Winn Schwartau: Facebook OSINT Module for Recon-ng

Software
Winn Schwartau
Winn Schwartau

Title: Facebook OSINT Module for Recon-ng
Source: Kc57
Date Published: 25th April 2013

Excerpt:

‘….If you haven’t yet heard of Recon-ng I suggest you check it out. It walks you through the process of collecting recon in various forms and provides a nice framework to store, sort, and report on
everything you collect. You should definitely get this set up if you plan to follow along.

I have been working on a Recon-ng module to do some Facebook OSINT by using the Facebook Graph API to search for phone numbers. It allows you to search for a specific phone number, or brute force
through a range of numbers and grab all of the publicly available information on each associated Facebook account that matches……’

Read complete article with code graphics.

Journal: Weaponizing Web 2.0

Commerce, Commercial Intelligence, Law Enforcement
Washington Post Full Story
Washington Post Full Story

By Brian Krebs

July 29, 2009; 3:15 PM ET

The Washington Post

Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox.

. . . . . . .

The problem with the token-based security approach, as researchers prior to Hamiel and Moyer have noted, is that it works only if the attacker doesn’t have access to that random string of data as well.

To take the Alice and Bob on the forum example a step further, consider what happens when Alice views a forum posting by Bob that includes a link to an off-site image hosted at a site controlled by Bob. That image, when loaded by Alice’s browser, will automatically send Bob’s site a referrer URL that includes the full token that is unique to Alice’s browser session with that forum. Armed with the referring URL’s token, Bob can then respond to the image request from Alice’s browser with a request to silently take action on that forum in Alice’s name.

. . . . . . .

Moyer said one way to prevent this attack is commonly used on banking Web sites involves what’s known as a nonce, which is essentially a random, one-time-use-only number that is appended to a URL each time a visitor loads a page on that site. He noted that one reason most sites don’t adopt this approach is that it requires far more computational and Web server capacity, which can drive up costs — particularly for high-traffic sites.

DefCon White Paper
DefCon White Paper

+++++++Phi Beta Iota Editorial Comment+++++++

In 1990-1991 Winn Schwartau testified to Congress.  They ignored him the way they ignored Peak Oil testimony in 1974-1975.  In 1995 Robert Steele organized three top experts, Schwartau, Jim A from NSA, and Bill Caelii, and submitted a cross-walk of crystal clear recommendations adding up to $1 billion a year to Marty Harris, responsible for the security of the National Information Infrastructure (NII).  Today the US Government is about to waste $12 billion a year helping NSA further its own agenda while ignoring the root needs of the American people for trusted electromagnetic services.  The federal government is so busy attacking other people it is neglecting the people that created the federal government as a service of common concern.  The gap between those exercising public power and those who elected them and pay them has grown cataclysmic.  Public intelligence in the public interest is one way to help the Republic heal.

2008 Earth Intelligence Network Brief to Hackers on Planet Earth (HOPE)

Briefings & Lectures, Collective Intelligence, Earth Intelligence
EIN at HOPE
EIN at HOPE

At the recommendation of Winn Schwartau, Robert Steele was invited to open Hackers on Planet Earth (HOPE) in New York City in 1994, and has been a speaker each conference since then.  Although 2008 was billed as the last event, it may continue.  Steele also does a “SPY IMPROVE: Everything You Ever Wanted to Know But Did Not Know Who to Ask.”  Above is the “formal” briefing delivered on 18 July 2008.

Review: INFORMATION WARFARE–Chaos on the Electronic Superhighway

5 Star, Asymmetric, Cyber, Hacking, Odd War, Information Operations, Information Society, Information Technology
Amazon Page

5 Stars Still a Best in Class Endeavor

December 1, 2007

Winn Schwartau

I continue to believe this is one of the best in class original references. Winn, Peter Black (RIP) and I were among the first to warn of electronic Pearl Harbors, with Winn being the most knowledeable and the only one invited to brief Congress, where it went in one ear and out the others.

Winn Schwartau was one of the first, along with Peter Black (RIP), to warn Congress and the business world that digital systems would be extremely vulnerable. No one listened.

This book is still in my library. It is the non-fiction “first book” in this area.

