Free Facial Recognition Tool to Track People on Social Media Sites
A new facial recognition tool is developed by the researchers at Trustwave, an information security company. This is an open-source facial recognition tool will help agencies gather intelligence at a faster turnaround time.
The software is supposed to be a Social mapper which will help the agency find the profiles of hackers who hack into a secure network, only with the intention to steal and modify the data. The tool is intended for penetration testers and red teamers are available to everyone for free on GitHub. Though the test can be performed manually, the automated process using Social Mapper can be performed much faster on a large scale. Still, the process takes no less than 15 hours for a searching details of 1,000 people.
How it works
The Social Mapper first prepares a list of targeted people for processing on the basis of the requirement. The tool currently searches on social media websites that match the correct profile which takes a huge bandwidth. The system automated in nature scans on various social media like Facebook, Instagram, Google+, Twitter, LinkedIn, the Russian SM site like VKontakte, and Chinese platform Weibo and Douban.
The tool churns out a report based on the data feed and gives it back in the form of a spreadsheet, which has the complete details of the person like pictures, email id, and other little-known details. This basic information proves to be critical for the organization to fix the security and vulnerability and Social engineering attack.
Since scanning the Internet for the profile is time-consuming, Trustwave came out with the software which gets the minute details overnight. Moreover, this is an open source -coded software developed for security researchers, or maybe a few white hat hackers can lay their hands on it.
Social Mapper works by running through three stages:
1—The tool creates a list of the targets consisting of the name and picture based on the information. The list can be given by means of links in a CSV file, pictures can be handed over manually or can be sourced from the social media LinkedIn.
2—once the objectives are prepared, the second phase of Social Mapper kicks in that consequently begins scanning web-based life locales for the objectives on the web. The scientists recommend running the device with a decent internet connection.
3 – After seeking, the third phase of the Social Mapper begins creating reports, for example, a spreadsheet with links to the profile pages of the objective list a more visual HTML report that likewise incorporates photographs for rapid checking and confirming the outcomes.
In any case, since the device is currently accessible in open-source, anybody a cybercriminal can reuse the facial recognition technology to build his own program to search the data based on the list.
The company further proceeded to outline some nefarious-sounding uses of Social Mapper, which are limited “only by your imagination,” once you have the end result in your hand, suggesting that it can be used to:
The organization additionally said that the continued nefarious-sounding uses Social Mapper, which are restricted only by your imagination,” once you have the final product in your hand, saying that it can be used to:
Create fake social media profiles to “Friend” targets and then send them links to downloadable malware or credential capturing landing web pages.
Trick targets into disclosing their emails and phone numbers with vouchers and offers to pivot into “phishing, vishing or smishing.”
Create custom phishing campaigns for each social media platform, making sure that the target has an account, and make this more realistic by including their profile picture in the email. Then capture the passwords for password reuse.
View target’s photos looking for employee access card badges and familiarise yourself with building interiors. Well, that sounds horrible, but Trustwave researchers emphasized the use of Social Mapper for ethical hacking.
Trustwave’s Jacob Wilkin is going to present Social Mapper at the Black Hat USA conference this week, where IBM Research is detailing its highly evasive and highly targeted AI-powered malware called DeepLocker. The Social Mapper is available on GitHub and making it available to everyone for free.