 I would like to invite Shane on stage to talk about, you know, give us direction in terms of of Mr. Intelligence. Thank you. It's good. You were all worried about it. Performance anxiety, right? Let's see. Because I am cursed with displays not working at the worst possible time. Everybody, send your good karma to this machine. All right. No looking. What's the interview? You guys can't see all the horrible notes I have. So my name is Shane McDougall. Yeah, I kind of changed the title of the speech. I'm sorry about that. This keynote was kind of kicking my ass because I was thinking about it, you know, talking about the future of OSINT. And it's like, you know, where we're at right now is really fluid. I mean, talking long term about where we're going to be is kind of a fool's errand. That said, I still am a fool and try to do it at some point in the presentation. But I want to talk about three different things that I think are really key to the field of open source intelligence and reconnaissance in general. So seeing as believing in the future of recon and you won't believe what happens next, I'll kind of tie together in a little bit. You know, see. So standard disclosure, right off the bat, this presentation and the ideas and comments herein are those of mine and only mine. They don't represent my employers or my clients, even though they should, right? I mean, if the clients knew what was good for them, they would agree with me. But managers, right? They were born to disagree. So a little bit about me, Shane McDougall. I've been a pen tester since 1989. Spent the first half of my career being a person that attacked systems. I've spent the second half of my career on the defense side. These days I work on the threat intelligence part of the corporate networks. I work for a major video gaming company. And most of my days are spent building, writing tools to harvest open source intelligence data that can help my company identify attackers and that sort of thing. As my gracious hosts mentioned, I do have two black badges from DEF CON by winning the social engineering cap to the flag. And I mean, I don't want to sound like a braggart, but it's important to say, I'm also the only guy to ever get 100% score in that contest. And I want to stress, you know, not to brag about it, but I completely attribute this, you know, that my two successes to, I mean, not completely, but a huge chunk of it was because of the reconnaissance phase that I did, right? I mean, those extra points that put me over the top to give me the perfect score were things that I got from recon that nobody else was doing, and there were techniques that we'll talk about today. But Chris, right here, also, he won the SCCTF last year. Chris, we're talking to you. Hey, importance of OSINT with social engineering attacks. Critical, would you say? Right, push polling, right? If you can act and sound critical, the type of attack you can successfully launch is just boggling your mind. The stuff that we've been able to get people to tell over the phone, you're just like, I can't believe you're telling you this, right? But they do. So I do want to talk a little bit, though, about my history of predictions, so that you know where I'm coming from. 1988, I guess it was. I was an undergrad at engineering school, and one of my professors said, hey, do you want to work with the graduate students? They're working on this cool thing called hypertext markup language. Whatever, you know, get some extra credit. Went in, spent a day with these guys, and they're like, it's links from text articles to other text articles. Right? Spent a day, I'm like, yeah, scintillating. I'm out of here, right? Bounce. Because obviously I didn't, you know, back then we didn't have Netscape. There were no graphics, no videos, none of that stuff. It was like articles to articles to articles. So that's the visionary I am, right? I mean, I'm probably the guy that would have gone, Mr. Xerox. I understand the concept, but I'm not sure there's a market for it. So Peter Drucker had a great line. He said, predicting the future is like driving down a country road at night with your headlights off and you're looking out the rear window, which is pretty close to accurate I think, but we're going to take a drive anyway. So open source intelligence and recon as a tool. What makes OSINT so compelling is that it's a completely passive process, right? We don't send a single packet to the target. We send our packets to people that have already hit that target or the target has already hit or people within that company have already hit, right? They have no idea we're targeting them. So if we want to know what technology a company is running, we don't run scans in their network. I mean, you can later if you want or you can upfront if you want. But instead, what I like to do is I go to LinkedIn. I look at every employee, all their futures. What have they hired? What technologies do they have on, right? Retired current employees, go to Indeed, go to Monster, the job sites. Who are they hiring? What apps are they looking for? What technology? Just using open source intelligence, you can pretty much do a really good high-level technology stack analysis again without sending a single packet to the target. So this is actually what OSINT used to look like. Anybody remember using this back in like 89, yeah, right? Would I be far off by saying gigantic pain in the ass? Right? Finding the little nugget, you're like, I knew that they built this data center out and I want to find articles about it, but like you're scrolling and scrolling and scrolling. Yeah, it was a nightmare, but this is literally what open source intelligence and recon was for the longest time. And that's not to say there wasn't online data available, there certainly was. And ironically enough, back in the day, I know old-timer, government data was the most readily accessible. But that's because they'd actually had databases and data and big stuff. There was a time when government had their shit together, believe it or not. I know, hard to believe. Newspapers didn't have their stuff online though. That's only very recent, right? You see them on the scanning project and that's because now we have Hadoop clusters and they can distribute this work and it's a lot easier for them to do now than they could back then. Lexus Nexus, however, did exist back in the time. That was kind of like the ultimate source for OSINT or for a personal recon. But where are we now? Well, obviously, as my career has progressed, open source intelligence and successful recon has become a much bigger part of the attack and defense profiling for most engagements. And this is obviously due to the explosion of the internet and social media, right? We went from a little tiny drip of data that we could get to the biggest tsunami of data that the world has ever seen. I mean, if you look at the charts, the amount of data and the way it's going up, it's just exponential, right? And as OSINT professionals, I mean, this is what the field you get into or recon or doing any sort of this stuff, it's one of the first things you're going to have to deal with is the data overload, right? It's just, it's unbelievably hard. I mean, we're actually at a point now where we literally have internet connected toasters, internet freaking connected toasters. That's more data that we have, right? But again, it's also a pivot point within, you know, a target. So this was, I just put this up, it's not even close. This was like from four years ago. So take these numbers and time some by what? 100. I don't know what the number is now, but just unbelievable, unbelievable amounts of data that are surging over the wire at any given time. And these are things that you are going to want to go through, right? It's like, I want to look for anything that refers to this piece of data. And we start trolling through this and this pile, you're never going to get through this pile because it's growing all the time. So why do we use open source intelligence? Well, we said before, you know, it's usually free or at least relatively cheap. I mean, usually to obtain. The data has already been provided, so we don't have to mine it. Well, I shouldn't say that. We have to get it. We probably have to mine it, but it's been pre-mined for most part. The other nice thing is it's publicly available, which frees us hopefully from privacy law violations, which can be very costly. And we'll talk about that in a little bit. So Wall Street uses open source intelligence so that they can analyze companies. They can check supply chains, look at threats to their income streams, and analyze risks, right? Law enforcement uses it to track people, shut down protests, discover crimes, that sort of thing. NGOs use it to protect their employees because a lot of them are in war zones. And strangely enough, social media in many cases is the most honest, up-to-date, real-time source of truth in war zones, right? So you'll see a lot of NGOs relying very heavily on mining social media. And then journalists and others use it to investigate targets, uncover stories, document war activity and crimes and that sort of thing. But in my humble opinion, the most important use of OSINT, well, actually that's not true. This is the second most important thing, right? This is so we can postpone all the things, right? I mean, it really makes our life so much easier. Nobody else really has a need for OSINT like we do. Baby spy agencies, but other than that, we really need it to do our job. But in my opinion, the most important thing that you use OSINT for is online dating. Anyone here online dating? So I, you know, out of a 20-year marriage, I started online dating for the first time three weeks ago. And I'm trying to think of the word to put for it, freaking nightmare, maybe? Right? I can't stress the value enough of recon and OSINT in online dating. Yeah, you know, it's really good. If you really want to bounce someone who's like, you realize this relationship isn't working out, you can, oh, you know, quick Google search and hunting. Hey, are you Libby Morgenstern who lives on 7th and works at the Whole Foods and you've got that dog Peanut? And she's like, how do you know that? Discussion closed, unfriended. Very good to know. Right? Do you think you've met Mrs. Wright or Mr. Wright? It's really good to be able to look at this and figure out if this person truly is Mr. or Mrs. Wright. You can find out a lot of stuff about people that they haven't that you know yet. So you just wait for that piece of information to come out. You know, oh, that teardrop wasn't from the teardrop festival. It was from your five-year stint. So as we advance so, I mean, we can use, well, yeah, we can use, the way I see kind of OSINT evolving with dating apps is we can actually use image and facial recognition. We'll be able to harvest basically a treasure trove of local information, right? You'll be able to swipe with your little swiper, grab the data, get their profile, get all the interpersonal information and start putting that together into it kind of like at our own mini Lexus Nexus database. It's really cool. We can de-anonymize people really easily and get their intimate details. And it's really not that hard. If we built a mini army of these automated swipers, scrape the data, we can pretty much enumerate the entire, the company's entire database very quickly. I find OSINT is really helpful too. It's a great defense tool in online dating, right? Because I don't know if you've noticed. I think I must be the only, I know you guys are lying. I can't be the only person that's online dating. But I've learned the rules of online dating and that's if every photo is from up here and the duck lips, right? They're hiding something. Usually 100 pounds. So it's a really good defense tool because you can actually find out someone's true stuff, right? So in my dating world, I just want to give you a couple of quick examples that have happened to me. Just with the first name on a dating app, you can get a ton of information, right? So one of the first people I started dating was a nurse. Got a very unusual first name. So I put in a first name and nurse and googled. And it gave me four hits in the U.S. Four hits. That's pretty narrow, right? Now she had a very run of the name of her name was Susan Nurse. Probably have like what, 50,000, 50 million hits, right? So it was kind of interesting. I matched an image I had of her to an image I had a name and all of a sudden now I had last name and I'll start digging, right? It all comes together real quick. So I was able to find property she owned, court action against her, family tree, you name it, the whole thing. The second thing happened earlier, you know, or sorry, later that week, I met another woman. I had another very unique name. And from that, I was able to, I saw on the dating app that she was 0.6 miles from my place. So took a little protractor on the map, know the neighborhood she's going to be in, but in her first name, the neighborhood, and within seconds I had her motorcycle makes and model, her address, her occupation, her hangouts, pretty much everything, right? Just because she had a unique first name. Although the really weird thing was there were actually two people in my neighborhood with that unique first name. So at first I was all excited, she's a doctor, she's a doctor, I'm going to be rich. She was like, no, she's not. You're going to have to keep working, you lazy bum. So what makes Ocin and Recon so powerful for us as hackers? Well, as an attack tool, like I said before, it's as critical, if not more critical than pretty much every other stage or every other phase of a pen test, right? The proper intelligence gathered can be used in a devastating social engineering attack. And I mean, I've lost track the number of times in my life I've been able to come in and drop slang, internal, you know, project names, site locations, that sort of stuff, right? The old adge, if you look and act like you belong there, people are going to assume you belong. Using Ocin, you can gather just insane things. One of the courses I taught a few years ago at Black Hat was I had teams go out and they were assigned different companies. And one of my team, I assigned them just as a large, one of the largest defense contractors in the world. I'm not going to say the name. And they were able to find everything from employee names, addresses, social security numbers, salaries, black site addresses, locations around the world, you name it. And they found that within an hour. This is one of our most critical pieces of infrastructure. And they were able to find this information within an hour on the internet. Like I said, right, this is the stuff you want to catch. The TPS cover sheet report, right? TPS report cover sheet. So a physical layout, email addresses, phone numbers, network diagram, software, right? That's the sort of stuff we're looking for. So within open source intelligence, how many people here are really familiar with Ocin? I should have asked that. Oh, okay. So there's a lot that aren't. So there are actually many, many different types of open source intelligence. Open source intelligence, do you even know what that means? I guess I should have really framed where that is, right? Sorry. Open source intelligence is basically intelligence that we get that's out there, that's publicly available, right? That's open source intelligence. It can be on a website, it can be stuff that we grab from talking to people, whatever. But there are different ways, different types of methods or different type sources of open source intelligence. There's human intelligence, cultural intelligence, geospatial intelligence, I think it's called, market intelligence, signal intelligence, tactical intelligence, image intelligence, and what's mass in? I can't even remember. Sounds good. I don't even hear what you said. Sounds good. But there are tons of Ocin sources, and predicting the future of each and every one of these could be a conference into and of itself, right? So what I'm going to talk about today is the one type of open source intelligence that I feel is woefully underused. And I say that because I know people that pen test every day, I've seen it, I've done it myself, and I know they don't do it. People don't do it and they don't do it for a few reasons and we'll show why. But my favorite type of intelligence is called image intelligence. And that's where, try and guess it, we get intelligence from. You guys are super smart. I mean, the stuff that you can grab from image intelligence is just unbelievable. And it's stuff that you will often only find in images. Now, remember before I was talking about all the different things that we could look for in an attack like email addresses, physical layouts of properties and network diagrams and all the stuff we'd really want as hackers to break into a company. Well, we can find those things. So this guy, if you've seen some of my talks, sometimes I talk about this guy because he's just one of my favorite targets. You'll see why. So I stumbled across this guy's Flickr account a few years ago and decided he was really worth checking out for a variety of reasons, which you'll see. But just from him posting this business card, what do we grab from it? We got his cell phone, his work address, his work phone, his fax address, right? That's pretty good to know and his employer, right? That's good stuff to know. So I started looking at his Flickr account too and he posted this one. So I started to grab some other things I gleaned about his hobbies in his life. So what do we get from this Flickr upload? Carrier, correct? And he's got a sucky battery life, right? So there we go. So we know he is an AT&T character and we know he's on an apple on an iPhone, right? Which is important if we're going to launch an attack on it. So we have a cell phone number. Let's see if we mesh with AT&T as we went and we plugged it in to one of these databases and sure enough, he is on AT&T. So we can be pretty sure that if he gets a call from AT&T technical support or sales support, probably won't bat an eye, right? It's a legit call. We know his number, his AT&T, right? So this was another one that he posted on Flickr and it started to get more and more interesting as I was going through his account and he was talking about an event on Eventful that he had registered for. He goes, you know, fail. Eventful is a little too helpful with email addresses, with email address correction. He said, this isn't even my real email address but earthling.net is the correct domain. So I'm like, oh, good to know. So he's got an earthling.net email account. And then he posted a follow-up which is, you know, the event fail, fail, just keep getting worse. You know, this time with my real email address, fail. Like, dude, you just told us your real email address. So there we go. And then he started posting things, you know, he posted a lot of other things but he posts work picks of his work related hardware, including specific hardware like wireless adapters. That's probably something we'd want to know, right? Specific attacks. And then he had a bunch of photos of him doing asset scanning at some school. And in this one we start to see some really helpful information. He's scanning at Bird Rock Elementary School and I do a quick check of Google which shows me that's part of the San Diego Unified School District. I know from other posts he's made that he used to work there so I know he still is working there. So, right, another piece of information. He's using the Erie Jones Asset Scanning Program and we can see the school's code is 0029A. Pretty useful information if you get a schmoozer like me on the phone, right? Or in person. This can be very useful. Also helpful, the IP address of the laser printer there on the back. I don't know if you see it but they've got it sharpied on the upper right corner. 