Category: Podcast

The Privacy, Security, & OSINT Show – Episode 221

EPISODE 221-Anonymous Mobile Devices

This week I present my thoughts on anonymous mobile devices and offer two updates to the current books.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

AirTag Speaker Removal

BOOK UPDATES:

Total Cookie Protection
OSINT VM Issues

ANONYMOUS MOBILE DEVICES:

Tracking
IMEI
IMSI
ICCID
MSISDN
GrapheneOS
https://inteltechniques.com/grapheneos.html

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J

The Privacy, Security, & OSINT Show – Episode 220

EPISODE 220-Privacy, Security, & OSINT Potluck

This week I clear out all of my pending show notes and offer a variety of privacy, security, & OSINT topics. For better or worse, I present everything on my list which didn’t warrant a dedicated episode.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

AirTag Feedback

UPDATES:

None

NEWS:

None

PRIVACY, SECURITY, & OSINT POTLUCK:

CFAA Too Broad
Google Tracking Lawsuit
FBI IP Address Warrant
Apple iOS 15
Street View: Blur or Keep?
Breach Review: Criminal Networks
SwarmShop
RockYou2021: magnet:?xt=urn:btih:JEQMEEFTBXT35RJ3GUTGXU7HP3HBU5P6&dn
Raccoon Stealer
Common Law Name: https://commonlaw.name

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J

The Privacy, Security, & OSINT Show – Episode 219

EPISODE 219-Tracking (Or Getting Tracked) with AirTags

This week I discuss the tracking abilities (and concerns) of Apple AirTags, the latest privacy updates, plus a new OSINT resource.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

Community

UPDATES:

EP Book Updates
Video Training Updates

NEWS:

Amazon Sidewalk (June 8th)

TRACKING (OR GETTING TRACKED) WITH AIRTAGS:

Typical Use
Malicious Use
Network
iPhone Concerns
Android Concerns
Reactive Solutions
Proactive Solutions
https://apps.apple.com/us/app/lightblue/id557428110
https://play.google.com/store/apps/details?id=com.punchthrough.lightblueexplorer

OSINT:
https://userhunt.co/

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH

Rebate Tracking OSINT Techniques

On my show this week, I discussed my recent experiences with online rebate tracking. The episode can be heard HERE. I find this technique more "interesting" than valuable to an investigation, but you might locate a nugget of information which assists you. As an example, let's look at Menards. Menards is an American home improvement company which pushes rebates in order to make products appear low-priced. When you buy a product, you can retrieve a rebate slip and mail it off. In a few weeks, numerous checks in small amounts begin arriving at your home. This game provides small discounts, but at what risk? This is where the online rebate center comes in.

Let's start with a visit to https://rebateinternational.com/RebateInternational/tracking.do. This page allows you to enter a first initial, last name, numeric portion of an address, and postal code of your target. This result appears similar to the following.

We now see the purchased items, purchase dates, rebate amounts, and payment details. This gives us a glimpse into the shopping habits of the target and could lead to patterns of behavior which might expose someone's routines. It could also provide pretext value. I could initiate an email phishing attack focused on a specific purchased item announcing a problem with the rebate. That would be so targeted that the recipient would probably click whatever link I sent. This rebate service even stores all purchases within a static URL which is prone to abuse. If my name were Michael Smith and I lived at 1212 Main Street in Houston, Texas, my URL would be the following.

https://rebateinternational.com/RebateInternational/trackResults/M/Smith/1212/77089

Note that this URL does not require any credentialing and is open to brute-force scraping. Next, let's take a look at Lowe's home improvement. They offer a rebate confirmation website at https://lowes-rebates.com/en-us/RebateStatus which allows entry of a cellular number or home address, as follows.

This allows us to potentially translate an unknown cell number into a name and address or vice-versa, as well as obtain shopping history of the target. These two examples are only a small selection of the possibilities. On the show, I explained how I tracked shoppers through the portals for Micro Center, Budweiser, Miller, Kohls, Auto Stores, and other retail establishments. I have found the following three Google searches to assist with finding companies which offer similar options.

https://www.google.com/search?q=intitle:"rebate center"
https://www.google.com/search?q=“track+my+rebate”
https://www.google.com/search?q=“track+your+rebate”

The Privacy, Security, & OSINT Show – Episode 218

EPISODE 218-Rebate Tracking (Privacy & OSINT)

This week, I discuss the privacy concerns and OSINT benefits of rebate tracking portals. You might be surprised at the wealth of details exposed when we request rebates from stores.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

Rebate Tracking

UPDATES:

OSIP Certification:
https://www.inteltechniques.net/
https://inteltechniques.com/blog/2021/05/25/new-osip-certification/

REBATE TRACKING (PRIVACY & OSINT) :

https://inteltechniques.com/blog/2021/05/28/rebate-tracking-osint-techniques/

Menards
https://rebateinternational.com/RebateInternational/tracking.do#track-rebate

Lowes
https://lowes-rebates.com/en-us/RebateStatus

Parago
https://rebatetrack.com/promocenter/parago/track.html
http://rebateshq.com/promocenter/rebateshq/track.html
Microcenter: https://rebatetrack.com/quick/track/microcenter
Miller: https://rebatetrack.com/quick/track/miller_lite
Kohls: https://rebatetrack.com/quick/track/kohls

PFC/GPG
http://rewardsbymail.com/
https://rapid-rebates.com/tracking/Content/NewSearch.aspx

Patriot RAM
https://patriotmem.4myrebate.com/Claim/TrackaRebate

McAfee
https://mcafee.4myrebate.com/Claim/TrackaRebate

Verizon
https://www.yourdigitalrebatecenter.com//#!/track

Advance Auto
https://advanceautoparts.4myrebate.com/Claim/TrackaRebate

Napa
https://www.naparebates.com/track-your-reward.aspx

Budweiser
https://www.myabrebates.com/track/

Sirius
http://siriusxmrebates.com/promocenter/siriusxm/track.html

Mobil
https://mobil.rebateresearch.com/

Scotts
http://osmocoterebates.com/promocenter/scotts/track.html

Lessons:
OSINT can identify previous purchases
Exposes patterns of behavior
Provides pretext for a call/email phish
Rebates carry risk
Alias names/addresses don't work
Misspellings may help

OSINT:

https://www.google.com/search?q=intitle:"rebate center"
https://www.google.com/search?q=“track+my+rebate”
https://www.google.com/search?q=“track+your+rebate”

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH