The Complete Privacy & Security Podcast – Episode 098
Posted on November 9th, 2018
EPISODE 098: Sextortion, Data Breaches, and Anonymous Browsing
This week I discuss creepy new sextortion attacks, interview SpyCloud about data breaches, and review Authentic8’s investigation browser.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
SPONSORS:
Authentic8: https://info.authentic8.com/
Privacy.com: https://privacy.com/inteltechniques
INTRO:
Store Tracking
Sextortion Scams
DATA BREACHES WITH SPYCLOUD:
Jason Lancaster, Head of Investigations, Spycloud
OFFENSE & DEFENSE:
O: Authentic8: https://info.authentic8.com/
D: Authentic8 Demo: https://a8silo.com/launch.html#
LISTENER QUESTIONS:
Q: Is there a difference between cable vs dhl vs satellite internet in regards to privacy or security?
Q: What specific vulnerability did you attack with the remote screen capture of the scammer’s computer call last week?
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 098
The Complete Privacy & Security Podcast – Episode 097
Posted on November 2nd, 2018
EPISODE 097: A Discussion on Cloud Storage with SpiderOak
This week I present new privacy threats, talk about secure cloud storage with SpiderOak, throw out a new Offense/Defense to consider, and make a couple of phone calls to tackle listener questions.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
INTRO:
https://www.cato.org/publications/policy-analysis/new-national-id-systems
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/
https://www.loricarangelo.com/DonorOffspring/viewregistry.cgi
A DISCUSSION ON CLOUD STORAGE WITH SPIDEROAK:
Matthew Erickson-Director of Client Services and Technologies, SpiderOak
https://spideroak.com/
OFFENSE & DEFENSE:
O: Findera.com
D: team@findera.com
LISTENER QUESTIONS:
Q: keep receiving these “Hacker for Hire” emails, which are obviously scams. Who are they and what is the motive? How did they get my contact info?
Q: I bought a new iphone with cash and now have a prepaid plan in an alias name. I guess the only weak spot is that Apple has my face on camera. Do they use facial recognition? Do they keep it forever? Will my face be in some future system they create?
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 097
New Internet Search Resources (OSINT)
Posted on October 29th, 2018
The following new-ish resources have been beneficial to my online investigations this month, and have been added to the new IntelTechniques Online Search Portal:
World Imagery Wayback – https://livingatlas.arcgis.com/wayback/
This satellite mapping tool, powered by ESRI, offers multiple historic views of practically any position on earth. I highly recommend checking the “Only updates with local changes” box, as it will remove useless options without any visual changes. Last week, I used this to identify a unique vehicle in a driveway of a suspect residence. I could not find this evidence on any other mapping options.
Social Searcher – https://www.social-searcher.com
This tool is not new, but there have been some updates that are worth mentioning. The search option allows query of any data including names, usernames, or keywords. The export option on the right is useful to create a csv of results. Recently, this located a social network profile that had been deleted, but was still being picked up. There was enough data to extract details for another search through archives.
Profilr – https://www.profilr.social
Another service that has been around a while, but only recently have I found it to be useful. It only searches six main networks, and queries can be made from the search field or through a direct URL as follows:
https://www.profilr.social/search/mikeb
Findera – https://findera.com/
This site is obviously scraping LinkedIn data, which is nothing new. The difference here is that you can search for keywords within fields that are not searchable by LinkedIn. In one example, I searched my own name to make sure there were no undesired profiles. One of the results was a LinkedIn profile that mentioned my training at one time. This could be a great tool to search deleted profiles or accounts that have since removed specific details.
Intelligence X – https://intelx.io
This is another service scanning and collecting paste dumps, which often include email lists and password breaches. A search will display a few results and redact the rest unless you are logged into a free registered account. I have found many relevant details here. This is a mandatory stop for an email search.
Grey Hat Warfare – https://buckets.grayhatwarfare.com
I have yet to experience a benefit to my investigations with this tool, but I can see where it could be valid. This tool scrapes public Amazon buckets, even those that should be made private. I currently only visit this tool when searching businesses. Many of the links do not provide any actual content, but some reveal data unavailable anywhere else, such as test web pages and documents.
Telegago – https://cse.google.com/cse?&cx=006368593537057042503:efxu7xprihg
This Google CSE searches for information relevant to Telegram/Telegraph data. Results can be filtered by Private, Stickers, Contacts, Public, and other general areas of the popular online service.
Google Storage API – https://www.google.com/search?q=site:storage.googleapis.com
This Google Dork provides some surprising results. If your target uses the Google Storage API (similar to Google Drive), you may find exposed content. These often include PDF files not publicly linked on official websites.
DeepL Translator – https://www.deepl.com/translator
Whether you are frustrated with garbled translations from Google or simply want a second opinion, DeepL is a fantastic language translator. It also allows translation of uploaded foreign documents. This feature recently helped me quickly translate a large Word document that would have otherwise taken many hours to break apart.
YouTube Channel Crawler – http://channelcrawler.com
Searching videos and users on Youtube is fairly straight-forward. Searching YouTube channels using wildcard queries has always been frustrating. Channel Crawler attempts to fix this by scraping channels and providing a search option for the collected data. I find that providing the most minimal search query possible works best.
Whoodle – https://www.whoodle.com
This is another U.S. people search engine with a freemium model. The free results are usually enough to give me direction for additional searches on more reliable sites. Clicking View Report will only present you with payment options.
Yellow Pages Goes Green – https://www.yellowpagesgoesgreen.org
The overall design and function of this website is awful. The data behind it is mediocre. Why is it here? Many people are removing their white pages listings from the main people finder sites, but miss smaller option such as this one. Searching on the main page will fail almost every time. Instead, I suggest using Google as follows:
site:yellowpagesgoesgreen.org “debbie bazzell”
Filed under OSINT, Search | Comments Off on New Internet Search Resources (OSINT)
The Complete Privacy & Security Podcast – Episode 096
Posted on October 26th, 2018
EPISODE 096: Lessons Learned From My Latest Doxxing Attack
This week, Jason and I discuss lessons to be learned after an online group tried to dox me because of a forum post. Also, I provide a full review of Skopenow.com and we take listener questions.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
Doxxing Discussion
OFFENSE & DEFENSE:
O: Skopenow.com
D: Discussion
LISTENER QUESTIONS:
Q: I am a Protonmail user but few of my contacts use it. Are there still benefits of using Protonmail even though most don’t use it?
Q: I am an online investigator, jumping into the world of alias accounts. Are there any good getting started tips for creating a list of aliases?
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under Privacy, Search, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 096
The Complete Privacy & Security Podcast – Episode 095
Posted on October 19th, 2018
EPISODE 095: Better Email with Fastmail
This week I talk with the CEO from Fastmail about making email more secure, plus an extended OSINT segment on using data leaks from Dehashed.com combined with public hash data to identify new targets of investigations.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
Fastmail:
http://fastmail.com/?ref=securitypodcast
CEO Bron Gondwana:
https://twitter.com/BronGondwana
OFFENSE & DEFENSE:
O: Dehashed.com / hashes.org / hashkiller.co.uk / sha1-online.com
D: Discussion
LISTENER QUESTIONS:
Q: There is an abundance of secure messaging apps such as Wikr, Signal, Wire, Threema, etc. Which do you currently recommend?
Q: When switching to a PO Box or a CMRA, what would be the best order to do the change?
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 095
New OSINT Search Portal
Posted on October 17th, 2018
I have always provided a collection of online search tools and links on my website. This landing area has changed drastically since 2010, and was due for another makeover. I have completely re-worked the entire collection of online search resources, which is available at https://inteltechniques.com/menu.html (you may need to refresh the page). The following explains a bit about the function, changes, and reasons for modification.
