Posted on September 5th, 2013
For the past two years, I have been traveling a lot teaching my three day Open Source Intelligence (OSINT) course. I have had more training requests than I could fulfill. More recently, I have received a lot of requests to offer web based video training on the topic. Today, I am launching IntelTechniques.com.
The Intel Techniques online OSINT training course consists of my entire collection of training material. Access to the website includes:
110 Online Videos with over 30 hours of real content
Detailed notes outlining each technique
Complete updated list of all OSINT links
Custom online search tool that automates many search processes
Pre-configured portable browser with investigation extensions
Software pack of over 20 custom applications that aid in online investigation
Custom API search utilities that provide extended personal information
Over 25 online resources for investigating like a “hacker”
This course takes approximately 40 hours to complete and new videos are added monthly. All videos are professionally produced and in HD. Click HERE for a sample video. If you are interested in signing up for the online training, or would like more information, please visit HERE.
Posted on September 3rd, 2013
Removing yourself from the internet is not always an easy task and the biggest problem is tracking down all your online accounts so you can delete them. Just Delete Me is a site that provides you with direct links to doing just that.
Just Delete Me is a list of the most popular web apps and services with links to delete your account from those services. Each one is color coded. Green is easy, yellow is medium, red is difficult, and black is impossible. When you click on a service, you’re automatically taken to the page where you can delete your account so you don’t have to go searching for it. If you want to keep track of your accounts and delete as many as possible, this is a good place to start.
Web site AccountKiller offers clear and simple instructions for deleting online accounts at all the most popular sites. It offers deletion instructions for over 150 sites with some less popular sites as well.
Not all web sites make it easy for users to delete their accounts, and some make nearly impossible without diving deep into help documentation or emailing support. AccountKiller is one stop to help you kill an account on any site. Just visit the homepage, type the name of the service you want to vanish from, and follow their instructions.
AccountKiller uses a color-coding system to rate each one’s “ease of service.” Sites rated as “white” make it relatively easy for an average user to delete an account there. “Grey” sites aren’t exceedingly difficult, but they’re not exactly stellar about facilitating the process, either. “Black” sites are sites that make it so difficult to delete an account that you may not want to create one at all. AccountKiller’s instructions include major destinations such as Facebook, Gmail, and Skype.
If you are considering removing your social network accounts, these two sites are worth checking out.
Posted on August 9th, 2013
Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it is sometimes best to pay with a credit card versus a debit card when filling up the tank.
According to a federal indictment, two defendants would leave the skimming devices in place for approximately one month. They would then collect the skimmers and use the stolen data to create counterfeit cards. These cards would be used on multiple ATMs throughout the region and the suspects withdrew large amounts of cash. Some of the card data stolen in the scheme appeared in fraudulent transactions in Eastern Europe and Russia.
Gas pump skimmers have moved from amateur devices to a high level of workmanship and attention to detail. Increasingly, pump skimmer scammers are turning to Bluetooth-enabled devices that connect directly to the pump’s power source. These skimmers can run indefinitely, and allow thieves to retrieve stolen card data wirelessly while waiting in their car at the pump. The first figure below is one such card skimming device removed from a compromised gas station pump in 2012 in Rancho Cucamonga, California. The following figure displays the fraudulent keypad that captured a victim’s PIN.
Pump skimmers can be fairly cheap to assemble. The generic gas pump card acceptance device pictured below, a Panasonic ZU-1870MA6t2, can be purchased for $74.00. The individuals responsible for these pump scams are able to attach these devices because most pumps can be opened with a handful of master keys. If your credit card is compromised because of one of these attacks, you are protected by federal law and will not be responsible for any fraudulent charges. This protection is also extended to debit cards. However, it is vital to notify the financial institution within two days. This will cap your actual losses at $50 (if any), regardless of the amount of fraud.
Photo: Brian Krebs
Posted on August 7th, 2013
For the past ten years, I have been providing live presentations about cyber crime and information security. These are usually targeted toward companies and their employees with a focus on protecting identities and personal information. I have finally released a book that includes my entire teachings on personal digital security.
From the back cover:
Your complete resource to protect you, your family, and your community from digital crime.
Every day, thousands of digital crimes are facilitated over the internet. Years ago, this meant that a criminal needed specialized computer skill, a dedicated computer for hacking, and an expensive internet connection. Today, the entire instruction one needs can be found on Google, the attacks can be conducted over a cell phone, and there is free wireless internet on practically every corner.
Author Michael Bazzell will walk you through his experiences during his career fighting digital crime. This book includes explicit details of his entire training program created for individuals, employees, and company leaders. For the first time his complete repository of free resources has been assembled in one place. Combined with his website, this book offers you everything needed to build an effective defense from electronic crime.
The personal solutions for stopping digital attacks that are provided here will prevent you from becoming a victim. The author will make you aware of how the crimes occur, explain how you can eliminate your risk of attack, and how to easily create awareness in your circles about this growing problem. A few of the many lessons detailed here that can decrease your exposure to digital crime include how to:
Protect your computer with free software
Remove malicious programs from any system
Create and test strong password policies
Protect your email accounts from online attacks
Avoid financial scams over the internet
Configure an effective data backup solution
Encrypt sensitive data on all devices
Recover deleted data from a computer
Protect your credit report and financial accounts
Implement a credit freeze for ID theft protection
Avoid devices that steal your card information
Protect smart phones from the latest exploits
Prevent attacks through landline telephones
Discover compromised devices on your network
Protect yourself during public Wi-Fi use
Secure your wireless networks and devices
Protect your children from the latest threats
Analyze computer usage and internet history
Identify and monitor an online presence
Instruct others on personal digital security
Posted on July 21st, 2013
If you live in a large city or simply want to focus on an exact area of your town, you can search for Twitter messages by the exact GPS location where they were posted. First, you need to identify the GPS coordinates to search. I recommend Google Maps for this. As an example, assume that you want to monitor Twitter messages posted from Lewis & Clark College in Godfrey, IL. Search for the college in Google Maps and right click the red marker in the map. This will present a new menu with an option of “What’s Here?”. Choosing this option will identify the GPS coordinates of the address, which are 38.952451,-90.195011 for this campus.
Now that you have the coordinates of the location you are interested in, you can create a specific search. The following example would identify messages on Twitter that were posted within one kilometer of the college campus.
This can be entered into any search field at the top of any Twitter profile. If you wanted to expand this search to a perimeter of five miles around the previous GPS location, you could conduct the following search.
This can be a great way to monitor Twitter messages broadcasted from a specific location. Parents may watch the Tweets from a child’s school, the movie theater he or she is at, or a friend’s house that is a common hangout. Law enforcement may monitor Tweets from the scene of a crime or trouble spots. The page will automatically update with new messages when they are posted.
If you want an automatic solution, you can use my Custom Twitter Tool HERE. It will also allow you to map your results in Bing maps.
Posted on July 12th, 2013
Exactly one year ago, Hiding from the Internet was published. It discussed the ways that you can remove publicly available information about yourself from the internet and private companies. Since then, a lot has changed. Some of the links in the book are no longer accurate, many companies have merged, and new services have arrived that expose your details. Over the past two weeks, my assistant and I worked through the entire book and updated every link. We also added a few new services. Instead of a new edition, I decided to revise the current version. Any books ordered from today forward will receive the newest revision. However, if you already own the book, you do not need to buy another copy! We also updated every link on my website to reflect the changes in the book. All of these links can be found HERE.
Many of you have asked about an electronic version. This is also ready to go, and you can download the book to your Kindle or iPad HERE. The link to both the print and electronic version is HERE. Amazon is offering a discount on the print version with free shipping, and the electronic version is $9.99.
Whether you own the book, just downloaded your new version, or want to attempt the links without the book, please consider using these free resources to protect your privacy.
Filed under Uncategorized | Comments Off
Posted on June 30th, 2013
In 2011, I posted a blog entry about credit freezes HERE. While conducting research for my next book on personal online security, I decided that I was overdue for a test of my own credit freeze. I documented this in the book and decided to share the entire section here:
After your credit freeze is in place on all three credit bureaus, you may want to test the system. The following are details of what I had to go through while attempting to obtain a new credit card with an active credit freeze in place.
May 27, 2013: I navigated to a website that was offering a great rewards point bonus for new members of a specific travel credit card. It was a very legitimate company that I have held credit with in the past. Even though I had a credit freeze in place, I thought that this company may use our previous relationship as a way around the freeze. This seemed like the best company to test my freeze with. I completed the online application and was told that I would receive an answer via postal mail soon.
May 29, 2013: I received a letter from the credit card company stating that they could not offer me a card. They advised that I had a credit freeze in place and that I would need to remove the freeze before my application could be processed. They identified TransUnion as the credit bureau that they ran my credit through. The freeze worked. This would stop the majority of criminals from accessing your credit. In order to continue the test, I contacted TransUnion and conducted a temporary credit freeze removal over the telephone. It was an automated system and I only had to provide the PIN number provided earlier.
May 30, 2013: I contacted the credit card company via telephone and advised them that the credit freeze had been removed and that I would like to submit my application again. I was placed on hold for a few minutes. The representative stated that she could still not offer me the card. While the freeze had been removed, there was still an extended alert on my credit file and there was not a telephone number for me attached to the account for verification. Basically, TransUnion automatically added this extended alert to provide another layer of protection when a freeze was ordered due to fraud. The representative advised that I should contact Transunion. I contacted them and was told that I should add a valid telephone number to my credit profile. Before I was allowed to do this, I had to answer four security questions about historical credit accounts, addresses, vehicles, and employers. After successfully answering these questions, I was able to add my cellular number to my account. I was told the changes should take place within 24 hours.
May 31, 2013: I contacted the credit card company and advised of my actions taken. She advised that she would not be able to pull another copy of my credit for 14 days. This was policy and there was no way to work around this due to the fraud protection rules in place.
June 15, 2013: I contacted the credit card company again and requested a new pull of my credit report. The credit freeze was still temporarily disabled until the end of the month. The new credit request was successful, and the representative could see the extended alert and a telephone number for contact. She placed me on hold while she dialled the telephone number on file. My cellular phone rang and she verified with me that I approved of the new credit request. I approved and switched back to the other line with her.
June 19, 2013: My new credit card arrived.
This was an interesting experience. I had never tested the system with the intent of actually receiving the card. I had occasionally completed credit card and loan offers in the past for the purpose of testing the freeze, but I was always denied later in writing. This enforces the need to have a current telephone number on file for all three credit bureaus. This entire process took just over two weeks. Any criminal trying to open an account in my name would have moved on to someone else. This same chain of events would have happened if I were trying to buy a vehicle, obtain a personal loan, or purchase real estate. Even routine tasks such as turning on electricity to a home or ordering satellite television service require access to your credit report. A credit freeze will stop practically any new account openings in your name. While I became frustrated at the delay in obtaining this card, I was impressed at the diligence of the credit card company to make sure that I really was the right person. My credit is now frozen again and I am protected at the highest level.
Posted on June 23rd, 2013
I cleaned up a few sections of the website and added several new links and applications. Here is a summary:
The master set of OSINT links has been modified to exactly match the training order. Also the titles of each section were modified to follow the new three day course. New links:
VinGenius (Free Carfax Reports)
MentionMap (Twitter Associations[Updated])
SnapChat (See Top Three Connections)
Custom Tumber Search (Better than Tumblr.com)
Custom Social Search (Combined Google Search)
The Investigative Software Pack was updated to include the following:
Removed Facebook from Ghostery Plugin (Conflict)
MementoFox Disabled (Not Functioning)
Removed Cydral from Image Search
Removed BackTweets from Menu
Updated Search Diggity (3.1)
Added iPhone Video
The iPhone Video app will allow you to extract the Date, Time, IOS version, and GPS out of a video captured with an iPhone. You will need the original video, but this can be valuable when a cell phone is collected.
If you would like to schedule my new three day Open Source Intelligence Techniques course, please Contact Us. I have a few openings left before March of 2014. All attendees receive lifetime access to all of my online links, techniques, and applications.
Posted on June 13th, 2013
During my OSINT training sessions, I demonstrate the many ways that Twitter can be searched using the Twitter API. This included hidden GPS information, account creation date, complete archive of Tweets, and several ways to search by location. Yesterday, June 11, 2013, Twitter shut down the original API. They have been warning us for months, and they finally pulled the plug. This is fairly devastating to Twitter searching. The new API (1.1) does not offer the same features and involves authorization to a Twitter account to see practically anything. I am currently working on rebuilding some of the tools, but this may take some time. I have tested every Twitter resource that I have used over the years (50+), and eliminated the non-functioning websites from my master list of links available on my site. The following 20 Twitter search websites still function:
Custom Twitter Tools (Twiter API Options)
Advanced Twitter Search (Custom Options)
GeoChirp (Twitter Mapped Data)
TweetPaths (Mapped Tweets by User)
TweetDeck (Real Time Monitoring)
Twitterfall (Real Time Search)
Twitter Name Search (Twitter Name Search)
Twellow (Twitter Search)
TagWalk (Twitter Account Data)
Twitalyzer (Twitter Account Data)
TweetReach (ID ReTweets)
Twicsy (Live Twitter Photos)
TwitCaps (Twitter Photo Search)
TwitPic (Twitter Photos)
SexyPeek (ADULT Twitter Photo Search)
SleepingTime (Twitter Sleep Schedule)
BackTweets (Search Links Posted)
Followermonk (Analyze Associates)
Followermonk (Analyze Users)
Twitter Directory (Users by Name)
There is still plenty of information that we can extract from Twitter accounts, and I am optimistic that many brand new tools will surface soon. I highly recommend that you create an anonymous Twitter profile and remain logged in to that profile while you conduct your searches. Many of these tools now require you to authenticate with your profile in order to use the resource. There is no harm in this, and it will be required for all future searching. There are some options to eliminate this step, which I hope to publish soon.
Posted on May 11th, 2013
Last week, I was in Albuquerque teaching OSINT techniques to a large group. After the session, several attendees asked what the best all-in-one tool was when you know a target’s Twitter account. Since there are several investigation avenues with Twitter, I recommend my Custom Twitter Tools page. This page has always been one of the private resources that I share with all attendees of my OSINT courses. I decided to make this page available to the public:
Each field identifies the type of data that should be entered. This includes Twitter user names, real names, keywords, and GPS information. The first option allows you to enter a target’s Twitter Name. Clicking the “API View” button will launch a new tab and display that person’s API view of their account. This view will display new information that is not visible on a person’s official Twitter page including account creation date, exact post time, device information, and sometimes exact GPS coordinates.
The second option allows you to enter a person’s Twitter user name and it will load that profile in a new tab. There is nothing special here, just a shortcut to the page. I usually use this to try different known online user names to see if a Twitter page exists.
The third option allows you to enter the target’s Twitter name, and a new tab will open with all outgoing tweets from that person. This can be beneficial when the target’s official Twitter page is full of other people’s posts that are not related to the target. This technique will isolate only those tweets by the target.
The fourth option does the opposite. It will isolate only the Tweets sent to the target from another Twitter account. This helps easily identify people that are communicating with the target.
The fifth option allows you to enter a target’s real name and search the Twitter directory for a Twitter profile. This is the only search option on this page that requires you to be logged into a Twitter account. This will present several profiles belonging to people with the name you provided. It will display the real name, user name, and often a short bio and photo to help you identify your target. The screenshot to the left identifies a few of the profiles belonging to the name Adrian Crenshaw.
The sixth option is a location based search. You can enter the GPS coordinates of any location to see posts from that area. If you need to identify the GPS coordinates from an address, use the GPS Visualizer tool. After you enter the coordinates, the search will open a new tab with three columns of live streaming Tweets. The first tab will include posts that were published within 1km of the target GPS location. The second column expands this to 5km and the third column expands this to 10km. These results will automatically update as new messages are posted. Below is a screenshot of live posts from a building in Chicago.
The seventh option adds a keyword search to the GPS search. This can be helpful when a location based search provides too many results. You can now isolate only the posts mentioning any keyword, such as ‘bomb’, posted from a specific location.
The eighth option will allow you to specify up to three keywords or user names. This will generate a live display of Tweets based on this data. I often use this to monitor a situation and might include my target’s Twitter name and any keywords associated with the investigation. This may include the location an event happened, a homicide victim’s name, or a hashtag that is being referenced.
The last option will allow you to enter two or three Twitter user names. The results will identify and analyze their followers and people they are following. This can aid in identifying people of interest that are associated with all of the targets provided. This can eliminate people that only know one of the subjects being researched. The screenshot below identifies a group of people that are followed on Twitter by both Chris Hadnagy and Ping from the Social-Engineer website.
I will continue to add features to this tool. Please practice these searches before applying them to your investigations. This can also be a great starting point for parents or teachers that have identified a child’s Twitter account.
Posted on May 4th, 2013
New Investigative Links:
Open Book (Searches Facebook Wall Posts)
Followermonk (Compares Twitter Users)
Followermonk (Compares Twitter Followers)
Twitter Google Earth (Plugin Required)
Backpage Blacklist (“No-Shows” on Backpage)
Total Craigs Search (Search All of CL)
Skype Resolvers (ID IP Address of Skype User)
New Interactive Search Tool:
I designed this online search tool to assist with an investigation. Instead of navigating to several online websites to search data, you only provide your search term in one location and click through the results. Instructions:
- Click on your desired category (Email, User, Facebook, etc).
- Click on search sub-category (Website, Search, etc).
- Type your target information in the search field (Email Address, User Name, IP Address, etc).
- You can either click on the “Search” button or double-click on each sub-category selection.
The screen capture below displays a Twitter user name search that identified a physical location and link to an additional social network.
There are currently 40+ automated search tools built-in, with more coming soon.
Software Pack Update:
Firefox Update (v.20)
Firefox Addon: Docs Online Viewer
Firefox Addon: FoxySpider
Firefox Addon: YT Caption Downloader
Firefox Addon: Rapportive
Firefox Addon: Bananatag
Instagram User Name > ID
Instagram API View w/GPS
BriteVerify Email Verification
Toofr Email Construction
All attendees of my 2-day and 3-day Open Source Intelligence courses receive lifetime access to all online updates. This includes software tools, website links, instruction materials, documents, and templates. If you would like to host a custom training session, please contact us.
Posted on March 24th, 2013
While preparing for this week’s class in Elgin, IL, I updated the private investigation area of the website. This area includes all of the links and applications that I teach during my two day advanced course. Below are the updates:
New OSINT Links:
Pic Search (Similar to Google Images)
Colossus (International Search Engine List)
Toofr (Work Email Address Guess)
Email Format (ID Emails and Format of Business Addresses)
Market Visual (Maps Employees)
PeepDB (People Search)
Wigle (WiFi Info by Location or Name)
Updated Software Pack:
Added Scythe (User Lookup)
Added IP Info
Added Domain Info
Removed Nirsoft (Virus Warnings)
Removed MetaGoofil (Not Functioning)
Removed Jigsaw (Not Functioning)
Updated OS Forensics (2.0.1003)
Updated Maltego (New Transforms)
Added Maltego User Guide
Added Maltego Transform Guide
Added Maltego Video Channel
Posted on March 16th, 2013
The three major credit reporting bureaus say they have uncovered cases where hackers gained access to users’ information. The disclosure offers a glimpse into the sensitive data available to the cybercrime underworld, which hosts several storefronts that sell cheap and illegal access to consumer credit reports.
The acknowledgement by Experian, Equifax and Trans Union comes hours after hackers posted online Social Security numbers and other sensitive data on FBI Director Robert Muller, First Lady Michelle Obama, Paris Hilton and others. Social Security numbers and even credit reports are not difficult to find using inexpensive services advertised openly in several cybercrime forums. In most cases, these services are open to anyone. The only limitation is knowing the site’s current Web address and being able to fund an account with a virtual currency.
One website sells access to consumer credit reports for $15 per report. The site also sells access to drivers license records ($4) and background reports ($12), as well as straight SSN and date of birth lookups. Random “fulls” records — which include first, middle and last names, plus the target’s address, phone number, SSN and DOB — sell for 50 cents each. Fulls located by DOB cost $1, and $1.50 if searched by ZIP Code.
It’s not clear from where this service gets its credit reports and other data, but it appears that at least some of the lookups are done manually by the proprietors. Pending new records requests are tracked with varying messages, such as “in queue,” and “in progress,” and often take more than 15 minutes to process.
I believe that the proprietors of this service and others like it are taking data gleaned from various sources and using it to pull credit reports directly from annualcreditreport.com, a government-mandated Web site created by the three major credit bureaus to help consumers obtain annual free copies of their credit reports. This free service is great for consumers wishing to view their own credit reports, but the security does not limit these views to the individual listed. Knowing some basic information about an individual may allow someone else to access the report.
If you would like to view the leaked website in a safe manner, click here:
This link allows you to scroll down and view some of the live details that were released without visiting any shady websites. The original source has been shut down, this is a link to an archive of the page. Below is a screen capture.
Taking steps now, such as freezing your credit report, will make you an undesired target. If an attacker cannot open new lines of credit on your account, your credit report is not lucrative.
Thanks to Brian Krebs for his investigation.
Posted on March 13th, 2013
The following is a guest post:
Social media has revolutionized the way we communicate, share information and network with one another both personally and professionally. It allows us to instantly connect, interact and exchange ideas with people all across the world.
But like any other powerful tool, social media can be a force for both good and evil. Unfortunately, criminals are beginning to exploit it to help them commit a range of unlawful acts, including burglary and identity theft. Here’s how you can help protect yourself:
One of the most common ways criminals are using social media is to target homes for burglary. In the social media-centric world we live in, we have become accustomed to sharing our daily experiences via tweets and status updates. Unfortunately, there are bad apples who are using this information to monitor people’s whereabouts and plan burglaries for the most opportune times – when the homeowner is on vacation or away from home.
To avoid having your home targeted, it’s best to refrain from posting real-time details about your whereabouts on your social media profiles. Additionally, take a few minutes to double check your privacy settings to make sure only trusted friends and family have access to your posts and personal information.
It’s also a good idea to subscribe to an alarm monitoring service if you haven’t already. Nowadays, most prominent home security companies offer these services for a monthly fee that most homeowners can afford. With monitored protection, trained professionals will keep tabs on your home 24 hours a day, 7 days a week – even when you’re out of town. Click here for more tips and information about monitored home security.
False identity/Identity theft
It’s remarkably easy to create an account on most social media websites. For cybercriminals, this presents a golden opportunity to impersonate an existing person or create a whole new fraudulent identity. Some do this for the sole purpose of tricking and humiliating people. Others have more sinister motives, such as identity theft.
Since most social media profiles are stuffed with sensitive information, such as age, location, birthday and email address, which could be used to steal an identity. Typically, scammers will try to make message you under the guise of someone you trust. Once contact has been made, the thief will oftentimes tell you to take a look at a new profile page, which, in reality is a bogus page designed to pilfer your username it password.
To avoid falling victim to these cybercrimes, you should first limit the amount of personal information you reveal on your profile page. Secondly, you should always be wary of any links that ask you to log or sign in again.
Filed under General | Comments Off
Posted on March 9th, 2013
In my Hiding from the Internet sessions, I always mention some type of technique that will stop websites from tracking your activity. Yesterday, I presented to a large group in central Illinois and discussed Ghostery. I received a few questions about a similar plugin called Do Not Track Me (DNTMe), so I will explain both of these tools here.
I have been using Ghostery for a couple of years now. I also embed this tool into my Investigative Software Pack. Below is the excerpt from Hiding from the Internet that explains the Ghostery plugin available for the Firefox and Chrome web browsers.
Many sites that you will visit will be using website analytics. These free services monitor the visitors of a website and identify the IP address, location, business name, search terms, and site navigation of the visitor. This can be very invasive and personal information can be analyzed and distributed without your knowledge. While you are using the methods in this book to eliminate your personal information from online databases, it is important not to provide more information in the process. Ghostery can be of help. This extension will identify any analytics and other intrusive software running on a website when you visit it. With some configuration, it can be set to block these services and prevent the website from tracking you.
After installing the extension in Firefox, click on “Tools”, “Ghostery” and then “Manage Ghostery Options”. Inside the new window that will open, scroll down to the “Blocking Options”. Click on the checkboxes next to “Advertising”, “Analytics”, “Privacy”, “Trackers” and “Widgets”. This will stop over 1000 different types of intrusive software from monitoring and tracking your internet habits. Click “save” below the options and now click on the “Cookies” tab. Similar to the last screen, select the checkboxes next to “Advertising”, “Analytics”, “Trackers” and “Widgets”. Click “Save” and then close this entire tab. This will block an additional 500 scripts that can collect private information about you. When you visit a site with analytics, the owner will no longer capture any information about your visit. Any time you visit a website that is using a service blocked by Ghostery, you will be presented with a purple window displaying all services running on the page. When a service has been blocked, the service name will be stricken and faded. Below is a screen capture of a Ghostery notification on my website.
Do Not Track Me, from a company called Abine, performs a very similar function. This tool is a bit more user friendly and requires no configuration when installed. The down side is that this product is only a free version of their commercial products DeleteMe and MaskMe. These premium products are not necessary to use Do Not Track Me, but you will receive options to upgrade. After installed into you browser, you will receive notifications in the upper right corner of your browser. This will identify the tracking software being used on the current website visited. By default, it will block the tracking and allow you the option to enable the tracking if desired. Below is a screen capture of the result of my homepage, which uses Google and Woopra to monitor traffic to the site.
Overall, I think both are great. Ghostery has a minimal interface and notification, but requires occasional user configuration when updating. DNTMe offers automatic configuration, but includes ads for their premium services. I still use Ghostery out of habit, but I will spend the next month using DNTMe to review the product. I do not recommend using both at the same time.
Posted on March 1st, 2013
Recently, a Detective in Northern Illinois notified me about a new people search website called PeepDB. This site offers more than the standard people search website that simply scrapes information from search engines. This post will explain the proper search method and the details of how to remove your personal information. This information applies to the content of both of my books, Open Source Intelligence Techniques and Hiding from the Internet.
To search the site, navigate to http://www.peepdb.com. The search field is misleading as it only conducts a custom Google search on the target. I recommend avoiding this field. Instead, choose the links below for the state where your target resides. You will then be prompted to click on a link for the first letter of your target’s last name. This will then continue, asking for the first two letters and then first three letters of your target’s last name. You should then be presented with a long list of subjects that fit the criteria. The capture below shows a few entries for people with the last name of Bazzell in Illinois.
Each of these terms are linked to another page, but only the last name on each line links to the profile of the selected target. Clicking on “Bazzell” on the last entry for Floyd Bazzell presents a new page with partial address information. Click on the link “Get The Uncensored Listing – Free” and you will be prompted to enter a captcha validation (to prevent automated search abuse). This will then unmask the address of your target and should identify a complete home address, phone number, and Google map with satellite view of the residence. the capture below displays a redacted view of the result.
My first search on this site was for my own information. I was surprised to find a recent address for me which appears nowhere else on the internet. I clicked the link below the listing titled “Remove This Listing”. This presented a new page with removal instructions. If you are a government employee, they simply require an email from your work email address identifying the address of your listing (the URL) and a written request to remove the information. I submitted my request at 4:00pm on 02/28/2013. The next morning, I searched for my name and the listing had already been removed.
If you are not a government employee, you can still request removal. Follow the instructions on the removal page which includes sending a scanned copy of a photo ID. I recommended redacting EVERYTHING on this scan except your name and street address that is visible on the PeepDB listing. If you want the listing removed immediately, you can pay them $3.95, however I do not recommend this based on their prompt response to a general request.
I encourage you to identify your own personal information on this site and remove anything that is invasive. This will now be my first public site to visit when trying to locate a target.
Posted on January 8th, 2013
Thanks to J.S. from DC, I realized that the Investigation Software Pack posted last week was corrupt. I have isolated the problem, and a new pack has been uploaded. Log into the investigations portal to download a new copy. Here are a few of the new tools:
Embedded into the Investigation Browser:
Multiple browser support
Reporting function with print formatting
Facebook photo album downloader
Slider bar to see previous versions
Updated media download features
Extract employee information & emails
Map of social traffic by location (6 networks)
Locate hidden private websites from a domain
Extract email addresses from a domain
If you are interested in the training required for this software pack, please contact us at THIS LINK.
Posted on January 2nd, 2013
One year after the release of my first book, Open Source Intelligence Techniques, I have published the 2nd edition. This edition offers over 50 new techniques that were not available during the original printing. I also modified some of the original techniques since the search methods change so rapidly. Additionally, an entire new chapter about radio frequency monitoring is included at the end of the book. These changes resulted in over 65 new pages of content. The new 320 page book can be ordered HERE. As always, I will offer the books for sale at actual cost during all of my speaking engagements and training sessions. The following is a partial list of NEW methods for searching and analyzing online information included in the book.
New Google Search Techniques
New Online Newspapers Archives
Easier Twitter Mapping of a User
Recover deleted information from Twitter accounts
Discover cell number owners through Facebook
Use online maps to rotate views of buildings
Discover hidden date information in satellite photos
View several satellite photos for one location
Discover a subject’s work email address
Locate an IRC user’s current channel location
Search public documents on Google Docs, Dropbox, and Amazon Servers
Properly search Instagram and discover all photos of a user
Search for videos by the text spoken in them
Extract a person’s outgoing voicemail message
Search a cell number through the Caller ID Database
Discover hidden websites on subdomains
Search wireless routers by name and location
Identify Driver’s License numbers in several states
Extract new information from several API’s
Six new investigative browser plugins
Change your IP address to protect your privacy
Extract still images from online and surveillance videos
Locate and map posts from six networks on one site
Locate surveillance cameras by GPS Coordinates
Monitor cellular social network group messages
Monitor radio frequencies to gather valuable intelligence
Posted on December 31st, 2012
During my internet safety presentations, I explain why I believe that you should use different passwords for different types of accounts. For example, you should never use the same password on your email account that you use for your Facebook account. This way, if one account gets compromised, your other accounts are protected. Recently, I began advising that the email address associated with your social networks should be different than your main email address for communication and financial accounts.
If one of your social networks is hacked, the criminal will know the email account associated with it. He will then attempt to gain access to that email account using a variety of techniques. If the email address is compromised, the attacker now has access to much more information. Your emails can be scanned for bank account numbers, your contacts can be sent a message requesting money, or all of it can be deleted out of spite. Most likely, the hacker will use the access to this email account to receive password reset requests from all of your accounts, which then gives complete control to everything in your digital life.
If you have one specific email address that is only used for social networks, this limits the damage. If your Facebook account is hacked, the attacker will only know the email address that you use for social networks. If this email account is hacked, the attacker will find no contacts, no sensitive information, and no emails. The only damage that can be done is to reset the passwords of your other social networks. While this may be an inconvenience, it is not financially damaging.
I ask that you consider the following while you start your new year:
1) Change all of your passwords yearly. This is a great time to start. Make sure none of your passwords are actual words and that they contain letters, numbers and at least one special character. Don’t use the same password on your “important” accounts as you do on your “fun” accounts.
2) Create a new email account through Gmail, and ONLY use it for social networks, online forums, internet groups, etc. Do not store contacts and do not use it for communication. Make this email address the primary account on all of your social networks and remove your real email address from the settings on each network.
3) Enable Dual Factor Authentication on your primary email account. This requires a code that is sent to your cell phone when you log into your email account. This ensures that no one will access your email. Instructions can be found in the “Security” settings of the account.
Have a great new year!
Posted on December 22nd, 2012
Reader S.E. reports:
“The Netwise Data email address in your book/website returns as non-deliverable.”
Apparently, they shut down that email account and have moved to a form based contact system. Here is the new link:
The “General Inquiry” option should be selected and the message should include your desire to opt-out of any data collection of your personal information. I have contacted them requesting new opt-out instructions, and I will post if/when I receive a reply.