Posted on November 19th, 2013
Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours.
Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said. Photos seized from one defendant’s iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said.
The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists “unlimited” operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn’t identify the payment processors except to say that one was in India and the other was in the United States.
Posted on November 11th, 2013
I have started writing the Third Edition with an expected release in early 2014. I have approximately 65 brand new techniques and several replacements for the few outdated techniques in the previous edition. Today, I am documenting how to take advantage of NerdyData and robots.txt files to find valuable data within websites. Last night I wrapped up a section on accessing updated reverse caller ID databases through API’s to identify unknown cell phone numbers. I am still shocked at the results.
Tomorrow, I add more tools to the YouTube Custom Tool page. This page currently allows you to bypass commercials in videos, bypass age restriction login requirements, quickly download a video without need for software, and extract 4 frames from within any hidden video. You can play with the current version HERE.
Posted on November 6th, 2013
There’s no doubt that the Internet is an incredible place to be. It allows for connections that span the world whether you are on a large computer or you are using a small, handheld device. Yet, it can also be a very dangerous place. Without proper care to your system and to your personal identity, you could be putting information into cyberspace that is nothing short of being risky to your well-being. To avoid this, understand your risks and know how to prevent problems.
#1 – Realize There Are People Looking for Your Information
The most important thing to do to keep the Internet safe for you and your children to use is to be realistic about what’s happening there. There are risks, including individuals who wish to gather your personal data to steal your identity. There are criminals who will try to lure your child away. And, there are those who like to play jokes that can cause thousands of dollars in damage.
- Be vigilant about the remaining safe.
- Don’t trust anyone you meet online without verifying their identification first.
- Never just click on links or agree to someone else’s terms.
- Realize that your personal data needs to be kept safe at all types.
- Use trusted websites instead of just any site you find, especially for purchases.
Realizing there are risks is the first step in minimizing their particular impact on your life. It is also necessary to educate your children about these risks.
#2 – Make Maintaining Passwords a Must
A key way to protect yourself online is to use passwords. Do this with everything you use, including your financial accounts, email accounts, and even website accounts. Not only should you have passwords, but you should also change them frequently. Keep them complex. Using a series of random numbers and letters provides you with far more protection than using a birthday that’s easily looked up by an attacker.
#3 – Protect Your Computer, Too
Though many people take steps to protect their own actions on the Internet, many fail to put the proper protections in place so that others can’t get into their computer.
- Do you have a password protecting your WiFi connection?
- Do you have an up-dated anti-virus program installed on your computer?
- Are you confident that those safety programs are running each day to protect your system?
- If you share computers with others, is your site password protected?
- Are you using identity theft deterrents to help ensure your identity on your favorite websites online remains protected?
- Do you have a home security issue?
Home security often sounds like a secondary issue when thinking about computer security. One of the first things that a thief will go after in your home are high end electronics. A well trained thief knows that not only can they resell these items quickly, but that the information inside them is likely worth a lot more money. Check out homesecurity911.com for some options to keep your home safe from unwarranted intruders and your belongings safe.
You do not have to be an expert to protect yourself and your computer from Internet risks. Though cybercrimes, such as identity theft and virus infiltration are very real crimes to worry about, there are steps you can take to reduce your risks.
If you have not done so, get security systems in place on your computers, your Internet connection, and any shared devices you have. Maintain passwords and ensure that you teach your children about the risks they face. Only when you take these measures can you feel good about using the Internet.
Filed under General | Comments Off
Posted on October 30th, 2013
I am excited to announce several new search techniques that have recently surfaced. The following information can be used on practically any investigation. They each allow the user to search live and historic information through Twitter and other networks based on the location of interest.
Knock: This website allows you to search a website domain to find unlisted sub-domains. For example, searching “hope.net” identified “radio.hope.net” and “wiki.hope.net” to reveal additional information.
