All right, hold on.
Prez, can you hear me clearly in the back of the room?
What? No. What?
All right, I said Prez, can you hear me clearly in the back room?
I didn't ask for anybody else's feedback.
All right, y'all on this side, STFU.
You see what, who wants my job, please?
All right, so if you can, yes? No. Yes? No.
All right. Okay, whatever, fine.
All right, what I thought we would talk about here is something that Joe kind of jogged my memory on, is impact.
What? Am I in the way? So this way? Is that better? All right.
So, you know, when Joe was talking, he really kind of hit on something that made me think, is how do you make impact on people, right?
How do you show them the error of their ways and without calling them stupid, show them that what they're doing they may want to take a look at, right?
Because as geeks and hackers, we tend to think we're better and smarter than other people are, and we are.
It's true. But that doesn't work real well all the time, right?
It's like Grandma said, it's easier to catch flies with what? There you go.
So a real graphical way to show people the dangers of doing dumb stuff online is what I'm going to take you through.
I'm going to take you through how to figure out who people are, where they live, what they're doing, what they're talking about,
and every single bit of information about them solely using open source intelligence.
So we'll get into what exactly that is in just a second.
So who I am. I am Dave Marcus.
During the day I'm actually the Director of Security Research for McAfee Labs, and it does sound as cool as it is.
People ask me, people tell me all the time, Dave, I wish I had your job, I wish I was Dave Marcus.
I wish I was Dave Marcus. That's how cool this job is.
So by night I am a key holder of unallocated space as well, and our motto, if we had a motto, would be learn, teach, and party.
We're a bunch of drunken reprobates. Come stop by 512 Shaw Court sometime if you're up in Severn.
Now, you see who I work for, McAfee. That's the only disclosure I'm going to give you.
Notice how this doesn't have a McAfee brand or logo in it. I'm not tech support.
Don't care if you've got a configuration problem. Not really concerned if you can't update your DAX.
Sorry that all the malware didn't get detected. Not my problem today, because this is not a McAfee sponsored presentation.
And decode if you're out there, I'm the real Dave Marcus.
Alright, so. Yeah, and I love Four Loco.
There's a joke. Decode impersonated me at Defcon two years ago.
And he social engineered his way into the McAfee party by saying he was Dave Marcus.
And he got in. He had a go to the only person in McAfee that doesn't know me by sight and let him in.
Because, decode's one of the few people I can stand behind and you can't see me.
So clearly the person at the door just said some big guy is Dave Marcus and they'll just let any big guy in who says he's Dave Marcus.
Clearly let decode right in. But I'm the real Dave Marcus, bitch, okay?
You too, Peeve, if you're out there.
So let's cover a couple of things. We're going to talk about social engineering and OSINT.
Who knows what OSINT is? Open Source Intelligence.
The exact opposite of classified information.
Based on things people share about themselves. That's the key that I want to drive home here today.
Is everything I'm going to show you how to collect and put in action is based upon things people disclose publicly and voluntarily about themselves.
Remember that. Social engineering in our definition is just me getting you to do something.
It can mean a lot of different things. But essentially I want you to take an action.
That's it. You can use it in a lot of other ways but that's what it is for this presentation.
We'll talk about tools. And when I talk about tools I'm talking about using other people's websites.
I'm not talking about writing code to do things. That's another important thing here.
Is I want to be able to go to any computer and do this.
I want to be able to do this on your laptop, your laptop, your laptop, or your laptop.
No code required. What I'm going to walk you through is a mental process of how to use certain sites in a very, very different way.
And then we'll do some live demos and stuff because that's always the fun part.
So, social engineering. Again, it's just me getting you to do something.
In the malware world, and I work for a malware lab organization, it's clicking something.
If it's a social engineer attack or phishing, it's basically somebody clicking something.
So, when does it work? It works when the message resonates with you.
If it's a spam, it has to be something that means something. Otherwise, you don't click it or take an action.
Why is spam only a 1% solution? Because it's a generic message.
It's Viagra or something dopey like that. Or it's just a link or it's a sporting event.
It may not be relevant to you but it works when someone knows enough about you.
It doesn't work when the message is vague or it's to the wrong person or it's not about my interests.
You have a better chance of getting me to take an action that you want me to take by knowing something about me,
by tailoring it to my trends, the things I like, the things I don't like.
So, when we actually look at some of these sites, we don't care if people have problems with Muslims.
We don't care if they have problems with Jews. We don't care if they hate black people. We want to know it.
We want to know it so we can use it against them to take an action on them, right?
So, I don't particularly care what side of the Gaza conflict you find yourself on.
I want to know about it so I can use it in a message or an attack or to get you to take an action.
Make sense? Cool.
All right, can it be done with 100% success? Oh, you're damn right it can.
I'm going to show you some examples of mining data and how you can take action on the data that you mine.
You can do this against groups of people. You can do this to individual people, all right?
So, it has a lot of different applications, but at the end of the day, I'm showing you a mental process that I use when I use these websites.
Now, when you do this tonight against your friends, because you know you're going to do it tonight against your friends
and everybody in your neighborhood, you're going to mine their data and go,
dude, I didn't know you liked that porn site. And they're going to go, how did you know that?
Well, I'm going to show you how to figure out everything you want to know pretty much about anybody, all for free, all using open source intelligence.
That's where the fun begins. We're not popping databases. We're not escalating privilege.
We're not doing any of that stuff. We're using and mining the stuff people themselves post.
This is the Wikipedia definition of open source intelligence. It's a pretty decent definition, actually. Who cares?
The third, the actual second bullet is what we're concerned with, though.
Web-based communities, user-generated content, social networking sites, video sharing sites, Wikis, blogs, and folksonomies.
I didn't know what that was. I had to look up folksonomies. It means a site where folks go.
Folks. They talk about folks. It's clearly only white people go there, Joe.
Right? Because otherwise it would be called NBA-sonomies. Right? There you go.
So moving on. What do we want in a tool set? I'm using tool set in a very, very broad way.
So I need a way to mine data. So I need to go to a series of sites or be able to access data that shows me what people are currently talking about.
I don't give a crap what you were talking about five minutes ago. I certainly don't give a crap what you were talking about last week.
I need to know what you talked about in the last two seconds, five seconds or five minutes.
Next, I need a tool to deliver stuff. If you're going to mine people through Twitter, you're going to abuse them through Twitter. Right?
If you're going to mine them through Facebook, you'll probably abuse them through Facebook. But, you know, other rules apply.
We need tools to hide our true intentions. We'll talk a little bit about short earls.
I love earl shorteners. They're magical, aren't they?
You want to talk about a tool that by design is an obfuscating tool. Right?
Takes the long earl that's this big, makes it that's this big. And it's by design, it's an earl obfuscator. Right?
So we'll talk about how to abuse that because you can have a lot of fun with those.
We'll talk about tools that we need to create and do naughty things.
I will personally go on record and say you can buy tools. Right?
I think the ability to mine information about individuals is more valuable than technical coding capabilities.
You can download code, you can Google code, you can buy code from other people.
But if you know enough about your victim, it's done. You can have shitty attacks and crappy code.
If you know enough about your victim and your environment, you'll win the game.
So I think that's less important today. And then again, we want them for free.
We want to use other people's websites. We want to use the information people post there voluntarily about themselves.
All right. I'm the man who convinced Marcus to like Bing.
Bing is probably the best example. If I could only pick one site to show you the danger of sites that share information and mine other websites, it would be Bing.
Why? Twitter is an API. Right?
So when you tweet, that tweet goes out into the Twittosphere and it gets consumed by applications.
What this, what Bing does is Bing has a series of map utilities.
So it allows you to graphically map out anybody who's tweeting with GPS capability and put it on a map.
Rule number one, know where your victim lives. Right?
So not everybody winds up on Dave Marcus's Bing map. These people, who's got an iPhone in their hands?
All right. You know when you go use something, you ever get that message that says, do you want to allow this application to use your location?
You click OK, your ass is on my Bing map.
OK, that's allowing the application to publish your GPS capabilities.
OK, you could do a lot more with GPS capabilities, but Bing has got built in functionality to graph out tweets and now Foursquare.
So you can just pull up a map and zoom into the Herndon area and say, let me stream all the local Foursquare updates.
This one right here is from when I was up in Fort Meade a couple of weeks ago.
So, nothing. There's that big area that we shall not talk about up in Fort Meade.
And I was actually doing this presentation up in Fort Meade, ironically enough.
So you start zooming in on people, right? So you highlight Prada underscore.
And let me show you one of the things you'll start noticing.
I now know his platform and the application he's using.
Rule one has now just been broken.
I now know your platform and I know the application that you use.
And now I know your physical location.
What also is up there that you could see? I realize it's a little blurry.
There's a tag that says Army Life Love it.
So I can now take this information and start building up a profile.
This person happens to be in the Army. They were jogging the jogging path of Fort Meade.
That's beside the point. The point is, is now I have a name.
I have the beginnings of a profile of behavior.
I also have the beginnings of understanding the technology he uses
and the applications that he uses on his technology.
This happened to be the only tweet from this person, so I couldn't dig any deeper.
I found this next guy next.
And I found the words prayer and Starbucks in the same tweet.
And I thought that was interesting.
Because I like a latte just as much as an ex-guy does.
I don't feel the need to pray for it when I'm at Starbucks.
But I thought the tweet was interesting.
So I pulled it up and I see that this guy uses GoWalla.
I thought that was interesting, praying at Starbucks.
So all you have to do is click more from that person
and you start building out a map of more tweets from this person who has GPS capabilities turned on.
This person lives up in the New York area, commutes to Washington on a weekly basis.
If the box wasn't in the way, you'd see some other stops along the way.
That's the Amtrak route that he actually takes on a weekly basis.
And he tweeted the whole way.
So within a couple of clicks, I got to know that this person is actually a preacher.
I know where they live. I know where they preach. I know where they teach.
All based upon the information they themselves have shared out
that I have mine through Bing, which I can do from anywhere that I want.
So what's the possibility of me getting this person to do online
anything I want them to do by sending them a crafted message?
Pretty much 100%. Done. It's over.
Not only that, but I also know the operating system that I need to target
and the application that I need to target,
all without doing anything more than mining Bing for information.
Any questions yet? Make sense? Cool.
All right, so moving on. We all know what's been happening with the WikiLeaks thing lately, right?
Interesting, because you're getting lots of cool tags and lots of other cool Bing activity and stuff.
So I started poking around on Bing the other day, and I wasn't finding a whole lot of stuff.
I started looking at some tags and stuff, Operation Payback, and I found this one guy, Story Potter.
And by the way, almost without fail, when I do this live,
someone in this room is going to wind up on my Bing map.
And I don't do that to humiliate anybody, unless you're from unallocated space,
because you should know better by now, to turn off your GPS stuff.
Because then I'm just going to get raped in my presentation, and that's all there is to it.
And I mean that not in an invasive way.
So anyway, I started poking around, but I really wasn't finding a lot of stuff.
But I found this guy using Android, using Twitter for an Android,
in a huge conglomeration in an area.
If I was to mine through each and every one of those tweets,
I would get a very detailed profile of the things this person talks about over time.
This person talks a lot about shopping, talks a lot about online bargains,
talks a lot about some strange things.
But again, if I was to pump it out into a spreadsheet,
I would start developing a very detailed profile of this person's information.
Who understands the basis of counterintelligence?
This is how you turn somebody into an asset, right?
When they're talking about having problems with their wives,
when they're talking about having financial troubles,
you build up that profile of them, you turn them into an asset.
That's how you flip people, by knowing their weaknesses and knowing their strengths, right?
So I started searching around a little bit more.
This guy moves around a little bit.
You know, again, he's talking up a lot about the DDoS,
but I wasn't finding a lot of GPS information.
So I kicked over to another one of my favorite sites, which is Pickfog.
Who uses Pickfog? Who knows what Pickfog is?
Pickfog is magical. Who tweets and posts pictures in their tweets?
Every picture you have ever taken and tweeted is streamed to a site called Pickfog.
So again, there's something going on behind the scenes,
sharing information that most people don't know about.
Pickfog allows you to run searches on all posted pictures through Twitter
based upon usernames, tags, and trend information.
So I'll show you some screenshots in just a sec.
But I started digging into some people.
This person talks a lot of trash, talking about Wigly Leagues,
talking about the LOIC tool, things like that.
But again, I see a lot of movement in a certain area.
And this is all tweets just from this one person.
This isn't tweets from a group of people in that area.
This is tweets actually from five different geographical locations
right near Ronald Reagan Airport.
And yes, if you zoom in closer and you turn it to the actual live map view,
you'll see the building.
So depending upon the view you want to have,
you'll get exactly the physical location where they are tweeting from
when they tweeted it.
Magical, isn't it?
Oops, I skipped the slide.
So again, I wasn't having a whole lot of success.
There wasn't a lot of GPS data turned on.
And bear in mind, this map, the Bing map functionality needs GPS turned on.
So if you don't have GPS turned on, you don't wind up on the Bing map.
There's other websites that we can go to find you people who don't turn GPS functionality on.
We'll get to those in a minute.
So I went over to Pickfog.
Don't use Pickfog at work.
One thing about mining websites that people share information on,
people share information on nasty things.
People are disgusting.
If you go to Pickfog, stuff's going to fly through the screen
that you will never be able to drink out of your memory.
There isn't enough booze in the world to drink away some of the stuff
that you're going to see through Pickfog.
Remember that, okay?
Yeah.
It's like, you're full of crap, Marcus.
Let's see it up on the board, bitch.
Yeah, okay, we'll get there.
Huh? What?
Right, there you go.
You just wish.
I ran a search on Pickfog on the tag, I think I ran it on DDOS or LOIC.
I think I did it on LOIC.
And I got this.
I got Mr. Juan Fran Garcia, who took a screenshot of himself using the LOIC tool
whacking the Visa site.
Let me repeat that.
He took a screenshot of himself.
Juan, if you're listening.
What are you doing?
He took a screenshot of himself using the tool.
That hurt.
Dumbass.
Dumbass.
Well, I didn't have enough for a logo.
What do you got to do?
Fail.
Big time fail.
So he took a picture of himself DDOSing the Visa site and posted it on Twitter.
All right, that got my attention.
That got my attention.
Put on your law enforcement officer hat for a minute.
Run the same search if you're a law enforcement officer.
Think for a minute, right?
Think how to use open source technologies to do the same thing sick people like us do in our spare time because we have no lives.
All right?
This is an untapped source of intelligence, and it's based upon what they themselves are showing.
This interested me.
So we can do a lot of stuff with this information.
This is one thing that's great about pit bot is you get context.
You don't just get the picture.
You get the things that they tweeted about and anything that they tagged.
