Category: Privacy

Credit Report Failures

I like to check my credit reports annually to make sure that no unauthorized accounts have been opened in my name. While I prepare for a podcast episode about the content of various credit reports and consumer data profiles, I went to annualcreditreport.com to pull my report from the three major credit bureaus. For the first time, I received the following general error declining my reports.

While I have previously had problems confirming my identity with two of the three credit bureaus, I have never been blocked from the entire annualcreditreport.com website. I proceeded to manually request the reports from each bureau within the site, but received resistance from each, as follows.

I consider this a "win". The only single aggregated website for requesting free credit reports can no longer confirm I exist. If I can't access them, neither can a malicious adversary. However, this presents a problem. How do I check my reports? I can still submit a request via postal mail at the following link, but that can take 30 days.

https://www.annualcreditreport.com/manualRequestForm.action

Fortunately, I have already "Planted My Flag" with all three bureaus which provided direct login credentials to each service's website. Equifax and Experian allowed me immediate access to my reports, but TransUnion is still unable to confirm my identity, with the following error.

I have submitted this final request via postal mail. Hopefully it arrives in time for the show. My plan is to provide a summary of the data which various credit and data broker services possess about me after five years of Extreme Privacy. I also want to provide warnings about the restrictions applied when we go to the extreme and the lessons I have learned from my mistakes. I will announce everything soon on the podcast. My CLEAR and LexisNexis reports were a bit surprising.

The Privacy, Security, & OSINT Show – Episode 215

EPISODE 215-When OSINT Is Abused

This week I offer a brief episode about the abuse of OSINT details which led to fraudulent unemployment claims, plus a detailed look at the ParkMobile data breach.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

None

UPDATES:

Travel advisory
Twilio TLS
https://inteltechniques.com

WHEN OSINT IS ABUSED:

https://www.documentcloud.org/documents/20618953-geico-data-breach-notice

BREACH REVIEW: PARKMOBILE

https://inteltechniques.com/blog/2021/05/07/breach-review-parkmobile/

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail Encrypted Email: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
Fastmail Business Email: https://ref.fm/u14547153
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH

Breach Review: ParkMobile

Note: This post is the first in a series of breach review articles. No fear tactics. No click-bait. Just a rational discussion about the most recent breaches and how they might impact us from both an OSINT and privacy perspective.

In early-April, various data breach communities began discussing a recent breach at ParkMobile, an app which makes parking payments more convenient. The company eventually released confirmation of the breach at https://support.parkmobile.io/hc/en-us/articles/360058639032. I obtained a copy of the data, which contains the following data structure.

CLIENT_ID,TITLE,INITIALS,FIRST_NAME,LAST_NAME,GENDER,DATE_OF_BIRTH,MOBILE_NUMBER,EMAIL,USER_NAME,PASSWORD,SECOND_PASSWORD,THIRD_PASSWORD,SOCIAL_SECURITY_NUMBER,ADDRESSLINE_1,ZIPCODE,CITY,VRN,DESCRIPTIONS

The data was presented within a single 5GB CSV spreadsheet with over 21 million entries. Attempts to create new accounts at ParkMobile with ten random email addresses within the breach confirmed that accounts already existed with that data. This provides anecdotal evidence that the data is truly from the company. The following is an actual record, redacted for privacy (XXXX), with explanations within parentheses.

1453797 (user number), 352256XXXX (telephone), 352256XXXX (telephone), [email protected] (email), [email protected] (email), $2a$05$mYZyhLkCMueaqAPWpxL7c.IJCEN9T3FILDLXGW0C/Dtu0QKvtAbXC,869JI,86XXXX (encrypted password), CGSXXXX (registration plate), CBSXXXX (additional plate), Dani,Escape,Escape,Cadillac,Escape,rental,Dani,Escape,Escape,Cadillac,Escape,rental (additional notes)

It appears that very few entries possess SSNs or DOBs. The raw data possessed telephone numbers for almost all entries, which were already stored in 10-digit format without hyphens or parentheses. This makes them easy to search. If my target was exposed in this breach, I could easily associate a name with email and cellular telephone number or vehicle and phone details with an email address. Overall, I find this breach to be very beneficial to online investigators. I plan to add it to my collection to query emails and telephone numbers during investigations.

From a privacy perspective, I believe this data is quite damaging to the typical customer. This breach reminds us that alias names, forwarding email accounts, and burner VOIP telephone numbers should always be used when providing personal details to any service. I suspect customers will soon begin receiving malicious email and SMS attacks.

The Privacy, Security, & OSINT Show – Episode 214

EPISODE 214-Offense/Defense: The Capitol Siege

This week I discuss the offense (investigations) and defense (privacy tactics) surrounding the aftermath of the Capitol siege, plus the latest privacy news.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

Investigating the Capitol Siege

UPDATES:

https://inteltechniques.com/firewall/
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
https://beta.protonmail.com

OFFENSE/DEFENSE: THE CAPITOL SIEGE

David Quintavalle
Debra J. Maimon
Philip Vogel
Brandon Miller
Stephanie Miller
William Vogel

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail Encrypted Email: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
Fastmail Business Email: https://ref.fm/u14547153
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH

The Privacy, Security, & OSINT Show – Episode 213

EPISODE 213-Hashes 101

This week Jason joins me to discuss hashes and how they apply to privacy, security, and OSINT, plus a quick chat about the latest Facebook data dump.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

https://inteltechniques.com/firewall

UPDATES:

Status of Training
Facebook Dump

HASHES 101:

Conversation

Resources:
https://pastebin.com/pS5AQNV0
https://dehash.me/
https://github.com/HashPals/Search-That-Hash

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links:
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Simple Login: https://simplelogin.io?slref=osint
Amazon (Books): https://amzn.to/2B5svbH