TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Identify sensitive personnel information
Identify sensitive personnel information
An adversary may identify sensitive personnel information not typically posted on a social media site, such as address, marital status, financial history, and law enforcement infractions. This could be conducted by searching public records that are frequently available for free or at a low cost online. [1]
ID: T1274
Sub-techniques:
No sub-techniques
Tactic:
People Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Searching publicly available sources that cannot be monitored by a defender.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: This type of information is useful to understand the individual and their ability to be blackmailed. Searching public records is easy and most information can be purchased for a low cost if the adversary really wants it.
References
- Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.
×