Function: This new collection of tools focuses on TARGET DATA. Choose the type of information you have about your investigation (email address, Facebook profile, name, IP address, etc), and click the corresponding category to the left. This will present a drop-down menu with two options. The first will launch the custom automated search tools for that type of data. This should be the first attack. If you are still seeking more information after the searches, the second option in the menu will take you to numerous online resources related to the search type.
Changes: Overall, almost all of the automated tools were updated to reflect new technique changes. I removed over 60 dead links, and added over 35 new resources.
Reasoning: I decided to change to the format of TARGET DATA searching for several reasons. First, most users of the tool do not want to poke around hundreds of links in order to identify which work best for their investigation. This new format allows you to only display resources that apply to the data you have and want to search. Second, I am seeing a ton of OSINT link collections that pop up, many of which seem to be competing for the “Most OSINT Links” award. It is great to see so many people sharing their OSINT resources, but the pages get overwhelming. I saw one today that had over 4,000 links, without any clear guide to where a person should start. Two that I found recently possessed a handful of useful resources that I was not aware of. I believe these serve a GREAT purpose for dedicated OSINT practitioners. OSINT instructors should stay aware of these huge collections and scrutinize them for the next big resource. I will continue to scour these for tools that are not already covered within another service. For most users, they present too many mediocre search options that are already covered within better services. Additionally, most of these collections are hosted on Start.Me sites, which include mandatory tracking scripts from Google, NewRelic, and others. I believe that investigators should avoid tracking behavior when searching sensitive information.
I chose the “Most Bang for Your Buck” scenario. I believe that less is more. Thousands of resources do no good if you do not have the time to devote toward learning all of them. With my new collection, I present only the most beneficial tools and links that seem to assist with my own investigations. I also do this without any tracking or third-party scripts. I hope that more online investigators will embrace the idea of avoiding web-monitoring and tracking behaviors from commercial sites, and will consider self-hosting without trackers.
There was a lot of discussion within the OSINT community about creating a standard for online link collections. I don’t think it ever progressed into anything official, but I offer this new format for consideration. I think OSINT resources should be categorized by what data is being SEARCHED (email, telephone number, domain, etc) versus the alphabetical NAME of each site or the TYPES of services (marketing, political, social media, etc.). I think this tool provides a faster, more direct approach to online investigations. For those that hate the new design, the previous version can be accessed by the”Classic Version” link in the upper right. There will be much more frequent updates with the new set.
Filed under OSINT, Search | Comments Off on New OSINT Search Portal
The Complete Privacy & Security Podcast – Episode 094
Posted on October 12th, 2018
EPISODE 094: Bruce Schneier
This week I interview Bruce Schneier about his new book and our privacy strategies.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SPONSOR:
Pay with Privacy
https://privacy.com/inteltechniques
SHOW NOTES:
Bruce Schneier:
https://www.schneier.com/
Book:
Click Here To Kill Everybody:
https://amzn.to/2pPZdFn
OFFENSE & DEFENSE:
O: https://ghostproject.fr/
D: Discussion
LISTENER QUESTIONS:
Q: I ditched the US cell phone number I had for over a decade. Unfortunately, I had a large number of accounts using the old number as 2FA. I didn’t have enough time to transition everything slowly and now I’m stuck calling individual companies to be able to log in to various accounts. Any advice/alternative ways to deal with this transition? Also, I am wondering if someone would be able to get my old number? Is there a way I can make sure that number “dies” and isn’t used again?
Q: How do you feel about entering one’s mobile telephone number in the U. S. government’s “do not call” registry? Also, if one receives a spam text or telephone call to their personal mobile number, how do you feel about reporting the spammer to the U. S. government’s “do not call complaint” website (this requires disclosing one’s mobile number).
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 094
The Complete Privacy & Security Podcast – Episode 093
Posted on October 5th, 2018
EPISODE 093: Social Engineering Revisited with Chris Hadnagy
This week Chris Hadnagy joins me to discuss the impacts of Social Engineering on Privacy.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SPONSOR:
None
SHOW NOTES:
Chris Hadnagy:
https://www.social-engineer.org/
https://www.innocentlivesfoundation.org/
Book:
Social Engineering: The Science of Human Hacking:
https://amzn.to/2RtTcKX
OFFENSE & DEFENSE:
O: https://gotcha.pw/
D: Discussion
LISTENER QUESTIONS:
Q: How do you balance your Geek urge to jump onto new social media platforms, Google type services, etc and taking a step back and not signing up because that service is going to make you the product? What are your boundaries?
Q: My workplace wants all employees to upload a photo into an internal application. Are there ways to make a photo of you look bad full size but decent as an icon? Any other ideas for masking?
Please submit your listener questions at https://inteltechniques.com/podcast.html
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 093
Breach Data Search Engines Comparison
Posted on September 30th, 2018
During my Advanced OSINT training, I demonstrate the benefits of publicly released breach data within my online investigations. These data sets often translate an email address into a full name, password, IP address, and confirmation of online accounts. Searching unique passwords can often identify alias and burner email addresses which can lead to new intelligence. If one possessed all of the public breaches, wild card searches can lead to amazing discoveries. However, many people cannot possess the actual data due to internal policies or storage restrictions. This does not eliminate the potential to use this data as part of an investigation thanks to numerous websites that allow search of most public breaches. This post reviews each service and identifies the benefits and limitations of each. Let’s start with the basics. Note that I have removed all direct hyperlinks in order to prevent accidental clicking of questionable sites.
Have I Been Pwned (https://haveibeenpwned.com):
This staple has been around the longest, but does not share a ton of details. A search of an old government email address which I no longer use revealed it is present within eight data breaches including Dropbox, MySpace, and some combo lists. This confirms that the email address was a valid account at one time, and that it was used to create accounts within specific online services. As an investigator, I would now look for my target within those services. I find this site is a better email validation option than websites created for that specific purpose.
This site does not allow search via direct URL input, but the API does. The following URL instantly searches the address referenced above and identifies the same eight results as a text-only result.
https://haveibeenpwned.com/api/v2/breachedaccount/bazzell@altonpolice.com?truncateResponse=true
This can be beneficial when you have many addresses to search and you want to automate the process. It also allows me to use this search option on my Email Search Tool and User Name Search Tool. Note that this site does not display results for “sensitive” breaches such as the Ashley Madison hack. For that, you will need to use a service such as https://ashley.cynic.al.
DeHashed (https://dehashed.com):
Similar to Have I Been Pwned, DeHashed allows a free search of any email address in order to identify known breaches. However, it is important to place the email address within quotation marks because DeHashed allows a full wild card search by default. When searching bazzell@altonpolice.com without quotes, I received 1,164 potential hits. When searching within quotes, I received six applicable results. These results were also present within Have I Been Pwned, but I can now conduct further searching such as “altonpolice.com”, “mbazzell”, and any other target data I have such as a phone number, IP Address, or full name. The results identify only the source of the breach, which will confirm the services used by my target. If I create an account and pay a few bucks, I can see the entire record, including password. The MySpace result for my old email address identifies the user number for the account and a weakly encrypted password as seen below.
A quick look at the Exploit.In combo breach easily translates that hash value into my actual password from 1999 as seen below (shame on me):
A search of that email address reveals that I am not the only person to choose weak passwords at one time:
Regardless of using a free or paid account, DeHashed allows direct URL queries in the following format:
https://dehashed.com/search?query=%22bazzell%40altonpolice.com%22
DeHashed adds new breaches every week. The business model is to provide paid search services to investigators and legitimate companies. It is also present on my Email Search Tool.
SpyCloud (https://spycloud.com):
This service focuses on defensive monitoring, but can also offer a bit of OSINT to us. A query of an email address can be submitted through the home page or via direct URL at the following.
https://spycloud.com/breachstats/?email=bazzell%40altonpolice.com#
The result, as seen below, confirms that the email address is valid, it has been seen within seven breaches within SpyCloud’s database, the domain is present within 78 breaches, and it was last seen within a breach one week prior to the search.
In order to see the full report, you must request access, and the result will be sent to the email address searched. Therefore, if you do not own the email of interest, you cannot see any further detail. If you search your own address, you can receive a full report and sign up for free monitoring. This will notify you if any new breaches are discovered containing your account. SpyCloud has a full-time staff adding new breaches every week. The business model is to provide paid monitoring services for large companies.
Gotcha (https://gotcha.pw):
The previous options actively collect entire data breaches and insert them into self-maintained databases. This may be overkill for your needs. Gotcha possess only one large “Combo” file which likely consists of the Exploit.In and AntiPublic credential lists floating around publicly. A search can be conducted from the home page or via direct URL as follows.
https://gotcha.pw/search/bazzell@altonpolice.com
The results sanitize the full record, but we can still confirm a partial password as seen below.
Due to the direct URL option, I have added this to the Email Search Tool. Because the results are masked, it is unlikely this resource will be shut down any time soon.
Ghost Project (https://ghostproject.fr/):
This site seems to possess the exact same combo file as Gotcha, but it reveals the entire password of a target. In my example, the following result identifies a full password without the need for any registration.
Wild card searching through this site was hit or miss. A user name appeared to work well, but a password failed. It seems that the wild card searches only apply to the first portion of the first field of the combo list which is almost always an email address. In other words “bazzell” had several hits but “altonpolice.com” had none. My gut tells me that this will either turn into a premium site or will disappear completely.
We Leak Info (https://weleakinfo.com/):
My first complaint about this site is that it blocks most VPN IP addresses. Every US based VPN server I tried that is used by PIA and ProtonVPN was blocked. All Tor addresses were also banned. Fortunately, switching to a Canadian server released the block and I was able to proceed. The search for my example email address provided the expected results as seen below. The drop-down search box allows search of user names, email addresses, passwords, hashed passwords, IP Addresses, telephone numbers, and full names.
Viewing the details of each breach, including the passwords, requires a premium account. While the prices are similar to DeHashed, I believe that DeHashed has better data. We Leak Info also advertises on many of the “hacker” related sites as a “hack tool” and tries to force users to connect with their real IP addresses. Therefore, I only recommend using We Leak Info as a free cursory search behind an international VPN IP address.
Leaked Source (https://leakedsource.ru):
This service visibly appears like a combination of Ghost Project and We Leak Info, and provides various detail based on level of subscription. Free accounts translate an email address, IP address, user name, real name, or telephone number into a notification of any breaches that contain the target data. Obtaining passwords or any sensitive details requires a paid account. Similar to We Leak Info, I find the collection a bit stale and over priced. Again, I believe DeHashed is a better choice for paid content. The following was the result of my demo search. It was the least productive of all searches.
NEVER RECOMMENDED:
SnusBase (https://www.snusbase.com): This service requires an account and premium paid subscription before any searches can be conducted. I found the prices to be high and the content to be weaker than the other paid searches. I see no reason to use this service since a paid subscription is required for any searches.
Have I Been Compromised (https://haveibeencompromised.com): This service only displays results to the account owner. It is easy to accidentally search a target email address, which sends an email to the target, notifying him or her of your actions.
Hacked-Emails (https://hacked-emails.com): Similar to the previous option, you will obtain no valuable information here. It will also notify the target of the search.
