Home Is Where the Hack Is
One of Social-Engineer’s services is Open-Source Intelligence Gathering (OSINT). It’s a discipline that sees us gather publicly available information that can be accessed without any real special skills or tools. It can also include sources only available to subscribers, such as newspaper content behind a paywall, or subscription journals. As OSINT investigators, we employ countless techniques to gather information on our given targets. At one end of the spectrum, we employee search techniques like google dorking, which requires no more than a browser and knowledge about searching with special operators, like ‘+’ and ‘-’. These search techniques enable hackers and researchers to gain access to information that corporations and individuals likely did not intend to make publicly available. At the other end of the spectrum, we wade into the murkier waters of the dark web to search for and collect information from data breaches.
The Future of Intelligence Gathering Follows the Future of Tech Â
What does each end of the OSINT spectrum have in common? It must keep up with the demands of current and emerging technology that touches our lives. Sometimes this takes some ingenuity on the searcher’s side, as we will come to see. The future of intelligence gathering follows the future of tech: Gathering and collecting information means following it.
Posting Pictures of Your Home is Risky Business
Most of us count our homes as a safe place; a place that’s physical and not subject to the laws of internet searching. In part, this is now a myth. First up, when you post a picture from your home, or even in its general vicinity, on social media, you’re at risk of being pinpointed. A recent internet OSINT challenge asked participants to find an address in Los Angeles, CA, using only the following image:
Image: Courtesy of Maxie Reynolds’ Instagram
Admittedly, you can mitigate this risk by not posting images of your home or the surrounding area. But there’s another way investigators, and possibly bad actors too, can gain a peek into your home. There is a good chance you have either bought or sold your home or have rented it. Here’s where the real ingenuity comes in. Most likely, images of your house are online prior to you moving in. Sites that facilitate home sales and rentals typically use photos to accomplish their mission. That isn’t too much of a concern, although it does give bad actors a look into the layout of your home. But, if you are selling or renting your home, you will generally supply up-to-date photos. This is where the bulk of the risk comes in.
New Intelligence Goldmines: Virtual Tours
Virtual house tours were a thing before the COVID crisis, but they have exploded in popularity and necessity over the last year. Through them, an intelligence goldmine has been created but, as a consequence, the homeowner risk has gone up. As OSINT investigators, we have abundant access where we had close to no access before. According to Neon Century, a U.K-based OSINT company, California-based Matterport is the current industry leader, allowing users to take virtual tours of thousands of properties.
Using Matterport, and other providers, a picture of an individual’s personal life can more easily be built by gathering clues about their hobbies, interests and family members from the interior of their homes, as well as identifying assets.
Protect Yourself by Taking a Few Things Out of Frame
There’s no direct fix for this – if you want to sell or rent your home, you of, course, should. But consider the whole picture. Literally… consider the whole picture you take of each room in your home and what you would like to keep personal to you. For instance, remove vacation, wedding and family photos from view; don’t photograph where valuables are kept in your home; remove all bills and mail from counters and surfaces. You might even keep your hardware (computers and laptops) out of the images, too. There’s an uptick in OSINT requests, with more and more companies looking to see just how detailed a profile can be built on their top executives. If they are worried about it, it’s probably because the bad guys are onto it too. Protect yourself by taking a few things out of frame.
Sources
https://www.social-engineer.com/services/social-engineering-risk-assessment/
https://www.social-engineer.org/newsletter/what-is-your-favorite-osint-tool/
https://www.neoncentury.com/
https://matterport.com/?_ga=2.175404834.1896433250.1619471055-1242124581.1616101803
Images
https://unsplash.com/@scottwebb
https://www.instagram.com/p/CMAVRgtjFwk/
The post Home Is Where the Hack Is appeared first on Security Through Education.
*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/home-is-where-the-hack-is/?utm_source=rss&utm_medium=rss&utm_campaign=home-is-where-the-hack-is
