Hacking without hacking or seven ways to find a resource information leak

Small introduction

Many people think that information technology drives business: warehouse management, logistics management, forecasting, situational modeling, risk assessment, system dynamics, etc. But most of the business is run by information warfare. Of the two companies producing one product, not the company that performs the best work will win, but the one that wins the tender. That is, it does not matter how well and efficiently you produce the goods, but it is important how you use the information received correctly. If a competent leader received the right information and if this information is correctly prepared, then sophisticated analysts are not needed. He holds all the necessary information in his hands.

In most cases, information leakage occurs due to the impact of internal threats - inattentive employees or disorganized and inaccurate data storage. And since there is a leak, then there are people who specialize in its search. Specialists of this specialty have to browse more than hundreds of resources per day. And find the right data without resorting to illegal hacks. A good specialist in finding information takes weeks to get all the necessary information about the company. The process of searching for such information is called competitive intelligence. Competitive intelligence - the collection and processing of data from various sources, to develop managerial decisions in order to increase the competitiveness of a commercial organization, carried out within the framework of the law and in compliance with ethical standards (as opposed to industrial espionage). And it is important that this method of obtaining data is absolutely legal. A specialist in this field does not hack into any sites and does not receive this information like in other criminally punishable ways. The fact that the company made a mistake in protecting its confidential information, and someone got it, is not illegal.
So, we will consider several methods for obtaining such information:

Reception 1

The unmasking sign of confidential information is the very presence of the word - confidential. Its signature stamp is also unmasking: For official use.
If you don’t want secret information to be found, do not draw attention to it.

Let's see if we adequately protect our confidential information. We open the browser. We start Google and try to see if there are leaks of documents for official use on the website of the Tambov state institution - 392 results.


Site command: –– search within the same site address. To find certain information it must be written in quotation marks: “For official use”

Reception 2

Confidential

How to extract the main thing from the heap of found files? HTTPS protocols. It was thought up for an exchange between trusted partners. Certificate exchange. Those. https- in the address of the document becomes a unmasking sign of especially important documents.


Documents with a gif become a disarming sign - Confidential. No company provides routine checks of its confidentiality of information. Many companies do not know that they have a leak, just because they did not check. And even if the company began to conduct periodic inspections, it does not mean that their partners do not have a leak.

Reception 3

"Secret"

There are vultures: Top Secret, top secret, etc ...

Each of us does not think that the search engine indexes not only the text of your document, but also the properties of this document. If this is an office document, then it still contains the buffers that were used previously.

Rule: Check if you have any documents with a gif - Confidential, which Google or Yandex sees.

Reception 4

The following files we need are exls-certified documents. Why? Excel provokes a person to compile available information confidential and not very. Such files may contain customer lists, their addresses, phone numbers, and special notes. All in all, a very good present for competitors.

Search engines of leading search engines behave like spies. They will climb into those sections that we consider confidential.

Let's check:


Files appear. If we open their saved copy, we will find a lot of interesting information. Those. xls is a gift of fate for hackers.

Reception 5

Search for documents in DOC format. Why? If the document is ready for prying eyes, then it will be issued in PDF format. If the document is still not finished, then it will most likely be saved in the DOC format.

We are looking for documents in the DOC format on the specified target resource.

Reception 6

Trying to find the whole ftp server.

Very often a company leaves it open. Try entering the website address: ftp.xxx.ru

Reception 7

Guessed names

Always looking at a file, try to remember its address. The number 1711 in the picture shows that 1711 files are available to us. And changing these numbers, you can open other files.

On a note

Article 29, part 4 of the Constitution of the Russian Federation “Everyone has the right to freely seek, receive, transmit, produce and disseminate information.” But even in spite of this, any company about which you receive data will consider that you received it illegally and will try to deal with you using pre-trial methods.

If we hunt for the state secret of a country, then we break the law. Punishment will follow immediately. If it was not a state secret that fell into our hands and we did not use expensive, reprehensible methods, then it is difficult to challenge the lawfulness of our actions. Previously, there was even an article that if information was obtained using publicly available methods, forget that this is a trade secret. It is not possible to present any claims to the one who received this information. You can really break the law if you use trojans or pick up a password. Or if you use the information incorrectly - to the detriment. Then you really break the law and be punished.

From all this it follows that you must always be careful, even if you consider your actions legal.

In creating the article, notes from the workshop “Hack in 60 Seconds” were used (A. Masalovich).