Posted on July 21st, 2013
If you live in a large city or simply want to focus on an exact area of your town, you can search for Twitter messages by the exact GPS location where they were posted. First, you need to identify the GPS coordinates to search. I recommend Google Maps for this. As an example, assume that you want to monitor Twitter messages posted from Lewis & Clark College in Godfrey, IL. Search for the college in Google Maps and right click the red marker in the map. This will present a new menu with an option of “What’s Here?”. Choosing this option will identify the GPS coordinates of the address, which are 38.952451,-90.195011 for this campus.
Now that you have the coordinates of the location you are interested in, you can create a specific search. The following example would identify messages on Twitter that were posted within one kilometer of the college campus.
This can be entered into any search field at the top of any Twitter profile. If you wanted to expand this search to a perimeter of five miles around the previous GPS location, you could conduct the following search.
This can be a great way to monitor Twitter messages broadcasted from a specific location. Parents may watch the Tweets from a child’s school, the movie theater he or she is at, or a friend’s house that is a common hangout. Law enforcement may monitor Tweets from the scene of a crime or trouble spots. The page will automatically update with new messages when they are posted.
If you want an automatic solution, you can use my Custom Twitter Tool HERE. It will also allow you to map your results in Bing maps.
Posted on July 12th, 2013
Exactly one year ago, Hiding from the Internet was published. It discussed the ways that you can remove publicly available information about yourself from the internet and private companies. Since then, a lot has changed. Some of the links in the book are no longer accurate, many companies have merged, and new services have arrived that expose your details. Over the past two weeks, my assistant and I worked through the entire book and updated every link. We also added a few new services. Instead of a new edition, I decided to revise the current version. Any books ordered from today forward will receive the newest revision. However, if you already own the book, you do not need to buy another copy! We also updated every link on my website to reflect the changes in the book. All of these links can be found HERE.
Many of you have asked about an electronic version. This is also ready to go, and you can download the book to your Kindle or iPad HERE. The link to both the print and electronic version is HERE. Amazon is offering a discount on the print version with free shipping, and the electronic version is $9.99.
Whether you own the book, just downloaded your new version, or want to attempt the links without the book, please consider using these free resources to protect your privacy.
Filed under Uncategorized | Comments Off
Posted on June 30th, 2013
In 2011, I posted a blog entry about credit freezes HERE. While conducting research for my next book on personal online security, I decided that I was overdue for a test of my own credit freeze. I documented this in the book and decided to share the entire section here:
After your credit freeze is in place on all three credit bureaus, you may want to test the system. The following are details of what I had to go through while attempting to obtain a new credit card with an active credit freeze in place.
May 27, 2013: I navigated to a website that was offering a great rewards point bonus for new members of a specific travel credit card. It was a very legitimate company that I have held credit with in the past. Even though I had a credit freeze in place, I thought that this company may use our previous relationship as a way around the freeze. This seemed like the best company to test my freeze with. I completed the online application and was told that I would receive an answer via postal mail soon.
May 29, 2013: I received a letter from the credit card company stating that they could not offer me a card. They advised that I had a credit freeze in place and that I would need to remove the freeze before my application could be processed. They identified TransUnion as the credit bureau that they ran my credit through. The freeze worked. This would stop the majority of criminals from accessing your credit. In order to continue the test, I contacted TransUnion and conducted a temporary credit freeze removal over the telephone. It was an automated system and I only had to provide the PIN number provided earlier.
May 30, 2013: I contacted the credit card company via telephone and advised them that the credit freeze had been removed and that I would like to submit my application again. I was placed on hold for a few minutes. The representative stated that she could still not offer me the card. While the freeze had been removed, there was still an extended alert on my credit file and there was not a telephone number for me attached to the account for verification. Basically, TransUnion automatically added this extended alert to provide another layer of protection when a freeze was ordered due to fraud. The representative advised that I should contact Transunion. I contacted them and was told that I should add a valid telephone number to my credit profile. Before I was allowed to do this, I had to answer four security questions about historical credit accounts, addresses, vehicles, and employers. After successfully answering these questions, I was able to add my cellular number to my account. I was told the changes should take place within 24 hours.
May 31, 2013: I contacted the credit card company and advised of my actions taken. She advised that she would not be able to pull another copy of my credit for 14 days. This was policy and there was no way to work around this due to the fraud protection rules in place.
