The Privacy, Security, & OSINT Show – Episode 215

EPISODE 215-When OSINT Is Abused

This week I offer a brief episode about the abuse of OSINT details which led to fraudulent unemployment claims, plus a detailed look at the ParkMobile data breach.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

None

UPDATES:

Travel advisory
Twilio TLS
https://inteltechniques.com

WHEN OSINT IS ABUSED:

https://www.documentcloud.org/documents/20618953-geico-data-breach-notice

BREACH REVIEW: PARKMOBILE

https://inteltechniques.com/blog/2021/05/07/breach-review-parkmobile/


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail Encrypted Email: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
Fastmail Business Email: https://ref.fm/u14547153
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH


Breach Review: ParkMobile

Note: This post is the first in a series of breach review articles. No fear tactics. No click-bait. Just a rational discussion about the most recent breaches and how they might impact us from both an OSINT and privacy perspective.

In early-April, various data breach communities began discussing a recent breach at ParkMobile, an app which makes parking payments more convenient. The company eventually released confirmation of the breach at https://support.parkmobile.io/hc/en-us/articles/360058639032. I obtained a copy of the data, which contains the following data structure.

CLIENT_ID,TITLE,INITIALS,FIRST_NAME,LAST_NAME,GENDER,DATE_OF_BIRTH,MOBILE_NUMBER,EMAIL,USER_NAME,PASSWORD,SECOND_PASSWORD,THIRD_PASSWORD,SOCIAL_SECURITY_NUMBER,ADDRESSLINE_1,ZIPCODE,CITY,VRN,DESCRIPTIONS

The data was presented within a single 5GB CSV spreadsheet with over 21 million entries. Attempts to create new accounts at ParkMobile with ten random email addresses within the breach confirmed that accounts already existed with that data. This provides anecdotal evidence that the data is truly from the company. The following is an actual record, redacted for privacy (XXXX), with explanations within parentheses.

1453797 (user number), 352256XXXX (telephone), 352256XXXX (telephone), [email protected] (email), [email protected] (email), $2a$05$mYZyhLkCMueaqAPWpxL7c.IJCEN9T3FILDLXGW0C/Dtu0QKvtAbXC,869JI,86XXXX (encrypted password), CGSXXXX (registration plate), CBSXXXX (additional plate), Dani,Escape,Escape,Cadillac,Escape,rental,Dani,Escape,Escape,Cadillac,Escape,rental (additional notes)

It appears that very few entries possess SSNs or DOBs. The raw data possessed telephone numbers for almost all entries, which were already stored in 10-digit format without hyphens or parentheses. This makes them easy to search. If my target was exposed in this breach, I could easily associate a name with email and cellular telephone number or vehicle and phone details with an email address. Overall, I find this breach to be very beneficial to online investigators. I plan to add it to my collection to query emails and telephone numbers during investigations.

From a privacy perspective, I believe this data is quite damaging to the typical customer. This breach reminds us that alias names, forwarding email accounts, and burner VOIP telephone numbers should always be used when providing personal details to any service. I suspect customers will soon begin receiving malicious email and SMS attacks.

The Privacy, Security, & OSINT Show – Episode 214

EPISODE 214-Offense/Defense: The Capitol Siege

This week I discuss the offense (investigations) and defense (privacy tactics) surrounding the aftermath of the Capitol siege, plus the latest privacy news.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Investigating the Capitol Siege

UPDATES:

https://inteltechniques.com/firewall/
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
https://beta.protonmail.com

OFFENSE/DEFENSE: THE CAPITOL SIEGE

David Quintavalle
Debra J. Maimon
Philip Vogel
Brandon Miller
Stephanie Miller
William Vogel


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail Encrypted Email: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
Fastmail Business Email: https://ref.fm/u14547153
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH


The Privacy, Security, & OSINT Show – Episode 213

EPISODE 213-Hashes 101

This week Jason joins me to discuss hashes and how they apply to privacy, security, and OSINT, plus a quick chat about the latest Facebook data dump.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

https://inteltechniques.com/firewall

UPDATES:

Status of Training
Facebook Dump

HASHES 101:

Conversation

Resources:
https://pastebin.com/pS5AQNV0
https://dehash.me/
https://github.com/HashPals/Search-That-Hash


Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links:
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Simple Login: https://simplelogin.io?slref=osint
Amazon (Books): https://amzn.to/2B5svbH


The Privacy, Security, & OSINT Show – Episode 212

EPISODE 212-Vital Privacy, Security, & OSINT Updates

This week I present several vital updates to my privacy, security, and OSINT strategies. If you are playing along at home, please listen to this episode.

Direct support for this podcast comes from sales of my books and the online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Rob Lowe

VITAL PRIVACY SECURITY & OSINT UPDATES:

Online "Billing" Info

Proactive 2FA

https://inteltechniques.com/firewall/

VOIP caller ID

https://apeiron.io/cnam

Secure Messaging Comparison

Extreme Privacy Status

OSINT:

VM resources

VM Shrinking:
dd if=/dev/zero of=zerofillfile bs=1M
rm zerofillfile
(shut down VM)
Host: VBoxManage modifyhd --compact (insert path to VDI file)


Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links:
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Simple Login: https://simplelogin.io?slref=osint
Amazon: https://amzn.to/2B5svbH