Information gathering and Social Engineering

(Brock University)

Goals

The basic goal of this task is to extract information and perform social engineering on the Brock
University. The task has to be performed without any physical or any other contact with the
university and also without even attacking the university database. The information gathering has
to be Ethical and should not attack the University in any manner.

Executive Summary

This report consist of the information about the Brock University through various kind of
methods with searching the online databases. This does not include any type of breaching into
private database, any type of active or passive attack, hacking and contacting the university via
email, phone or personally. The source of information of this project is the website of the
university and other online sources available on the internet. The university was mirrored in
order to refer and extract information offline and gain the information even if the website is
down or the content is updated.

Social Engineering and Information gathering steps which are mentioned in the 2nd week slides
in DC connect is referred and all the relevant steps are followed in order to gain the accurate and
enough information about the university without contacting or hacking. The conclusion part
includes the small summary of the steps that were related to attack the university but they could
have been more useful in extracting the information about Brock University.
Steps:

1. Crawl the companys Web site and mirror the pages on a PC.

3. Look up registered information in public databases.

(Source: http://www.torontopubliclibrary.ca/detail.jsp?Entt=RDM613183&R=613183)

5. List the companys contact information, including e-mail addresses and telephone numbers.
+1 905-688-5550 ssekel@brocku.ca

7. List the companys partners.

(Source: https://brocku.ca/international-services/exchanges-study-abroad/outbound-
exchanges/Partner-Institutions)
8. Search newsgroups, bulletin boards, and Web sites for information about the company.
http://www.brockpress.com/

9. Search trade association directories.

Tom Saint-Ivany
Associate Vice President, Facilities Management
Iain Glass
Director of Hospitality and Food Services
Heather Hill
BUSU Retail Manager
June Corman
Professor, Sociology
Anneka Bosse
Student Representative (Former Co-President of Brock Fair Trade)
Brandon Vrysen
Supervisor, Student Justice Centre
Em Heppler
Promotions & Public Relations Coordinator, OPIRG-Brock
Istafa Sufi
President, Brock ECO Club
(Source: https://brocku.ca/sustainabilityatbrock/fair-trade-committee)
10. Research the popularity of the companys Website.

(Source: http://scripts.ranking.com/data/details.aspx?theurl=brocku.ca)

11. Compare prices of products or services with a competitor.

Cost and living expense of the universities in Canada:
http://www.universitystudy.ca/plan-for-university/tuition-fees-by-canadian-university/

12. Find the geographical location of the company.

Brock University
1812 Sir Isaac Brock Way
St. Catharines, Ontario, Canada
L2S 3A1
13. Search Internet archive pages about the company.

(Source: https://web.archive.org/web/19981212023404/http://www.brocku.ca/)

14. Search similar or parallel domain name listings.

http://www.domainsbot.com/d/brocku.ca can show all the parallel domains of the website.

15. Search job posting sites for jobs the company has posted.
Indeed: http://www.indeed.ca/jobs?q=brock+university&l=
Brock University Job Center: https://careerzone.brocku.ca/student/overview.htm

16. Browse social networking Websites

http://facebook.com/brockuniversity
http://twitter.com/brockuniversity
http://instagram.com/brockuniversity
http://snapchat.com/add/brockuni
http://linkedin.com/company/brock-university
http://youtube.com/brockuvideo
https://plus.google.com/+BrockuCanada/posts
http://www.flickr.com/brockuniversity
http://user.qzone.qq.com/1472631048
http://weibo.com/brocku

17. List key employees.

18. Investigate key personnel.
19. List employees company and personal e-mail addresses.

(Source: https://brocku.ca/directory)

26. Search eBay for the companys presence.

http://www.ebay.ca/sch/i.html?
_from=R40&_trksid=m570.l1313&_nkw=brock+university&_sacat=0
University Pictures and related commodities are found but no official Brock University seller or
store on eBay is found.
29. Use Google/Yahoo! Finance to search for press releases the company has issued.

30. Search company business reports and profiles at Hoovers.

(Source: http://www.hoovers.com/company-information/cs/revenue-
financial.brock_university.e2f88f94ec7741f8.html)

31. Visit 411 and search for telephone numbers.

http://www.yellowpages.ca/search/si/1/Brock+University/Canada
33. Retrieve the companys DNS record from publicly available servers.

(Source: http://viewdns.info/dnsrecord/?domain=brocku.ca)

Conclusion:

Of all the attacks that were skipped because the attacks were active attacks, the most beneficial
attacks would be no. 22 visit the company as a customer and extract privileged information.
Though all the online tools were very helpful and it provided some vital information about the
university but the most advance step in this case because if a social engineer/hacker visits the
university as a student and ask about the information about the university, university
representatives would be obliged to give at most information about the university to a potential
student and he/she can also get a campus tour to know more about the university and the
infrastructure. The most important part of pretending to be a customer is that it is very easy to
hack a human rather than a machine, talking to a human and extracting some very vital
information which are not generally very easy to hack on the machine. Humans are easy to hack
and manipulate.

References:
Academic OneFile. (n.d.). Retrieved July 25, 2016, from
http://www.torontopubliclibrary.ca/detail.jsp?Entt=RDM613183

Partner Institutions. (n.d.). Retrieved July 25, 2016, from https://brocku.ca/international-

services/exchanges-study-abroad/outbound-exchanges/Partner-Institutions

Ranking.com. (n.d.). Retrieved July 25, 2016, from http://scripts.ranking.com/data/details.aspx?

theurl=brocku.ca

Welcome to Brock University. (n.d.). Retrieved July 25, 2016, from

https://web.archive.org/web/19981212023404/http://www.brocku.ca/

Brock University | Revenue and Financial Reports. (n.d.). Retrieved July 25, 2016, from
http://www.hoovers.com/company-information/cs/revenue-
financial.brock_university.e2f88f94ec7741f8.html

Brock in Toronto ON | YellowPages.ca. (n.d.). Retrieved July 25, 2016, from

http://www.yellowpages.ca/search/si/1/Brock University/Canada

DNS Record Lookup. (n.d.). Retrieved July 25, 2016, from http://viewdns.info/dnsrecord/?
domain=brocku.ca