And I'll pull up the site live in just a minute.
But you see things like the tag, and you see a lot of Spanish.
You see the fact that he's using the Java LOIC client, right?
I could have guessed he used a Mac, but he gave us a screenshot of his freaking desktop.
So you can see everything that he's doing there.
So I started digging around.
I looked at his profile, and it took me over to his blog page.
And he is actually a DJ in Madrid.
So this guy actually lives in a little town outside Madrid.
And I know that because I looked at his Twitter profile.
And he lives in a little city called Aranjuez.
I apologize if I butchered that name.
But within another two screens, I actually had a zoomed-in photo of where his house is physically located.
All based upon the information that's in his profile and following a train of intelligence.
And I know exactly where this person lives, where their house is, and everything else.
My Spanish sucks, so I couldn't go very much farther with this particular person.
But it's very easy.
What?
Yeah, right?
Yeah, well, I could have used it.
Oh, there you go.
I never thought about that.
I never thought about that.
Here's the problem.
This is where it conflicts with my daytime job.
Because there's only so far I'll go before it gets creepy.
You know?
So there are certain terms you want to be really, really careful with.
You could do this to anybody.
Go on and probably some of you bastards are doing this right now as I'm talking.
As you're actually using Bing and stuff like that.
Just remember something.
You've got to have the Silverlight plugin.
Otherwise, it's not going to work.
You're not going to get all the cool mapping functionality.
But it's cool.
You'll be able to do whatever you want.
So let's talk a little bit broader.
Now, if I want to abuse a large group of people, Twitter is a real good way to abuse a large group of people.
Why?
Because they tell me what they're talking about.
They tell me what they're pissed off about.
They tell me what they like.
They tell me what they dislike.
That's what the magic of tagging gives us, right?
So this is Trendistic.
Trendistic is a website you would use if you were a marketer.
If you were a marketer, you would look at this site and go, this is the things people are talking about.
I want to inject myself in those conversations so I can use it to sell them something.
You would use it very much in a marketing way.
Well, we want to use it to get them to click something.
So those words you see on the right-hand side are what were trending highly at that particular point in time on Twitter.
If you were to mouse over any of those words, it tells you the percentage of tweets that contain that word.
That's pretty valuable.
How many people are on Twitter now?
Over 200 million, right?
Knowing 5% of them are talking about Wikileaks or OpenLeaks or Loic is very abusable.
You can insert yourself into that conversation or if you know how to write a sentence correctly,
you can use it against them to get them to click something.
I'll give you some examples in just a minute.
So hashtags.org is another one you can look at that actually tells you what's gaining power.
I like hashtags because you also get real good context.
This was a scan, excuse me, a query that I ran just after an Apple jailbreak came out.
So you get context, you get what they were talking about when they were talking about it.
So you get who they are, what their message was, who they were retweeting, all that kind of interesting information.
This is PickFog.
PickFog.com.
This genius in the upper left-hand corner is who I ended up focusing in on.
And again, you really don't want to use this website at work.
You'll find nasty stuff.
Also, don't use OpenBook at work.
OpenBook allows you to search people's Facebook profiles.
Don't use it at work because Facebook is such a hotbed of racial activity that it's ridiculous.
And OpenBook gives you the top group activities and word activity and stuff,
and you just don't want to use it at work.
Take my word for it.
So how many times has HR called you?
I've actually got the record for HR violations.
I stopped counting when it actually was the same as a deck of cards.
It was like 52 or something like that.
I don't know.
But I do this a lot.
I would never do this in my office environment.
I do it for my home office, which they can't monitor.
So I ran a search on the word jailbreak.
And that's what you see.
The blue box you see is a highlight of the box in the upper left-hand corner,
which I found interesting.
So I focused in on it.
And again, you start seeing the tags that become very interesting.
Jailbreak Pakistan, all that kind of stuff.
You see his actual capture of his screen.
He's a Pakistani jailbreaker.
This is where he lives because he has GPS functionality turned on.
I went then over to one of the best websites out there, search.twitter.com.
Go there.
Go there often.
It is magical and full of epicness.
You will love it because you get the conversation.
All right?
Now, the dude on the right who he's talking to, Suspect22 is the guy whose screenshot we had.
Whatever the other name is, is the person he was talking to.
His tweets are protected.
So I can't actually see the other side of the conversation with this guy.
But what I can do is I can highlight his username.
You see all those numbers?
That's his GPS coordinates.
So I don't know what he's talking about, but I know that motherfucker tweets from here.
So, again, solely using the information they themselves are providing.
If you don't want to wind up in one of my presentations, turn your GPS functionality off, my friends,
because I'm not using anything that the API doesn't publish and provide.
And I'm using Google and Bing and Twitter to do it.
No custom code was written to do any of this stuff.
So turn off the functionality if you're not using it.
Or if you know it's on, change your GPS coordinate strings,
because then you can mess with where people think you are.
I do that all the time.
So either poison your information and mess with people who are trying to do the same thing to you,
or turn the functionality off.
So you can do this to anybody.
