OSINT Footprinting

Using Twitter and Python

Who am I?

Raymond Lilly

@37point2

Analyst at a Social Media/Customer Relations Management company

Senior, Eastern Michigan University

Information Assurance/Network Security

What are we talking about?

OSINT gathering methods

Research with implications in

Intelligence

Social Engineering

Marketing

Intelligence

What are people talking about?

Intel vs Counter Intel

Targeting concerns

Individuals/Groups

Geographic regions

Time

Topics

Social Engineering

Leaking information

What do your co-workers/employees talk about during/after work?

IT talking about new tech deployments?

Any employees venting about internal issues?

C levels discussing personal hobbies/travel plans?

Marketing

Can you identify your customers?

What are they talking about?/What other interests do they have?

Can you profile them and use that to reach new potential customers?

Find new markets?

Reduce your customer assistance cost or increase customer satisfaction?

Fun Stuff

New Job info

What’s the corporate culture like?

Does the company embrace new tech/ideas or shun them?

Amplify the reach of your messages

Find organizations/groups that are interested in the same things you are

Key Twitter Concepts

Tweets – 140 characters

Following

Friends

Followers

Did you pick the user?

Followers

A -> B

Friends

B -> C

A -> B -> C

Twitter’s API

https://dev.twitter.com/docs/api

Authenticated vs. Unauthenticated

How hard is it to get OAuth Tokens?

REST

Streaming

Tweepy!

Python module for Twitter’s API

https://github.com/tweepy/tweepy/

Joshthecoder

GET status/user_timeline

Takes a user_id or screen_name

since_id

count

exclude_replies

include_rts

Tweepy.api.get_status(‘37point2’)

GET users/show

user_id/screen_name

include_entities

^-- Awesome!

Tweepy.api.get_user(‘37point2’)

"id": 286868576,

"id_str": "286868576",

"name": "37point2",

"screen_name": "37point2",

"location": "",

"description": "Information Assurance student at Eastern Michigan University. \r\nIntel Analysis, Data Viz, Incident Response",

"url": "http://www.linkedin.com/in/raymondlilly",

"protected": false,

"followers_count": 244,

"friends_count": 992,

"listed_count": 6,

"created_at": "Sat Apr 23 21:25:44 +0000 2011",

"utc_offset": -18000,

"time_zone": "Eastern Time (US & Canada)",

"geo_enabled": false,

"verified": false,

"statuses_count": 2024,

"lang": "en",

"description": "Information Assurance student at Eastern Michigan University. \r\nIntel Analysis, Data Viz, Incident Response",

Method to the Madness

Information Needed/Gathered

Tools used

Visualization

Analysis

Echo Chamber

Last 1000 Tweets of everyone followed

Basic Word Count

Wordle.net

Tweets per Day

Individual

Last 3200 Tweets

Community

Last 1000 Tweets (#infosec – May 18-21)

Plot Tweets over weekdays

Hashtags/Topics

Last 3200 Tweets

include_entities! #lazyhacker

include_rts

Google Visualization API

Hashtags & HashtagsWithRetweets

Retweets/Replies

Last 3200 Tweets

include_entities

include_rts!!!

Retweets

Replies

Best time for a response?

Interactions w/ Influence and Topics Klout

BOO!!!

Changes algorithm daily

What is the algorithm? /shrug

Weights social media sites differently

Useful

Topics!!

Score used as guideline

Model

Last 3200 Tweets

Include all the things!

Add Klout score and topics

Formula for Influence

Klout^2 * interactions

50 vs 60

2500 vs 3600

Time to get interactive!

Clients

Last 3200 Tweets

Total Counts

Client usage over time

More moving stuff!

Interactions & Topics

Last 3200 Tweets

include_entities

Maltego CaseFile

Community Edition

Interesting Tools

Tweetstats.com

Twopcharts

Klout

Kred

Socialmention

NetworkX

Contact Info

Raymond Lilly

@37point2

rlilly@emich.edu