What is digital footprinting and why is it important?
Digital footprinting refers to information gathering procedures and methodologies used by hackers aimed at gaining insightful information and learning as much as possible about the targeted systems. Footprinting, also known as reconnaissance (one of the five phases of ethical hacking), is done to invade systems by gathering all relevant data and exposing its vulnerabilities. In the same way that those vulnerabilities could be exploited, organizations are hiring ethical hackers to protect their systems by uncovering such vulnerabilities.
The reconnaissance stage is crucial,as all relevant information about the target organization is collected. This information may be online without the organization’s knowledge either through accidental indexing of back-end online web pages or through an internet-connected Industrial Control Systems (ICS) device. Some FAQ websites may also contain information that can reveal sensitive information once aggregated.
What are the two types of digital footprints?
There are two types of footprints – active and passive.
Active footprint: This type of digital footprint is often created with an intent. This is often done by posting online via social media accounts, sending emails, etc.
Pass footprint: This type of digital footprint is often created unintentionally. This type of information is generally collected via cookies stored on your system as you browse or through your IP address.
How is a digital footprint used?
Footprinting is used to discover the organization’s network stance, such as its remote network access capabilities and the organizations’ ports and services. It can also be used to attain information such as demographics, religion, political affiliations, or interests using cookiesstored on your computer.
Online reconnaissance methods are known as open-source intelligence tools (OSINT) and can include metadata searches, code searches, and image analysis. But the two that we will highlight in this article are:
- Google hacking database: footprinting for information through querying search engines using advanced string methods to enable Google to return a specific result such as website indexes and specific file types. For instance, “inurl:view_items.php?id=” means that listed websites have a SQL injection attack
- Shodan: a search engine providing data on all connected IoT devices
Footprintingwith VoIP & VPN
VoIP (Voice over Internet Protocol) is an internet protocol that allows the transmission of voice calls over the internet. It does so by converting the regular phone signals into digital signals. Virtual Private Networks(VPN) provide a secure connection to an organizations’ network. Therefore, VoIP traffic can pass over an SSL-based VPN, effectively encrypting VoIP services.
When conducting reconnaissance, in the initial stages of VoIP footprinting, the following publicly available information can be expected:
- All open ports and services of the devices connected to the VoIP network
- The public VoIP server IP address
- The operating system of the server running VoIP
- The network infrastructure
The highlighted search above, for instance, returns network configurations and device information.
The results then provide the following information on the targeted network:
A search on Shodan displays servers running VoIP in the targeted network, and focus can be on a specific server with UDP port 5060, which is used by SIP VoIP service providers.
The Shodan scan also provides the internal and external IP addresses, which afterward is used to delve into the next phase, which entails the scanning of internal networks for additional information.
How to Learn Footprinting
These reconnaissance methodologies have proved to cause significant attacks such as the attack to a New York dam in 2013 in which advanced queries led to the discovery of an open network port, which was then used to gain remote access to the system.
Given the widely used footprinting methodologies, it is paramount that organizations take advantage of this to secure their systems and implement the necessary security measures such as the closing of all unnecessary ports and services, adequate patch management procedures, and encryption mechanisms. Exhaustive reconnaissance ensures the securing of an organization’s network environment before the occurrence of a cybersecurity incident. These methodologies and many more are explored in ethical hacking training. The Certified Ethical Hacker (CEH) certification will train you to think like a hacker so you can help protect organizations. As EC-Council puts it, “To beat a hacker, you need to think like a hacker.”