Spend some time with Bing, spend some time with Google Maps, start seeing where people pop up.
You can actually start filtering Bing by user, by area, and by tag.
So you can really start zooming in on specific series of tags,
then jump over to the search function on Twitter,
and then actually pull up the entire conversations and stuff like that.
You all know that Twitter is archived, right, in the Library of Congress?
What does that mean?
There you go.
It's a public record and it's never going away.
So what you tweet may wind up on a job interview one day.
So be careful of stuff like that.
And again, it's not to dissuade you, it's just to say, look, this is all public sites.
I didn't write code to do this.
You could write code to query the APIs yourself, dump it into a spreadsheet.
Dump all the trend information of the top 50 Twitterers over the last 24 hours,
and give me all the shortened URLs that they've used.
That kind of stuff becomes very powerful to actually abuse people with
and push out them all away.
All right.
So how else do we want to use Twitter?
So Twitscoop is another one of my favorite websites because it gives you context.
If the site was live, you would see the words getting bigger, words getting smaller.
That's the power that the word has, more people using this word, less people using that word.
And you can actually see what they're talking about when they're talking about it.
It's a really good site.
Tiny Earl, best website on the Internet, next to Bing and Pickfog and stuff,
because it allows you to append the words you want into your Tiny Earl.
Now, let's go back to our trendistic example.
And I know the words that people are talking about, right?
So I'm not going to let Tiny Earl create my Earl for me.
I'm going to have a Tiny Earl that says,
tinyearl.com forward slash BP oil exec commits suicide.
Now, if this is at the time when BP oil is all over the news and people are really freaking pissed,
I'm going to get mad click through, okay?
And I actually did that as a test when BP oil was going on.
Who knows what an ICAR file is?
All right, what does an ICAR file do?
It's a fake signature.
Yeah, it shows that your engine is working.
It actually gives you an alert.
It pops up onto your screen.
It looks like a virus detection, but it's not.
It's actually an engine confirmation.
So I actually made a fake link out of that, and I changed the insertion point.
It made it look like a video file.
And I sent it out inside of a tweet that says,
BP oil executive commits suicide in front of White House lawn.
All of those words were trending highly at the same time.
And that sentence used 40% of the Twittersphere's word tags at that time.
In about five minutes, I got 15,000 clicks.
If I was seeding a botnet, I own you.
But there's a lot of people who just got a lot of pop-up warnings.
You know, it's harmless.
It's not a virus that I'm sending them.
It's an ICAR test file.
You know, so it scares the crap out of you and stuff like that,
but it could have been anything.
And it's real easy to do.
So if I was really doing this and I was a real bad guy,
that's what I would have sent them.
I would have sent them Twitter bots.
Because if I already know you're using Twitter, because I do,
because I'm using the Twitter words and your handle against you,
I'm going to send you a Twitter bot.
Who understands the basics of bot command and control, right?
Central command. We all know that, right?
All right, you take down the central command.
It has to go find another commander, right?
Can't do that with Twitter.
All right, Twitter bots use the channel of Twitter to communicate with.
So when you input the username of the Twitter handle you want to monitor,
the bot simply monitors Twitter.com for that username.
You are never in your life going to content filter that.
Ever. Not going to happen.
Because a content filter is not going to know the difference between DDoS,
space, IP address, good or bad, right?
DDoS can mean a whole lot of things in the Twitter screen.
So you're not going to be able to effectively content stream that out with a content filter.
So this type of bot is dangerous as hell.
And again, if you're going to abuse people through Twitter, you'll be abusing them with Twitter bots.
It's a really slick piece of code and that's the builder, my friends.
It's literally as easy as insert username and hit build. Done.
Even you could code that bot.
On Gintu.
On Gintu. Oh, that's harsh.
In my bot.
Oh, the...
So more trending. This is actually a shot.
Remember the on mouseover issue from Twitter like a month back?
This is an interesting instance because not only was the worm spreading through Twitter itself,
but all the malware, all the bad links, trended highly at the same time.
So it actually replicated itself.
Because if you mouse over any one of those, it took you back to the Twitter site,
which started the infection all over again.
So it was amazing.
But think about the words that were trending highly at the same time.
So on Twitter, you have a...
The issue was in the code of the Twitter page. That's beside the point.
But all the words are trending highly, virus, on mouseover, on Twitter, hack, background.
So think about that sentence for a minute.
And think about what you can produce based upon the fact the entire Twittersphere is talking about that
and embed a tiny link that's got malware inside of it.
Because you know the entire Twittersphere is already talking about this issue.
All you have to do is use the same words that are already trending
and turn it right back into the conversation.
It works every single time.
I only started looking at Foursquare just recently,
because I disabled my account,
because I started really questioning my own geolocative use
after I started doing this research, quite frankly,
because they closed a couple of vulnerabilities
that you could manipulate your GPS location information into in Foursquare.
So this allows you, again, to go from a very broad map to a very specific map.
You know, you could see who's the mayor of what, like who cares, right?
We don't care that they're the mayor.
I care who they are and where they live.
And when you start digging into the information,
you start getting all the comments and things like that
of where they are and what they're doing.
So again, you could do the same thing through Foursquare,
and then it's just taking action on the information.
You can run searches, specific ones.
Anytime you click any one of these things,
you're going to be taken directly to their Twitter user page.
So again, if you want to find out how many people go to this Starbucks
versus how many people go to that other Starbucks
because you want to drop a rogue access point, that'll do it.
So map out all the Starbucks in the area
and see who's got more users going there.
That's when you drop your one at the rogue access point
at the one that's got more activity than the other one does.
So we're just using their information in a very evil way.
What?
Look at what their operating system is, and based on that,
you know which experts you're going against.
If you want to. If you want to.
It could be used in a lot of ways, but that's fair.
You actually managed to accidentally say something useful.
I'm sorry.
That's amazing. That's amazing.
That's just amazing. That's just amazing.
Ladies and gentlemen, exile. I give you exile.
So have some fun with this one too.
You can specifically map out coordinates of individual users.
I haven't found a way yet to merge the two
to get a map that gives me the Bing user
and correlate it to the actual four square user.
That's the next step. I'm kind of going away from that
because that's going to take some code, and that kind of goes away
from the purpose of how I want to do it
because I don't want to necessarily use code to do that.
I mean, I think it would be easy to do.
To actually cross their Twitter handle with their Facebook ID,
with their four square account, and actually map it out that way
because it gets a little bit more interesting.
But I leave that to people who know how to code,
and I don't know how to code.
So I started looking at four-wear,
which is actually one that unifies them all together.
So this gives you Gowalla, Yelp, and four-square information
if you're in a particular area.
This is when we were driving to B-sides,
and this is some of the activity in the Delaware area.
This guy was publishing the fact that he had a party going on at his house
called my house, and that there were 14 people there at his party,
and that the party was going on great.
Boy, good information if I want to go rip off cars.
You know, that kind of stuff.
So it's just taking the information they give me
and using it in a very different way than they intended it to be.
Here's another site. I just started looking at this one too.
This one kind of puts four-square Gowalla, Bright Kite, and Twitter together.
This is very business-centric, so you get the number of check-ins
and things like that. That's very useful, again,
if you want to do it from a different perspective.
So not going after an individual, but if you want to own a particular business
because there's more people than at the corresponding business across the street,
this one is real good for that.
What site is that?
I forget.
That's a good question. Which site is it?
I don't have the actual banner on there.
It's from site.com. I don't know.
I'll pull it out. Ping me later.
It's in the notes of the actual presentation.
So let's see what we got here.
I pulled up Bing and let it build out while we were talking here.
This is Pick Fog, and this is just a search on the word DojoCon.
All right? So...
For local.
Far right, Dave.
Yeah, I know. I see it. You bastards.
I'm just never going to live that down, am I?
What'd I miss?
A bad memory.
So anyway, these are things that are tagged from the word for DojoCon.
So again, you mouse over any one of those, you get the user that posted it.
This is from the lockpicking village outside setting up the projector.
This one is the keynote.
This one is...
Brian, where are you?
This one is something that you took, probably just because he knew I was going to put it up on the screen,
because he knew I was going to look through there.
Here's Deviant.
Needed a new Schlage secure key open.
Folks couldn't pick or bump, but the Red Team tactics prevailed. Go Red Team.
Dr. Tran.
All right, Pelican Cases. I don't know where that's going.
That just sounds dirty, doesn't it? Pelican Cases.
And then, of course, don't worry, DojoCon. I bought the party for the for loco.
So again, if you want to... Give me a tag.
Let's just do LOIC just for the sake of it, although it's not really a great one.
Oh, here's that guy's screen.
It's still there.
Right?
Oh, this is a different shot.
Oh, okay.
So this is a different one. This is some dude in Russia, if you actually look at the tagging.
So again, you see where I'm going with this, right?
If I was an LEO or if I wanted to find out where people are doing things, you know,
and you know the tag structure, this gives you your places to start looking for interesting information.
That's a different guy. Angry Birds.
That ain't right. That ain't right.
So you get stuff like that.
I don't recommend using the tag WickedLeaks, and I'll show you why.
Just because it's so active.
And this thing will continue to stream and stream and stream and stream and stream.
So again, you know, you want to start doing stuff like this.
Oh, King Abdullah on the cover of the weak, sold WickedLeaks, right?
You know, so here, now I know who it is.
I know a couple of tags, and if I want to pursue that person individually,
this person has probably got GPS turned on, and I can probably map her or him out.
So again, you know, depending upon what you want to search for,
or you could remove all the tags and simply let it just stream individually.
That's kind of where it gets nasty, by the way.
So if you just turn on the live flow, there you go.
So this is just people who are just posting pictures, but here's the danger.
Most people don't realize that the things they post in through Twitter are going into Pic5.
All right, so just remember that. Yep.
All right, so here is the Bing map of our local area, Dulles Toll Road.
