It doesn't take a large company to design popular security tools.
Such is the case for the popular network intelligence kit Maltego which was designed by a team of five operating out of a refurbished barn yard in South Africa
The company, without need of sales staff and vice presidents, crafted a tool to make social engineers salivate. It can map a huge number of network forms, be they social or computer-based.
 |
In a demonstration at the Breakpoint security conference in Melbourne yesterday, founder Roelof Temmingh used the tool to pull up a ream of personal details on a random US military official who, it revealed, had tweeted from the NSA's parking lot.
The process was entirely legal, and used nothing more than publicly-available information. It was both a demonstration of the power of the tool and the ease at which fraudsters could steal identities.
It correlated geographic metadata to physical locations – proving that for instance the official was in an area at a given time – crawled online directories and social networks.
At the end of the five minute investigation, the target's family details, favourite pastimes, make and model of the phone used, date of birth and phone and address numbers were revealed.
Temmingh however was a master of the program. Other users he said would experience a “steep” entry point into the program.
Among the pointers he offered to attending security pros was that scans of IT infrastructure should be included in any social network deep-dive.
“Don't knock infrastructure if you're looking at people, because they link together on things like Whois data,” Temmingh said.
Maltego, a phrase which has no definition in any language, could be used for constructing a visual analysis on any form of network.
Temmingh had even created a casefile to understand the character relationships in the HBO hit Game of Thrones.
The community edition for the latest version of Maltego, dubbed Radium, will be released in weeks. You can hear Temmingh describe how Radium strings together transforms on Risky.biz.
