Secrets of an Online SNOOP

http://www.forbes.com/2010/11/09/secrets-o...y-snooping.html

 

Secrets of an online super snoop

A few simple tools can get you information once available only to private investigators and police.

By Kashmir Hill, Forbes.com

 

In May Matthew Smith received a piece of junk e-mail from a marketer. The marketer chose the wrong guy to spam.

 

Smith, a pseudonym, is a former hacker and now works as a network security engineer. He runs a blog called Attack Vector devoted to online security issues. He decided to use the marketer, named Steve, as his guinea pig to show how easy it is to track down information about someone based solely on an e-mail address, and documented how he did it to serve as a warning to others who may not understand the power of what's available to anyone looking to dig into your background.

 

With a few simple online tools Smith unearthed information once available only to private investigators and law enforcement--from criminal records and financial information to hobbies and even the names of the marketer's children. "There are so many naïve people on the Internet who really have no clue," says Smith.

 

From Snitch.name to Spokeo.com, a host of sites are available to run down details on everything from a person's criminal background to who owns a website. No particular hacking skills are needed--just a bit of know-how and a good set of browser bookmarks.

 

"There is an entire industry and markets being built on all this [data-mining]. Drilling down who you are and what you do," said Michael Fertik, founder of ReputationDefender. "There's so much data out there about each of us--if you know what you're doing, you can automate that process and come up with a quick snapshot of someone, that might label this person as a bankrupt deadbeat who shouldn't get a loan."

 

Anyone can access this information. The marketer's e-mail to Matthew Smith contained routing information that included his IP address--a unique identifier for a computer or mobile device. A header with this information is included in an e-mail when a person using Comcast, Yahoo or Hotmail for their e-mail services uses SMTP to send it, for example, by using Outlook instead of through the Web. The procedure varies from e-mail service to e-mail service. But in Outlook, right-click on the message in your inbox and select "Message Options." That will give you an informational box that includes "Internet headers"--if the person's e-mail service leaks their IP address, it will be there, in parentheses after their email address.

 

Using the website GeoIPTool, Smith was able to track Steve's location to Spokane, Wash. Then, by conducting a WhoIs website domain search (whois.net/) with Steve's e-mail address, he was able to pull up his full name and home address. Those registering websites have to pay extra to keep that information private, and Steve did not do that.

 

Using Google Maps Street View, Smith was able to take a screen shot of Steve's home, a small, one-story brick house with a blue recycling bin at the end of the drive. Searching WhitePages, Facebook, and court records--available for a fee through PACER--soon revealed the identity of Steve's wife, the fact that they had filed for bankruptcy in 1993, and even the last four digits of their social security numbers.

 

Facebook revealed that Steve was an avid fly fisherman who enjoys traveling, gardening and remodeling projects. "Note: Passwords," wrote Smith on his blog. "By building a profile of someone, you begin to get a feel of who they really are. I'm willing to bet that at least one of Steve's passwords has something to do with fishing, trout, or cutthroats (a type of trout--according to his Facebook page)."

 

His wife's page included copious details about their children and grandchild. "Family members, ages, schools, anniversary dates, marriage lengths, hobbies, interests, phone numbers, addresses, property records, property taxes, pictures of their house, pictures of them, pictures of their children and grandchildren, deeds on their house, bankruptcies, employment history, previous addresses, previous creditors, and bits of social security numbers," wrote Smith of what he was able to compile using just an e-mail address.

 

"I'm pretty sure I'd be able to fake my way through one of those password reset forms. ... You know, where you set up a 'secret question' asking what your dog's name was, or where you went to school? Beyond that, I'm fairly confident that at this point, if I were to call his bank and pretend to be him, I could easily pass when they asked me personal questions." He didn't, of course. But it's still worth keeping in mind next time you send an e-mail to someone you don't know.

http://www.attackvector.org/invasion-of-privacy/

 

DISCLAIMER!!!

 

This is ABSOLUTELY for informational purposes ONLY. attackvector.org nor I will be held responsible for how you choose to use the information that I post on my blog. This individual, though he is a douche for sending spam, is a real person with a real life. By misusing the information found here, you have the power to potentially destroy someones real life. There’s a fine line between a legal hack and a felony. Information gathering is not illegal so long as it’s obtained through legal means. Using the information, however, is quite another story.

 

UPDATE: Because of something that one of my readers brought up, I want to clarify. The email that I received was not the run of the mill malware/spambot/whatever style email. The email was coming from his email address, using his business’s name, and advertising his business. I would have never posted this had I had any doubt that this may not have actually been sent, by him, in some fashion.

END OF DISCLAIMER.

 

I use spammers and pedophiles as test subjects when I’m working on something. This is mostly because it’s unlikely that they would go to the authorities and point the finger at me, knowing that I could easily turn around and say something to the effect of, “Well, yes I did pwn his box.. but you should have seen all the child porn I found on it.” owned x 2.

 

I happened to receive a piece of spam at the exact moment as I was going to start a post about privacy and anonyminity on the internet. I will consider this to be a sign from God that this dude needed to be set straight. Okay, maybe not. I’m not sure what the bible says about spam.. but if I were God, it would be into the pits of hell for them. So, since I cannot cast people into eternal suffering in a firey pit, I will have to settle for second best. Pwnage!

 

Whats even better, none of what I’m about to do is illegal. It’s a serious, serious invasion of privacy, and you definitely don’t want it to happen to you, but all of it can be harvested through public record, social networks, forum posts, etc etc etc.

 

First, lets take a look at the email that I received.

 

..snip..

Received: from unknown (HELO p3pismtp01-017.prod.phx3.secureserver.net) ([10.6.12.17])

(envelope-sender )

by p3plsmtp09-04.prod.phx3.secureserver.net (qmail-1.03) with SMTP

for ; 7 May 2010 01:05:53 -0000

X-IronPort-Anti-Spam-Result: AjYCAOP/4kvYI8QXnGdsb2JhbACeChUBAQEBAQgLCAkRIrxZgmCCMwSDQQ

Received: from server299.com ([216.35.196.23])

by p3pismtp01-017.prod.phx3.secureserver.net with ESMTP; 06 May 2010 17:58:47 -0700

Received: (qmail 10509 invoked by uid 3287); 7 May 2010 00:58:46 -0000

Received: from 67.185.122.64

(SquirrelMail authenticated user steve)

by www.barteritemsfortrade.com with HTTP;

..snip..

 

Ok, so, his email address is [email protected].. he’s sending email through server299.com.. and his real IP address is 67.185.122.64. All we really need is his email address and his IP. Lets see what we can find.

 

Non-authoritative answer:

64.122.185.67.in-addr.arpa name = c-67-185-122-64.hsd1.wa.comcast.net.

 

Now we know that he’s connecting from Washington (wa.comcast.net). Lets see what Geo IP location says. I use this service, but there are many others. I’ve also written a few tools to do this as well, but we’re going to use what the average Joe has access to.

 

Just put the IP address in the box and hit “search”. Here’s what we find.

 

Region: Washington

City: Spokane

Postal code: 99205

 

So, we’re narrowing it down.. we now know that it’s Spokane, Washington. Now we’re going to take a look at his email address. First, obviously, just google the email address. This will bring up information for virtually anything that the person has ever used their email on. Forums, social networks, etc.

 

In this case, however, nothing came up on google. We must dig deeper. Enter, whois!

 

BIZ TWO, LLC

PO Box 8421

Spokane, Washington 99203

United States

 

Biz two? Does that mean there is a Biz One and a Biz Three, perhaps? Also, he’s using a PO Box.. blah.

 

..snip..

Administrative Contact:

Nicholas, Steve [email protected]

..snip..

(509) 283-7030 Fax — (509) 456-3813

..snip..

 

Jackpot! We now have a last name and a phone number. We also have an additional email address/domain.

 

Administrative Contact:

Your Logo Here [email protected]

139 west 30th Avenue

Spokane, WA 99203

US

509-456-3813 fax: 509-456-3813

 

Hmm.. a real address.. no PO box on this domain. Is that an office? A house? Is it his house? I can assume that ‘snicho’ is short for ‘steve nicholas’, and it’s the administrative contact, which means he owns the domain.. so the address has something to do with him.

 

Enter.. Google Maps.

 

 

Well, it’s definitely not an office building, so at this point I’m going to assume that it’s his house until I find out differently. We can further verify this by googling his name + city + state.

 

 

That address looks rather familiar… oh yeah, it’s the address that was associated with his domain. We can be virtually certain at this point that that is his real address and house. Lets see who else lives in the house with him – just google the phone number listed.

 

 

Ok, so, Nancy has the same last name as Steve, so I think we can safely say that this is his wife.

 

We’ll come back to her later. Lets see what else we can find about Steve.. I’m really starting to feel like family at this point.

 

Back when I googled his name + city + state, I noticed that below the address result, there was a LinkedIn page.. lets check that out.

 

Ok, so there’s all sorts of useful information.. but I found another email address.. [email protected] Not often do I meet someone with as many email addresses as me.. lol.

 

So, back up to the top, we google for [email protected].

 

Some interesting stuff, but nothing really useful for my purposes. Lets check out Facebook and see if he’s a social butterfly. I log in and “search for friends” and enter his email address(es). His account is registered with the itex.net email address.

 

He doesn’t have his Facebook stuff set to private, so he’s kind of letting it all hang out. Thanks, Steve!

 

 

 

Yawn. The only thing interesting there, is that we’ve now definitely verified that that address is correct and that his wife’s name is definitely Nancy. Maybe her page is more interesting.. lets look

 

Note: Passwords.. by building a profile of someone, you begin to get a feel of who they really are. I’m willing to bet that at least one of Steve’s passwords has something to do with fishing, trout, or cutthroats (type of trout – according to his facebook page).

 

Nancy’s Facebook:

 

I teach 7th & 8th graders at Salk Middle School in Spokane WA. I married Steve 27 years ago and we have 2 daughters, Susanne and Rachael. Susanne married Dan Wadkins 2 years ago and they are expecting their first child in March. Dan is an attorney and Susanne is a special education teacher. Rachael is living in Las Vegas where she teaches special education to preschoolers and kindergarten. We have an awesome family!!!!

 

Here’s something to take a mental note of. Women are generally more open about their personal lives and love to share with others. In one paragraph, we learn that she teaches at Salk Middle School, they’ve been married for 27 years, they have 2 daughters, Susanne and Rachael, Susanne is married to Dan Wadkins (note – this probably means that Susanne is no longer Susanne Nicholas, she’s probably Susanne Wadkins). Rachael lives in Vegas.

 

How ever would we find out more information about Susanne and Rachael? Oh yeah, friends lists. If the parents have Facebook, the kids most certainly have Facebook.. and barring any family drama, they’ll all be on each others friends lists. And, of course, I’m right.. found Rachael, Dan, and Susanne.

 

Also, going through her wall posts gave up some information. They’re new grandparents.. their grandaughter Lola was born on March 15th.. this was Dan and Susanne’s daughter.

 

Now, lets see what Intelius says about Nancy (note – I skipped Steve on Intelius because his entry is all screwed up.)

 

 

Now we have ages, too. It’s interesting that there’s a “Ralph Steve Nicholas” listed, who has the same age as the other two Steve’s listed. Could Steve’s real name be Ralph??

 

Ok, anyway, lets see what I can find out about their house. Just about every county in the country allows you to view property tax records on the internet. I googled “spokane washington property tax records”. What you’re looking for is like, the assessor’s home page then just punch in the address and you can find a wealth of information.

 

What this record tells us, is that Nancy actually owns the home.. Steve isn’t even listed. She’s also the sole person listed paying the property taxes. Interesting.. I wonder why?

 

Also, further down on the report, there’s two documents. A quit claim deed, and a statutory warranty deed. A warranty deed is issued in some states when a house is sold. It protects the buyer from having third parties come after them for unpaid debts and whatever. So, it appears as though they bought the house in 2001 for $110,000? Seems awfully low.

 

Now, lets look at the quit claim deed. First thing I notice. R Steve Nicholas is listed as “Husband of Grantee” I think Steve’s real name is Ralph. lol.

 

This is interesting.. quit claim deeds are used after a divorce to switch the owner of a property from one party to another at the county level. But they’re still married. The other times that I’ve seen quit claim deeds used is when people encounter serious financial trouble and need to file bankruptcy. They file independently and deed the house to their spouse.

 

Lets find out!

 

I am not going to tell you what service I use to obtain this information because I don’t want it to get abused and taken away. Also, I don’t think everyone should have access to it. SO.

 

91-40727 Ralph Steven Nicholas and Nancy Lynn Nicholas

Case type: bk Chapter: 7 Asset: No Vol: v Judge: John C. Minahan Jr.

Date filed: 05/08/1991 Date of last filing: 02/11/1993

Date terminated: 02/11/1993

 

Ok, so they did a joint bankruptcy in ’91 and it was discharged in ’93. I also have a list of their creditors.. no wonder they filed bankruptcy. Ouch.

 

One other piece of information that this offers, is previous addresses and the last 4 digits of their social security numbers. Keep in mind, a lot of people use the last 4 digits of their social for pin numbers.. because most pin numbers are limited to 4 digits. Stupid.

 

UPDATE: I’ve decided to X out the social security numbers because this post is starting to receive a ton of traffic and I’m not sure I want everyone visiting it to have this information. My intention of this article is not to make it easy to steal this guys identity.. it’s to point out a vulnerability. If you really want to find his social security number, lets just say.. it’s available via the internet.

 

Debtor

Ralph Steven Nicholas

6747 Crooked Creek Dr.

Lincoln, NE 68516

SSN / ITIN: xxx-xx-xxxx

 

Debtor

Nancy Lynn Nicholas

6747 Crooked Creek Dr.

Lincoln, NE 68516

SSN / ITIN: xxx-xx-xxxx

 

Here’s something to really think about.. I was able to obtain all of the information in this post for 16 cents and by just using an email and IP address from a piece of spam.

 

Family members, ages, schools, anniversary dates, marriage lengths, hobbies, interests, phone numbers, addresses, property records, property taxes, pictures of their house, pictures of them, pictures of their children and grandchildren, deeds on their house, bankruptcies, employment history, previous addresses, previous creditors, and bits of social security numbers.

 

I’m pretty sure I’d be able to fake my way through one of those password reset forms.. you know, where you set up a “secret question” asking what your dogs name was, or where you went to school?

 

Beyond that, I’m fairly confident that at this point, if I were to call his bank and pretend to be him, I could easily pass when they asked me personal questions.

 

In closing.. you really need to pay close attention to what you’re posting on the internet. If I were a douche, I could ruin this guys life using this information. There are a lot of douches out there that are doing this type of stuff right now. Given an email address, phone number, or whatever, they build profiles on people which can be used to exploit them and steal identities.

 

The other thing that I’ve actually fallen victim to, is the speed of Google’s spiders and the fact that they index Craigslist. Lets say you run a business.. Catholic Charities R Us and in this post, you include an email address, phone number, something. Lets say you also make a post, days, weeks, whatever, later looking for whores, or something. Both of those posts will come up when Googling for your phone number.

 

Also, consider what you’re sending in this email. What if this guy had sent me an email trying to extort me, threaten me, whatever? I could turn this over to the authorities and they’d have their work cut out for them.

 

Not to try to scare people too much, but think about single women in the dating scene. They make a post somewhere with their email address and someone comes across it and is able to determine the same amount of information about them as what I did above? What if that person was more interested in something other than identity theft?

 

I think you get the idea.. essentially.. guard your personal information with your life. Never post your phone number on the internet (unless you’re using a proxy number, which is what I do), and make sure no personal information is associated with your email address before you go firing off emails to strangers.

insane that you can actually do that.

I just did this to BWUK and determined he is Kim Jong-Il's son

We do this to all of you when you first join LP. We also install surveillance cameras in your homes. Nice pajama pants, btw.

I have recently begun working with social engineering and ethical hacking, and it's amazing how easy it is sometimes. From guessing passwords to finding personal information about people.

 

Hiding your identity on the internet is not hard... if you know what you're doing.

 

Steve obviously does not know what he's doing

We do this to all of you when you first join LP. We also install surveillance cameras in your homes. Nice pajama pants, btw.

Haha, I actually am wearing pajama pants. Sure beats a suit.

We do this to all of you when you first join LP. We also install surveillance cameras in your homes. Nice pajama pants, btw.

 

 

I didn't read the article, will do later, but I know fucked up shit has happened with people finding other peoples identity on the internet, so be careful out there guys

 

I didn't read the article, will do later, but I know fucked up shit has happened with people finding other peoples identity on the internet, so be careful out there guys

 

 

The article is good. The second one I posted is the best of the two.

Good stuff, and if you pay I think you can get even more info. Plus, who wants to really shit his pants? There is a program out there you can launch sitting somewhere on a network where others use facebook - say a coffee shop or uni library, and when they log in their facebook, you can auto log in their facebook too.

 

I suppose the only positive action is you can use it to find out if the girl is single and what her interests are before you approach her.

Haha, I actually am wearing pajama pants. Sure beats a suit.

 

 

 

We know :ninja: :ninja: :ninja:

Anyone heard of the pornstar name game? Take your first pet's name and them your mother's maiden name and hey presto you have a very humorous name fit for the porn industry. About 8 years ago there was a chain email going where people typed in their name and forward the email on to friends and then friends of friends... You get the picture, now think about how that information can be used? Email plus pets name plus mother's maiden name.

 

If anyone finds out my pornstar name is Buster Phumpfrey-Throughway I could be in trouble.

And with that i'm googling myself and deleting any eronious info I can lol.

 

Note to self: Change cell number

 

Man, no I see why my pops always told me to have EVERYTHING owned and titled as an out of state LLC in a trust. At least then it makes things marginally more difficult to search tax records, vehicle registration, etc.

 

Wonder if the guy put that info together and emailed it back to the spammer... talk about shitting your pants!

 

 

very interesting, i need to brush up my net info, not that i have anything to hide, but you never know whats around the corner.

 

A little while back i had a guy threaten me for no real reason. The amount of data I managed to dig up on him very easily in minutes made me laugh.

I find it hilarious how the wife just gives out the names of her two daughters and who the one is married to, and his profession, I mean jeez!

We do this to all of you when you first join LP. We also install surveillance cameras in your homes. Nice pajama pants, btw.

 

I have heard (don't know how true) that a skilled hacker can turn on the camera attached to your PC if you have one and use it to look around the room the computer is in. I would imagine it's if they hack into your computer from a separate computer, they can then operate the camera.

I have heard (don't know how true) that a skilled hacker can turn on the camera attached to your PC if you have one and use it to look around the room the computer is in. I would imagine it's if they hack into your computer from a separate computer, they can then operate the camera.

Porter has probably seen my balls

Porter has probably seen my balls

 

You live in San Fran, who hasn't seen your balls?

What is worrying is that not one of these tools are hard to come buy nor do they require you to be a 'former hacker' to know of them. So many people could be exposed through these simple methods. My IP address thankfully shows up as being 200km away from where I am. My domain is a private registration and facebook is private/contains minimal personal info.

 

Whois (data you must submit when registering a domain) is the biggest giveaway for privacy out there anyone who registers a domain would be wise to cloak their details via private registration. Oh and if you must use facebook make it a private page or avoid all personally identifying posts.

 

I have heard (don't know how true) that a skilled hacker can turn on the camera attached to your PC if you have one and use it to look around the room the computer is in. I would imagine it's if they hack into your computer from a separate computer, they can then operate the camera.

 

Well this is probably why they have little led lights next to the camera. You know when they are on.