Sometimes you just need to equal the playing field. That seems to be the point of a new open-source tool, Social Mapper. It hacks its way in to social media profiles using facial recognition to collect many of them all at once. While you may be questioning the motive of something like this, the creators say it will help security professionals by giving them the same tools as the hackers.
How Social Mapper Works
Social Mapper will gather the information from a person’s profiles on Facebook, Twitter, Instagram, LinkedIn, Google+, Chinese microblogging sites that include Weibo and Douban, and the Russian social media VKontakte.
It was created by researchers at a security firm known as TrustWave. They built the tool mainly for authorized simulated attacks, what’s known as penetration testing. The social media files it’s picking up on can be found easily without nefarious means.
Social Mapper does facial recognition checks for the profile photos of the intended person by scanning many individual photos that turn up in a search of the name. It could take over 15 hours to automatedly work on a list of 1,000 people,
It then turns out a report of data that includes links to all the social media profiles of the intended targets. It is also possible for the tool to create lists of the social media sites that were checked with the name of the intended target and their possible work email.
Uses for Social Mapper
Again, while it sounds like this tool is intended for nefarious individuals, it’s meant for use by ethical hackers to streamline their social media phishing campaigns to test a client’s security. They can turn up fake profiles that were created and send links for malware.
A spokesperson for Trustwave disagrees that this tool could be used by non-ethical hackers, saying it’s intended for “pen testers and red teamers” who work to “find vulnerabilities using using tools and technologies Black Hats are already using or most likely have.”
Basically, there are already tools like this this that are used for non-ethical reasons by hackers, and Trustwave is simply making it available to everyone which they say “helps even the playing field.” The spokesperson claims that releasing similar tools to Social Mapper is “very commonplace in the security industry and helps the good guys.”
Does this still worry you? You’re not alone. It definitely leaves me with an uneasy feeling, and if you follow the articles I write on similar topics, you know that I’m not one to get easily freaked out over these things. I don’t spend a lot of time worrying about my online security.
However, this one doesn’t make sense to me. While I understand their point about it leveling the playing field, the point is that it’s being done at all. While I can see questioning what information is available on me, if it’s just the same methods that are so easily obtainable anyway, what I’d really want to know is what is available that isn’t so easy to obtain.
I’m just struggling to see the use for such a thing. Do you feel the same? Or is this a potential service that you would be grateful to have? Add your thoughts in the comments section below and let us know how you feel about Social Mapper.