New Yorkers toil in a city of haggard indifference. Heading off to work each morning, coffee in hand, our shirts are ironed. At the office, employee badges and two-step email verification grant us access for the day. Internal documents are shared across WiFi protected by long, complex passwords. At work, we are safe. We step outside for lunch or coffee or the midday stroll. Then we become targets.
On a balmy spring afternoon, Ian Amit stands at a counter in a Starbucks in Midtown Manhattan. As customers check Facebook, Twitter and Gmail through the free and open AT&T Internet, Amit monitors it all. One keystroke could activate a script that would capture all the information passing through the network. He could, but he refrains. It is not ethical, and in his words, “less legal.
As the director of security services for IOActive, a firm that offers comprehensive computer security services, Amit is a problem solver. Today’s demonstration at the Starbucks is a look at open source intelligence, or OSINT, and how the trail of data left by the most innocuous of tasks carried out on smartphones map out day-to-day activities that coalesce into a vivid portrait of everyone’s lives. As a corporate security specialist, it makes for an easy day at work.
“Don’t check your email,” he says, plugging an external wireless antenna into his laptop. He shields the antenna in his black backpack on the ground. To anyone watching, it looks as if he’s charging his phone and connecting to an external device, as his penetration and security tools boot onscreen in small command windows.