Jester’s warbag: be careful of what you do on the internet

Jester’s identity is not publicly known. Many suspect that he works with law enforcement, but outside of the law – and it is believed that he has military intelligence training in his background. When he took down the Cryptocomb website the owners replaced the landing page with a short message: “Cryptocomb will be back after the state sponsored attack ends.” Some have questioned why the FBI can have considerable success in tracking down groups such as LulzSec and UGNazi, but don’t appear to be looking for Jester.

Now, in his own blog, he has detailed some of the freely available software he uses in his labors. It makes disturbing reading that such surveillance software is so readily available. Called OSINT (open source intelligence), the software he uses can provide a surprising amount of data on potential targets. (Note that open source here means overt – that is, freely available –intelligence as opposed to covert intelligence, and is not related to open source software.)

He describes a number of products that he uses for “OSINT collection and collation”. These include Maltego, where he says that, “The basic focus of the application is analyzing real-world relationships between people, groups, websites, domains, networks, internet infrastructure, and affiliations with online services such as Twitter and Facebook.”

Creepy, “a software package for Windows and Linux, hooks into social networks like Twitter and Flickr to glean information about a targeted user’s location... Clusters would logically indicate a person’s residence or workplace.”

Spokeo “is a social network aggregator website that aggregates data from many online and offline sources... This aggregated data may include demographic data, social profiles, and estimated property and wealth values.”

These are “just a sample of some of the many great OSINT tools out there,” he says. Time permitting, he adds, he will turn in the future “to talk about ‘technical recon’ – tools I use to map the nature of target networks and possible vulnerabilities or entry points.”

What Jester does is neither news nor unknown – but what will surprise and probably disturb many people is the sheer range of freely available products that can track and aggregate the tiny footprints that everyone leaves on the internet.

What’s hot on Infosecurity Magazine?