What is Maltego Carbon (as an Academic Research Tool)?
While Maltego Carbon™ (formerly Radium and then Tungsten) was not designed as an *academic* research tool, it is solidly designed as a tool for extracting information from the Surface Web for the purposes of “pen” (penetration) testing (testing the resilience of networks from cyber-attacks and compromise). In its designed-for context, it is a tool that enables the extraction of a wide variety of information from the Web and Internet—in a live production or deployment (vs. development) environment. As it stands, there are developers who have made add-ons to this tool to enable its use in executing malicious hacks and running botnets. Just the base version of the tool enables ways to find targets for social engineering. These are all part of one aspect of cybersecurity.
(As with some testing tools used in cybersecurity, this is a “dual use” tool—which means it can be used for right or wrong, licit or illicit activities. Generally, this tool is sold as a “white hat” tool for defense purposes in order to identify weaknesses, so that they may be addressed. That said, there are various videos, even by the tool’s makers, that straddle that line about the tool’s usage, including for “black hat” attacker purposes. Obviously, it is ill-advised to mis-use this tool to cause any sort of harm.)
This software tool has affordances beyond penetration testing. In a sense, it may be used to turn the Surface Web and Internet into a large query-able database. (This is partially hyperbolic. To maximize the analytical promise of the Web and Internet would require plenty of resources, extractive capability, storage capability, computerized processing capability, and sophisticated human analytics capabilities.)
To inspire a sense of the possibilities, it may help to know some of what the tool can do. The software tool enables the following:
These capabilities are not without limits. A lot of online data is quite noisy, and disambiguating information may be challenging. Maltego Carbon enables the extraction of masses of information, up to 10,000 vertices (nodes) or entities, and the interrelationships. The interrelationships themselves may be mere links, without further definition or explanation. As with any software tool, it is important to know what the tool is doing on the back end (even if the full “how” is not clear). There is also a lack of clarity about how much data has been acquired compared to how much is possible and available. There is not a clear way to know if what is captured are true signals (vs. false positives and false negatives). While researchers may conduct follow-on work to test the data, there is additional cost in additional work.
(As with some testing tools used in cybersecurity, this is a “dual use” tool—which means it can be used for right or wrong, licit or illicit activities. Generally, this tool is sold as a “white hat” tool for defense purposes in order to identify weaknesses, so that they may be addressed. That said, there are various videos, even by the tool’s makers, that straddle that line about the tool’s usage, including for “black hat” attacker purposes. Obviously, it is ill-advised to mis-use this tool to cause any sort of harm.)
This software tool has affordances beyond penetration testing. In a sense, it may be used to turn the Surface Web and Internet into a large query-able database. (This is partially hyperbolic. To maximize the analytical promise of the Web and Internet would require plenty of resources, extractive capability, storage capability, computerized processing capability, and sophisticated human analytics capabilities.)
A Sense of Possibilities
- the mapping of the underlying technologies used for the hosting of a site;
- the linking of a disambiguated person to related email addresses;
- the geolocating of a Twitter account;
- the geolocating of various types of online information to physical spaces;
- the mapping of a Uniform Resource Locator (URL) to its related network and domain information;
- the identification of devices used on a particular Web network;
- the identification of a Net infrastructure for a website;
- the mapping of the cyber entities based on a certain physical location;
- the linking of a semi-disambiguated alias with personally identifiable information (PII);
- the link between an email address and a disambiguated individual;
- the link between a phone number to a disambiguated individual or other online information;
- the link between a disambiguated phrase with other online information;
- the mapping of social networks based on a Facebook account; and
- the mapping of social networks based on a Twitter account.
This tool may be very useful in providing a sense of information literacy about the Web and Internet. It may offer useful leads in tracking information through the Web and Internet, particularly is there is active ambiguating. This may offer insights about web-based networks. This is to start.
Some Limits
These capabilities are not without limits. A lot of online data is quite noisy, and disambiguating information may be challenging. Maltego Carbon enables the extraction of masses of information, up to 10,000 vertices (nodes) or entities, and the interrelationships. The interrelationships themselves may be mere links, without further definition or explanation. As with any software tool, it is important to know what the tool is doing on the back end (even if the full “how” is not clear). There is also a lack of clarity about how much data has been acquired compared to how much is possible and available. There is not a clear way to know if what is captured are true signals (vs. false positives and false negatives). While researchers may conduct follow-on work to test the data, there is additional cost in additional work.
| Previous page on path | Cover: Conducting Surface Web-Based Research with Maltego Carbon(TM), page 1 of 17 | Next page on path |
Discussion of "What is Maltego Carbon (as an Academic Research Tool)?"
Add your voice to this discussion.
Checking your signed in status ...