For the fictional version that will stun with its surprise ending:
Terminal Compromise

For the best movie showing how easy it is to bring a society down:
Live Free or Die Hard (Full Screen Edition)

Other Hacker Books:
The Second Self: Computers and the Human Spirit , Twentieth Anniversary Edition
Hackers: Heroes of the Computer Revolution
The Hacker Crackdown: Law And Disorder On The Electronic Frontier
The Art of Deception: Controlling the Human Element of Security

Other Hacker DVD:
Hackers
Hackers – Wizards of the Electronic Age

Vote on Review

Review: Terminal Compromise

5 Star, Asymmetric, Cyber, Hacking, Odd War, Information Operations
Amazon Page
Amazon Page
5.0 out of 5 stars The ORIGINAL Information Warfare Book of Books
October 16, 2007
Winn Schwartau
I am so very glad this book has been reprinted and is now available again from Amazon. I have known the author ever since I ran into him in the 1990’s lecturing on America’s vulnerability to an electronic Pearl Harbor. This book started as non-fiction and scared the lawyers so badly that they insisted he write it as a non-fiction novel.

This is one of the most compelling plots, and is the perfect starter book for anyone who wants to begin understanding cyberwar, cyber espionage, and homeland vulnerability. Then read everything else Winn has published.

He is the ORIGINAL, the “real deal,” and one of the talents I most admire in the Information Operations arena.

See also:
Information Warfare: Second Edition
Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption
Internet & Computer Ethics for Kids: (and Parents & Teachers Who Haven’t Got a Clue.)
Spies Among Us: How to Stop Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day
Zen and the Art of Information SecurityCorporate Espionage: What It Is, Why It’s Happening in Your Company, What You Must Do About It
Information Operations: All Information, All Languages, All the Time

Vote on Review
Vote on Review

Threat Archives on Public Intelligence (1992-2006)

Threats

2004

NO

ThreatBjorgoRoot Causes of Terrorism

2004

US

ThreatKaplanThe Saudi Connection to Terrorism

2004

US

ThreatKnappAl Qaeda and the Mass Media (PSYOP Briefing)

2004

US

ThreatKnappAl Qaeda and the Mass Media (Reference)

2004

US

ThreatKnappDistortion in Islam and Jihad

2004

US

ThreatKnappDiversity in Islam

2006

US

ThreatDalyAl Qaeda Against Saudi Oil

2006

US

ThreatJohnsonBattle of Algiers and Its Lessons

2006

US

ThreatSeagravesGold Warriors: New Epilogue, Further of US Theft of WWII Gold Loot

2006

US

ThreatSeagravesGold Warriors New Chapter Seventeen

2006

US

ThreatSteeleWho Is to Blamce?  The Vice President and Us

2006

US

ThreatSternAl Qaeda Approach to US Muslims

2006

UK

ThreatStoryCrunch Time for CIA, Banks, and Related Thieves of $742 Trillion

2005

US

ThreatEllisScenarios for Next Generation Crises in Latin America

2005

US

ThreatGAOGAO Report: US Not Addressing Islamic Fundamentalism

2005

US

ThreatOSSSomalia Piracy Quick Report

2005

US

ThreatOSSReport on Remote Detonation of Improvised Explosive Devices

2005

US

ThreatOSSPRC Trade in Latin America

2005

US

ThreatRay & GrossThe Perfect Storm

2005

US

ThreatSteeleWorksheet for Book Review on Crossing the Rubicon

2005

US

ThreatSteeleMother Nature as Terrorist

2005

US

ThreatSteele9-11: Who’s To Blame?  One Man’s Opinion

2005

US

ThreatThompsonIs the Terrorism Threat Over-Rated?

2004

US

ThreatDalyGlobalization & National Defense (Ecological Economics)

