 So I figured I'd start a little bit a little bit early being as you're all here And there's more of you than I thought I'd be here and stuff So last time I had a microphone in my hand. I was dressed as a fairy in a gold lame litard with fake well fake stuff purple hair singing hey big spender, so I've got pictures quick show of hands who wants to see what that looks like you may you may not recover I'll be back for it later All right, that's enough you don't want to let's really don't sorry about that everybody So my talk today is can I just try the other microphone because I kind of like to walk around a little bit so that you yeah So Sorry, I'll try and turn it down a little bit. So my talk today's social networking special ops extending Data visualization tools for faster percentage. I almost called it You know after Tom Ryan's talk at black hat getting in bed with the submister, but I thought nobody would turn up to that So okay, I'm gonna rattle through quite a few slides Pretty quickly. There's a ton of stuff out on my website in a white paper. So don't worry too much about the details It's all in there Quick disclaimer if anybody does happen to know who I work for then this talk has got absolutely nothing to do With that particular organization. I'm just talking here By myself for myself and why you get the idea. Okay, so What are you in for today? First of all, I'll give you a quick intro to social network analysis and visualization So I'm assuming a lot of people already familiar with that sort of stuff So that's going to go through really quickly the details are in the white paper I'm going to do a case study with Twitter and the tool called Maltigo, which I'll talk a little bit more about and Then something a little bit darker using Facebook and Maltigo so okay goals of the presentation Want to leave people with an overview or appreciation of really what's happening in this field. I'm no expert In this sort of stuff, but there's plenty of people that are so hopefully can generate some interest in this room And you can go off and play with this yourselves Want to expose you to some of the ideas that you can imply in different contexts as well So I'm talking about Twitter and Facebook But as you'll see you can apply this to just about anything that you want to look at in terms of visual representation So Quickly who's the talk aimed at so that I don't waste anybody's time Well, I might waste your time, but at least, you know, that's your decision then So on the left hand side, you've got data Visualization dudes and on the bottom you've got social network analysis dudes So if like me you fit into the new category This talk will probably be pretty interesting to you If you fit into this category and you're a data visualization expert or social network analysis expert You may get something out of it and if you're there then you probably already get it But stick around because I got a free skateboard So who am I So I don't know if it's the same for everybody else, but you know when you sign up to Twitter you look for a name And that name's gone. So my nickname at school used to be Suggie and everybody calls me Suggie back at home So I look for Suggie and somebody's got that so then I thought well I'll try the Sugginator because that's kind of rad and Somebody got that as well. So then I went to the Sugmeister and there it was and this is my favorite cup that a Friend got me for Christmas. I don't know what they were trying to tell me By day I'm in corporate security By night I do this sort of stuff data analysis visualization watch TV I didn't put that on there figured everyone does that and I attend DC 4420 one of the Defcon chapters if you're not familiar with Defcon chapters go and take a look at them excellent source of information and A strange sequence of events led to me appearing here, which I'll talk about shortly. So, okay quick slide Here social network analysis target rich environment equals a problem or an opportunity depending on how you're sort of viewing it really This dude here Jacob Marino He's sort of credited with being if you like the the grandfather of social network analysis and that sort of graph first appeared in the New York Times in 1933 And it's you know around the whole gist out psychology A movement But before then you can you know you can date this stuff back to the Greeks But you know they didn't really have for the same sort computing power that we've got so they were limited largely So target rich environment real quick There's a Cisco report said there's 21 exabytes of data flowing around per month or something like that There was another report that had a different figure but of personal content like photos and music and CV resume, sorry and you know that kind of stuff before I got out here I heard that Facebook had 500 million issues So, you know Twitter what was it 100 million and so on so there's a lot of people got their information out there Then there was this thing I noticed which was called sort of the privacy paradox or what I termed the privacy paradox There was a Study by Stanford University at least I think it was Stanford where it might have been Carnegie I can't remember now it's in the white paper Where they interviewed a bunch of students and the students said why I take Security and privacy Seriously, especially with social networking, but when they actually then looked at their profiles on the social networking sites They were doing the exact opposite Which is kind of helpful. So 89% use their real name 61 use, you know identifiable pictures and what have you And then finally this is a really cool paper, especially if you've been trying to explain to your friends who say well I've got nothing to hide. I really don't mind They're probably not going to read this paper because it's quite a wedge But maybe you can read it and just sort of summarize it for them I've got nothing to hide and other misunderstandings of privacy So you can help them with this as well, but they're so all my searches are anonymous I don't care that Google's collating on my IP addresses. For example, if they if they are I don't know if they are But they're not all that anonymous and this lady here Thelma Arnold in New York Times again, that's her name Got a bunch of search results from AOL and managed to figure out that you know this lady who was searching for for dogs and stuff like that dog grooming in In Georgia was this lady called Thelma Arnold and her name didn't appear in it At all they were just able to track it back now. It's like in 2006 or something. So You can Google around for for that if it interests you the data is still out there actually so you can perform that sort of analysis yourself And see if you arrive at the same conclusion So opportunity lots of data lots of noise So how do you find the interesting stuff just a little bit quicker as really what this talk is about? By combining data mining Screen scraping techniques name density recognition met a crawling out sort of stuff and visualization So a quick intro to some of the things I'm going to talk about in the next two sections name density recognition or NER if you look on Wikipedia, you'll see that this kind of definition here passing data to extract and classify information So Sweet get up man Nice one Come up in and say a few words. Oh My gosh All I gotta say is that ever since I was a kid I've enjoyed skateboarding and in addition to being here and enjoying this conference But this is this is absolutely beautiful and I don't want to take up your time too much But I really appreciate it and thank you very much for the opportunity. I skate to create Sweet, thanks very much. Nice one Dude was doing pretty good then actually if you want to come up and finish that one. Yeah So yeah, so completely at randomly. I chose this phrase Greg bought 300,000 chairs of legat in 2010 And if you would to put that if you don't know about legat then please do Google that's very interesting Legat and attrition and you should be on to something So if you run that phrase through named entity recognition, you'd come out with something a little bit like this now I'm mentioning named entity recognition because it's a feature in multigo, which is a tool I'm going to talk about a little bit later There's a bunch of products out there that I mentioned in the white paper called like open Calais and stuff like that's really cool Go check it out. So data visualization. This guy here's done an incredible amount with data visualization If you've not read this book, I recommend you go and get it and he mentions a tool called processing which is Which is a pretty phenomenal data visualization tool if you've not used it But he also lists these kinds of steps here on the right about how you go and get a visual data So you're acquiring data parsing it filtering it mine it and then eventually you render it and then you can interact with it Well, I was really interested in this interaction piece because I want to interact with data, but not leave the visualization sort of interface So I'm gonna talk a little bit more about that but check out the book. It's really good And then I met this guy here just before the talk and Met up with him a few times here like black hat and b-sides and what have you and here at Defcon Raphael Marty and he's written this book and He's put together this secvis dog site If you're into visualization security visualization check him out He seems to know everyone in the field and done some really great work and I appreciate him Sort of reaching out to me. So these are the tools some of the tools. It's not an exhaustive list You know the secvis will show you a little bit more Maltigo processing pre-fuse and pre-fuse flare are really nice Environments as a Linux distribution as well a Linux environment you can play with But I'm gonna focus on Maltigo So this is where we change the pace of the talk a little bit from the science of the stuff in the previous in this section Is interested you the white paper will have all the references. So what's Maltigo? So Maltigo is An information gathering tool that allows you to visually see Relationships and typically that's been like infrastructure like DNS names web web servers IP addresses and whatnot and also human information like email addresses phone numbers and stuff and This is really the cool bit. It's extendable by design so if You haven't got something in there by default you can add what are called local transforms I'll talk a little bit more about that. So you go to the perturba.com site. This is written by two guys roll off to Mingi and Andy McPherson or Andrew Mohawk they were with sense post originally and left to create this company and Right now this week. I'm not on commission by the way But there's a 25% discount if you use the coupon code black hat So fire up Maltigo you get an interface that looks a little bit like this Then you let's say you want to have a look at some of the domains I just chose six domains at random. You can't really read it here But it's like legat legat security the cyber wars comm and security geek comm with threes and the geek bit That's my website. I wanted to see if there was anything sort of anything in common with these these websites so here's what the Here's the interesting thing about the MX records high-tech hustler cyber wars Legat international security or legat comm or point to these MX records, which of course could be Completely by chance And their mind is off to something completely different You can go a lot further with that then you can sort of have a look at which websites are hosted on that domain What I also played around with but I'm not going to share