Experimental Analysis of Tools Used for Doxing and Proposed New Transforms to Help Organizations Protect against Doxing Attacks
Authors: Parul Khanna, Pavol Zavarsky, Dale Lindskog
Abstract:
Doxing is a term derived from documents, and hence consists of collecting information on an organization or individual through social media websites, search engines, password cracking methods, social engineering tools and other sources of publicly displayed information. The main purpose of doxing attacks is to threaten, embarrass, harass and humiliate the organization or individual. Various tools are used to perform doxing. Tools such as Maltego visualize organization’s architecture which helps in determining weak links within the organization. This paper discusses limitations of Maltego Chlorine CE 3.6.0 and suggests measures as to how organizations can use these tools to protect themselves from doxing attacks.
Keywords: Advanced Persistent Threat, FOCA, OSINT, PII.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1126331
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1196References:
[1] L. Ball, G. Ewan, N. Coul, “Social engineering using open source intelligence gathering”, 2012, Available: https://repository.abertay.ac.uk /jspui/bitstream/handle/10373/1435/Ball_ Undermining_Author_2012.pdf?sequence=2&isAllowed=y
[2] Links for doxing, personal OSINT, profiling, foot printing, cyber stalking”, Available: http://www.irongeek.com/i.php?page=security/doxing-footprinting- cyberstalking
[3] I. N. Norris, “Mitigating the effects of doxing” 2012, Available: http://www.ecii.edu/wpcontent/uploads/2013/06/INorris_MitigatingEffe ctsOfDoxing.pdf
[4] S. Ali, T. Heriyanto, “Backtrack 4: Assuring Security by penetration testing”, Available: https://books.google.ca/books?id=SodvK4NMBgwC&pg= PT188&lpg=PT188&dq=limitations+of+maltego&source=bl&ots=2TlfIzBbUm&sig=E9osiFX4_G5PMbEDZvOVCCh2iOgO5#v= onepage&q=limitations% 20of%20maltego&f=false
[5] “Lucideus Lab for information about Doxing”, Available: http://lucideustech.blogspot.ca/2013/11/doxing.html
[6] “Fingerprinting Organizations with Collected Archives (FOCA)”, Available: https://www.elevenpaths.com/labstools/foca/index.html
[7] NScan tool, Available: http://nscan.hypermart.net/
[8] R. S. Mathews, “A study of doxing, its security implications and mitigation strategies for organizations”, 2013, Available: http://infosec.concordia.ab.ca/files/2013/02/Roney_Mathews.pdf
[9] M. Marx, “The extension and customization of Maltego data mining environment into anti-phishing system”2014, Available: http://www.cs.ru.ac.za/research/g11m3847/downloads/thesis.pdf
[10] Official page for downloading Maltego: Version: Maltego Chlorine CE 3.6.0 (latest version) Supporting OS: Windows based operating system, Available: https://www.paterva.com/
[11] “Maltego Transforms- A reference guide to understand the Maltego transforms”, Available: http://www.paterva.com/web6/documentation/M3GuideTransforms.pdf
[12] “Developing Maltego local transforms”, Available: https:// www.paterva.com/web6/documentation/developer-local.php
[13] Official Maltego tutorial: Writing your own transforms, Available: https://www.youtube.com/watch?v=42KhnNQS8AU
[14] “Writing Python transforms”, Available: https://www.paterva.com/ web6/documentation/TRX_documentation201 30403.pdf