88 Chapter 4 ■ Footprinting and Reconnaissance
Pseudonymous Footprinting
Pseudonymous involves gathering information from online sources that are posted by
someone from the target but under a different name or in some cases a pen name. In
essence the information is not posted under a real name or anonymously; it is posted under
an assumed name with the intention that it will not be traced to the actual source.Internet Footprinting
A pretty straightforward method of gaining information is to just use the Internet. I’m talk-
ing about using techniques such as Google hacking (which uses Google Search and other
Google apps to identify security holes in websites’ configuration and computer code) and
other methods to find out what your target wants to hide (or doesn’t know is public infor-
mation) that a malicious party can easily obtain and use.Threats Introduced by Footprinting
Let’s take a closer look at the threats that can be used to gain information:Social Engineering One of the easiest ways to gain information about a target or to get
information in general is to just ask for it. When asking doesn’t work, you can try manipulat-
ing people with the goal of getting that gem of information that can give you useful insight.Network and System Attacks These are designed to gather information relating to an
environment’s system configuration and operating systems.Information Leakage This one is far too common nowadays as organizations frequently
have become victims of data and other company secrets slipping out the door and into the
wrong hands.Privacy Loss Another one that is common—all too common sadly—is privacy loss. Attack-
ers gaining access to a system can compromise not only the security of the system, but the
privacy of the information stored on it as well. If you happen to be the target of such an
attack, you may easily find yourself running afoul of laws such as the Health Insurance Por-
tability and Accountability Act of 1996 (HIPAA) or Sarbanes–Oxley, to name a couple.Revenue Loss Loss of information and security related to online business, banking, and
financial-related issues can easily lead to lack of trust in a business, which may even lead to
closure of the business itself.The Footprinting Process
There are many steps in the footprinting process, each of which will yield a different type
of information. Remember to log each piece of information that you gather no matter how
insignificant it may seem at the time.