Identify sensitive personnel information

An adversary may identify sensitive personnel information not typically posted on a social media site, such as address, marital status, financial history, and law enforcement infractions. This could be conducted by searching public records that are frequently available for free or at a low cost online. [1]

ID: T1274

Tactic: People Information Gathering

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Searching publicly available sources that cannot be monitored by a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: This type of information is useful to understand the individual and their ability to be blackmailed. Searching public records is easy and most information can be purchased for a low cost if the adversary really wants it.

References

  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.