Ethical hackers from SpiderLabs, the penetration testing division of TrustWave, have invented a tool that analyses users' online actions, to use as a digital fingerprint for more targeted spear phishing.
Spear phishing is a phishing attempt directed at specific individuals or companies. Attackers use social engineering to gather personal information about their target to increase their likelihood of success. TrustWave offers social-attack engineering services to its clients, aimed at testing an organisation's readiness.
According to eWeek, the tool was designed by two hackers, Joaquim Espinhara and Ulisses Albuquerque, and is aimed at bettering social engineering attacks through more targeted and convincing spear phishing messages.
How it works
By monitoring and analysing a user's activity, the tool could help attackers design spear phishing messages that are so similar in style, appearance, wording and tone, that the messages would be virtually indistinguishable from genuine messages from a target's actual contacts.
The system employs the open source MongoDB database. Albuquerque said the tool "doesn't normalise the data it pulls in" but takes in the raw data from several online sources, and social media sites.
MongoDB, derived from the word humongous, is an open source document-oriented database system that stores structured data with dynamic schemas that makes data integration in certain types of applications easier and faster.
Information Age reported that Microphisher also uses Stanford University's open source Natural Language Processing toolkit to assess the way a user writes. This would include the average length of a sentence and its structure, as well as frequently discussed topics.
The researchers built this functionality into a user interface that analyses a sentence as it is being typed, compares it to the target's linguistic profile, and advises the user how they can make it appear more genuine.
The tool on its own cannot automatically write messages, but it can help the user make their messages seem real. The researchers say the results have been mixed, but they did test mostly on security professionals, who are known to be far more security-conscious and tech-savvy.
Harmful or helpful?
The tool is being released via the social coding Web site GitHub, under the GPLv3 licence. GPLv3 is the third version of the General Public Licence, which is the most widely used free software licence that guarantees end-users the freedom to use, study, share and modify software.
SpiderLabs has already employed the tool internally, and hopes to encourage developers to expand the tool to cover additional social media sources.
When asked why they would develop a tool that could be used by cyber criminals too, the researchers said the more effective ethical hacking is, the more secure business will be.
They added the tool can just as easily be used for defence, and could be employed to evaluate whether a message is genuine.
The company offered the standard advice - do not click on suspect links, even if they seem to be from a known and trusted source.
Share