The information security company, Trustwave, has released an open source tool called Social Mapper that can track individuals across different social media sites using facial recognition technology. Previously, this sort of amalgamating had to be done manually.
The automated process means connecting people across sites will be faster. “Performing intelligence gathering online is a time-consuming process,” Trustwave explained in a post this morning. “What if it could be automated and done on a mass scale with hundreds or thousands of individuals?”
SocialMapper will help penetration testers and red teamers
Social Mapper doesn’t require its users to have the API (Application Programming Interface) of the site which has hindered other search programs before. However lacking the API access means Social Mapper, at least in its present form, is quite slow.
It works by performing automated manual searches, then scans the first 20 or so results for a match. This method means to search a target list of 1,000 people could take more than 15 hours.
Search is slow but still more efficient
To overcome this, Trustwave suggests putting the search on overnight on a machine with high-quality internet access. SocialMapper supports all the major social media platform including LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.
Once the search is completed a spreadsheet is generated that displays the confirmed accounts for each name. This list can then be used for targeted phishing attacks or intelligence gathering.
Trustwave suggests it could also be used to “view target photos looking for employee access card badges and familiarise yourself with building interiors.”
While Trustwave seems to push an ethical agenda, they say they envisage the software to be used by testers looking for vulnerabilities that can be fixed, the software is available free on GitHub without restriction.
Tool available with minimal restriction causes some concerns
Trustwave says the tool is crucial to assist the cybersecurity industry as it struggles to function efficiently through talent shortages and ‘rapidly evolving adversaries’. The company claims the tool will help testers use their time frames in the most efficient manner possible.
As being online become more and more fraught with the possibility of attack or information theft, tools like these can help good hackers strengthen systems and processes. However, they can easily be used by bad guys too.
Be safe with your information every time you are online and proceed with caution when you are asked to reconfirm your password, no matter how legitimate it may look.