Rapportive App: This one is a little high-tech, but worth it. Rapportive allows you to identify the social networks of people that send you email. This UNOFFICIAL app allows you to bypass the requirement for the target to email you. You simply search an email address to find the social networks attached to it. The research on this by Jordan Wright can be found HERE. If you know Python programming, it will be easy for you. If you are a member of my training website, IntelTechniques.com, I have created a Windows executable file that will run without any programming skill. Simply launch “Email Stalker” in your software menu. There is also a video tutorial on the program in the web training area. This app can also be found in the software pack for those that have attended the live OSINT course.
If you are interested in video training on these topics, please visit IntelTechniques.com. My entire 40 hour course is available in 112 HD videos. At least two videos are added every month.
I also provide a 3 day OSINT training course for both private sector and government. Contact us for details.
Posted on September 28th, 2013
I have recently updated the master list of Open Source Intelligence (OSINT) investigation links to be used for online searching. This update removed a few sites that went offline and added the following new options:
Bing VS Google (Comparison of search results)
Twitter GPS Search (Search by location)
HootSuite Feed (Live Twitter stream by topic)
Twitonomy (Twitter Analytics)
Vine (Google search of Vine videos)
Escort Reviews (Search by cell number)
Craigslist Alerts (Alerts for CL Posts)
MailTester (Verify Email Accounts)
Email Sherlock (Email Info)
Sly Dial (Plays outgoing voice mail message)
DetUrl (Video download options)
SameID (Identify related websites)
If you would like free access to the entire list of investigations links, contact us HERE.
Posted on September 5th, 2013
For the past two years, I have been traveling a lot teaching my three day Open Source Intelligence (OSINT) course. I have had more training requests than I could fulfill. More recently, I have received a lot of requests to offer web based video training on the topic. Today, I am launching IntelTechniques.com.
The Intel Techniques online OSINT training course consists of my entire collection of training material. Access to the website includes:
110 Online Videos with over 30 hours of real content
Detailed notes outlining each technique
Complete updated list of all OSINT links
Custom online search tool that automates many search processes
Pre-configured portable browser with investigation extensions
Software pack of over 20 custom applications that aid in online investigation
Custom API search utilities that provide extended personal information
Over 25 online resources for investigating like a “hacker”
This course takes approximately 40 hours to complete and new videos are added monthly. All videos are professionally produced and in HD. Click HERE for a sample video. If you are interested in signing up for the online training, or would like more information, please visit HERE.
Posted on September 3rd, 2013
Removing yourself from the internet is not always an easy task and the biggest problem is tracking down all your online accounts so you can delete them. Just Delete Me is a site that provides you with direct links to doing just that.
Just Delete Me is a list of the most popular web apps and services with links to delete your account from those services. Each one is color coded. Green is easy, yellow is medium, red is difficult, and black is impossible. When you click on a service, you’re automatically taken to the page where you can delete your account so you don’t have to go searching for it. If you want to keep track of your accounts and delete as many as possible, this is a good place to start.
Web site AccountKiller offers clear and simple instructions for deleting online accounts at all the most popular sites. It offers deletion instructions for over 150 sites with some less popular sites as well.
Not all web sites make it easy for users to delete their accounts, and some make nearly impossible without diving deep into help documentation or emailing support. AccountKiller is one stop to help you kill an account on any site. Just visit the homepage, type the name of the service you want to vanish from, and follow their instructions.
AccountKiller uses a color-coding system to rate each one’s “ease of service.” Sites rated as “white” make it relatively easy for an average user to delete an account there. “Grey” sites aren’t exceedingly difficult, but they’re not exactly stellar about facilitating the process, either. “Black” sites are sites that make it so difficult to delete an account that you may not want to create one at all. AccountKiller’s instructions include major destinations such as Facebook, Gmail, and Skype.
If you are considering removing your social network accounts, these two sites are worth checking out.
Posted on August 9th, 2013
Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it is sometimes best to pay with a credit card versus a debit card when filling up the tank.
