HitB2010Ams - Maltego 3 - Start your Engines

By Roelof Temmingh

Maltego is like a box of Lego’s, but then for open source information gathering. Open source information gather refers to gathering information that is publicly available on the Internet.

Maltego has release version 3.0 about two weeks ago , and I previously blogged about the preview at Black Hat EU. Paterva has added quite a few new features, the most interesting is NER, Named Entity Recognition. NER gets text and marks entities like person names / companies / phone numbers. NER can be used to get to a big brother scenario where SMS, radio signals and web pages are constantly monitored for named entities.

Roelof demoed NER by trying to find the winner of the Fifa World Cup. He searched for all websites containing the phrases: FIF, “win the world cup”. Het found the top 50 sites that contained the phrases and got the urls on these sites. NER was run against these urls.

Using Maltego Paterva come up with the prediction that Brazil will win the World Championship.

Roelof showed a very cool demo where Maltego was used to mine information from Facebook.

When getting data from Facebook you have to be carefull because you are violating the Terms of Service and Facebook is taking this very seriously. Due to anti-scraping measures Roelof and his team had to revert to bugs in the Facebook software to get the data from Facebook.

Using Maltego Roelof searched for “gmail” “contact me” and “facebook”. Het then mapped these addresses to facebook accounts and their friends on facebook.

The demo also showed the demo played at Black Hat EU finding the top ten people associated with “Black Hat briefings”.

Another new feature in Maltego 3 is the Community Container TAS. This allows users to host their own transforms for others to use. It is an enhancement to local transforms which are local and not easy to code. They will be advertised to all Maltego clients if you desire. These containers will allow others to quickly write transforms for others to use.

Roelof also show the SQLTAS which will allow the user to offer database queries as Maltego transforms. He demoed this against the leaked carders forum database to get infromation about who posted messages about Amex on a credit card fraud forum.

Biggest news was that maltego v3 Community edition will be available on the 9th of July and not be as restricted as version 2.