2004

US

ThreatLouisianaPre-Hurricane Katrina Study and Conclusions

2004

US

ThreatPalmerThe Real Axis of Evil: 44 Dictators

2004

US

ThreatPetersEarly Warning of Disease From Pattern Analysis

2004

US

ThreatSeagraveTranscript of Video on Stolen Gold Held by US Treasury & Citi-Bank

2004

US

ThreatVlahosAttachment to the Muslim Renovatio Memorandum

2004

US

ThreatVlahosThe Muslim Renovatio and U.S. Strategy

2004

US

ThreatVlahosThe Muslims Are Coming

2004

US

ThreatVlahosInsurgency Within Islam

2003

US

ThreatDanzipCountering Traumatic Attacks

2003

PRC

ThreatOSSPRC Treaty & Trade Penetration of Latin America

2002

US

ThreatEmerson & SteeleAmerican Jihad Map

2002

US

ThreatSteeleACFR, 19 Cities: 9-11, U.S. Intelligence, & the Real World

2000

US

ThreatSteeleGeorgetown/AWC: Non-Traditional Threats

1998

US

ThreatSteeleTAKEDOWN: Targets, Tools, & Technocracy

1994

US

ThreatSteele6th National Threat Symposium: New Directions in Information Sharing

2005

NGO

ThreatNGOChanging Face of Global Violence

2005

NGO

ThreatNGOHuman Security Audit

2004

US

ThreatPeltonRobert Young Pelton on Dangerous World

2004

US

ThreatSteeleThree Book Review Relevant to Global War on Terror (GWOT)

2003

US

ThreatCopelandAnalysis of the New Paradigm for Terrorism

2003

US

ThreatManwaringStreet Gangs: New Urban Insurgency

2003

US

ThreatManwaringWar & Conflict: Six Generations

2003

US

ThreatPeltonSummary of Presentation on World’s Most Dangerous Places

2002

US

ThreatBettsThe Next Intelligence Failure: The Limits of Prevention

2002

NL

ThreatJongmanWorld Conflict and Human Rights Map 2001-2002

2002

US

ThreatWheatonTransitions from Authoritarian Rule: A Model

2002

US

ThreatWheatonVirtual Afghanistan: Modeling a Transition from Authoritarian Rule

2001

US

ThreatGodsonGovernments and Gangs

2001

US

ThreatHeidenrichEarly Warning & Complex Monitoring of Ethnic Genocide (Slides)

2001

US

ThreatHeidenrichEarly Warning & Complex Monitoring of Ethnic Genocide (Text)

1998

US

ThreatTransnational Enemies: Threats Without Names

1998

US

ThreatGlaebusMetaphors & Modern Threats: Biological, Computer, Cognitive Viruses

1997

US

ThreatFialkaWar by Other Means: Economic Espionage In (Against) America

1997

US

ThreatSchwartauInformation Warfare: The Weapons of the Information Age

1997

US

ThreatTenneyCyber-Law and Cyber-Crime: Spamming Methods and Costs

1996

US

ThreatKeuhlSchool of Information Warfare Threat and Strategy: Shifting Paradigms

1996

US

ThreatO’MalleyCountering the Business Intelligence Threat

1996

US

ThreatStrassmannU.S. Knowledge Assets: The Choice Target for Information Crime

1996

US

ThreatWinklerElectronic Industrial Espionage: Defining Ground Zero

1994

US

ThreatWhitney-SmithRefugees: Weapon of the Post Cold War World–Counter Offensive: IW

Policy Archives on Public Intelligence (1992-2006)

Policy

2006

US

PolicyDoDQDR Shift in Focus 18 Years After Gray and Steele Recommended Same

2006

US

PolicyMarkowitzDefense Science Board Report on Transitions (NGO, OSINT)

2006

US

PolicyPetersCounterrevolution in Military Affairs

2006

US

PolicySteeleTerms of Reference for Intelligence Reform 1.1

2006

US

PolicySteeleIn Search of a Leader (Four Essential Reforms)

2006

US

PolicySteeleElectoral Refrom as Precursor to Intelligence Reform

2006

US

PolicyTsuruokaManaging for the Future: Interview with Alvin Toffler

2005

US

PolicyAndreggEthics and the IC: Breaking the Laws of God and Man

2005

UK

PolicyBASICThink Tank Report on US Intelligence Incompetence

2005

EU

PolicyEUEuropean Union Proposed Multi-National Intelligence Service

2005

US

PolicyGodsonCulture of Lawfullness

2005

US

PolicySteeleON INTELLIGENCE: Overview in Aftermath of 9-11

2005

US

PolicySteeleOp-Ed on Condi Rice’s Active Deception

2005

US

PolicySteeleCease and desist letter on Naquin

2005

US

PolicyTamaPrinceton Review on Intelligence Reform

2004

US

PolicyAlexanderArmy G-2 Accepts OSINT as Separate Discipline

2004

US

PolicyAndreggInsanity of Planned Intelligence “Reforms”

2004

AU

PolicyAnon & SteeleUpdate on OSINT in Australia

2004

FR

PolicyClercCognitive Knowledge for Nations

2004

US

PolicyCordesmanQuestions & Answers on Intelligence Reform

2004

US

PolicyCordesman & SteeleQuestions & Answers on Intelligence Reform

2004

US

PolicySimmonsCongressman Simmons Letter to General Schoomaker on OSINT

2004

US

PolicySteeleDoD OSINT Program: One Man’s View of What Is Needed

2004

US

PolicySteeleTranscript of Steele at Secretary of State’s Open Forum 24 March 2004

2004

NL

PolicyTongeren (van)Need for Global Alliance for Human Security (Complete)

2004

NL

PolicyTongeren (van)Need for Global Alliance for Human Security (Overview)

2003

US

PolicyCzechSteady State Revolution and National Security

2003

CA

PolicyFyffeIntelligence Sharing and OSINT

2003

CA

PolicyFyffeIntelligence Sharing and OSINT (Summary)

2003

UN

PolicyLewisCreating the Global Brain

2003

US

PolicyMarkowitzOSINT in Support of All Source

2003

US

PolicyMarkowitzOpen Source Intelligence Investment Strategy

2003

US

PolicySteeleOpen Letter to Ambassadors Accredited to the USA

2003

BE

PolicyTruyensIntelligent vs. Intelligence: That Is The Question

2002

Italy

PolicyPoliti11th of September and the Future of European Intelligence

2001

US

PolicyHeibelIntelligence Training: What Is It?  Who Needs It?

2001

US

PolicyHeibelValue of Intelligence & Intelligence Training to Any Organization

2001

US

PolicyOakleyUse of Civilian & Military Power for Engagement & Intervention

2000

US

PolicyBerkowitzAn Alternative View of the Future of Intellligence

2000

RU

PolicyBudzkoRussian View of Electronic Open Sources and How to Exploit Them

2000

US

PolicyErmarthOSINT: A Fresh Look at the Past and the Future

2000

IT

PolicyPolitiThe Birth of OSINT in Italy

1999

US

PolicyAllen (ADCI/C)OSINT as a Foundation for All-Source Collection Management

1999

UK

PolicyRolingtonChanging Messages in Western Knowledge Over 400 Years (Slides)

1999

UK

PolicyRolingtonChanging Messages in Western Knowledge Over 400 Years (Text)

1999

UK

PolicySteeleSnakes in the Grass: Open Source Doctrine

1998

US

PolicyDonahueBalancing Spending Among Spies, Satellites, and Schoolboys

1997

FR

PolicyBotbolThe OSINT Revolution: Early Failures and Future Prospects

1997

US

PolicyFelsherViability & Survivability of US Remote Sensing as Function of Policy

1997

US

PolicySteeleIntelligence in the Balance: Opening Remarks at OSS ‘97

1997

US

PolicySuttonGlobal Coverage ($1.5B/Year Needed for Lower Tier OSINT)

1997

US

PolicyTsuruokaAsian Perceptions of What Is and Is Not Legal in Economic Intelligence

1997

UK

PolicyTyrrellProposals to Develop a NATO/PfP OSINT Capability

1996

FR

PolicyClercEconomic and Financial Intelligence: The French Model

1996

US

PolicyKahinWhat Is Intellectual Property?

1996

US

PolicySteeleCreating a Smart Nation (Govt Info Q and also CYBERWAR Chapter)

1996

US

PolicySteeleInfoPeace: OSINT as a Policy Option & Operational Alternative

1996

US

PolicySteeleOpen Sources and the Virtual Intelligence Community

1996

US

PolicySteeleProtecting the Civilian Infrastructure as an Aspect of Information Warfare

1996

US

PolicyZuckermanThe Central Role of Open Source Economic Intelligence

1995

US

PolicyPrusakSeven Myths of the Information Age

1995

US

PolicySteeleConference Executive Summary C/HPSCI and former DCI Colby

1995

US

PolicySteeleCreating a Smart Nation: Strategy, Policy, Intelligence, & Information

1995

US

PolicySteeleSMART NATIONS: NI Strategies and Virtual Intelligence Communities

1994

US

PolicyOgdin & GiserCyber-Glut, and What To Do About It

1994

FR

PolicySchmidtOpen Source Solutions 1994: The State of Intelligence

1994

US

PolicySchwartauLetter on NII Security

1994

US

PolicySchwartau et alCross-Walk of 3 Experts’ Spending $1 Billion per Year for NII Security

