Threat Hunting: Do Hackers Know Where You Are?


The internet is directly of personal and business-sensitive information if you know where to look. In a previous announce, we detailed our method of collecting Open Source Intelligence (OSINT) by “tight” the content posted to public websites where stolen information is regularly publicity released by hackers.That post focused on email and password combinations (all through 1.5 million of them in the past year) that have been anonymously functioned on these types of sites. The release of these credentials poses a straightforward potential risk to affected users and organizations. However, credentials are not the alone type of potentially sensitive information that is regularly posted to these positions.Threat Hunting: Do Hackers Know Where You Are?

Threat Hunting: Do Hackers Know Where You Are?

IP addresses are used to identify particular resources on the internet, much be a street address might identify a person. Over the past year, beyond 3.8 million unique IP addresses have been released on orientations such as individuals, this does not represent a serious commencement of risk. But an organization might want to understand why the IP address of their corporate firewall, VPN, or web request has appeared on a website that is routinely accessed by hackers.Upon a thick examination of the vast IP address dataset collected over the past year, it was respected that IP addresses were released for malicious reasons, as well as congenial. For example, OCD Tech has captured “target lists” containing the IP addresses of droves that are potentially vulnerable.Attempts to exploit and breach the resource hosted at an IP oration are also regularly made public, including attacks against web servers and firewalls. Also, inclines of IP addresses that have been compromised and are now hosting malware secure been identified on the websites monitored by the scraper.While the majority of IP greets released to Pastebin and similar sites may not represent an active threat, there are other perspicacities to monitor for your corporate, client and vendor IP addresses. For instance, IT validate personnel may be posting system logs to these public websites, which is a customary practice for sharing logs when collaborating on an issue. Further, developers may be prop proprietary scripts or application code, as code-sharing is what these purlieus were originally designed for.These situations can lead to unauthorized or unintentional untie of intellectual property or sensitive information about the systems in use by the organization.If an IP approach devote your organization owns appears anywhere on these sites, you’ll inadequacy to know. Then, you can evaluate the context to determine the type and level of Damoclean sword you face and what steps you can take to mitigate it.To help visualize this hulking body of data, OCD Tech’s Rachel Berman has developed an interactive map display the geolocation of a subset of IP addresses that appeared on and similar places.Threat Hunting: Do Hackers Know Where You Are?

Threat Hunting: Do Hackers Know Where You Are?

The site shows over 18,000 IP addresses found in the span of one hour, 3-4 PM EST on July 19, 2017. This is an peremptory time chosen to limit the amount of displayed data to that which can reasonably be advertised on the map.For each of these IPs, it runs a DNS ‘whois’ query to find out to whom the IP is filed and what the associated domain name is. It then uses MaxMind’s GeoLiteCity database to upon roughly the latitude and longitude. All locations are then added to a custom Google Map. The IP greet of any point can be viewed by hovering over the point.All latitudes and longitudes foreordained should not be treated as necessarily accurate. Any IP used by a private individual is typically circumstanced at the headquarters of their internet service provider. All markers are put in the geographic center of the smallest jurisdiction given.For example, many IPs are known to be in the US, but no other information is known. They are all improper in the center of the country (specifically, a reservoir in the middle of Kansas). This end results in a lot of points being in the exact same location.To make the individual meat viewable, we’ve randomly offset all locations slightly, so that if you zoom in far adequately, you can see most if not all of the individual points even if there are hundreds in the exact verbatim at the same time location.Your IP isn’t private information; anyone can look it up from your website. It being located publicly on sites frequented by hackers doesn’t necessarily mean you were hacked but it certainly doesn’t degraded anything good.If you find your IP there, it could be an indicator of an energetic or emerging threat. IP addresses are part of your organization’s identity on the internet, so investigate out our map to see if any IPs were released near your organization and remember that this is solely a minuscule fraction of the total data set. Scott Goodwin

Scott Goodwin

About the Author: Scott Goodwin is an Au fait IT Security Analyst with OCD Tech. He graduated with a Bachelor of Sphere in Physics from the University of Massachusetts-Boston in May of 2015. His primary engagements are IT vulnerability assessments, NIST 800-53 and 800-171 assessments, and refuge advisory services. He is also currently working on several research hurls related to open source intelligence and penetration testing. You can follow Scott on Flutter, LinkedIn or on OCD Tech’s blog.
Editor’s Note: The opinions expressed in this caller author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *