Employees can directly or indirectly disclose a lot of information about their companies on social sites that can compromise company information or security, he said.
For example, an employee uddenly changing social networking relationships, or new relationships between employees of two different companies, could signal an impending partnership between the two companies. A Twitter message from Bentonville, Ark, about a meeting with a company headquartered there could signal a new or blossoming relationship with Wal-Mart, he said.
Similarly, a sudden increase in the number of job seekers from within a company could signal impending layoffs and cut backs, Thompson said. "If you suddenly see people recommending a number of other people it could mean they are hoping for some reciprocity, maybe because they are looking for a job," Thompson said.
"If you see this behavior from one person, that doesn't tell you much. But if you see it across five or ten people who are all in the same group," that could be an indicator of a broader trend, he said.
The availability of such tools highlights the need for individuals to be especially careful about what they disclose on social networking sites.
The tools enable easier discovery -- and correlation of seemingly random bits of data -- to uncover previously undetected relationships and trends, he said. Even if an individual does not reveal sensitive data outright, they often reveal enough about themselves and their workplaces in different sites to enable a profile to be built, Thompson said.
"Nobody has really understood the risk of data being correlated" from across multiple sites in the manner enabled by tools like Maltego and Exomind, Thompson said. "People tend to put business-related things on LinkedIn but then have this weird mix of personal and business information [on sites such as Facebook.]"
Ira Winkler, president of the Internet Security Advisors Group, author of "Spies Among Us", and a Computerworld columnist, said, "Frankly the tools suck from a protecting-your-privacy perspective."
"These things are inevitable, but they basically lower the bar for performing more advanced attacks like spear phishing and the like," Winkler said.