Summary:
I believe that any thorough OSINT investigator should take advantage of all free resources available during every investigation. I have embedded the best options into my Email Search Tool. For defensively monitoring your own accounts, I believe SpyCloud is the most effective and has the strongest collection of breaches. For offensive investigation, I believe DeHashed is the best paid resource. I am sure I am missing some, and this list may continue to grow as new services emerge. I have also posted a new video for the members of the IntelTechniques Video Training on how to fully utilize these resources during investigations. Obviously, use this data responsibly. Protect your true IP address with a VPN at all times. Attempting to use credentials that do not belong to you is a crime.
Filed under OSINT, Security | Comments Off on Breach Data Search Engines Comparison
Complete Credit Freeze Tutorial (Major Update)
Posted on September 28th, 2018
Over the past five years, I have published numerous posts identifying the importance of a credit freeze. A credit freeze simply allows an individual to control how a U.S. consumer reporting agency is able to sell his or her data. This applies to SIX independent credit bureaus. The credit freeze locks the data at the consumer reporting agency until an individual gives permission for the release of the data. Basically, if your information stored by the credit reporting bureaus is not available, no institution will allow the creation of a new account with your identity. This means no credit cards, bank accounts, or loans will be approved in your name. In many cases if someone tries to use your identity but cannot open any new services, they will find someone else to exploit. I can think of no better motivation to freeze your credit than knowing that no one can open new lines of credit in your name. This does NOT affect your current accounts or credit score. A credit freeze also provides a great layer of privacy protection.
Now that credit reports are free due to a new federal law (https://www.congress.gov/bill/115th-congress/senate-bill/2155), I feel it is time to update the procedures for viewing your credit report and then freezing it in all possible locations.
First, I recommend obtaining your entire credit report from Equifax at https://www.annualcreditreport.com. This free report should be used to identify any unknown uses of your identity. If you do not want to submit the request online, you can use the form at https://www.annualcreditreport.com/manualRequestForm.action to mail in the submission.
Next, submit a credit freeze at the “big three” credit bureaus via their online submission options, telephone, or postal mail at the following resources.
Equifax
Online: https://www.freeze.equifax.com
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788
Experian
Online: https://www.experian.com/freeze/center.html
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013
TransUnion
Online: https://service.transunion.com/dss/orderStep1_form.page
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016
Be sure to properly store the PIN provided to you (usually sent via mail). You will need this to un-freeze your credit if desired. Next, submit a freeze request to the “small three” credit bureaus at the following resources.
Innovis
Online: https://www.innovis.com/personal/securityFreeze
By Phone: 800-540-2505
By Mail: Innovis Consumer Assistance
PO Box 26, Pittsburgh, PA, 15230-0026
https://www.innovis.com/assets/InnovisSecurityFreezeRequest-110141767716e41ac7d862e221ac5831.pdf
Chex
Online: https://www.chexsystems.com/web/chexsystems/consumerdebit/page/securityfreeze/placefreeze/
By Phone: 800-887-7652
By Mail: Chex Systems, Inc. Attn: Security Freeze Department
7805 Hudson Road, Suite 100, Woodbury, MN 55125
NCTUE
Online: https://www.nctue.com/Consumers
By Phone: 866-349-5355
By Mail: NCTUE Security Freeze
P.O. Box 105561, Atlanta, GA 30348
Next, navigate to https://www.optoutprescreen.com/ and request to be placed on the Opt-Out list to stop receiving unsolicited credit and insurance offers.
After you have received confirmation that the six credit bureaus have placed a freeze on your credit, navigate back to https://www.annualcreditreport.com and request your free credit report from Experian. This report should acknowledge that a freeze is successfully in place. In a few months, repeat the process for Transunion. You are allowed one free report from each of the three providers every year.
I cannot stress the importance of a credit freeze enough. Anyone with a SSN should submit one right away. The new federal law also mandates that any child with a SSN under the age of 16 can also have a free credit freeze. I highly recommend locking down the entire family.
Filed under ID Theft, Security | Comments Off on Complete Credit Freeze Tutorial (Major Update)