The Footprinting Process 91
Location and Geography
Not to be overlooked or underestimated in value is any information pertaining to the
physical location of offices and personnel. You should seek this information during the
footprinting process because it can yield other key details that you may find useful in later
stages, including physical penetrations. Additionally, knowing a company’s physical loca-
tion can aid in dumpster diving, social engineering, and other efforts.
To help you obtain physical location data, a range of useful and powerful tools are avail-
able. Thanks to the number of sources that gather information such as satellites and web-
cams, there is the potential for you as an attacker to gain substantial location data. Never
underestimate the sheer number of sources available, including:
Google Earth This popular satellite imaging utility has been available since 2001 and
since that time it has gotten better with access to more information and increasing amounts
of other data. Also included in the utility is the ability to look at historical images of most
locations, in some cases back over 20 years.
Google Maps Google Maps provides area information and similar data. Google Maps
with Street View allows you to view businesses, houses, and other locations from the
perspective of a car. Using this utility, many people have spotted things such as people,
entrances, and even individuals working through the windows of a business.
Webcams These are very common, and they can provide information on locations or people.
People Search Many websites offer information of public record that can be easily
accessed by those willing to search for it. It is not uncommon to come across details such as
phone numbers, house addresses, e-mail addresses, and other information depending on the
website being accessed. Some really great examples of people search utilities are Spokeo,
ZabaSearch, Wink, and Intelius.
This location information will become valuable later in this book when we
talk about physical security.Social Networking and Information Gathering
One of the best sources for information is social networking. Social networking has proven
not only extremely prolific, but also incredibly useful as an information-gathering tool. A
large number of people who use these services provide updates on a daily basis. You can
learn not only what an individual is doing, but also all the relationships, both personal and
professional, that they have.
Because of the openness and ease of information sharing on these sites, a savvy and
determined attacker can locate details that ought not to be shared. In the past, I have found
information such as project data, vacation information, working relationships, and loca-
tion data. This information may be useful in a number of ways. For example, armed with
personal data learned on social networking sites, an attacker can use social engineering to
build a sense of trust.