1994

US

PolicySteeleCommunications, Content, Coordination, and C4 Security: Talking Points

1994

US

PolicySteeleCorrespondence to Mr. Marty Harris, NII Commission

1994

US

PolicySteeleDATA MINING: Don’t Buy or Build Your Shovel Until You Know What…

1994

US

PolicySteeleExpansion of Questions Posed by Senator John Warner to Aspin-Brown

1994

US

PolicySteeleLetter to the Open Source Lunch Club on PFIAB Being Useless

1994

US

PolicySteeleNational and Corporate Security in the Age of Information

1994

US

PolicySteelePrivate Enterprise Intelligence: Its Potential Contribution to Nat’l Sec.

1993

FR

PolicyBeaumardFrance: Think-tank to Anticipate & Regulate Economic Intelligence Issues

1993

FR

PolicyBeaumardLearned Nations: Competitive Advantages Via Knowledge Strategies

1993

US

PolicyBrennerLaw and Policy of Telecommunications and Computer Database Networks

1993

US

PolicyCastagnaReview of Reich, The Work of Nations

1993

AU

PolicyChantlerNeed for Australia to Develop a Strategic Policy on OSI

1993

US

PolicyCislerCommunity Computer Networks

1993

US

PolicyCivilleThe Spirit of Access: Equity, NREN, and the NII

1993

US

PolicyFedanzoA Genetic View of National Intelligence

1993

US

PolicyHaverIntelligence Aim Veers to Amassing Overt Information

1993

JP

PolicyKumonJapan and the United States in the Information Age

1993

SE

PolicyLeijonhelmEconomic Intelligence Cooperation Between Government Industry

1993

US

PolicyLoveComments on the Clinton Administration’s ‘Vision’ Statement for the NII

1993

US

PolicyPetersenA New Twenty-First Century Role for the Intelligence Community

1993

GE

PolicySchmidtHistory of Failure, Future of Opportunity: Reinventions and Deja Vu

1993

US

PolicySteeleA Critical Evaluation of U.S. National Security Capabilities

1993

US

PolicySteeleACCESS: Theory and Practice of Intelligence in the Age of Information

1993

US

PolicySteeleExecutive Order 12356, ‘National Security Information’

1993

US

PolicySteeleReinventing Intelligence in the Age of Information (TP for DCI)

1993

US

PolicySteeleReinventing Intelligence: The Advantages of OSINT

1993

US

PolicySteeleRole of Grey Lit & Non-Traditional Agencies in Informing Policy Makers

1993

US

PolicyToffler (Both)Knowledge Strategies, Intellience Restructuring,  Global Competitiveness

1993

US

PolicyWallnerOverview of IC Open Source Requirements and Capabilities

1993

US

PolicyWoodThe IC and the Open Source Information Challenge

1992

US

PolicyBarlowEFF and the National Public Network (NPN)

1992

US

PolicyCastagnaReview of Toffler’s PowerShift

1992

SE

PolicyDedijerOpen Source Solutions: Intelligence and Secrecy

1992

US

PolicyGageOpen Sources, Open Systems

1992

US

PolicyGreenwaldUnrepresented Nations & Peoples Organization: Diplomacy’s Cutting Edge

1992

US

PolicyHughesAn Affordable Approach to Networking America’s Schools

1992

US

PolicyKahinNew Legal Paradigms for Multi-Media Information in Cyberspace

1992

US

PolicyKahnOutline of a Global Knowledge Architecture, Visions and Possibilities

1992

US

PolicySteeleE3i: Ethics, Ecology, Evolution, and Intelligence

1992

US

PolicySteeleInaugural Remarks Opening 1st International Conference

1992

US

PolicySteeleInformation Concepts & Doctrine for the Future

1992

US

PolicySteeleOSINT Clarifies Global Threats: Offers Partial Remedy to Budget Cuts

1992

US

PolicySteeleReview Strassmann, Information PayOff

1992

US

PolicyWoodRemarks, Don’t Be Suspicious of Contractors

1991

US

PolicyJFK Working GroupNational Intelligence and the American Enterprise: Possibilities

1991

US

PolicyKarrakerHighways of the Mind

1991

US

PolicySteeleHow to Avoid Strategic Intelligence Failures in the Future

1990

US

PolicySteeleRecasting National Security in a Changing World

1957

US

PolicyWrightProject for a World Intelligence Center