June 15, 2013: I contacted the credit card company again and requested a new pull of my credit report. The credit freeze was still temporarily disabled until the end of the month. The new credit request was successful, and the representative could see the extended alert and a telephone number for contact. She placed me on hold while she dialled the telephone number on file. My cellular phone rang and she verified with me that I approved of the new credit request. I approved and switched back to the other line with her.
June 19, 2013: My new credit card arrived.
This was an interesting experience. I had never tested the system with the intent of actually receiving the card. I had occasionally completed credit card and loan offers in the past for the purpose of testing the freeze, but I was always denied later in writing. This enforces the need to have a current telephone number on file for all three credit bureaus. This entire process took just over two weeks. Any criminal trying to open an account in my name would have moved on to someone else. This same chain of events would have happened if I were trying to buy a vehicle, obtain a personal loan, or purchase real estate. Even routine tasks such as turning on electricity to a home or ordering satellite television service require access to your credit report. A credit freeze will stop practically any new account openings in your name. While I became frustrated at the delay in obtaining this card, I was impressed at the diligence of the credit card company to make sure that I really was the right person. My credit is now frozen again and I am protected at the highest level.
Posted on June 23rd, 2013
I cleaned up a few sections of the website and added several new links and applications. Here is a summary:
The master set of OSINT links has been modified to exactly match the training order. Also the titles of each section were modified to follow the new three day course. New links:
VinGenius (Free Carfax Reports)
MentionMap (Twitter Associations[Updated])
SnapChat (See Top Three Connections)
Custom Tumber Search (Better than Tumblr.com)
Custom Social Search (Combined Google Search)
The Investigative Software Pack was updated to include the following:
Removed Facebook from Ghostery Plugin (Conflict)
MementoFox Disabled (Not Functioning)
Removed Cydral from Image Search
Removed BackTweets from Menu
Updated Search Diggity (3.1)
Added iPhone Video
The iPhone Video app will allow you to extract the Date, Time, IOS version, and GPS out of a video captured with an iPhone. You will need the original video, but this can be valuable when a cell phone is collected.
If you would like to schedule my new three day Open Source Intelligence Techniques course, please Contact Us. I have a few openings left before March of 2014. All attendees receive lifetime access to all of my online links, techniques, and applications.
Posted on June 13th, 2013
During my OSINT training sessions, I demonstrate the many ways that Twitter can be searched using the Twitter API. This included hidden GPS information, account creation date, complete archive of Tweets, and several ways to search by location. Yesterday, June 11, 2013, Twitter shut down the original API. They have been warning us for months, and they finally pulled the plug. This is fairly devastating to Twitter searching. The new API (1.1) does not offer the same features and involves authorization to a Twitter account to see practically anything. I am currently working on rebuilding some of the tools, but this may take some time. I have tested every Twitter resource that I have used over the years (50+), and eliminated the non-functioning websites from my master list of links available on my site. The following 20 Twitter search websites still function:
Custom Twitter Tools (Twiter API Options)
Advanced Twitter Search (Custom Options)
GeoChirp (Twitter Mapped Data)
TweetPaths (Mapped Tweets by User)
TweetDeck (Real Time Monitoring)
Twitterfall (Real Time Search)
Twitter Name Search (Twitter Name Search)
Twellow (Twitter Search)
TagWalk (Twitter Account Data)
Twitalyzer (Twitter Account Data)
TweetReach (ID ReTweets)
Twicsy (Live Twitter Photos)
TwitCaps (Twitter Photo Search)
TwitPic (Twitter Photos)
SexyPeek (ADULT Twitter Photo Search)
SleepingTime (Twitter Sleep Schedule)
BackTweets (Search Links Posted)
Followermonk (Analyze Associates)
Followermonk (Analyze Users)
Twitter Directory (Users by Name)
There is still plenty of information that we can extract from Twitter accounts, and I am optimistic that many brand new tools will surface soon. I highly recommend that you create an anonymous Twitter profile and remain logged in to that profile while you conduct your searches. Many of these tools now require you to authenticate with your profile in order to use the resource. There is no harm in this, and it will be required for all future searching. There are some options to eliminate this step, which I hope to publish soon.
Posted on May 11th, 2013
Last week, I was in Albuquerque teaching OSINT techniques to a large group. After the session, several attendees asked what the best all-in-one tool was when you know a target’s Twitter account. Since there are several investigation avenues with Twitter, I recommend my Custom Twitter Tools page. This page has always been one of the private resources that I share with all attendees of my OSINT courses. I decided to make this page available to the public:
Each field identifies the type of data that should be entered. This includes Twitter user names, real names, keywords, and GPS information. The first option allows you to enter a target’s Twitter Name. Clicking the “API View” button will launch a new tab and display that person’s API view of their account. This view will display new information that is not visible on a person’s official Twitter page including account creation date, exact post time, device information, and sometimes exact GPS coordinates.
The second option allows you to enter a person’s Twitter user name and it will load that profile in a new tab. There is nothing special here, just a shortcut to the page. I usually use this to try different known online user names to see if a Twitter page exists.
The third option allows you to enter the target’s Twitter name, and a new tab will open with all outgoing tweets from that person. This can be beneficial when the target’s official Twitter page is full of other people’s posts that are not related to the target. This technique will isolate only those tweets by the target.
The fourth option does the opposite. It will isolate only the Tweets sent to the target from another Twitter account. This helps easily identify people that are communicating with the target.
The fifth option allows you to enter a target’s real name and search the Twitter directory for a Twitter profile. This is the only search option on this page that requires you to be logged into a Twitter account. This will present several profiles belonging to people with the name you provided. It will display the real name, user name, and often a short bio and photo to help you identify your target. The screenshot to the left identifies a few of the profiles belonging to the name Adrian Crenshaw.
The sixth option is a location based search. You can enter the GPS coordinates of any location to see posts from that area. If you need to identify the GPS coordinates from an address, use the GPS Visualizer tool. After you enter the coordinates, the search will open a new tab with three columns of live streaming Tweets. The first tab will include posts that were published within 1km of the target GPS location. The second column expands this to 5km and the third column expands this to 10km. These results will automatically update as new messages are posted. Below is a screenshot of live posts from a building in Chicago.
The seventh option adds a keyword search to the GPS search. This can be helpful when a location based search provides too many results. You can now isolate only the posts mentioning any keyword, such as ‘bomb’, posted from a specific location.
The eighth option will allow you to specify up to three keywords or user names. This will generate a live display of Tweets based on this data. I often use this to monitor a situation and might include my target’s Twitter name and any keywords associated with the investigation. This may include the location an event happened, a homicide victim’s name, or a hashtag that is being referenced.
The last option will allow you to enter two or three Twitter user names. The results will identify and analyze their followers and people they are following. This can aid in identifying people of interest that are associated with all of the targets provided. This can eliminate people that only know one of the subjects being researched. The screenshot below identifies a group of people that are followed on Twitter by both Chris Hadnagy and Ping from the Social-Engineer website.
I will continue to add features to this tool. Please practice these searches before applying them to your investigations. This can also be a great starting point for parents or teachers that have identified a child’s Twitter account.
Posted on May 4th, 2013
New Investigative Links:
Open Book (Searches Facebook Wall Posts)
Followermonk (Compares Twitter Users)
Followermonk (Compares Twitter Followers)
Twitter Google Earth (Plugin Required)
Backpage Blacklist (“No-Shows” on Backpage)
Total Craigs Search (Search All of CL)
Skype Resolvers (ID IP Address of Skype User)
New Interactive Search Tool:
I designed this online search tool to assist with an investigation. Instead of navigating to several online websites to search data, you only provide your search term in one location and click through the results. Instructions:
- Click on your desired category (Email, User, Facebook, etc).
- Click on search sub-category (Website, Search, etc).
- Type your target information in the search field (Email Address, User Name, IP Address, etc).
- You can either click on the “Search” button or double-click on each sub-category selection.
The screen capture below displays a Twitter user name search that identified a physical location and link to an additional social network.
There are currently 40+ automated search tools built-in, with more coming soon.
Software Pack Update:
Firefox Update (v.20)
Firefox Addon: Docs Online Viewer
Firefox Addon: FoxySpider
Firefox Addon: YT Caption Downloader
Firefox Addon: Rapportive
Firefox Addon: Bananatag
Instagram User Name > ID
Instagram API View w/GPS
BriteVerify Email Verification
Toofr Email Construction
All attendees of my 2-day and 3-day Open Source Intelligence courses receive lifetime access to all online updates. This includes software tools, website links, instruction materials, documents, and templates. If you would like to host a custom training session, please contact us.
Posted on March 24th, 2013
While preparing for this week’s class in Elgin, IL, I updated the private investigation area of the website. This area includes all of the links and applications that I teach during my two day advanced course. Below are the updates:
New OSINT Links:
Pic Search (Similar to Google Images)
Colossus (International Search Engine List)
Toofr (Work Email Address Guess)
Email Format (ID Emails and Format of Business Addresses)
Market Visual (Maps Employees)
PeepDB (People Search)
Wigle (WiFi Info by Location or Name)
Updated Software Pack:
Added Scythe (User Lookup)
Added IP Info
Added Domain Info
Removed Nirsoft (Virus Warnings)
Removed MetaGoofil (Not Functioning)
Removed Jigsaw (Not Functioning)
Updated OS Forensics (2.0.1003)
Updated Maltego (New Transforms)
Added Maltego User Guide
Added Maltego Transform Guide
Added Maltego Video Channel
Posted on March 16th, 2013
The three major credit reporting bureaus say they have uncovered cases where hackers gained access to users’ information. The disclosure offers a glimpse into the sensitive data available to the cybercrime underworld, which hosts several storefronts that sell cheap and illegal access to consumer credit reports.
The acknowledgement by Experian, Equifax and Trans Union comes hours after hackers posted online Social Security numbers and other sensitive data on FBI Director Robert Muller, First Lady Michelle Obama, Paris Hilton and others. Social Security numbers and even credit reports are not difficult to find using inexpensive services advertised openly in several cybercrime forums. In most cases, these services are open to anyone. The only limitation is knowing the site’s current Web address and being able to fund an account with a virtual currency.
One website sells access to consumer credit reports for $15 per report. The site also sells access to drivers license records ($4) and background reports ($12), as well as straight SSN and date of birth lookups. Random “fulls” records — which include first, middle and last names, plus the target’s address, phone number, SSN and DOB — sell for 50 cents each. Fulls located by DOB cost $1, and $1.50 if searched by ZIP Code.
It’s not clear from where this service gets its credit reports and other data, but it appears that at least some of the lookups are done manually by the proprietors. Pending new records requests are tracked with varying messages, such as “in queue,” and “in progress,” and often take more than 15 minutes to process.
I believe that the proprietors of this service and others like it are taking data gleaned from various sources and using it to pull credit reports directly from annualcreditreport.com, a government-mandated Web site created by the three major credit bureaus to help consumers obtain annual free copies of their credit reports. This free service is great for consumers wishing to view their own credit reports, but the security does not limit these views to the individual listed. Knowing some basic information about an individual may allow someone else to access the report.
If you would like to view the leaked website in a safe manner, click here:
This link allows you to scroll down and view some of the live details that were released without visiting any shady websites. The original source has been shut down, this is a link to an archive of the page. Below is a screen capture.
Taking steps now, such as freezing your credit report, will make you an undesired target. If an attacker cannot open new lines of credit on your account, your credit report is not lucrative.
Thanks to Brian Krebs for his investigation.
Posted on March 13th, 2013
The following is a guest post:
Social media has revolutionized the way we communicate, share information and network with one another both personally and professionally. It allows us to instantly connect, interact and exchange ideas with people all across the world.
But like any other powerful tool, social media can be a force for both good and evil. Unfortunately, criminals are beginning to exploit it to help them commit a range of unlawful acts, including burglary and identity theft. Here’s how you can help protect yourself:
One of the most common ways criminals are using social media is to target homes for burglary. In the social media-centric world we live in, we have become accustomed to sharing our daily experiences via tweets and status updates. Unfortunately, there are bad apples who are using this information to monitor people’s whereabouts and plan burglaries for the most opportune times – when the homeowner is on vacation or away from home.
To avoid having your home targeted, it’s best to refrain from posting real-time details about your whereabouts on your social media profiles. Additionally, take a few minutes to double check your privacy settings to make sure only trusted friends and family have access to your posts and personal information.
It’s also a good idea to subscribe to an alarm monitoring service if you haven’t already. Nowadays, most prominent home security companies offer these services for a monthly fee that most homeowners can afford. With monitored protection, trained professionals will keep tabs on your home 24 hours a day, 7 days a week – even when you’re out of town. Click here for more tips and information about monitored home security.
