Using information is something well-known from military people for centuries. However, they are not the only ones to do it: a company wishing to gain competitive advantage on a competitor, a state to protect its citizen, or a husband/wife to know whether his/her wife/husband is cheating. Then came Internet. More information are available, some one can control, some one can not. And for an attacker, this is a chance.

This talk will deal with information. We will show what has recently change with the rise of the Internet, and social networks.

First, we will quickly remind that using information is based on the same methods whatever the source is. Then, we will focus on open source information on the internet focusing on 2 types of targets: a company or a John Doe. We will start collecting based on usual ways, and propose ways to get more information with social networks, bypassing their limits. Having information is fine, but useless unless you attempt to exploit it. So, the last part will show what one can do with a bit of social skills, intelligence gathering and cleverness.

About Fredric Raynal

Frédéric Raynal is head of the Software Security Research and Development team at Sogeti. He is also the Chief Editor of the first French magazine dealing with computer and information security (MISC). He was previously co-head of a similar team at the Common Research Center (CRC) of EADS and head of the Organisation Committee of SSTIC. He worked on information hiding and cryptography to defend his PhD. Now, he deals with (in)secure programming, security of operating systems, information warfare.

** Note: Presenting with Arnauld Mascret (Sogeti / Cap Gemini) & Christophe Devaux (Sogeti / Cap Gemini)