104017252. So people please do not hack this school. No hacking the schools. Here's another innocuous pick he took of him doing the asset survey. You notice, by the way, right before his face, what's that? Yeah, a map of the school. In other following pictures that he posed, we basically see the entire layout of the building, the facility. So this at first glance looks kind of useless but what I did was I ran it through a high res version, took a high res version, exported it, put it in Photoshop, ran a high pass filter on it and then I was able to start pulling out stuff, right? So how the bunch of laptops that they're scanning are Lenovo E10s. One of them has an asset tag ending in 78412. That's pretty useful. I mean, that's really specific information. If I can call up and say, I need you to pull out the Lenovo E10 that has asset tag 78412. Who the hell's on the other part of the phone? I don't know but this guy must be part of our organization, right? But this one's my favorite. So, you know, there's a basket with folders inside it and the basket has computer passwords attached to it. This school literally keeps a basket of passwords. You may shoot me now. Well, is it though? I mean, I don't know. A basket of passwords sticking out. That's like a battle of badness. Well actually, I mean, I don't want to go down too much to rabbit hole with this guy but we knew for a fact that his dog's name was one of his passwords and we were able to find his dog's name from his Flickr account. Fair warning though, the next ones are probably going to make your brain explode. I grabbed this office Flickr account, right? And this one, right? So off this one, we can glean the data center too. It has more capability and function than data center one. And in case, you know, you weren't able to get the whole thing. He's like, you know what? The first two weren't good enough. Let me make it so you can see the whole damn thing. So this is totally stuff you should be putting online, right? For future, no, that's not right. Oh yes, you did. Right. So what do we have here? A DSL number. We have the gear name. We have lots of stuff. And in fact, if we zoom in on the router. Yeah. This is like a huge fail sandwich, right? With extra fail and less sandwich. So basically the wireless SSID, the network key and the tech support number. Could we do anything bad with that? You could be the shittiest social engineer on the planet. And still get control over the school, right? I mean, they don't make silver platters this big. Let me put it to you that way. Right. What way does it work? So that's it with that guy. I mean, we could go, that guy is literally a talk unto itself. Google some of my talks and you'll see me kind of roast him. But he's not alone in posting crazy shit. This is a French secure data center. They literally post a video that is a video tour of their data center that shows where the cameras are, where the guards are, where the car key readers are, where the exits are the entire layout of the building. That's because they were afraid, I think. Maybe it's a jaundice thing. Do you think that's something that she put up online? Probably not, right? How about this one? The stupid, right? There is no patch for human stupidity, right? If you can't see in the back, push the number. New door lock. Push the number two and number four at the same time, then push number three and press enter. Thank you very much. So why doesn't everybody do image intelligence? Well, great question. Thank you, Shane. Because it's very time-sensitive, right? Computers could not have extracted the information, or at least most of that information, that we did from those photos, because a lot of it takes human intuition, right? At least not yet. And while we do have good character and image recognition programs, they aren't quite as good as we need yet, and we certainly don't have the AI for it yet. Like, look at that. I mean, that would be very hard for any sort of character recognition system to translate, right? And I know me. Like, I whiteboard all the time, and I'll come back an hour later and like, I don't even know what that word is, and I wrote it, right? If I don't know what my handwriting is, how am I supposed to expect a machine to know what it is? So, you know, there are some issues. There is a lot of research though that's going on in scene detection, scene text detection and recognition. A lot of it's being done in China. I don't know why I keep saying, ah, sorry about that. It's just a, don't do it. The Chinese are doing a ton of research into this stuff. One approach that they suggested that was initially kind of, they were doing is they were doing a sliding scale per character. So they take each character and then match what the mathematical probability and the sentence structure should be, the character presided. But that's really not a good way to do it. It's not efficient. You need a big list of every possible characters and for every word, a sequence. I mean, it's just unmanageable. So what they started doing now is they do what they call component based methods and that's where they'll do stuff like color clustering, removal of background. So they start seeing if this is blank, just cut it down. So they start trimming stuff down to the smallest possible readable chunks that they use. And then they filter out non-text elements basically according to a customized configuration that they build. And there's a really good paper out there that you can see is by these guys from, I think it's Beijing University, by Zhu Yao and Bai. But you can see here, these are all being read very clearly, right? No problem there. But here, we see it actually misses stuff. And it's very hard for us to do image and text retrieval because especially in the real world, you'll see things like different colored