False identity/Identity theft
It’s remarkably easy to create an account on most social media websites. For cybercriminals, this presents a golden opportunity to impersonate an existing person or create a whole new fraudulent identity. Some do this for the sole purpose of tricking and humiliating people. Others have more sinister motives, such as identity theft.
Since most social media profiles are stuffed with sensitive information, such as age, location, birthday and email address, which could be used to steal an identity. Typically, scammers will try to make message you under the guise of someone you trust. Once contact has been made, the thief will oftentimes tell you to take a look at a new profile page, which, in reality is a bogus page designed to pilfer your username it password.
To avoid falling victim to these cybercrimes, you should first limit the amount of personal information you reveal on your profile page. Secondly, you should always be wary of any links that ask you to log or sign in again.
Filed under General | Comments Off
Posted on March 9th, 2013
In my Hiding from the Internet sessions, I always mention some type of technique that will stop websites from tracking your activity. Yesterday, I presented to a large group in central Illinois and discussed Ghostery. I received a few questions about a similar plugin called Do Not Track Me (DNTMe), so I will explain both of these tools here.
I have been using Ghostery for a couple of years now. I also embed this tool into my Investigative Software Pack. Below is the excerpt from Hiding from the Internet that explains the Ghostery plugin available for the Firefox and Chrome web browsers.
Many sites that you will visit will be using website analytics. These free services monitor the visitors of a website and identify the IP address, location, business name, search terms, and site navigation of the visitor. This can be very invasive and personal information can be analyzed and distributed without your knowledge. While you are using the methods in this book to eliminate your personal information from online databases, it is important not to provide more information in the process. Ghostery can be of help. This extension will identify any analytics and other intrusive software running on a website when you visit it. With some configuration, it can be set to block these services and prevent the website from tracking you.
After installing the extension in Firefox, click on “Tools”, “Ghostery” and then “Manage Ghostery Options”. Inside the new window that will open, scroll down to the “Blocking Options”. Click on the checkboxes next to “Advertising”, “Analytics”, “Privacy”, “Trackers” and “Widgets”. This will stop over 1000 different types of intrusive software from monitoring and tracking your internet habits. Click “save” below the options and now click on the “Cookies” tab. Similar to the last screen, select the checkboxes next to “Advertising”, “Analytics”, “Trackers” and “Widgets”. Click “Save” and then close this entire tab. This will block an additional 500 scripts that can collect private information about you. When you visit a site with analytics, the owner will no longer capture any information about your visit. Any time you visit a website that is using a service blocked by Ghostery, you will be presented with a purple window displaying all services running on the page. When a service has been blocked, the service name will be stricken and faded. Below is a screen capture of a Ghostery notification on my website.
Do Not Track Me, from a company called Abine, performs a very similar function. This tool is a bit more user friendly and requires no configuration when installed. The down side is that this product is only a free version of their commercial products DeleteMe and MaskMe. These premium products are not necessary to use Do Not Track Me, but you will receive options to upgrade. After installed into you browser, you will receive notifications in the upper right corner of your browser. This will identify the tracking software being used on the current website visited. By default, it will block the tracking and allow you the option to enable the tracking if desired. Below is a screen capture of the result of my homepage, which uses Google and Woopra to monitor traffic to the site.
Overall, I think both are great. Ghostery has a minimal interface and notification, but requires occasional user configuration when updating. DNTMe offers automatic configuration, but includes ads for their premium services. I still use Ghostery out of habit, but I will spend the next month using DNTMe to review the product. I do not recommend using both at the same time.
Posted on March 1st, 2013
Recently, a Detective in Northern Illinois notified me about a new people search website called PeepDB. This site offers more than the standard people search website that simply scrapes information from search engines. This post will explain the proper search method and the details of how to remove your personal information. This information applies to the content of both of my books, Open Source Intelligence Techniques and Hiding from the Internet.
To search the site, navigate to http://www.peepdb.com. The search field is misleading as it only conducts a custom Google search on the target. I recommend avoiding this field. Instead, choose the links below for the state where your target resides. You will then be prompted to click on a link for the first letter of your target’s last name. This will then continue, asking for the first two letters and then first three letters of your target’s last name. You should then be presented with a long list of subjects that fit the criteria. The capture below shows a few entries for people with the last name of Bazzell in Illinois.
Each of these terms are linked to another page, but only the last name on each line links to the profile of the selected target. Clicking on “Bazzell” on the last entry for Floyd Bazzell presents a new page with partial address information. Click on the link “Get The Uncensored Listing – Free” and you will be prompted to enter a captcha validation (to prevent automated search abuse). This will then unmask the address of your target and should identify a complete home address, phone number, and Google map with satellite view of the residence. the capture below displays a redacted view of the result.
My first search on this site was for my own information. I was surprised to find a recent address for me which appears nowhere else on the internet. I clicked the link below the listing titled “Remove This Listing”. This presented a new page with removal instructions. If you are a government employee, they simply require an email from your work email address identifying the address of your listing (the URL) and a written request to remove the information. I submitted my request at 4:00pm on 02/28/2013. The next morning, I searched for my name and the listing had already been removed.
If you are not a government employee, you can still request removal. Follow the instructions on the removal page which includes sending a scanned copy of a photo ID. I recommended redacting EVERYTHING on this scan except your name and street address that is visible on the PeepDB listing. If you want the listing removed immediately, you can pay them $3.95, however I do not recommend this based on their prompt response to a general request.
I encourage you to identify your own personal information on this site and remove anything that is invasive. This will now be my first public site to visit when trying to locate a target.
Posted on January 8th, 2013
Thanks to J.S. from DC, I realized that the Investigation Software Pack posted last week was corrupt. I have isolated the problem, and a new pack has been uploaded. Log into the investigations portal to download a new copy. Here are a few of the new tools:
Embedded into the Investigation Browser:
Multiple browser support
Reporting function with print formatting
Facebook photo album downloader
Slider bar to see previous versions
Updated media download features
Extract employee information & emails
Map of social traffic by location (6 networks)
Locate hidden private websites from a domain
Extract email addresses from a domain
If you are interested in the training required for this software pack, please contact us at THIS LINK.
Posted on January 2nd, 2013
One year after the release of my first book, Open Source Intelligence Techniques, I have published the 2nd edition. This edition offers over 50 new techniques that were not available during the original printing. I also modified some of the original techniques since the search methods change so rapidly. Additionally, an entire new chapter about radio frequency monitoring is included at the end of the book. These changes resulted in over 65 new pages of content. The new 320 page book can be ordered HERE. As always, I will offer the books for sale at actual cost during all of my speaking engagements and training sessions. The following is a partial list of NEW methods for searching and analyzing online information included in the book.
New Google Search Techniques
New Online Newspapers Archives
Easier Twitter Mapping of a User
Recover deleted information from Twitter accounts
Discover cell number owners through Facebook
Use online maps to rotate views of buildings
Discover hidden date information in satellite photos
View several satellite photos for one location
Discover a subject’s work email address
Locate an IRC user’s current channel location
Search public documents on Google Docs, Dropbox, and Amazon Servers
Properly search Instagram and discover all photos of a user
Search for videos by the text spoken in them
Extract a person’s outgoing voicemail message
Search a cell number through the Caller ID Database
Discover hidden websites on subdomains
Search wireless routers by name and location
Identify Driver’s License numbers in several states
Extract new information from several API’s
Six new investigative browser plugins
Change your IP address to protect your privacy
Extract still images from online and surveillance videos
Locate and map posts from six networks on one site
Locate surveillance cameras by GPS Coordinates
Monitor cellular social network group messages
Monitor radio frequencies to gather valuable intelligence
Posted on December 31st, 2012
During my internet safety presentations, I explain why I believe that you should use different passwords for different types of accounts. For example, you should never use the same password on your email account that you use for your Facebook account. This way, if one account gets compromised, your other accounts are protected. Recently, I began advising that the email address associated with your social networks should be different than your main email address for communication and financial accounts.
If one of your social networks is hacked, the criminal will know the email account associated with it. He will then attempt to gain access to that email account using a variety of techniques. If the email address is compromised, the attacker now has access to much more information. Your emails can be scanned for bank account numbers, your contacts can be sent a message requesting money, or all of it can be deleted out of spite. Most likely, the hacker will use the access to this email account to receive password reset requests from all of your accounts, which then gives complete control to everything in your digital life.
