December 10, 2016

LinkedIn can be tricked into revealing personal email addresses

linkedin(LiveHacking.Com) – Benjamin Caudill and Bryan Seely, founders of Rhino Security, have discovered an unintentional side effect of LinkedIn’s obsession with making sure you are “linked” with just about everyone you have had contact with. According to the new research, which was published in part by Brian Krebs, it is possible to troll LinkedIn and discover the email addresses of public figures including leading CEOs, celebrities and company executives.

On a normal day LinkedIn will only let you connect with users that you claim to know professionally or personally. If you don’t know some you can get an introduction via a common third party. To ensure that you are linked to everyone you know LinkedIn will optionally trawl through your Google/Yahoo/Hotmail address book to see if anyone in your address book is already using LinkedIn. Sounds great, very helpful.

The problem is that if you start to create fake email addresses in your list of contacts then LinkedIn will helpfully show you the profiles of users with addresses that match your address book. This is because LinkedIn assumes that if you have their email address then you must know the person.

Now all you need to do is populate your address book with hundreds of combinations of email addresses based on people’s names, and then add @gmail.com or @yahoo.com etc on to the end.

When you import the list of names then LinkedIn will not only show you the profiles which match the addresses, it will also tell you which addresses don’t match any known profiles. If you got lucky and found the address of a high profile user then you just need to use a process of elimination to whittle down the list of emails that didn’t match a profile and you can discover the private email address of the target LinkedIn user.

To prove their point Cludill and Seely discovered the email address of Mark Cuban, the owner of the Dallas Mavericks. Seely said they found success in locating the email addresses of other celebrities using the same method about nine times out of ten.

“We created several hundred possible addresses for Cuban in a few seconds, using a Microsoft Excel macro,” Seely said. “It’s just a brute-force guessing game, but 90 percent of people are going to use an email address that includes components of their real name.”

According to LinkedIn the company will be implementing a couple of changes over the next few weeks to alter the way the service handles email addresses.

New Book: Social Engineering: The Art of Human Hacking

The first book to reveal and dissect the technical aspect of many social engineering maneuvers. From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

  • Examines social engineering, the science of influencing a target to perform a desired task or divulge information
  • Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
  • Reveals vital steps for preventing social engineering threats

Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

Book Details:

  • Paperback: 408 pages
  • Publisher: Wiley; 1 edition (December 21, 2010)
  • Language: English
  • ISBN-10: 0470639539
  • ISBN-13: 978-0470639535
  • Product Dimensions: 9 x 6 x 1 inches

From the Back Cover

“Chris Hadnagy has penned the ultimate text on social engineering. Meticulously researched and teeming with practical applications, this brilliant book offers solutions to very real problems and ever-present dangers to your business — and even to yourself. Truly groundbreaking.”
Kevin Hogan, author of The Science of Influence: How to Get Anyone to Say “Yes” in 8 Minutes or Less

Discover the secrets of expert con men and human hackers

No matter how sophisticated your security equipment and procedures may be, their most easily exploitable aspect is, and has always been, the human infrastructure. The skilled, malicious social engineer is a weapon, nearly impossible to defend against.

This book covers, in detail, the world’s first framework for social engineering. It defines, explains, and dissects each principle, then illustrates it with true stories and case studies from masters such as Kevin Mitnick, renowned author of The Art of Deception. You will discover just what it takes to excel as a social engineer. Then you will know your enemy.

Tour the Dark World of Social Engineering

  • Learn the psychological principles employed by social engineers and how they’re used
  • Discover persuasion secrets that social engineers know well
  • See how the crafty crook takes advantage of cameras, GPS devices, and caller ID
  • Find out what information is, unbelievably, available online
  • Study real-world social engineering exploits step by step

“Most malware and client-side attacks have a social engineering component to deceive the user into letting the bad guys in. You can patch technical vulnerabilities as they evolve, but there is no patch for stupidity, or rather gullibility. Chris will show you how it’s done by revealing the social engineering vectors used by today’s intruders. His book will help you gain better insight on how to recognize these types of attacks.”
Kevin Mitnick, Author, Speaker, and Consultant

About the Author

Christopher Hadnagy is the lead developer of www.social-engineer.org, the world’s first social engineering framework. In more than 14 years of security and IT activity, he has partnered with the team at www.backtrack-linux.org and worked on a wide variety of security projects. He also serves as trainer and lead social engineer for Offensive Security’s penetration testing team.

Source:[Amazon.com]