Before starting this section, I got to wondering
about why passive footprinting seems so confusing to most folks.
During practice exams and whatnot in a class I recently sat through, there
were a few questions missed by most folks concerning passive footprinting.
It may have to do with the term passive (a quick “define passive” web search
shows the term denotes inactivity, nonparticipation, and a downright refusal to
react in the face of aggression). Or it may have to do with some folks just
overthinking the question. I think it probably has more to do with people
dragging common sense and real-world experience into the exam room with them,
which is really difficult to let go of. In any case, let’s try to set the
record straight by defining exactly what passive footprinting is and, ideally,
what it is not.
CEH study materials that seems contrary to real
life. Many of us who have performed this sort of work know dang good
and well what can and cannot get you caught, and we bristle when someone
tells us that, for instance, dumpster diving is a passive activity.
Therefore, do yourself a favor and just stick with the terms and
definitions for your exam. Afterward, you can join the rest of us in
mocking it. For now, memorize, trust, and go forth.
Passive footprinting as defined by EC-Council
has nothing to do with a lack of effort and even less to do with the
manner in which you go about it (using a computer network or not). In
fact, in many ways it takes a lot more effort to be an effective passive footprinter
than an active one. Passive footprinting is all about the publicly
accessible information you’re gathering and not so much about how you’re
going about getting it. Methods include, but are not limited to,
gathering of competitive intelligence, using search engines, perusing
social media sites, participating in the ever-popular dumpster dive,
gaining network ranges, and raiding DNS for information. As you
can see, some of these methods can definitely ring bells for anyone
paying attention and don’t seem very passive to common-sense-minded people
anywhere, much less in our profession. But you’re going to have to
get over that feeling rising up in you about passive versus active
footprinting and just accept this for what it is—or be prepared to miss a
few questions on the exam.
Passive information gathering definitely contains the
pursuit and acquisition of competitive intelligence, and because it’s a
direct objective within CEH and you’ll definitely see it on the exam,
we’re going to spend a little time defining it here. Competitive intelligence refers to the information gathered
by a business entity about its competitors’ customers, products, and
marketing. Most of this information is readily available and can be
acquired through different means. Not only is it legal for companies
to pull and analyze this information, it’s expected behavior. You’re
simply not doing your job in the business world if you’re not keeping up
with what the competition is doing. Simultaneously, that same information
is valuable to you as an ethical hacker, and there are more than a few methods
to gain competitive intelligence.
The company’s own website is a great place to start.
Think about it: what do people want on their company’s website? They want
to provide as much information as possible to show potential
customers what they have and what they can offer. Sometimes, though,
this information becomes information overload. Just some of the open
source information you can gather from almost any company on its
site includes company history, directory listings, current and future
plans, and technical information. Directory listings become useful in
social engineering, and you’d probably be surprised how much
technical information businesses will keep on their sites. Designed to put
customers at ease, sometimes sites inadvertently give hackers a leg
up by providing details on the technical capabilities and makeup of
their network.
Several websites make great sources for competitive
intelligence. Information on company origins and how it developed over the
years can be found in places like the EDGAR Database
(www.sec.gov/edgar.shtml), Hoovers (www.hoovers.com), LexisNexis
(www.lexisnexis.com) and Business Wire (www.businesswire.com). If you’re
interested in company plans and financials, the following list provides some
great resources:
• Euromonitor (www.euromonitor.com)