpse of what you can glean from essentially public information sources.

LinkedIn – provides a view of internal organisational structure technologies used by the organisation. This is a goldmine for phishers - http://en.wikipedia.org/wiki/Phishing and social engineering attacks.

CVs / Resumes – provides the same sort of information as LinkedIn, this may include information on potential weak points in an organisation’s infrastructure or use of legacy technology.

Job listings – listings will include information on the backend infrastructure and applications used by an organisation. If an organisation is looking for people with certain skills, experience they may be lacking skills or knowledge in that area. Microsoft Word or PDF documents containing role descriptions often contain metadata on the application version, author etc.

Code or other information on technical sites such as StackExchange – reveals information about internal systems and potential vulnerabilities

DNS Records – what systems are on the public Internet, who provides their email service, hosting, internet transit etc. For example, the looking at DNS and IP address information (using Robtex):

we can see that the site uses Qube’s managed services and furthermore given that site belongs to a UK based organisation the servers are located at Level3 data centre facility in Islington. DNS services are provided by ComLaude, emailsecurity from WebSence and they use Sender Policy Framework (SPF) to reduce spam.

Company Web Site – just viewing a web page or its source code of in a browser can tell you a lot about the technologies a organisation uses (which web framework they use, do they use a CDN...). Documents such as brochures (if the metadata has not been removed) can often provide information on the software packages used by the company.

Sites like Builtwith.com can tell you a lot about the technologies used by sites. As an aside, they also have an interesting trends section which provides statistics on technologies such as which are the most popular Ad Platforms, Ecommerce solutions, Web Servers, CDNs, Web Frameworks etc.


Popular Posts