You see you get your pictures and stuff like that.
This is 23 hours ago. Oh, I've got to update it. Hold on.
So you want to start digging into any of these people.
I'm twice.
Any of the ones that have the plus have got more tweets behind it.
So you can start seeing what they're talking about.
Again, you see Twitter for the iPhone.
Akira needs to move away from that Mach 3 turbo-style grill on the front end of their car,
start building up a basic profile.
If I want to start zooming in on that person, all I have to do is hit that individual.
Oh, there you go. What does that tell you?
Went somewhere. Went to Indianapolis.
That's possibly Route 66. Is that? What do I know?
And hey, this isn't QA.
I don't need you all to point out my mistakes.
I have him there for that.
Okay, so I think there are so many. So I think you get the point, right?
So another couple of bookmarks and just ping me later and I'll send you my full deck and all the bookmarks that I currently use.
There are probably a dozen or so of any one particular site that I use.
Some of the other good ones are TwitterMap.us.
This is good because this allows you to map everybody in the Twittersphere, not just people who've got on GPS.
It goes by their profile and stuff. So you can enter all kinds of information into this.
If you sign into a lot of these with your Twitter account or Facebook account, it gives you more functionality.
But if you're going to do that, create a fake account that's got no information.
Because I would never log into any one of these sites with my credential information.
And I don't recommend anybody else does.
Let that one build out and then I'll bring up OpenBook.
So you could give it another way too. If you want to find out where someone is.
Zoom in and see what their Twitter handle is.
Absolutely. Easy to do. You could start broad, you can zoom in.
Oh, this actually didn't build out anything.
All right. Upper right hand corner. Can you see that quote from Mark Zuckerberg?
They trust me. Dumb fucks.
Kind of tells you everything. OpenBook will allow you to search people's unprotected profiles.
So people who don't lock their profiles down correctly, they'll get indexed through OpenBook.org.
So you can do an awful lot of cool stuff here.
An example I can give you is this. There is an operation called Terminal Fury.
The existence of Terminal Fury is known. All right.
I took part in that at a certain level.
And one of the questions I asked when we were there taking part of this,
how much of this information is available through social networking?
And they said, well, there's none of this information on the web or on social networking.
It's like, want to bet? Bet? Want to bet? Who wouldn't bet?
So I went to this site, typed in the word Terminal Fury,
and I got 20 profiles that were talking about it, when it started, when it ended,
when their husband left for the day, when they got back.
All that kind of stuff becomes very interesting and makes you a person of interest
if you know how to search it correctly.
By the way, it's all been removed. I thought that was pretty cool.
Somebody called somebody after I ran that search and said, what are you doing?
Remove that.
This is how you figure out troop movements, by the way, through posts like that,
if you know how to sift the data.
Yes.
Troop movement data is a person.
So it's supposed to be, but you know, when someone posts something with GPS data,
you know, from the only road in and out of a certain part of a country,
and says, well, we're leaving this day, and then the next group is coming in that day.
Doesn't take a genius, right?
That's the magic of this type of information.
So here you get a build out of words that are mentioning Dojo Khan.
There can't be this many people talking about Dojo Khan. No offense, Marcus.
But there can't be this many people.
It indexes things funny sometimes, but anyway, you get my point.
I think I'm running low on time. How am I doing, Marcus? Am I over?
Okay, cool.
Huh? Shut up.
Let's see if I've got any other sites that are of interest.
But like I said, do some searches on the word ASINT when you get a chance,
and spend some time, oh, Mash Map, that's what that other site was,
and also Check In Mania, which gives you all kinds of check in information as well.
Again, if you're going to use a lot of these sites, create fake handles,
because it's just safer for all parties concerned.
I would never log into any one of these sites with my actual credential information.
I have a Hacking Exposed account that I use when we do demos and stuff like that,
that I'll log in with.
But it's got fake information and fake GPS data and all that kind of stuff.
So this is one of the other sites that gives you all kinds of other check in information.
You can have a lot of fun there.
What else?
And no, I'm not sending you my bookmarks.
No, you don't.
Sure.
You're not capturing the radiation off of my screen.
You guys, the slides are being recorded, right?
Yeah, I know.
I don't care.
It doesn't have the actual URL.
It's just the final.
So, Twitscoop is a cool one because it gives you this.
It gives you a timeline of when people were talking about stuff on Twitter.
That's remarkably helpful because you don't want to use old tags.
I want to use the stuff that people are talking about now,
so it actually gives you timeline information,
and then it gives you the cloud snapshot.
The bigger the word is, the more people are talking about it.
Those become the artifacts of your sentence that you actually create as a lure.
So if you start looking at some of the words,
these aren't real good ones for forming any good sentences, but okay.
Oh, here you go.
Diana and Christina in a burlesque, in a sweet burlesque duet.
There you go.
I clicked that.
I know you did.
And the point is to send them something they'll click based upon words
people are already talking about, right?
So it becomes very, very easy to do this.
What's another good site that I'll leave you with here?
There we go.
The wayback machine is always cool.