backgrounds. You'll see different fonts and size, unknown fonts, different colors, shading. I mean, there's a ton of things that kind of boggle it up. The good news is researchers really think that big data and deep learning will help tremendously. And the consensus is within the next 10 years, we're probably gonna have this problem solved. If you're interested in getting into text recognition, I would really recommend that you follow this. The account name is called Carlos Tao, which is probably the most weird Chinese name ever. Peking University, awesome text, awesome scene text recognition as the GitHub repo. And I'll make these slides available so you can just grab these things. So what is the future of image intelligence? Well, we're gonna be able to unbler photos. That's definitely something that's coming down the pike. In fact, there are cameras now out there, right? You take the picture, ah, that's kind of screwed up and you can roll it back. We're gonna start seeing super high resolution. We're not gonna have to be gleaning and putting in high pass filters and that sort of thing. When you get to 4K images, you can really scroll up stuff from afar and see a lot of patterns quickly. We're gonna be able to detect and extract text. We're gonna have facial recognition down. Location recognition's gonna be a big thing. Where basically you take a shot of something and just by the background, they'll be able to start saying, at least if they can't locate where you are, we can start locating where you're not. Which is just as valuable in many cases. Yeah, and advancements in cameras are already making image intelligence easier. We're already able to script some things where we can pull out things like names from name tags. Right, that's something like that. So Amazon's already in on this. They have a product called Amazon Recognition. It's a deeply learning based image recognition system. You can identify and detect objects, scenes, faces, you can recognize celebrities. It can identify inappropriate content, so IE nudes. They are literally deconstructing images into their base elements. So this is part of their marketing. They can do object detection, object and scene detection. They can do face detection and facial analysis. Are you happy? Are you sad? Are your eyes open? Face comparison. Even do face search in a crowd. All these technologies should give you a really good glance at where we're heading really quickly, what's coming down the road. And in fact, C-SPAN is already using this technology to automatically put names to speakers. So that they've saved thousands and thousands of hours and a lot of money, because now they don't have to do it by hand. So there is some good news for recon and there's some bad news. We'll go over the first good news. The good news is people are creatures of habit. So they're always gonna be using the same username over and over. We're gonna be able to track them all over the internet, right? Stuff like that. We're gonna be able to do things like have big data available to us. So let's say somebody posts some anonymous post about how it's raining like hell outside and we'll be able to pick up every weather station around the world real-time data and go, where is it raining right now? Start doing stuff like that. So I think the big future of open source intelligence is gonna be crowdsourced open source intelligence. And we're already starting to see that happen. We've had some, it's not like social media is gonna go anywhere because we, in any way that does, you know we live on social media, right? It's what feeds us. But in order for it to survive, there has to be one of two business models. You either pay for it or you let us mine your data even deeper than we are now. And this is gonna become a real issue because most social media companies are not making money. I mean, most Silicon Valley companies aren't making money, but put that aside, right? So most users will sadly go with the advertising. They rather sell all their privacy, all their data, instead of spending 10 bucks a month to protect that, which is kind of a sad state of affairs. So all of a sudden, if you're taking specific supplements, they can figure out what's going on, right? You're taking some sort of supplement because you think you're pregnant. They can do that analytics, right? And hopefully, you know, or if you're trying to boost your testosterone, like I say, hopefully not at the same time, they can detect that. They could say, you know what? I think this person has cushions. They're already starting to do this sort of thing. We've already started to see some spinoffs of Reddit and Facebook that were community-driven. Some were more successful than others. Some are still going. None obviously nearly as successful as the original. We see very huge projects where they're crowdsourcing Wi-Fi maps. We're seeing crowdsource phone books and contact lists. And these will continue to grow, most like, you know, either as a privacy-driven off-chute or as a pay-as-you-go privacy type site. People that say, you know what? I don't want my data trafficked anymore. Here's an example of crowdsourced oesynthets