Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's worth looking at the actual presentation. It looks like they didn't buy the data, but used social engineering attacks.


No they bought the click-through data and then used social engineering attacks and other sources (YouTube, Google, etc) to connect it to other identities.


Researcher here, `gcp` is correct in that the NDR acquired the clickstream data from a data provider as part of an investigative story (the data was provided as a free sample), the deanonymization was demonstrated by linking individual URLs with publicly available information from various sources (Twitter, Youtube, Google+, ...), though this often wasn't necessary as many users had URLs that contained direct identifiers (e.g. their full name) as part of the URL and that we could use for efficient de-anonymization.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: