Stratfor: When OSINT intelligence turns against you

Visit the front pageVisit your profilePublish a blog post

 Little background: Christmas of 2011 is laundry, from the group Anonymous , the site of the known cyber-intelligence agency Stratfor .

Numerous data are subtracted. Before you dump all the emails of analysts, then the list of users, accounts, passwords, and in many cases the credit cards of subscribers to services agency. But I do not want to talk about this, in turn find many analyzes of what has happened, including an excellent timeline (albeit with many links now removed).

Article original language: Italian   // Copy & Paste via Google Translate // 

 
 
Analyzing the database that you find on Dazzlepod , I noticed that there are (as well as loads of other stuff) accounts gov.it interesting:
 

Having never heard the rule alfa.gov.it , I went to do a search, but does not expose a web service accessible directly. But a few words in emails is starting to reflect ...

Searching on Google emerges, however, a further subdomain  webq.alfa.gov.it , which presents a login form, presumably to web mail interface. 
Do a whois sites Italian government is quite complex (as the rest of the record, but is precisely the stuff government and Italian , so it is small wonder :) )
 
This site is hosted by IP 151.13.11.186, Infostrada. 
You can understand more, but you can use a great tool like Robtex , to see what else is on the address class, as likely to have been assigned together. In fact, by doing a search comes up ...
 

This is revealed who is behind alfa.gov.it , and why he was interested in intelligence.

So let us just one thing, it was not and is not resource secret . 
These assets more or less deliberately hidden . At least not directly exposed to those who do not care to try things right.
 
This story is a good case study to explain two very important things in computer security.
The first is no doubt that we should not trust anyone . 
However important the service provider, as you pay or you think you're safe, you should never expose themselves directly. It would be enough to use a gmail address recorded on the fly, and would disappear in the
 hundreds of thousands of users dumpate.
 
The second is that sources of OSINT - Open Source Intenlligence are powerful . 
You really need to do two / three research and the amount of information that is made ​​Arrange them is enormous. So if you think you can hide some little thing in the folds of your internet service, if you think that after all that's wrong to use the corporate email ... think again. We're not talking about advanced techniques of Google hacking , just a simple search.
 
Ironically, those affected by this story are the very people who were looking for, and I wonder why with so many different addresses, its information from sources OSINT ..
 
 
 

Published by:

CWZ's picture

Name
Reza Rafati

Information
I am the founder of Cyberwarzone.com and I focus on sharing and collecting relevant cyberconflict news., The goal of Cyberwarzone is to provide the world a portal with global cyberwar information. The effort in getting this cyberwarfare information is hard. But as the internet is growing we need to get an global cyberwar & cybercrime monitoring system., By the people and for the people. We will be gathering information about Cybercrime, Cyberwarfare and hacking. LinkedIn: http://www.linkedin.com/pub/reza-rafati-%E2%99%82/1a/98b/197

Country
The Netherlands

My website
Cyberwarzone.com

Twitter:
http://twitter.com/#!/cyberwarzonecom