Basic explanations of the Lab
The aim of the lab is try to log in to the social media website, MyBook, and collect personal information form our target Phillip Nomad. And then use these information to plan an attack.
Ans 1 Summaries the key information gathered from MyBook
Form the front page we know that
1. Phillip is married
2. He has two close friends: John and Alexis (who are close enough to Phillip to comment on his pictures)
3. Phillips car has broken down
From the about page we know that
1. Personal details: mobile no., date of birth
2. He studies in oxford UK
3. Work in Costa, HP and Google
4. possible home location based in Kingston
From the Album page we know that
1. Philips has him listed as a creative Director which imply that he may have access to important resources and information
2. his passwords likely provide him with Admin level or root access to domains or servers full of data which in situations like corporate espionage could be very lucrative.
3. The album photo suggested that he enjoys going to raves, scenic views
4. The pug dog photo also useful, because a classic question asked in secure questions is “what is/was the name of your first pet/dog/cat?”
From friend page we know that
1. Sophia Lee is at Oxford and its possible they attended University at the same as each other.
2. Robert Cook, photographer, might have more interesting photos of Phillips life, providing more insist into the type of person he is
3. Linda who is also a Software Engineer that might work with Phillip,
4. James who is a CEO of a company called IT Farm, he could have a working relationship
Ans 2: What are the risks of using a social networking platform?
Almost everybody is using social networking platform and we will put so much personal information on them, if the people who don’t protect their personal well, it is possible to be hacked by different way.
For example, if we put so much personal on the social network, such as date of birth, education, work place, work history, photos and hobbies on public profile, the attacker can collect that information easily without your permission and use that to organize an attack to hack your computer.
Ans 3: Consider how the information gathered can be leveraged to attack an organization?
After collecting some personal information form the person, like Phillip who are working in Google now, the possible attack target would be
1. IT Farm
2. Google
To complete the attack, we could:
1. First, as we know the mobile number, we can call him serval time act as a guy from the car repair shop to get more information.
2. Second, need to build trust by getting the permission of friend request. We can use the information from the album photo, there are photos of the sea, concert and wedding, so we can portent a friend he met from the beach also meet him at the wedding.
3. Third, we can act of pretending to be another person such as a coworker or college friend (impersonation). We know that Philips have some relationship with IT Farm, we can pretend work for IT Farm and gain friendship with Philips.4. We know the address of Philips and we can Dumpster Diving his stuff, maybe we could find some important information such as meeting notes, appointments and work notes in the dumpster.
Albert's blog 