here today Is that you could get all of the email addresses that appear on those? websites as well And then you can see what other websites those email addresses appear on so I did that I got a bunch of email addresses run a transform against all of those email addresses and found out that those email addresses appeared largely in two main sites, which were attrition.org and Paste bin so you know if you know nothing about it, you'll find out something so okay second part of the talk really is around Doing this sort of stuff, but with Twitter I thought Twitter was a little bit lame until I came to DEF CON last year And had my mind changed and thought I'd get into it There's a couple of people I started following one of the guys was Ryan Ryan Russell I don't know if he's he's here. He was heading off to the half-brow house, but Yeah, so he's a he's a good guy to follow actually And another guy I followed was was this dude Tony Hawk the the skateboard dude I'm not sure how that happened but I got involved in Something called a Tony Hawk Twitter hunt, which is basically where he hides Boxers or delivers boxes to people to hide around the world Then they send Tony clues of where they've hidden packages and Tony tweets out the clue to all of his two million plus followers And then they go around and try and hunt it down. He got the idea. He's driving home one day and Had a broken skateboard that he had it just wrecked and chucked it out of the window along some interstate here in the US and Said hey, I've just thrown a board out of the window go get it and a bunch of people went and found it So so anyway, he sent out a tweet last year sort of after DEF CON saying I'm doing something really big If you want to get involved with it send me a tweet of who you are where you live and why I can trust you So, you know, I did that Then to my surprise I got selected to you know get involved in this event and I was like really excited because you know I mean, I'm pushing 40 years of age So clearly anything that's to do with like a skateboard legend and you know, Tony Hawk. I'm like, oh, yes fantastic Which is probably a little bit sad, but my wife tolerates it because She's seen his house on MTV Cribs and thinks it's the coolest thing she's ever seen So I'm telling all of my colleagues at work who are who were also You know in security and whatnot far later than I am I said, oh, I'm doing this thing with Tony Hawk on Twitter And he's gonna send me a box to my house and I'm gonna hide it somewhere the guy that so so one of my colleagues A gentleman called patch you door is sitting down here. He said, okay Chris. So you've given your address to somebody on Twitter who claims to be Tony Hawk and He's gonna send you a box Which you're gonna hide in a city that got rid of dustbins because of the IRA And And there's no problems there all Chris were his exact words And and then You know a couple of days ago over dinner. He was saying, oh, yeah, that'd be a really cool thing to do Pretend to be somebody else on Twitter get them engaged with what you're doing Let's say you have a Twitter ID called the real lady gargoyle and stuff and say I'm gonna hide something around the world Just need to send you a parcel You know what's in it for you extra farmville points. I think was what he suggested so maybe it's a Facebook hunt or something and Then you could really launch something quite incredible just by getting other people who are quite innocent to do stuff for you So that's a really good idea. I'll mention that But don't do it because that'd be illegal so anyway, Tony sent me this box Undeterred by all of this. Is it the real Tony Hawk? I'm like, yeah, of course is it's got the blue tick How could it not be? If you're not familiar with to Twitter and you know, if you're a celebrity or something you get like a little blue Little blue tick. There's obviously a delay because I'm gonna mine yet So add to add to hide the add to hide the box and then come out with a clue So this was my clue guarded by a fearsome troll Northwest from a house where you might have to pay money to pass and a skateboard Well, I live sort of northwest of a toll house. That's the money That's the house where you might have to pay money to pass Northwest of that is a skate park and if you keep going northwest you'll head To two bridges that look a little bit like this so I was I hid the package under the the bridge and at this point I was a little bit concerned. So was my wife Because clearly the this bridge and the other bridge are two of the main arteries around our village So they're very sensitive And I didn't want to get spotted. So I figured I'd do this under the cover of broad daylight Nobody challenged me at all Which was pretty interesting sent the clue out now this guy here at Steven Gill who's now one of my heroes He was so amped about this whole Tony Hawk thing that he drove up from a different city in the UK and camped out in Basingstoke, which is the culture capital of Europe by the way If you've not been there you should So he camped out there all day just waiting for Tony who's based in San Diego to send out a tweet So you can imagine that Tony's a skateboarder and skateboarders probably don't get up that early So he turned the tweet out, you know a little bit later and He went on a mad hunt and kept tweeting. Has anybody found it yet? Has anybody found him something? I don't know I'm at work miles away And then eventually I got this from him Camo netting euro a bad man had been to a number of the bridges and haven't spotted it because I'd camouflaged the box But anyway, this is This is what he looked like he was a happy camper and this is what he won the I had charities badge I put on there and I thought it'd be a nice twist to add a Union Jack flag in there because most of these packages were being hid in the in the US