This is a good site that I don't – this is a good site.
This is Bushaka, which actually indexes all the other websites.
So it's actually a handy place to actually start
because you can actually look across every single social networking site.
So this one is kind of handy.
So you can actually – let's say you just want to start at news
for just some strange reason, right?
It's giving you who's talking about what and then break it down
by group and stuff like that.
So if you want to focus in on the words people are using for something
or if you want to target people who are watching Fox News instead of CNN,
you see what they're talking about on CNN and stuff like that,
and then you send it out to the group and stuff like that.
So again, it's just based upon using their information against them.
And again, I'll give you guys my full link set if you want it later.
It's no problem.
I don't mind. I'm a great guy.
Oh, here you go.
My last example.
This is why it's easy to send people malware.
Let's look at that and then let's look at trendistic,
and we'll take some words that are currently trending high,
and we'll make a sentence out of it or something like that.
What's trendistic?
What?
All right.
So X Factor, Cher, Christina, Rihanna, X Factor, Rebecca, One Direction, Madoff.
Oh, Madoff's son was just found dead.
That's a good one.
Not found dead.
Not found dead.
So he wasn't found dead after he committed suicide?
No, no, no. He's alive.
He's dying.
I'll be here all day.
Try the real decode.
So again, think about using these words, right?
X Factor, Bernie Madoff.
So something that looks like this would probably work really well.
Watch this video of the autopsy of Bernie Madoff's son,
or watch the video from the apartment that Madoff's son killed himself.
Things like that become very easy to use.
But here's where the fun begins.
All right, tiny or all?
Dropbox.
Let's go into our Dropbox folder.
All right.
So we've got malware here, right?
These are ones I've used in the past.
BP Oil, Executive One, a fake soccer video in Israel.
This one I found actually on Twitter.
Israeli attack on a vessel, pullreport.exe.
That was actually a nasty piece of malware.
And if you actually ran a search on Arab Israel exe
when the Gaza incident was happening, it was trending really high.
That's where I found that executable.
And it's actually a piece of malware that's disguised as a video report
of the actual supposed shooting and stuff like that.
So you take any one of these.
So you click it, huh?
That's all right. I'm on a Mac. I didn't mean to click it.
Now, if I had clicked this one, that would have been a problem
because this is actually Mac malware on the right-hand side.
I thought I could have.
No, I don't think so.
Yeah, it's all on my machine.
All the Mac malware is on Marcus's machine.
This is a fake QuickTime update, actually.
It's a DNS fake.
It just updates your DNS. It's just a DNS trojan.
It doesn't really do a whole lot except change your DNS settings.
Oops, sorry.
So you do this.
You copy public link.
Go over here.
Post it in.
Right there.
So what was trending high?
We had Re-Op. No, we had Bernie Madoff's son, right?
Madoff, son, suicide, after he was found dead.
He killed himself again.
Right, he killed himself again.
Now, watch.
Pay attention here. It's magical.
If it works, I'd be stunned if it doesn't.
Come on.
You guys are great.
You laugh in all the right places.
You whistle in all the right places.
You guys rock.
I don't know why my connection is dropping here.
Let's try it again.
Maybe it's your antivirus.
No, not on my Mac.
But that brings up a good point, though, because when it makes the URL,
which has taken a really long time to make the URL,
a lot of stuff fails because this is a known piece of malware
I'm uploading to a well-trafficked website,
and it's going to give me a tiny URL back to the website that I just referred it to.
So an awful lot of things failed for that to actually happen,
especially the creation of tiny URLs.
Let's go to Bitly.
Really?
Clearly I did not.
Oh, it's the connection.
Marcus?
I wasn't looking at you.
I didn't make the mistake of looking at the first black guy in my field.
Come on, now.
All right, you get the point.
It's not creating me an URL or going to the website for some strange reason,
but you get the idea.
One cool thing about twittermap.us,
there's a pull-down menu that allows you to go to different geographies,
so you can do the same thing in Germany or the same thing in the EU
or wherever you are, but it also gives you connections.
So it gives you their follower account.
It gives you where they are, it gives you their home.
It gives you an awful lot of other connection information about who's in their network.
It stops streaming also, so it's, I don't know why it's not updating.
But you get the point.
Any questions I can answer?
Oh.
Sir?
Have you started going after companies?
Like, you go after an academy, you find out what employees you're working on.
No.
Oh, it's fun.
No.
Again, that's where my daytime job doesn't, that's where I make a separation.
And also, I don't start with a particular purpose whenever I do this.
I just pick words that people are already talking about,
so I don't go looking for a specific reason,
so I don't go down that route for those kinds of reasons.
Just because, again, I have a day job,
and that kind of stuff makes me feel a little dirty and creepy.
So it's possible to do.
If you have control of the network, it's even easier to do.
If people go through a problem, there's lots of other fun things to do,
but I haven't gone down that route, and I shall not be.
Good question, though.
Any others?
Five, four, three, two, one.
No? Cool. I'll be around all day.
Thanks for listening.
Applause