Smarter Password Guessing Techniques Leveraging Contextual Information and OSINT

TL;DR

This paper explores how integrating contextual information and OSINT can enhance password guessing techniques, especially against educated users who take security precautions, by automating the use of intelligence data in cracking efforts.

Contribution

It introduces methods to incorporate open source intelligence and contextual data into password guessing algorithms, improving their effectiveness against targeted, security-aware users.

Findings

Enhanced password guessing success rates with contextual data

Automated integration of OSINT into cracking techniques

Improved targeting of educated users

Abstract

In recent decades, criminals have increasingly used the web to research, assist and perpetrate criminal behaviour. One of the most important ways in which law enforcement can battle this growing trend is through accessing pertinent information about suspects in a timely manner. A significant hindrance to this is the difficulty of accessing any system a suspect uses that requires authentication via password. Password guessing techniques generally consider common user behaviour while generating their passwords, as well as the password policy in place. Such techniques can offer a modest success rate considering a large/average population. However, they tend to fail when focusing on a single target -- especially when the latter is an educated user taking precautions as a savvy criminal would be expected to do. Open Source Intelligence is being increasingly leveraged by Law Enforcement in order to gain useful information about a suspect, but very little is currently being done to integrate this knowledge in an automated way within password cracking. The purpose of this research is to delve into the techniques that enable the gathering of the necessary context about a suspect and find ways to leverage this information within password guessing techniques.