so Clearly I don't have a life because this is what the You know that this is what I what I wanted to see and I can't explain why I wanted to see this But I wanted to see it. I wanted to see a Google map with where all of the things were hidden Who hid them and who found them and what it was they found so I thought well, that'll be easy enough All of the people that hid stuff followed this dude on Twitter at hiding it all of the people who found stuff tweeted I found one when all was supposed to Tweet I found one and Tony was meant to send out a tweet saying found with the hashtag THTH With the location who found it. So I thought that will be a piece of cake I'll do that in the two hours at my you know my eight month pregnant wife at the time was going to get a you know The haircut. I thought yes, I'll do that So I did what I do now. I don't use Google. I just go straight to Twitter And I ask people on Twitter. I say how do I do X Y and Z? Which is, you know, basically like read the manual But some people do actually jump in and say yeah, this is how you do it. So this guy here lost highway who's Who's really helped with a lot of this stuff. He may be here as well. He said oh, you should play around with Mortigo There you go You can't read that but it's not important go and play around with Mortigo that will do it or you can hack it to make it do what you want. I was like, okay, I'll try it so Hide a find a Google map piece of cake basically what I was thinking So let's see who's friends of the the hiders and this is where we do this in in Maltigo so With Maltigo I did it this sort of half-assed sort of way. Sorry half-assed sort of way What you do you can't really see it here, but to get to like a Twitter entity or person I had to go this sort of Obscure root, which is where you put the phrase entity This is all in the white paper. So I'll move quickly put the phrase entity on that was out hiding it So I wanted to see all the tweets that had at hiding it in it then Then I use this transform here to do that so search Twitter with all those tweets without hiding it in it Get those tweets out there. They will are the purple source prickly by a virus these sort of things And then convert one of those to an actual Twitter user and voila That's French for you get the hiding it entity. So I was like, yeah, okay, you can do that There is a quick way to do that, but I explained earlier. I'm not lead So I do things the long way actually but not as long as patch you doors daughter who was trying to get some Images off a website and wasn't quite familiar with the sort of the right-click download image So she really is elite because she fired up the fiddler Which is like a web proxy to download those images, which I thought was pretty neat Sorry, that's a tangent But not a dark tangent okay friends of this person so here you can you can do this This is built into to multigo So I can go around select this thing It's called a transform basically what it does is transform an entity into a bunch of other stuff So you you go ahead and click that and then you get all of the people that are following at Hiding it. So I picked one here. I am You can apply this to all of the entities in the graph or just one or you know, just a bunch that you Select and I wanted to see the tweets that this person had written while I'd written And that's where this kind of thing happened. Actually that didn't happen. I did get some results. That's the fail well on Twitter It means bad things It turns out there are a number of limitations with Twitter search First of all, you're only going to get about two weeks worth of data indexed So if you send tweets out before that time, you're not going to be able to look at it It doesn't index everybody So you're limited so I knew that was a problem because I was expecting like 53 tweets That was before I went on Twitter overdrive and now I'm at like 4,500 mainly complete nonsense And I only got 12 results. Oh, that's weird So I pinged the guys who wrote multi go roll off and and the outside I'm only getting these results and they must have been thinking. Oh, God. I wish I'd go away And they tried it as well Because I told them what I was trying to do with the Tony Hawk thing and they're like, you know, that's weird We're seeing the same thing wonder what's going on. So I did some digging around found about all these Twitter search limitations I thought oh bollocks What we're gonna do and this is where Roll-off said well, you know if you can write something And you can pass it an argument and you can return data in standard output Then you can write what's called a local transform And multi go got these like forums where they've got all these examples on there and I wrote it in in pearl So I'll talk a little bit more about that in a minute But the concept here if you want to Analyze anything visually and you can call a script and even I an Excel jockey Can write a script and pass data back then you're away You could buy this book or you could just look on Twitter comm and search for the API stuff That's got a ton of great information there What you'll find is that you got three APIs with Twitter. You've got a search one Another one for picking up data from Twitter and the streaming API or the firehose the rest API that one of them search the reason searches kind of screwed this because it was by another company Which Twitter then brought and this is kind of what the call would look like so You can't see you don't need to read it. It's not that important right now It's it's in the white paper and on the slides. So these are the gotchas that you get you've got a 200 tweet limit So every time you call Twitter that's one API call you get 200 things back, right? You can't search by date and the max history is about 3200 tweets and you've got a limit of a hundred and fifty eight API calls an hour oops So if you've got a hundred people three Three API calls each say because you want to get tweets like six hundred tweets for them Then that's three hundred and that's gonna blow your API calls for an hour So if you scale that so like looking at a thousand people for example, you clearly screwed But this is where white listing comes in so if you're playing around with Twitter and data mine trying to do anything Interesting with it. I'd encourage you to explore the white listing just Google Twitter white listing You have to apply for it based on like a static IP or a username And then that bumps up your API calls from a hundred and fifty an hour to twenty thousand Which enables you to do all sorts of weird and wonderful cool things So okay back in business now want to find where the winners of the packages were so pull out Tony Hawk here And then list all of the people that Tony Hawk had mentioned in his tweets over a period of time Which was roughly sort of six hundred tweets because I figured he'd say somebody Dave for example found Skateboard in San Francisco Then I'd be able to look at all of the people who were following it hiding it in the location San Francisco So I did that like that. There are all the people that Tony mentions potential Finders and repeated that for all of the people that Tony mentioned And you do that a couple more times and you start getting a graph that looks a little bit like this So once you've completed that exercise and done the same thing for the people hiding packages you end up with one of these Which is a yeah, which is big So I thought at this point I saved it and I thought well, that's good But I wonder what happens if I now get all of the people they mentioned in all of their tweaks I know it's going to take a little bit time So I'll go for a run and it was about halfway round a six mile run. So it's about 10 hours in I thought Shit all of this stuff's actually going on on some service in South Africa for some dudes who've given me a license key For 21 days to play around with a tool to write a blog post from a skateboard, but they don't even know about Their fans of him now by the way. Thanks Tony. So I did that and when I got back. I was greeted with this So you've got to be a little bit sensible about what you do they didn't come and get me or anything because Well, they haven't done yet So what you do then you want to sort reduce your graph a little bit So you can select all of the people who haven't talked to anybody else or a relevant and you get a much cleaner looking graph And then you can play with the views of the graph. So here you are. Here's like what's called a centrality Layout so you can see all of the people that are following at hiding it all of the people that are following all friends of Tony Hawk you can see people Tony's mentioned there and you can see people Following at hiding and you can see the communication between the two of them So you've already got a bit of a link. They've been talking about something probably. Hey, I hit that package in San Francisco You found it cool job You can also see that in an organic view where you get nice little pictures of the people that you're looking at Like this. So here's me. Here's Stephen Gill Tony and hiding it and you can see that we had some communication Then you can explore that in an exaggerated context as well so that you can actually pull out the major players Or major conversation lists in event So I could like look at this for Defcon afterwards and see who had the most interesting talks and stuff like that In this then I found that you had some dude called Jerome case now I knew that name Jerome case because he'd sent me the skateboard But I didn't know he was on Twitter. So that was quite an interesting find And then looking at this if you knew nothing about Tony Hawk's Twitter on you'd see that I had something to do with it And you'd see that Steven Gill had something to do with it. And the reason we were mentioned a lot of times in this Is because we wrote to blog posts about My my tales of sort hide in the package and his tales of finding it and Tony retweeted that a bunch of times to like a million plus people At which point I was so excited. I didn't sleep the three days Then neither did my wife because she was given birth So Yeah, that was kind of unrated. This is what Tony Tony and Jerome case look like sweet Jerome and Tony Hawk They've been pretty awesome With this whole Defcon Twitter hunt thing as well. So lessons learned plan what you're gonna do Because if you don't plan and you can spend a lot of time generating pretty graphs, but not actually doing anything constructive Take a look at this thing. It's a speed and accuracy bar If you have it slid over to the left, then you get like a minimal number of results back Like 12 or so and if you have it slid over to the right, then you get a whole stack of results back So test it with it slid over to the left make sure it works when it works slide over to the right and let it rip So lessons learned local transforms open up a world of opportunity If you're in an enterprise and you're looking to do this sort of thing Consider the perturbed server platform If you're really gonna leverage the Twitter API heavily then consider making a whitelisting request So I did end up with the Google map We did that while my wife was in hospital and I was in hospital with her and we had a lot of time to kill We actually got all of the results and we did we did it by hand on paper in the end So I kind of failed but What was interesting is that this guy did something similar but didn't fail or suck as badly as I did So if you Google just landed and processing Processing was a tool that I mentioned with that Ben fried to what this guy did Jeff Thorpe have been talking to a little bit at least an email He got