Blurring the Line Between Sourcing and Hacking

Several times throughout my career, I have been referred to as “some sort of hacker”. This was usually after I demonstrated some cool sourcing techniques which involved pulling information from a public site or database. This still makes me smile, especially since I know what a hacker really does and what skills they possess.

The mindset of the hacker and the sourcer are similar in nature. In almost all cases of a sourcer, the line is drawn at information that is available publically. That is to say, information that is accessible without login credentials. Of course there are a couple of sourcer / coder / hacker types that operate without limits, but I will not name them here. For fear of trouble with the local government!

Searching, downloading and manipulating information is what makes sourcing fun (besides the candidate identification & assessment). For sourcing and hacking, the thought process and questions are similar:

  • What information is available to me?
  • How much information do I need?
  • What is stopping me from getting this information?
  • How can I get more information?
  • How can I get ALL the information?
  • What are the consequences (if any) in getting this information?

Sourcing Tools and Open Source Intelligence

Sourcers and hackers use search engines, social media, username searches, and other OSINT (Open Source Intelligence) tools. Although some tool are paid-for, most of them are free to use. Important information about an individual, a social media account, a group, or an entire company can be deduced. Much of it relies on the fact that the internet is a treasure trove of public information.

For a sourcer, this information works two-fold: it can lead to direct contact information, or it can give the sourcer a more complete picture of the candidate. For a hacker, this information could be used to target power users or gatekeepers in a company. The hacker may utilize phishing attempts or other means to get login credentials.

When hackers and sourcers use these tools, the potential candidate (or victim) usually has no idea that they are being targeted. Hackers and sourcers use clues, reference information, and calculated guesses when researching. The following examples are just a few of the similarities that exist between hackers and sourcers.

Using Sourcing Tools – Hackers

If you were a hacker, you might try email phishing schemes to get your way into an organization. But if the company has 10,000 employees, how would the hacker know who to target? Even if it was possible, sending an email phishing scheme to every single employee would not be practical. Instead, the hacker needs to SOURCE the right people to target.

A hacker could use organizational tools like LinkedIn, Zoom, Crunchbase, Angelist, etc. to identify and target members of an organization who potentially have security access or server access. They could target sys admins, engineers or even managers.

After identifying the profiles, the hacker could use email enrichment tools (like Contacts+, ZapInfo, Phantombuster, etc.) or email address generation tools (like Hunter, Lusha, ContactOut, Hiretual, Seekout, etc.) or email validation tools to figure out where they would send the phishing email.

Once the hacker validated the corporate email addresses of employees with critical positions, they would utilize other OSINT tools to deduce the location and phone numbers of the targeted employees.  Then they might hack their social media accounts using phishing methods or other tools.

Using Sourcing Tools – Sourcers

Sourcers are not trying to break into a corporation and gain access to the security systems within. But if they had to identify and contact specific candidates for a potential role, then the tools and steps would almost be identical.

The sourcer would find and identify potential candidates for an open job role. Then they would have to figure out how they would contact those candidates. Using a message on social media might not be enough. So the sourcer would need to acquire the email or phone number for the targeted candidate. This would involve using the same tools for email enrichment (Contacts+, ZapInfo, Phantombuster, etc.) and address generation (Hunter, Lusha, ContactOut, Hiretual, Seekout, etc.)

The sourcer might even use OSINT tools to find mobile phone numbers of a candidate. Between the sourcer and the hacker, there is little difference!

Username Searches – Hackers

Hackers also try to figure out the login credentials of a target. The brute force method of hacking usernames and passwords can be incredibly time-consuming, and in some cases you can blow your cover. But time can be saved with username search tools like KnowEm, NameChk, NameCheckr and more.

Many people use the same password for their work and personal email accounts. And there may be a high number of individuals who have the same username for both accounts. The usernames can be verified on specific social media accounts. They can be used in a phishing attempt to gain control of login credentials. The usernames, along with randomly generated passwords, are used by hackers when attempting to login as someone else.

Username Searches – Sourcers

Sourcers would use the same search tools to cross reference the username of a target candidate and then view the social networks where that username is registered. Since social networks have different amounts of available information, they could benefit from a missing piece of information on one of those pages.

Sourcers could also use these tools to find and verify emails. The usernames of the targeted candidate could be matched with popular email domains (like Gmail, Yahoo Mail, HotMail, Outlook, Apple Mail, etc.) and then verified with an email verification tool or a data enrichment tool.

Let’s say the sourcer found out that their target candidate has a username on Twitter:

Markymark2002

They could then combine that username with popular email domains and verify those with email verification tools. Or even better yet, tools like Contacts+, Clearbit, DeBounce, Swordfish, Gmail, or many others.

Domains – Hackers

Hackers will target websites using DDoS attacks and DNS hacking. They may identify the nameserver of a target domain using a tool like WHOIS or DNS Checker.  They may target IP addresses of specific servers. Since web and MX server (email server) records are searchable online, the threat is always there.

Domains – Sourcers

Sourcers might look up information about a website domain, but only if it’s a site that belongs to one individual. WHOIS lookups can provide emails, phone numbers and sometimes even addresses! Even if the domain is registered privately, there are ways to get your message directly to the website owner. When all else fails in reaching your candidate, this method can be last resort.

Sourcers may also look at old copies of webpages on a domain. The reason is because sometimes vital contact information on a page will get removed. Using Google cached copies or the Internet Archive will allow the sourcer to see those older pages and discover some past secrets.

Filetypes – Hackers

When you save a file on your computer, information gets added into the properties of that file. This includes DOC, DOCX, PDF, XLS, XLSX, PPT, RTF, TXT and many more. Sometimes those properties contain important information like the name of the author, the company, the manager, the owner, the version and more. Companies may not want this information available on the internet. Hackers could use this information for malicious reasons.

There are also hidden attributes in files that could be exploited. Filetype: searches on Google and mime: on Yandex allow hackers to easily access any files that have been uploaded to a web server. If they had the money, a super OSINT tool called Maltego could also be used as part of this process.

Filetypes – Sourcers

Sourcers will conduct the same searches when dealing with file types. Besides the content of the files (which sometimes includes confidential & financial information), there is the added bonus of the metadata or file properties.

Sourcers use the filetype: operator for all kinds of searches. Everything from resume/CV searches to spreadsheets with contact information. Even way back in the 90s, you could run filetype: searches for the .mp3 extension and download free music (Alta Vista, baby)!

Conclusion

So as you can see, the sourcer and the hacker are not that different. While your average sourcer can’t script like a hacker, they both possess a knack for search, deduction and persistence. Hackers and sourcers use all kinds of tools to gather information about their potential prospects. The answers usually don’t lie in one place. Instead, they must connect the dots, read between the lines, and draw conclusions. So if you ever get asked if you are a hacker, you can simply smile and say “yeah, something like that”. 🙂

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s