Cybercriminals are using Offensive Intelligence

Cybercriminals are using Offensive Intelligence

As everybody has already perceived, LinkedIn, as any other social network, is also being used for malicious purposes.

The last weird invitation I have received from a certain Anke Ortega has this profile picture:

 

Fake_LinkedIn_Profile_Picture_Anke_Ortega

Fig. 1 .- Fake_LinkedIn_Profile_Picture_Anke_Ortega

I am not used to this kind of invitations in the physical world. I mean, a person from a location (Berlin) in which I do not have any relative, friend or business relationship. Besides, the profile is almost empty.

 

LinkedIn is a place where everybody wants to show skills, success and potential. In this case, this logistics professional seems to be a bit different from the rest of us (LinkedIn users).

 

The purpose of this post seems as simple as showing you a couple of tools that we can use to research before accepting contacts just because of a nice picture. However, the purpose is different, but let us keep on with the tools subject for the moment.

 

First, we can use www.tineye.com and upload the image. In this case, without success, as shown in the following image.

 

0 Results in TinEye for the Uploaded Image

Fig. 2.- 0 Results in TinEye for the Uploaded Image

 

The next option is Google Images, that also allows us to upload images to perform a reverse search. Let us see the result:

 

Google Images Results for the Uploaded Image

Fig. 3.- Google Images Results for the Uploaded Image

 

It seems that the uploaded picture is related to Karolina Debczynska, according to Google, so we click on that name, discovering that our picture is included in the catalogue of results offered by Google.

 

 

Pictures Related to Karolina Debczynska According to Google

Fig. 4.- Pictures Related to Karolina Debczynska According to Google

 

Just clicking on the image, we enter the ask.fm site where the same picture appears. Take a look at the next figure.

 

Karolina Debczynska Profile in ask.fm

Karolina Debczynska Profile in ask.fm

 

Then, after 5 minutes of basic research, we can conclude that accepting Anke Ortega as a LinkedIn contact could not be a good idea. Remember that a lot of information is included in your LinkedIn profile, such as an email and sometimes even a mobile phone.

 

C-Level professionals are a highly valuable target for cybercriminals. This simple example shows how easy we can be cheated in a digital environment where everyday is more frequent to establish social relationships without physical contact.

 

Beware of unusual patterns. What does not happen in the physical world is a good indicator to increase the alert level (beauty girls trying to contact you on a frequent basis). Beware!

 

Well. All that warnings are useless. Most of people directly accept contact request from LinkedIn. That is great for RedTeamers, since it eases our work when planning an intrusion. However, if you are a security professional, you have to pay attention. Intelligence is a product elaborated to be used in the long term. Security professionals grow and spend time in different companies (all of them included in the LinkedIn profile). Security professionals have direct access to very sensitive and critical information. Today you can just being preparing an entry level security certification, but tomorrow you can be leading a multinational’s security department. Beware Mr Security Professional. As RedTeamers we are going to exploit any information at our reach, as cybercriminals are and will be doing.

 

In subsequent posts, we will show how to use information to obtain offensive intelligence useful to conceive a successful social engineering attack. Stay tuned, but in the meanwhile take a look at some extra resources to research images:

 

Images Open Source Intelligence

More OSINT resources in Michael Bazzell’s Website

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *