Maltego gives you power and dominance in data mining...

Post 9/11,Pittsburgh University public health expert; Ronald E. LaPorte described his ideology; "An ever alert, flexible electronic-matrix of civil defense" which could help government, NGOs, business and the public collaborate more effectively. Further on his wish list was "…we can have 20 million educated, committed, and interconnected volunteers worldwide on the outlook for the prodrome of bioterrorism…"

Unfortunately, this never materialised. His 20 million, educated, committed and interconnected volunteers worldwide had other paying careers to tend to, households to keep and wives who needed ski holidays. But what would happen if you could find a few educated, committed and interconnected intelligence or security analysts world wide who could monitor, search, and investigate the Net using automated software?

Roelof Temmingh from Paterva (www.paterva.com) conceptualised and developed exactly this during 2007.

Voted "Best Tool" in the information gathering section during Dec 2007 by Security-database.com (www.security-database.com), Maltego is now mentioned in the same circles as tools such as Nessus and Metasploit.

Maltego is capable of intelligently mining information on the Internet. It uses numerous methods to search for public information about a variety of entities such as individuals, phrases, email addresses, telephone numbers and domain names. These methods are ’plugins’ for the Maltego framework and are referred to as transforms.

Maltego transforms will expand a standard query into numerous others - each with a "confidence index". This means a search for a person such as ’Andrew Brood’ will results in searches for ’A Brood’ and ’Andrew B’, but with lower confidence indexes than the original query. Finally results are sorted by the sum of their confidence indexes, their frequency and how close they match to the original query. The same can be applied to email addresses, telephone numbers etc. This expansion of queries saves the analyst time and helps to unearth information that is normally lost with casual data mining.

Maltego uses a client/server architecture. The collection and processing of information is done at the server - called a Transform Application Server and returned to the client for display.

This design allows others to write transforms, set up their own Transform Application Servers, or even add their own entity types to conduct searches for virtually any type of information. Users can modify or add transforms without needing to update the client software. This customization is invaluable to organizations which have huge amounts of internal data with no way to make sense of it.

Maltego is an "all-in-one-tool" responsible for information mining, visualization and analysis. This is a huge advantage over other analysis tools that depends on the user to manually do the information collection process and feed it for analysis. It also makes the investigative process a lot more interactive - an analyst can now simply click on a result to investigate it further.

Currently more than 2000 security auditors, pen testers and forensic investigators world wide are using Maltego - it is fast becoming the data mining tool of choice... bringing the spies in from the cold, at last... and putting them in front of Maltego.

source :

Susan Attfield for Roelof

I Consulting