all of the phrases on Twitter where somebody had said I've just landed in so and so or wheels down in so and so And then he'd got their location from sort of their Twitter profiles And then he'd mapped the two and found you know, so where where these people were flying from and to You know and so on and do this really pretty map in Processing where the things actually sort bounce around. There's like a nice video of it So if you're trying to model sweet data, then that's that's it and then I used the same stuff that I've done with With the the Tony Hawk thing I applied it to a UK charity This isn't digital equipment corporation, although they were a fine company This is a disasters and emergency charity in the in the UK And they wanted to do some social media analysis using that, you know, what they're doing with Twitter and the peak there is the Number of tweets that were retweeted at the same time as the earthquake in Haiti. So If you really want to see how the pros do it follow Dakota or Damon Cortesi, who's the responsible for tweet stats and rowfeather.com What he does is incredible. So, okay, so I'll switch gear to a slightly different context And you've got four one nine crimes in Nigeria. Does anybody know who this dude is? There's a reason why I'm asking it's because I can't remember his name But he wrote a song called I go chop your dollar, which you can you can Google go have a look at Which is basically a kind of anthem to a lot of people in Nigeria about four one nine scams, so It's I think it's like the third biggest income generator for Nigeria and made like nine point three billion dollars last year So let me just start with a quick disclaimer in case anybody here's from Nigeria and wants to knobble my knees in the car park The only way you can tell the truth is through fiction, which I spotted on one of Richard themes talks And I'm a Richard theme fanboy. I make no excuse of that So all of the events names images and stuff like that that you're about to see Have been kind of cobbled together in a fictitious way that's going to protect me from being bumped off by Nigerians Who want to bump me off basically? Or want to bump somebody else off and confuse me with somebody else. So, okay, so meet meet Jess Jess sold a laptop on a popular auction site It got bought quickly at the buy now price and probably a lot of you are thinking well If you buy anything at the buy now price, then it's obviously a scam. Well, you know, if you don't know that you don't know that So she Exchanges email with the buyer so far so good except she's got a strange name like Larry the cable guy or something like that But in the UK, we never heard of like Larry the cable guy So how she to know that there's anything fishing going on there Then she gets this Notification from PayPal saying, you know, your funds have been cleared You now proceed to send the send the goods So she sent her laptop to a valid address in the UK now She was fairly smart so she checked the you know the address existed, right? And she did that and then she got a notice from the auction site saying terribly sorry about this but your the the account of the person that you sold the stuff to appears to have been hacked and It's probably a scam and of course at this point in time her laptop was winging its way to another city in the UK so there was That was she could do apart from contact the police so if this happens to you and you're in the UK at least I don't know how it is in the US Don't contact your local police force contact the police force of the place that the package is gonna arrive in because they can Get around to the house knock on the door a lot quicker She didn't do that and I'll explain a little bit more about what what happens there so another hypothesis was that if I got this The scammer and I got the address of the person that You know got the person who's who received stolen goods and would be able to retrieve the laptop and get them busted by 5.0 I believe that's what they're called here, right? We call them the police, but I'm yeah Clearly I'm down so And gangster so okay, so where is our our scammer I Thought right. We'll need to get the email header, but he or she uses webmail and I haven't figured out a way to do that very easily So thought well could sign up for a blog site like this one And there's a number of them out there that are free and don't require any identity or anything like that Well, it could host a you know an image And then send the spammer an email with that embedded image in it which you know have a Random name will be something compelling so I send him an email saying hey, I've got this other laptop I just sold you on but I've got this other one Would you be interested in buying this one too and sure enough after doing some of this he? He responded and said mm-hmm. Yeah, I might be interested how much So I went back to the visitor logs here and saw the IP address of where he came from which was Lagos in Nigeria or at least that's where he'd rooted his Connection through but I figured that he probably wasn't likely to be rocking tour at the time If you want to do a proper bang-up nice job of this then I'd recommend seeing some of the stuff that Jeremiah Grossman's been talking about this week Which I haven't seen so you might not have been talking about it But he did some sort of browser Vulnerability stuff where he was able to convince people to click on a link that give up all sorts of things that they're putting Autocomplete form stuff if anybody have seen you can probably set me straight But it looked pretty cool from the description and a nice way of getting more data. So it is a scammer So now where did the package really go? So we've got the scammer ns is the Nigerian scammer is all these details And Alice is in Newcastle in the UK or at least that's where the package