out. It's called Ushahidi. And frankly, I hadn't heard of these guys until earlier in the week when their executive director got fired for sexual harassment. I mean, that showed up in my feed. It was, oh, okay. Who are these guys? And you start digging into it. These guys are actually doing open-source intelligence tracking in war zones. So they're tracking human rights activities that you can report anonymously. Now, anyone see an opportunity here for an attacker, though? Right? You put up your own site where people can report stuff anonymously. We put a lot of trust into these vendors, but we don't know who these vendors are, right? This is a real problem with open-source intelligence. It's open, but who's putting what out there? Crowd-source geotrain and satellite imaging. That's something that we're definitely starting to see. We're already starting to see things like Tomnod, which is a crowd-sourced satellite intelligence analyst or analysis program. Bellingcat, which is terrestrial. I don't know if you guys have seen this, but this is journalists around the world doing some really amazing stuff with Bellingcat. And so, especially in the Ukrainian war, they've been able to really identify, hey, guess what? This piece of armament was in this location at this time. And they can even say it was in this meadow. Really cool stuff. I would seriously recommend everybody check out Bellingcat. And then there was something called Satellites Sentinel, which was George Clooney. It was a very temporary thing. It was for the war in Darfur. But very soon, you might even be able to launch your own satellites. Facebook.com slash space boffins. These guys are talking about many satellite swarms, nano-satellites. So it's certainly not beyond the realm of possibility that crowd funding a civilian satellite project. I mean, that's more than feasible, especially as lens technology comes down in price and increases in strength and power. You're very soon going to have civilian satellites. We'll be able to track what the government's doing. I don't think they'll like that. That's my guess. Crowd-source public camera database. That's something that I want to pitch at chaos, and I still might. I want to do my own thing where we basically take Raspberry Pis and set up our own network where we capture licensed plates just like the police do, but make it totally open-source so everybody can see where the politicians are going, where the police are going, where the people that want to tell us if we've got nothing to hide are going. If I die, it was probably because of that, though. The other question is, license plate, really, I don't know if you saw the thing on Facebook this week, the new flying car, right? Are we actually going to have licensed plates on flying cars? So, I don't know, might not be worth the investment. Future of recon, though, bad news. Social media is going to definitely come under pressure to address hate speech, defamation, terror porn, and that sort of stuff. We're not terror, comma, revenge porn. Maybe terror revenge porn, I don't know. Al-Qaeda does some crazy shit. But they've already got fines, so Germany just gave them a massive, well, not massive, but five to $50 million euro fine is what they're proposing now. If material is not taken down within 24 hours of a complaint, so guess what's going to happen? Guess what the default action is going to be when someone says, yeah, this offends me, or this is bad data? Do you think they're going to wait 24 hours for some minimum, $2 above minimum wage person to check it out? No, that data's going to disappear like that, right? That's what the attack's going to be, obviously. So it's going to be really easy for us to suppress speech and data. So, Francis has a thing called the CNIL, they have the Data Protection Authority. They're saying that Facebook does not have a legal basis under EU law to combine all the information it has on account holders to display targeted advertising, i.e., they're a frickin' business model, right? That's an existential threat to the company. It also finds that Facebook engages in lawful tracking via data cookies of internet users, they continue to act in non-compliance, the maximum fine for next year will be 4% of global turnover over $20 million, whichever is greater. That sounds horrible until you realize they made $2.5 billion last quarter, right, so it's a drop in the bucket. It's a price of doing business. But not everybody's making money, right? Here's some other bad news for the future recon. I'm sorry, I'm going to be like two minutes over time. Our old problem with recon was we were designed to try and find needles in haystacks, right? Well, now we've got a bigger problem. Now we actually have to find which needles are actually legit needles. We have fake news. We have data poisoning, deliberate data poisoning. So now every time we find a piece of data, we actually need to validate that that piece of data is legitimate, right? Twitter, I don't know if you saw this study, they showed that nine to 15% of users are bots. They're fake, fake news, stuff that we can't trust. There's a site called budometer.com, or the budometer tool, you should check it out. And in data poisoning, we see this all the time, offensive and defensive poisoning of data. So we could use that for really good and bad. We can jam up social media with fake accounts, content for keywords we know that oppressive governments are mining. We can just put that in every frequent tweet and drown the analysts. As anti-bot detection rises, so does the barrier to entry, right? So fake accounts are really easy to prevent. You need to tie it to an actual phone or credit card. But companies don't do this because it would impact their earnings. So the government is moving towards requiring this. And as that happens, we will start to see a lot of this go away. There's a thing out there called the CrowdSource Intelligence Agency. It's really neat. What these guys do is they actually, well if you can put in a tweet, and it will rank the probability and the highness of it being flagged by government filters as being offensive or needing real law enforcement follow up. So let's flip that OSN tool that was designed for good and flip it into bad. So let's find out that our target is traveling in a few months. So what do we do? We create an account for someone that exists. We have a bunch of sock puppets. Accounts follow that target. That's someone that exists as him. We begin to interact with him. Now we set up a Twitter account impersonating that person. We fill it with content from his social media. So we basically clone this guy on social media, take stuff from his Facebook account, whatever, post it. So now it's his account as well. It's his clone account that he doesn't know about. Over time we start feeding the puppets following our impersonation account as well. Karen feeding of these bots is important. They need to be legitimate accounts, not mindless. We tweet the occasional anti-government, but nothing too bad. Now we know the guy is about to hop on an airplane and as he's at the terminal we type in something like, today is the day I blow up an airliner. He's on the air, right? All those filters are gonna find it. And the way we find out the tweet to use, right? We just use that CS, the open source intelligence bot to tell us what the ideal tweet is to send out. Like I said, data poisoning is gonna increase. We're gonna see that. It's very important that you, as a reconnaissance analyst, always seek the validity of the source. Always question who your source is and what their intent on releasing that information is. Some dark and vice data is gonna lose its value right now. You can blackmail people by geolocating them on Grindr or GADs. Nobody's gonna care in a while, right? Sorry guys, I'm coming, I'm coming, I'm coming. A couple other things that I think are really cool that you should check out. Something called stylometry. It assesses sentence structure and writing style to identify users. So if someone's typing stuff at, you know, and you don't know who they are, you can actually start to find commonalities between different posts on different sites. You're definitely gonna see increases in both stylometry techniques and countermeasures. There is a countermeasure called Anana Mouth. There's also an R library that lets you write your own, roll your own stylometry lab at Google. And like I said, I'm gonna make these all available. And then there's a researcher, Kim Jouts, who also has a blog that you should check out. The good news for us as pen testers, people are always gonna continue to leak information. They're gonna be looking for jobs, they're gonna be government records, social media, GPS, sex and dating, right? People are gonna do anything to get their groove on. It is inevitable that most, if not all, of the libraries that we've talked about before are gonna be released to the public or will at least develop our own versions of them and they'll be open source. Just imagine the power that's gonna give the individual. But the really bad news is pretty much everyone's gonna have access to this data. And the really bad news to all of us in this room is that as these technologies improve along with AI and as attack tools get more automated, well perhaps, edge case stuff requires a bit more digging, there's not gonna be very much that AI can't do. We're not gonna be employed to the digging. We're gonna have machines do it. Pen testing is not gonna be a job. It's not gonna be a career, I hate to say it. Who has the most power? The government, the government works for us. They make, there are some big decisions for us to make. Let's make the government make the right decision. We as hackers have competing interests. We should be the guardians of data. I know we're paid to attack that data but we need to have an ethical and moral discussion. What side of this fence are we on? Are we aiding and abetting just for a paycheck? Is that who we really wanna be? That's it. You can always call me or email me. Shane at tacticalintelligence.org. You can get me on Twitter. TacticalIntel is my tech account. Planet Shane is my comedy account. Thank you very much for coming. Thank you very much for inviting me. It was a big honor. Thank you so much. Sorry, sorry for running over now.