Blog_Header.jpg

IntSights' Blog

Digital Footprints and Breadcrumbs: What They Are and How Hackers Exploit Them

by Ariel Ainhoren / July 24, 2018

A lot has been said about the term “Digital Footprint”. The term relates to all of the digital bread crumbs left by an individual or a company across the public web. Have you ever uploaded a resume to a site? Posted your birthday photos to Facebook? Published an article? Built a new website? Added a new DevOps serverEach of these actions amounts to your “Digital Footprint”.

For companies, the task of monitoring and tracking their digital footprint becomes even more burdensome. Moreover, a company is the sum of its employees, and each worker has his or her own digital footprint. Using these digital breadcrumbs and connecting the dots between all of these publicly available details can significantly widen the attack surface of a company. Here is how hackers use publicly available employee data to illegally access company systems.

What Are Digital Breadcrumbs?

The number of online public digital actions per person over the years can reach into the millions. And, depending on the individual’s age, these digital actions could have been performed years ago, when cyber security awareness was virtually non-existent. Consider the following information:

  • 45% of people disclose their birthday on social media
  • 29% share their phone number online
  • 20% share their home address
  • 14% mention their mother’s maiden name
  • 7% post their Social Security number (!)

Each of these details on their own pose some security risk, but combining information on an individual, like their birthday, mother’s maiden name or middle name, home address (current or past), and cross-referencing this data with numerous apps and services that offer individuals’ public data on the Internet allows you to create a very accurate profile for that person. This profile, combined with Dark Web resources, helps a hacker impersonate the individual and obtain their identity.

For example, knowing a person’s middle name, birth year, and place of birth will be enough to locate and buy their SSN number on the Dark web. This hacker can now access corporate systems and divisions that request a SSN number for identification.

Social-Security-Numbers-for-SaleSocial Security Numbers for Sale on the Dark Web

Managing Corporate Digital Footprints

Just like individuals should be mindful of managing their digital footprints, companies need processes and tools in place to manage theirs. A big company has numerous web outlets, social media accounts, servers, IP ranges, ASN’s, databases, repositories, cloud storage servers and other Internet-facing assets. And these are just the resources that the security and/or IT department typically know about.

There are usually many more assets that the company doesn’t know about, like ad-hoc sites and services, temporary QA environments (which too often stay permanent), and all types of Internet-facing services, which likely were set up by former employees, but are now forgotten.

Like we said earlier, a company is the sum of its employees. Even though some people may try to separate their personal and professional “digital lives”, all of this information contributes to their digital footprint, and therefore can be leveraged as an attack vector against the company. It’s easy to think that someone will target the CEO of a company, but sometimes it’s easier to target the CEO’s personal assistant.

Consider the Following Scenario

A hacker uses LinkedIn to identify a company’s developers. Further research on these developers reveals their company email addresses (through SEO tools, or even through an open source article one of them published). This helps the hacker learn the naming convention of the company’s email systems (e.g. Firstname+Lastname, First letter of first name+Lastname@example.com etc.).

Then the hacker finds an unsecure and publicly available Kibana server. Now the hacker has a very good guess of what the username is.

Open-Kibana-ServerUnsecure Kibana Server Login Page

The password can be discovered in several ways, for example, through brute force, researching leaked credentials on the Dark web (if the hacker is really lucky), or other leaked passwords of that employee, which they are likely to re-use for the company server. If none of those tactics work, the hacker may look for some other employee leaked passwords, giving the hacker a clue to password length and complexity policies of the company, helping narrow down the scope of the brute force attack.

This scenario is an everyday reality that we see. The breadcrumbs people leave on the Internet make it easy for hackers to bypass security systems. And although companies continue to force stricter security policies every year, the human factor is very difficult to strengthen through policy. Companies need to find ways to monitor and reduce their digital footprint so hackers have less information they can leverage to break into corporate systems.

Conclusion & Recommendations

Managing your company’s and employees’ digital footprints is a never-ending battle. New content and web tools are constantly released, and you want your team to have the opportunity to take advantage of these new resources. However, increased web usage leads to larger footprints and more breadcrumbs, which make it easier for hackers to find key information to access your systems. Cleaning up your digital trail is a necessary practice in today’s world, and CISOs and security teams must invest in the right tools and processes to stop attacks before they are launched.

Recommendations

Want to learn three critical strategies you can implement to monitor and reduce your digital footprint? Download our White Paper: How to Reduce Your Organization's Digital Footprint and Cyber Risk.

Download Now

Tags: data leakage prevention hackers White Papers Data breach Data Leak Digital Footprint

0 Comments
previous post IntSights Recognized as ‘Strong Contender’ in Forrester Digital Risk Protection Wave Report
Next Post A Week in the Life of a Bank Threat Intelligence Analyst
Ariel Ainhoren

Ariel Ainhoren

Ariel Ainhoren is a Security Researcher at IntSights, focused on discovering new cyber trends, threats, hacker strategies and vulnerabilities. He is a seasoned security professional with over 8 years of experience in the cyber industry, with expertise in computer forensics, malicious programs, vulnerability management and Microsoft Products. Ariel enjoys solving cyber puzzles, preferably byte by byte.