Social Engineering - Christopher Hadnagy [149]
The SpyHawk SuperTrak GPS TrackStick
Installing the software needed to make the device run is painless. Just clicking the software that came with the device and following the on-screen steps will install all the software needed. It installs without any problems and the setup afterwards is equally as painless. The TrackStick screen, shown in Figure 7-13, is very intuitive to use and easy to set up.
Figure 7-13: TrackStick Manager employs an intuitive, simple-to-use interface.
As you can see, it provides options to chose log times, time zones, and more custom options.
Using the SpyHawk TrackStick
The SpyHawk SuperTrak GPS Worldwide Super TrackStick device itself is lightweight and easy to use and hide. It comes with an on/off switch but has some neat technology. When it feels movement it turns on and starts logging. When the movement stops for a period of time, it stops logging.
The directions say to hide the device somewhere with the powerful magnets against metal but the device pointing up or toward plastic. Losing the device on its first run is always a concern, so finding a nice secure place under the hood can ease those worries and give easy access to the sky view. Once you have access (either internal or external) to the target’s car, find a secure location in a wheel well, under the hood, or in the back of the car by the trunk. Anywhere that there is metal will work. If you have internal access, popping the hood and putting it somewhere in the engine compartment can ease concerns over discovery and/or loss.
In my first tests, I found a place in the engine compartment to place the device. Even through the metal of the hood the device logged perfectly. Another placement idea is to wait until the target’s car is unlocked and then place it in the trunk under the carpet or by the rear lights. On a personal side note, when I ran this test, the device stayed on five days collecting data, some of which you can see in the following figures. As shown in Figure 7-14, it looks like the target likes to speed.
Figure 7-14: The target likes to speed.
Time, date, and duration stamps help you outline a target’s movement, as shown in Figure 7-15.
Figure 7-15: Tracking the target’s movements.
Figure 7-16 shows the icons on a Google Earth map—they show speed, times, time stopped, and more.
Figure 7-16: Device output rendered in Google Earth.
As you can see in Figure 7-17, the software creates nice maps of the whole route.
Figure 7-17: Mapping the target’s route with SuperTrack.
Using Google Earth or Google Maps you can even get close-ups (see Figure 7-18).
Figure 7-18: Zeroing in on the target’s travels.
Reviewing the GPS Tracker Data
The data collection is where a social engineer will see the most benefit. Being able to track every time the CEO of the target company stopped for coffee, what his favorite shop is, and what gym he attends can enable the social engineer to plan an attack with the highest rate of success.
Knowing the locations and stops can tell the attacker where he or she will have the best opportunities for cloning an RFID badge or making an impression of a key. The bonus is that you can get this information without having to stalk the target by being the creepy guy next door. The following figures show how these details can give the attacker the upper hand.
Notice the detail in Figure 7-19. You can see the speed the target drove, and the time and date he stopped. If you want to see the location in more detail, click the Google Maps link. Click the Export button to export the whole data set to a clickable Google Map or Google Earth Map.
Figure 7-19: The data set.
After you open the data set in Google Earth you can see the points he stopped, the route he took to and from his destination, and the times he stopped, as shown in Figure 7-20.
Figure 7-20: Stops along the way.
If you