Information Gathering
As you have learned in previous chapters, information gathering or reconnaissance is the most important step in an attack. Once an attacker identifies the executive he will be attacking, he needs to gather as much information about his target as possible. He may also want to identify potential members of the executive’s circle of trust.
Identifying Executives
The attacker needs to first identify a potential executive to attack. An attacker could use corporate resources, investment sites, or social networking sites to help him identify these employees. If an attacker wanted to identify all of the executives at O’Reilly Media, the attacker could use an investment site such as http://investing.businessweek.com or a corporate resource such as http://oreilly.com.
Figure 9-1 shows O’Reilly Media executives who were identified using http://finance.google.com. As you can see, the attacker now has the name and title of the CEO, COO, and VP of corporate communications.
Figure 9-1. O’Reilly Media executives as identified by http://finance.google.com
In Figure 9-2 the attacker has identified additional executives at O’Reilly Media using another investment site, http://investing.businessweek.com. For the attacker to be successful, he needs to use many public resources, not just one. The attacker has identified multiple executive targets at O’Reilly Media. The attacker can now ...
Get Hacking: The Next Generation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