If you have one specific email address that is only used for social networks, this limits the damage. If your Facebook account is hacked, the attacker will only know the email address that you use for social networks. If this email account is hacked, the attacker will find no contacts, no sensitive information, and no emails. The only damage that can be done is to reset the passwords of your other social networks. While this may be an inconvenience, it is not financially damaging.
I ask that you consider the following while you start your new year:
1) Change all of your passwords yearly. This is a great time to start. Make sure none of your passwords are actual words and that they contain letters, numbers and at least one special character. Don’t use the same password on your “important” accounts as you do on your “fun” accounts.
2) Create a new email account through Gmail, and ONLY use it for social networks, online forums, internet groups, etc. Do not store contacts and do not use it for communication. Make this email address the primary account on all of your social networks and remove your real email address from the settings on each network.
3) Enable Dual Factor Authentication on your primary email account. This requires a code that is sent to your cell phone when you log into your email account. This ensures that no one will access your email. Instructions can be found in the “Security” settings of the account.
Have a great new year!
Posted on December 22nd, 2012
Reader S.E. reports:
“The Netwise Data email address in your book/website returns as non-deliverable.”
Apparently, they shut down that email account and have moved to a form based contact system. Here is the new link:
The “General Inquiry” option should be selected and the message should include your desire to opt-out of any data collection of your personal information. I have contacted them requesting new opt-out instructions, and I will post if/when I receive a reply.
Posted on December 19th, 2012
In the current pressing of Hiding from the Internet, there is a section on how to remove your home address and telephone number from the White Pages website. This includes their affilate sites. The technique has changed, and here are the new instructions:
Step 1: Navigate to whitepages.com and click on the “Reverse Phone” tab. Search for your listing by entering your telephone number. You can also search by name or address. If your listing is present, click on your name to open the profile.
Step 2: To the right of the name is a button titled “Claim & Edit”. Click this to create an account on White Pages with your real name and anonymous email address. You can bypass the “Login with Facebook” option by clicking the link at the bottom. Identify any sensitive information and click the “Edit” button. This will allow you to delete any information desired. After the listing looks appropriate for your level of privacy, click the “Submit” button. The data will be removed immediately.
Step 3: Navigate to 411.com and repeat the previous steps to remove your information from 411.com, a White Pages site.
Step 4: Navigate to phonenumber.com and repeat the previous steps to remove your information from phonenumber.com, a White Pages site.
Thank you to reader D.B. for pointing out the expired method.
Posted on December 16th, 2012
I want to share a technique that I just added to the upcoming second edition of Open Source Intelligence Techniques (2013).
The upper right portion of any modern Firefox browser contains a small search box that uses Google as a default search provider. Entering any terms in this field will conduct a search through Google and then launch the Google results page. This functions the same way as conducting the search on Google.com. Clicking the down arrow next to the Google logo will present a collection of search engines that can be used at any time. These include Google, Yahoo, Bing, Amazon, EBay, Twitter, and Wikipedia. The “Manage Search Engines” link will allow you to add new search engines, remove unwanted options, and change the order of the choices.
While Firefox does not announce the option, you can customize this field to do many different searches. This requires some very basic programming, but all of the code will be explained here. Additionally, you can simply download the files needed at the end of the instructions and bypass any coding. When I present my three day course on OSINT techniques, the most common question I am asked is “What should I search first when I have specific details about my target?” The attendees often have one piece of information, such as a Twitter name or an email address, and are looking for the best place to start. Because of this, I have created several custom search engines within Firefox that should help with this dilemma. First, we need to understand where these search engine options are located. If you are using the portable version of Firefox, you can find them at the following path through Windows Explorer after opening your Firefox folder.
You can either browse to this location or type it directly into the location bar with Windows Explorer. There should be six files in this folder titled google.xml, bing.xml, etc. These small files are the instructions that tell Firefox how to search each specific search engine. You can create a new set of instructions using Notepad or Wordpad, which will present an additional search engine option in Firefox. The following will create a new search engine file titled “twitter-complete-archive.xml”. The label within Firefox will be “Search Twitter Complete Archive”, and the search will be performed on “allmytweets.net”. The exact address used will be “allmytweets.net/?USERNAME”. Any Twitter name provided during this search will generate the exact address needed to display the desired results from allmytweets.net. The key terms are in bold to help you identify them.