went Now the UK got a site like this called 192.com which tells you who lives at what address Except it didn't work because she was probably renting or didn't live there anymore. So okay I don't know if anybody else is familiar with this song, but I heard it the other night and if you haven't you should Google Alice Alice Who is Alice and it's a pretty groovy song actually especially if you've had a couple of beers at the Hofbräuhaus Or any other drinking location there are plenty so information information gathering searched on Google found a bunch of Sort of social network sites where she was including that one there So I wanted to apply the same techniques. I did with the Tony Hawk thing, but for For this scammer now Because I'm not leads I looked around for ways of doing this and I found that this guy here Dominic White who I was fortunate fortunate enough to meet a black hat Really is Lee and he's called at sing on Twitter and he wrote some really cool transforms for Facebook Based on Python mechanized beautiful soup which would do a whole bunch of things with Facebook But if you see that yeah, and they'd break the Facebook terms of service, so don't use them It's only anecdotal evidence, but I've heard that they've got really big dogs, and they know where everybody lives So if you do break the terms of service, and they'll come after you really hard and bust your nuts basically unless you're a lady in Which case I'll probably let you off Or bus I don't know anyway, let's move on So which Alice is there because there's a lot of Alice's on the social networking sites here I've listed three just so that we could simplify the diagram So which one is it? We list all of the friends for for Alice based on this conceptual Facebook to friends Transform we see where her friends live to give us a better idea From which one, you know, she's got any connections with like Nigeria for example We do that and we see okay This is Alice here out of all of them is one of the Alice's that's got connections in Nigeria and in this place in the UK called Newcastle They pronounce it a little bit different. I'm not Jordy But I find city anyway So that helped me at least narrowed down which which Alice it was so his his a Video or talk that was done by chap called Pete Warden Called how to get sued by Facebook. This is really cool and makes me look kind of lame again There's a theme here. He built his own sort of social network search engine Which was essentially a hundred machine had to cluster for about ten dollars an hour And he crawled Facebook He retrieved 220 million profiles Name location email in ten hours and as he puts it on his website for a hundred dollars Which was pretty awesome But he ended up in a whole bunch of hot water with Facebook And it's really not the sort of hot water anyone wants to You know landing because they they really are aggressively going after people who are scraping their sides So don't do about asking nicely even if you're law enforcement because there's a whole bunch of laws that protect people there But 220 million I thought that was awesome. Check him out. He's done some really cool stuff He was looking at where people were, you know, who was talking to in which states which parts of the country And who was moving around and stuff like that. It was very interesting stuff and it's all out there to read So, okay, so what information is out there on Facebook if their privacy is set to everyone then you're in That's I mean, you know, we're a public profiles and what have you If not, then you can only do so much about being a friend. So, okay, so how do you you know? Show me the the good stuff essentially while you could create some bad applications see the social zombies talk That was at Defcon two years ago, and then I think it's from Ukraine and whatnot last year social zombies, too That's really some great ideas there then there's the whole you could just be friends with them Satan is on my friend list Go and see that one. That's maybe Defcon a couple of years ago Or you could just be smart like the Harmony guy who's found various sort of books and things in Facebook And and do it that way, but you'll get busted by my Facebook. So, okay making new friends Possibly create a credible account Build up your identity don't guide directly for your target join similar groups universities and whatnot Then friends of friends and stuff like that if somebody's got a thousand friends, and they're gonna be really easy To friend with so you could you could do that take your time I didn't do that because I couldn't be bothered waiting. So I did all that in about two hours Which isn't a good way because it really exposes you just being random, but people obviously don't seem to care Or you could automate it, which is pretty much what I did and I get all of the nasty business over with quickly So will you be my friend? That's kind of how my intros went sort of thing, and it was I hate it. How do I know you? At which point I thought that I've been I've been busted clearly not Assured Moira or whoever those guys were so I sent this back and said I'm a friend of Alice's I'm sorry. I'm just getting started with Facebook clearly. I really don't know my probably just Went a little bit too far there and she was that's cool. Well, Alice is my best friend So if you know Alice and you got to be cool sweet so Building a building a map of interesting people. So here's what I did really get the friend get the location Get the look if the location was Nigeria legos and a bunch of other places in Nigeria Then I'd want to see more posts and photos Download any interesting photos or just download all of them with a name And if they were interesting wanted to pipe the results back to multigo, so I could you know get a map You know here's like a Facebook to friends transform Which generates a map like that and you keep doing that and eventually you get a map like this or a graph like this Which shows you the bigger dots and the more interesting people The red circle thing in the left bottom left is the UK and the top one is Nigeria. So it's pretty interesting And then you can see graphs like this which you can't actually see the connections But they're all joined and the bigger dots are more exciting places to have a look Well Nigerian criminals make a lot of money 7k in five days was what I found and if you look at the Facebook profiles and stuff like that lots of money flashy lights Expensive chicks know expensive clothes hot chicks hot expensive chicks hot expensive luxury chicks and They're easy to spot because they're like yeah, man really Really they're not ballers on a budget Which was afraid I heard this year so and then you saw like status updates like this I get paid in pounds, but collecting Nigeria lots of pictures of Western Union they party hard Like ninjas But less leet or maybe not less leet actually who cares they do it Western Union pictures So, you know, what's the attraction? Well base salary or average salary in Nigeria is like $200 4,000 in the US so obviously There's also a lot of a lot of history that I ramble through this quickly because I got like five minutes, but I Saw some pictures like this, but not these ones So if you Google duffel bag full of money, you'll find out where this picture came from But there were other pictures Out there and you can Google them some of them looked a little bit more like that But they weren't those ones because of wise I'd get bumped off And then there was stuff like this as well That's actually my laptop this morning. No, it's not Clearly I'm using a Mac and I don't drink whatever that is But then I saw lots of pictures of Nigerian dudes with these things, which is I believe the Americanism for gun, right? I may have got that wrong I Want to get through the the rest so links with terror. There's an organization called Ultra scan advanced global into investigations. They're based out of Amsterdam Amsterdam Amsterdam And they're really the experts in this field. They've done a lot of research in there and they got 2009 paper, which noted that 2008 2009 there was direct evidence linking advanced fee fraud networks to To to terrorist activity so okay true identity of the scammer. Hey, this is Alice I sent him an email from a different account. Will you be my friend sure? post a note on Facebook because I'm I'm having some problems sure Thanks, hot stuff Say hi to X That's the scammer saying that and X was a friend of hers on Facebook. So now I had a little bit more of a link, this is the link that I saw On oh, we've got plenty of time. I got five minutes. This was the link that we saw on Facebook so this the scammers like hi sort of thing So it's like right bingo. We've got the connection between Alice and the Nigerian scammer and because he said say hi to XXX Which then found out there was like Alice's like man or have you so we had like this interesting Connection now where you had Nigerian scammers also hanging together. So Scammer networks, how do they work on record at least you've got 62 different Nigerian crime cells in the UK Spain's the highest in the world with 72 Organized crime cells the UFO USA is 53 But don't feel too bashful because you've got like 2,500 people in those 53 cells twice the number of anybody else and 916 around the world lots of members raking in 9.3 billion dollars a year So how would you get paid so you could compile all the information into a blog into a blog post or create a Facebook fan site Saying this person stole all my stuff. I'd kind of like it back Then you can email the scammers and say If you don't you know if we don't reach an amicable agreement then Google's gonna, you know index this and it'll be there forever Follow up with a call see Jason Street store from yesterday. How you could do that anonymously agree amicable terms So then they're like, okay, how do I send you the money? It's like well Cash bank paper Western Union are all gonna get you whacked The other one might not but there's a limit on there So, okay, let me end with a health health warning messing with criminals can Reduce your life expectancy so To do that you're either limited to public information due to the terms of service If you friend up with people with your own profile, which is the only terms of service compliant way to do it You'll need balls of steel If you work with law enforcement, then you're okay But you'd still have to break the terms of service and Facebook will come after you so Mining data has been is more accessible than ever before because there's so much of it out there. It's a lot of fun Visualization can help you home in on interesting relationships and any arc and you know Name density recognition can help you classify it combine all three of those and you're on to some interesting stuff If you're on Twitter and you want to see who's tweeting about more to go At perturber at singe mubics and Colin Lonage are all far far smarter than I am Social network tweeters Tom Eston Robin Wood agent zero X zero did you ninja have done this, you know the social Social zombies talk harmony guy follow him. He's awesome and social media security and then Data mining visualization Damon Cortesi Neil Cardinal if you follow if you tweet full metal jacket, then you get like the sergeant major dude from Full metal jacket giving you crap on Twitter Try that is funny. That's Neil Pete Wardens the dude who nearly got sued by Facebook and Raphael Marty and sec visit the same person And awesome guy. So that's about all I've got to say about that I'm in room. What was it one one one or something? Okay And that's a website. It's got the white paper from the talk and and stuff like that So that's all folks