According to a federal indictment, two defendants would leave the skimming devices in place for approximately one month. They would then collect the skimmers and use the stolen data to create counterfeit cards. These cards would be used on multiple ATMs throughout the region and the suspects withdrew large amounts of cash. Some of the card data stolen in the scheme appeared in fraudulent transactions in Eastern Europe and Russia.
Gas pump skimmers have moved from amateur devices to a high level of workmanship and attention to detail. Increasingly, pump skimmer scammers are turning to Bluetooth-enabled devices that connect directly to the pump’s power source. These skimmers can run indefinitely, and allow thieves to retrieve stolen card data wirelessly while waiting in their car at the pump. The first figure below is one such card skimming device removed from a compromised gas station pump in 2012 in Rancho Cucamonga, California. The following figure displays the fraudulent keypad that captured a victim’s PIN.
Pump skimmers can be fairly cheap to assemble. The generic gas pump card acceptance device pictured below, a Panasonic ZU-1870MA6t2, can be purchased for $74.00. The individuals responsible for these pump scams are able to attach these devices because most pumps can be opened with a handful of master keys. If your credit card is compromised because of one of these attacks, you are protected by federal law and will not be responsible for any fraudulent charges. This protection is also extended to debit cards. However, it is vital to notify the financial institution within two days. This will cap your actual losses at $50 (if any), regardless of the amount of fraud.
Photo: Brian Krebs
Posted on August 7th, 2013
For the past ten years, I have been providing live presentations about cyber crime and information security. These are usually targeted toward companies and their employees with a focus on protecting identities and personal information. I have finally released a book that includes my entire teachings on personal digital security.
From the back cover:
Your complete resource to protect you, your family, and your community from digital crime.
Every day, thousands of digital crimes are facilitated over the internet. Years ago, this meant that a criminal needed specialized computer skill, a dedicated computer for hacking, and an expensive internet connection. Today, the entire instruction one needs can be found on Google, the attacks can be conducted over a cell phone, and there is free wireless internet on practically every corner.
Author Michael Bazzell will walk you through his experiences during his career fighting digital crime. This book includes explicit details of his entire training program created for individuals, employees, and company leaders. For the first time his complete repository of free resources has been assembled in one place. Combined with his website, this book offers you everything needed to build an effective defense from electronic crime.
The personal solutions for stopping digital attacks that are provided here will prevent you from becoming a victim. The author will make you aware of how the crimes occur, explain how you can eliminate your risk of attack, and how to easily create awareness in your circles about this growing problem. A few of the many lessons detailed here that can decrease your exposure to digital crime include how to:
Protect your computer with free software
Remove malicious programs from any system
Create and test strong password policies
Protect your email accounts from online attacks
Avoid financial scams over the internet
Configure an effective data backup solution
Encrypt sensitive data on all devices
Recover deleted data from a computer
Protect your credit report and financial accounts
Implement a credit freeze for ID theft protection
Avoid devices that steal your card information
Protect smart phones from the latest exploits
Prevent attacks through landline telephones
Discover compromised devices on your network
Protect yourself during public Wi-Fi use
Secure your wireless networks and devices
Protect your children from the latest threats
Analyze computer usage and internet history
Identify and monitor an online presence
Instruct others on personal digital security
Posted on July 21st, 2013
If you live in a large city or simply want to focus on an exact area of your town, you can search for Twitter messages by the exact GPS location where they were posted. First, you need to identify the GPS coordinates to search. I recommend Google Maps for this. As an example, assume that you want to monitor Twitter messages posted from Lewis & Clark College in Godfrey, IL. Search for the college in Google Maps and right click the red marker in the map. This will present a new menu with an option of “What’s Here?”. Choosing this option will identify the GPS coordinates of the address, which are 38.952451,-90.195011 for this campus.
Now that you have the coordinates of the location you are interested in, you can create a specific search. The following example would identify messages on Twitter that were posted within one kilometer of the college campus.
This can be entered into any search field at the top of any Twitter profile. If you wanted to expand this search to a perimeter of five miles around the previous GPS location, you could conduct the following search.
This can be a great way to monitor Twitter messages broadcasted from a specific location. Parents may watch the Tweets from a child’s school, the movie theater he or she is at, or a friend’s house that is a common hangout. Law enforcement may monitor Tweets from the scene of a crime or trouble spots. The page will automatically update with new messages when they are posted.
If you want an automatic solution, you can use my Custom Twitter Tool HERE. It will also allow you to map your results in Bing maps.
Posted on July 12th, 2013
Exactly one year ago, Hiding from the Internet was published. It discussed the ways that you can remove publicly available information about yourself from the internet and private companies. Since then, a lot has changed. Some of the links in the book are no longer accurate, many companies have merged, and new services have arrived that expose your details. Over the past two weeks, my assistant and I worked through the entire book and updated every link. We also added a few new services. Instead of a new edition, I decided to revise the current version. Any books ordered from today forward will receive the newest revision. However, if you already own the book, you do not need to buy another copy! We also updated every link on my website to reflect the changes in the book. All of these links can be found HERE.
Many of you have asked about an electronic version. This is also ready to go, and you can download the book to your Kindle or iPad HERE. The link to both the print and electronic version is HERE. Amazon is offering a discount on the print version with free shipping, and the electronic version is $9.99.
Whether you own the book, just downloaded your new version, or want to attempt the links without the book, please consider using these free resources to protect your privacy.
Filed under Uncategorized | Comments Off
Posted on June 30th, 2013
In 2011, I posted a blog entry about credit freezes HERE. While conducting research for my next book on personal online security, I decided that I was overdue for a test of my own credit freeze. I documented this in the book and decided to share the entire section here:
After your credit freeze is in place on all three credit bureaus, you may want to test the system. The following are details of what I had to go through while attempting to obtain a new credit card with an active credit freeze in place.
May 27, 2013: I navigated to a website that was offering a great rewards point bonus for new members of a specific travel credit card. It was a very legitimate company that I have held credit with in the past. Even though I had a credit freeze in place, I thought that this company may use our previous relationship as a way around the freeze. This seemed like the best company to test my freeze with. I completed the online application and was told that I would receive an answer via postal mail soon.
May 29, 2013: I received a letter from the credit card company stating that they could not offer me a card. They advised that I had a credit freeze in place and that I would need to remove the freeze before my application could be processed. They identified TransUnion as the credit bureau that they ran my credit through. The freeze worked. This would stop the majority of criminals from accessing your credit. In order to continue the test, I contacted TransUnion and conducted a temporary credit freeze removal over the telephone. It was an automated system and I only had to provide the PIN number provided earlier.
May 30, 2013: I contacted the credit card company via telephone and advised them that the credit freeze had been removed and that I would like to submit my application again. I was placed on hold for a few minutes. The representative stated that she could still not offer me the card. While the freeze had been removed, there was still an extended alert on my credit file and there was not a telephone number for me attached to the account for verification. Basically, TransUnion automatically added this extended alert to provide another layer of protection when a freeze was ordered due to fraud. The representative advised that I should contact Transunion. I contacted them and was told that I should add a valid telephone number to my credit profile. Before I was allowed to do this, I had to answer four security questions about historical credit accounts, addresses, vehicles, and employers. After successfully answering these questions, I was able to add my cellular number to my account. I was told the changes should take place within 24 hours.
May 31, 2013: I contacted the credit card company and advised of my actions taken. She advised that she would not be able to pull another copy of my credit for 14 days. This was policy and there was no way to work around this due to the fraud protection rules in place.
June 15, 2013: I contacted the credit card company again and requested a new pull of my credit report. The credit freeze was still temporarily disabled until the end of the month. The new credit request was successful, and the representative could see the extended alert and a telephone number for contact. She placed me on hold while she dialled the telephone number on file. My cellular phone rang and she verified with me that I approved of the new credit request. I approved and switched back to the other line with her.
June 19, 2013: My new credit card arrived.
This was an interesting experience. I had never tested the system with the intent of actually receiving the card. I had occasionally completed credit card and loan offers in the past for the purpose of testing the freeze, but I was always denied later in writing. This enforces the need to have a current telephone number on file for all three credit bureaus. This entire process took just over two weeks. Any criminal trying to open an account in my name would have moved on to someone else. This same chain of events would have happened if I were trying to buy a vehicle, obtain a personal loan, or purchase real estate. Even routine tasks such as turning on electricity to a home or ordering satellite television service require access to your credit report. A credit freeze will stop practically any new account openings in your name. While I became frustrated at the delay in obtaining this card, I was impressed at the diligence of the credit card company to make sure that I really was the right person. My credit is now frozen again and I am protected at the highest level.
Posted on June 23rd, 2013
I cleaned up a few sections of the website and added several new links and applications. Here is a summary:
The master set of OSINT links has been modified to exactly match the training order. Also the titles of each section were modified to follow the new three day course. New links:
VinGenius (Free Carfax Reports)
MentionMap (Twitter Associations[Updated])
SnapChat (See Top Three Connections)
Custom Tumber Search (Better than Tumblr.com)
Custom Social Search (Combined Google Search)
The Investigative Software Pack was updated to include the following:
Removed Facebook from Ghostery Plugin (Conflict)
MementoFox Disabled (Not Functioning)
Removed Cydral from Image Search
Removed BackTweets from Menu
Updated Search Diggity (3.1)
Added iPhone Video
The iPhone Video app will allow you to extract the Date, Time, IOS version, and GPS out of a video captured with an iPhone. You will need the original video, but this can be valuable when a cell phone is collected.
If you would like to schedule my new three day Open Source Intelligence Techniques course, please Contact Us. I have a few openings left before March of 2014. All attendees receive lifetime access to all of my online links, techniques, and applications.
Posted on June 13th, 2013
During my OSINT training sessions, I demonstrate the many ways that Twitter can be searched using the Twitter API. This included hidden GPS information, account creation date, complete archive of Tweets, and several ways to search by location. Yesterday, June 11, 2013, Twitter shut down the original API. They have been warning us for months, and they finally pulled the plug. This is fairly devastating to Twitter searching. The new API (1.1) does not offer the same features and involves authorization to a Twitter account to see practically anything. I am currently working on rebuilding some of the tools, but this may take some time. I have tested every Twitter resource that I have used over the years (50+), and eliminated the non-functioning websites from my master list of links available on my site. The following 20 Twitter search websites still function:
Custom Twitter Tools (Twiter API Options)
Advanced Twitter Search (Custom Options)
GeoChirp (Twitter Mapped Data)
TweetPaths (Mapped Tweets by User)
TweetDeck (Real Time Monitoring)
Twitterfall (Real Time Search)
Twitter Name Search (Twitter Name Search)
Twellow (Twitter Search)
TagWalk (Twitter Account Data)
Twitalyzer (Twitter Account Data)
TweetReach (ID ReTweets)
Twicsy (Live Twitter Photos)
TwitCaps (Twitter Photo Search)
TwitPic (Twitter Photos)
SexyPeek (ADULT Twitter Photo Search)
SleepingTime (Twitter Sleep Schedule)
BackTweets (Search Links Posted)
Followermonk (Analyze Associates)
Followermonk (Analyze Users)
Twitter Directory (Users by Name)
There is still plenty of information that we can extract from Twitter accounts, and I am optimistic that many brand new tools will surface soon. I highly recommend that you create an anonymous Twitter profile and remain logged in to that profile while you conduct your searches. Many of these tools now require you to authenticate with your profile in order to use the resource. There is no harm in this, and it will be required for all future searching. There are some options to eliminate this step, which I hope to publish soon.
Posted on May 11th, 2013
Last week, I was in Albuquerque teaching OSINT techniques to a large group. After the session, several attendees asked what the best all-in-one tool was when you know a target’s Twitter account. Since there are several investigation avenues with Twitter, I recommend my Custom Twitter Tools page. This page has always been one of the private resources that I share with all attendees of my OSINT courses. I decided to make this page available to the public:
Each field identifies the type of data that should be entered. This includes Twitter user names, real names, keywords, and GPS information. The first option allows you to enter a target’s Twitter Name. Clicking the “API View” button will launch a new tab and display that person’s API view of their account. This view will display new information that is not visible on a person’s official Twitter page including account creation date, exact post time, device information, and sometimes exact GPS coordinates.
The second option allows you to enter a person’s Twitter user name and it will load that profile in a new tab. There is nothing special here, just a shortcut to the page. I usually use this to try different known online user names to see if a Twitter page exists.
The third option allows you to enter the target’s Twitter name, and a new tab will open with all outgoing tweets from that person. This can be beneficial when the target’s official Twitter page is full of other people’s posts that are not related to the target. This technique will isolate only those tweets by the target.
The fourth option does the opposite. It will isolate only the Tweets sent to the target from another Twitter account. This helps easily identify people that are communicating with the target.
The fifth option allows you to enter a target’s real name and search the Twitter directory for a Twitter profile. This is the only search option on this page that requires you to be logged into a Twitter account. This will present several profiles belonging to people with the name you provided. It will display the real name, user name, and often a short bio and photo to help you identify your target. The screenshot to the left identifies a few of the profiles belonging to the name Adrian Crenshaw.
The sixth option is a location based search. You can enter the GPS coordinates of any location to see posts from that area. If you need to identify the GPS coordinates from an address, use the GPS Visualizer tool. After you enter the coordinates, the search will open a new tab with three columns of live streaming Tweets. The first tab will include posts that were published within 1km of the target GPS location. The second column expands this to 5km and the third column expands this to 10km. These results will automatically update as new messages are posted. Below is a screenshot of live posts from a building in Chicago.
The seventh option adds a keyword search to the GPS search. This can be helpful when a location based search provides too many results. You can now isolate only the posts mentioning any keyword, such as ‘bomb’, posted from a specific location.
The eighth option will allow you to specify up to three keywords or user names. This will generate a live display of Tweets based on this data. I often use this to monitor a situation and might include my target’s Twitter name and any keywords associated with the investigation. This may include the location an event happened, a homicide victim’s name, or a hashtag that is being referenced.
The last option will allow you to enter two or three Twitter user names. The results will identify and analyze their followers and people they are following. This can aid in identifying people of interest that are associated with all of the targets provided. This can eliminate people that only know one of the subjects being researched. The screenshot below identifies a group of people that are followed on Twitter by both Chris Hadnagy and Ping from the Social-Engineer website.
I will continue to add features to this tool. Please practice these searches before applying them to your investigations. This can also be a great starting point for parents or teachers that have identified a child’s Twitter account.
Posted on May 4th, 2013
New Investigative Links:
Open Book (Searches Facebook Wall Posts)
Followermonk (Compares Twitter Users)
Followermonk (Compares Twitter Followers)
Twitter Google Earth (Plugin Required)
Backpage Blacklist (“No-Shows” on Backpage)
Total Craigs Search (Search All of CL)
Skype Resolvers (ID IP Address of Skype User)
New Interactive Search Tool:
I designed this online search tool to assist with an investigation. Instead of navigating to several online websites to search data, you only provide your search term in one location and click through the results. Instructions:
- Click on your desired category (Email, User, Facebook, etc).
- Click on search sub-category (Website, Search, etc).
- Type your target information in the search field (Email Address, User Name, IP Address, etc).
- You can either click on the “Search” button or double-click on each sub-category selection.
The screen capture below displays a Twitter user name search that identified a physical location and link to an additional social network.
There are currently 40+ automated search tools built-in, with more coming soon.
Software Pack Update:
Firefox Update (v.20)
Firefox Addon: Docs Online Viewer
Firefox Addon: FoxySpider
Firefox Addon: YT Caption Downloader
Firefox Addon: Rapportive
Firefox Addon: Bananatag
Instagram User Name > ID
Instagram API View w/GPS
BriteVerify Email Verification
Toofr Email Construction
All attendees of my 2-day and 3-day Open Source Intelligence courses receive lifetime access to all online updates. This includes software tools, website links, instruction materials, documents, and templates. If you would like to host a custom training session, please contact us.
Posted on March 24th, 2013
While preparing for this week’s class in Elgin, IL, I updated the private investigation area of the website. This area includes all of the links and applications that I teach during my two day advanced course. Below are the updates:
New OSINT Links:
Pic Search (Similar to Google Images)
Colossus (International Search Engine List)
Toofr (Work Email Address Guess)
Email Format (ID Emails and Format of Business Addresses)
Market Visual (Maps Employees)
PeepDB (People Search)
Wigle (WiFi Info by Location or Name)
Updated Software Pack:
Added Scythe (User Lookup)
Added IP Info
Added Domain Info
Removed Nirsoft (Virus Warnings)
Removed MetaGoofil (Not Functioning)
Removed Jigsaw (Not Functioning)
Updated OS Forensics (2.0.1003)
Updated Maltego (New Transforms)
Added Maltego User Guide
Added Maltego Transform Guide
Added Maltego Video Channel
Posted on March 16th, 2013
The three major credit reporting bureaus say they have uncovered cases where hackers gained access to users’ information. The disclosure offers a glimpse into the sensitive data available to the cybercrime underworld, which hosts several storefronts that sell cheap and illegal access to consumer credit reports.
The acknowledgement by Experian, Equifax and Trans Union comes hours after hackers posted online Social Security numbers and other sensitive data on FBI Director Robert Muller, First Lady Michelle Obama, Paris Hilton and others. Social Security numbers and even credit reports are not difficult to find using inexpensive services advertised openly in several cybercrime forums. In most cases, these services are open to anyone. The only limitation is knowing the site’s current Web address and being able to fund an account with a virtual currency.
One website sells access to consumer credit reports for $15 per report. The site also sells access to drivers license records ($4) and background reports ($12), as well as straight SSN and date of birth lookups. Random “fulls” records — which include first, middle and last names, plus the target’s address, phone number, SSN and DOB — sell for 50 cents each. Fulls located by DOB cost $1, and $1.50 if searched by ZIP Code.
It’s not clear from where this service gets its credit reports and other data, but it appears that at least some of the lookups are done manually by the proprietors. Pending new records requests are tracked with varying messages, such as “in queue,” and “in progress,” and often take more than 15 minutes to process.
I believe that the proprietors of this service and others like it are taking data gleaned from various sources and using it to pull credit reports directly from annualcreditreport.com, a government-mandated Web site created by the three major credit bureaus to help consumers obtain annual free copies of their credit reports. This free service is great for consumers wishing to view their own credit reports, but the security does not limit these views to the individual listed. Knowing some basic information about an individual may allow someone else to access the report.
If you would like to view the leaked website in a safe manner, click here:
This link allows you to scroll down and view some of the live details that were released without visiting any shady websites. The original source has been shut down, this is a link to an archive of the page. Below is a screen capture.
Taking steps now, such as freezing your credit report, will make you an undesired target. If an attacker cannot open new lines of credit on your account, your credit report is not lucrative.
Thanks to Brian Krebs for his investigation.
Posted on March 13th, 2013
The following is a guest post:
Social media has revolutionized the way we communicate, share information and network with one another both personally and professionally. It allows us to instantly connect, interact and exchange ideas with people all across the world.
But like any other powerful tool, social media can be a force for both good and evil. Unfortunately, criminals are beginning to exploit it to help them commit a range of unlawful acts, including burglary and identity theft. Here’s how you can help protect yourself:
One of the most common ways criminals are using social media is to target homes for burglary. In the social media-centric world we live in, we have become accustomed to sharing our daily experiences via tweets and status updates. Unfortunately, there are bad apples who are using this information to monitor people’s whereabouts and plan burglaries for the most opportune times – when the homeowner is on vacation or away from home.
To avoid having your home targeted, it’s best to refrain from posting real-time details about your whereabouts on your social media profiles. Additionally, take a few minutes to double check your privacy settings to make sure only trusted friends and family have access to your posts and personal information.
It’s also a good idea to subscribe to an alarm monitoring service if you haven’t already. Nowadays, most prominent home security companies offer these services for a monthly fee that most homeowners can afford. With monitored protection, trained professionals will keep tabs on your home 24 hours a day, 7 days a week – even when you’re out of town. Click here for more tips and information about monitored home security.
False identity/Identity theft
It’s remarkably easy to create an account on most social media websites. For cybercriminals, this presents a golden opportunity to impersonate an existing person or create a whole new fraudulent identity. Some do this for the sole purpose of tricking and humiliating people. Others have more sinister motives, such as identity theft.
Since most social media profiles are stuffed with sensitive information, such as age, location, birthday and email address, which could be used to steal an identity. Typically, scammers will try to make message you under the guise of someone you trust. Once contact has been made, the thief will oftentimes tell you to take a look at a new profile page, which, in reality is a bogus page designed to pilfer your username it password.
To avoid falling victim to these cybercrimes, you should first limit the amount of personal information you reveal on your profile page. Secondly, you should always be wary of any links that ask you to log or sign in again.
Filed under General | Comments Off
Posted on March 9th, 2013
In my Hiding from the Internet sessions, I always mention some type of technique that will stop websites from tracking your activity. Yesterday, I presented to a large group in central Illinois and discussed Ghostery. I received a few questions about a similar plugin called Do Not Track Me (DNTMe), so I will explain both of these tools here.
I have been using Ghostery for a couple of years now. I also embed this tool into my Investigative Software Pack. Below is the excerpt from Hiding from the Internet that explains the Ghostery plugin available for the Firefox and Chrome web browsers.
Many sites that you will visit will be using website analytics. These free services monitor the visitors of a website and identify the IP address, location, business name, search terms, and site navigation of the visitor. This can be very invasive and personal information can be analyzed and distributed without your knowledge. While you are using the methods in this book to eliminate your personal information from online databases, it is important not to provide more information in the process. Ghostery can be of help. This extension will identify any analytics and other intrusive software running on a website when you visit it. With some configuration, it can be set to block these services and prevent the website from tracking you.
After installing the extension in Firefox, click on “Tools”, “Ghostery” and then “Manage Ghostery Options”. Inside the new window that will open, scroll down to the “Blocking Options”. Click on the checkboxes next to “Advertising”, “Analytics”, “Privacy”, “Trackers” and “Widgets”. This will stop over 1000 different types of intrusive software from monitoring and tracking your internet habits. Click “save” below the options and now click on the “Cookies” tab. Similar to the last screen, select the checkboxes next to “Advertising”, “Analytics”, “Trackers” and “Widgets”. Click “Save” and then close this entire tab. This will block an additional 500 scripts that can collect private information about you. When you visit a site with analytics, the owner will no longer capture any information about your visit. Any time you visit a website that is using a service blocked by Ghostery, you will be presented with a purple window displaying all services running on the page. When a service has been blocked, the service name will be stricken and faded. Below is a screen capture of a Ghostery notification on my website.
Do Not Track Me, from a company called Abine, performs a very similar function. This tool is a bit more user friendly and requires no configuration when installed. The down side is that this product is only a free version of their commercial products DeleteMe and MaskMe. These premium products are not necessary to use Do Not Track Me, but you will receive options to upgrade. After installed into you browser, you will receive notifications in the upper right corner of your browser. This will identify the tracking software being used on the current website visited. By default, it will block the tracking and allow you the option to enable the tracking if desired. Below is a screen capture of the result of my homepage, which uses Google and Woopra to monitor traffic to the site.
Overall, I think both are great. Ghostery has a minimal interface and notification, but requires occasional user configuration when updating. DNTMe offers automatic configuration, but includes ads for their premium services. I still use Ghostery out of habit, but I will spend the next month using DNTMe to review the product. I do not recommend using both at the same time.