<os:ShortName>Twitter Complete Archive</os:ShortName>
<os:Description>Search Twitter Complete Archive</os:Description>
<os:Url type=”text/html” method=”GET” template=
</os:Url><os:Url type=”application/opensearchdescription+xml” method=”GET”
This can now be used as a template for all future custom search engines. You only need to change the name of the file, the label of the search, and the address that will be searched. I have created several of these to aid in my own investigations, Instead of detailing the code to each engine; they are all available for download at the following address.
After you download the file, you should be able to double click it to see the contents. Copy all of the files to the folder that contains your “searchplugins” as described earlier. I recommend deleting any files in this folder before copying the new files. If you have access to my Law Enforcement Portal, the version of Firefox in the Software Pack already has these installed. The following is a summary of what each custom search engine provides.
Google: Standard Google search
Bing: Standard Bing search
Facebook Posts Stream: Live posts on Facebook
Facebook Wall Posts: Archived posts on FBSearch
Facebook by Email: Email search through Facebook
Facebook Graph: Public account data through Zesty
Twitter Complete Archive: All posts through AllMyTweets
Twitter Topic Search: Live search through Twitter
Twitter User API: API view of user’s account
Twitter Posts Mapped: User’s posts on Bing Maps
User Name Search: Search of target through KnowEm
Pipl Email-Username: Search through Pipl
Phone Number (w/ -‘s): Search through Reverse Genie
Website or IP Address: Search through EWhois
Docs from Domain: Locates documents on a website
Posted on October 20th, 2012
I have two success stories to announce as well as a replacement anonymous telephone number service.
Reader P.B. reports:
“I completed all of the steps outlined in the book and I received a promising sign. In my mailbox today was a small envelope addressed to “Resident”. Inside was a letter welcoming me to my new home and offering coupons for local businesses. Apparently, I did such a good job at removing my name from the internet that mailing services assume that I moved out and someone else moved in! ”
This is an excellent sign. This indicates that your address has been added to some databases that are designed for new residents. This is a great indication that you have removed a substantial amount of personal information from the internet.
Reader J.F. reports:
“I successfully removed my information from my county’s registered voter database when I first bought the book. My wife, however, did not take the steps. Lately, my wife has been receiving daily mailings from politicians that have identified her as a registered voter. She even had someone come to our home asking for her specifically. She is now in the process of completing all of the steps in the book. I have not had one piece of political mail this entire campaign season!”
I forgot how much political mail I used to receive during campaigns. If you are receiving unwanted mailings and visits from politicians, read chapter seven of Hiding from the Internet carefully.
Finally, in the book I explain how to use a free telephone number that will keep your real telephone number private. I recommended RingShuffle, but it appears to be out of service for new members. I suspect that they ran out of numbers. Until they re-surface, I recommend using a free Google Voice number. Privacy advocates do not like to use Google for anything, but I am willing to make an exception. I do not recommend using this free telephone number for anything outside of the methods in the book. Allow it to serve a single purpose and you will not sacrifice any of your privacy to Google. Details about Google Voice can be found HERE.
Posted on October 14th, 2012
LinkedIn has become a huge source of personal information during OSINT searches. Recently, LinkedIn has blocked full profile views for free users. It is also becoming more difficult to see profile content of people that you are not connected to through the social network. The below techniques will aid in viewing profiles.
Searching by company
If you are searching for employees of a specific company, searching the company name often provides numerous profiles. Clicking on any of these profiles presents a very limited view, such as the example below.
You are now required to upgrade to a full premium account in order to get further information. Instead, copy the entire job description under the “LinkedIn Member” title. In this example, it is “Marketing Specialist at REDACTED Inc.”. Use this in a custom Google search as displayed in the example below.
PDF Profile View
Each result will link to a profile that should allow for a more detailed view. This will also usually work without being logged in. After you have identified a specific target, log into LinkedIn and search for the subject’s name. Open the profile and review the information. Some profiles will mask some details if you are not connected to the person. When this happens, select the down arrow next to the blue “Connect” button and select “Export to PDF”. This will open a document that should have the full content in resume format. Below is a small section of this content.
The next blog post will identify how to identify bulk cell phone numbers by matching them to Facebook profiles. This can help law enforcement identify cash cell phones that appear in CelleBrite reports.