Information security and data breaches are a hot topic at the moment, there seems to be a constant stream of data breaches and vulnerabilities in different products being exploited on a daily basis. One topic that was brought up in the last few weeks has been Address Book data https://www.wired.com/2016/09/people-please-dont-store-private-data-address-book/ . Address books can be the proverbial open window on the house with bars on door and maybe not something that is commonly thought about.
If you want to detect if people are using Address book to store confidential information it can be a challenge because this data isn't searchable via a conventional eDiscovery type search. But this is where a scripted enumeration and filtering approach can do the job.
I posted a Contacts Powershell module that consolidated a lot of EWS contacts function into one script last year so for this post I've extended this to include a Search that will enumerate all the contacts in a Mailbox's contacts folder and Search for Credit Card Number and Social Security Numbers being stored in any of the Phone number properties and email address properties. The script I've posted does some filtering to separate out the Host part of email address to test so for example if somebody puts the 12345678@fakedomain it will separate out 12345678 to test.
Searching for Credit Card Numbers
To Search for Credit card number you basically need two ingredients, the first is the luhn algorithm which is a Modulus 10 algorithm that will validate if a number sequence is a credit card number. Then you run a number of Regex patterns to determine the type of card and who issued it. The good thing is there are plenty libraries up on GitHub that will already do this so there is no need to write any code for this. The one I decided to use was https://github.com/gustavofrizzo/CreditCardValidator
Searching for Social Security Numbers (or your own custom RegEx)
To Search for SSI I've used the Google Braintrust Regex of
$SSN_Regex = "^(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$"
I've posted up the script for this https://github.com/gscales/Powershell-Scripts/blob/master/EWSContacts/EWSContactFunctions.ps1 I've put a compiled version of the creditcard validation library I used which need to be in the same directory as the module here https://github.com/gscales/Powershell-Scripts/raw/master/EWSContacts/CreditCardValidator.dll
To Run the script you just use something like the following to produce a report of any hits in a Mailbox. Note because of the Regexs used for the SSI and the fact that phone numbers can easily look like validate credit card numbers this script can produce a large number of false positives.
Search-ContactsForCCNumbers -MailboxName mailbox@domain.com | Export-csv -NoTypeInformation -Path c:\temp\CCrep.csv
If you want to detect if people are using Address book to store confidential information it can be a challenge because this data isn't searchable via a conventional eDiscovery type search. But this is where a scripted enumeration and filtering approach can do the job.
I posted a Contacts Powershell module that consolidated a lot of EWS contacts function into one script last year so for this post I've extended this to include a Search that will enumerate all the contacts in a Mailbox's contacts folder and Search for Credit Card Number and Social Security Numbers being stored in any of the Phone number properties and email address properties. The script I've posted does some filtering to separate out the Host part of email address to test so for example if somebody puts the 12345678@fakedomain it will separate out 12345678 to test.
Searching for Credit Card Numbers
To Search for Credit card number you basically need two ingredients, the first is the luhn algorithm which is a Modulus 10 algorithm that will validate if a number sequence is a credit card number. Then you run a number of Regex patterns to determine the type of card and who issued it. The good thing is there are plenty libraries up on GitHub that will already do this so there is no need to write any code for this. The one I decided to use was https://github.com/gustavofrizzo/CreditCardValidator
Searching for Social Security Numbers (or your own custom RegEx)
To Search for SSI I've used the Google Braintrust Regex of
$SSN_Regex = "^(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$"
I've posted up the script for this https://github.com/gscales/Powershell-Scripts/blob/master/EWSContacts/EWSContactFunctions.ps1 I've put a compiled version of the creditcard validation library I used which need to be in the same directory as the module here https://github.com/gscales/Powershell-Scripts/raw/master/EWSContacts/CreditCardValidator.dll
To Run the script you just use something like the following to produce a report of any hits in a Mailbox. Note because of the Regexs used for the SSI and the fact that phone numbers can easily look like validate credit card numbers this script can produce a large number of false positives.
Search-ContactsForCCNumbers -MailboxName mailbox@domain.com | Export-csv -NoTypeInformation -Path c:\temp\CCrep.csv