How Anyone Can Hunt You on the Internet

How Anyone Can Hunt You on the Internet

Over the last year, our notion of privacy has been turned on its heel, as Snowden showed us all that the “government is listening” conspiracy folks weren’t as crazy as people thought.  While there are still, unbelievably, Americans who are okay with the government knowing their every move, perhaps they wouldn’t be so happy-go-lucky with all this data collection if they knew that their info was available to a lot more people than just the NSA…and their intents are even more nefarious than our government, if you can believe that.

“But I’m careful!” you say.  You use different passwords for different sites and you use the login code for Facebook and You Are Very Cautious.  Today you’re going to learn how fast someone like me can find pretty much anything I want to know about you—and I’m not trying.  This is not an endorsement for such tactics; I’m simply showing you how a criminal—or just some random jackass you angered on a forum somewhere—can target you for all kinds of bad ideas.  You may think you’re safe, but you’re not.  I’m going to pretend that I saw you post somewhere, and I don’t like what you said.  In fact, I’m so mad that I’ve decided to ruin your life by stealing your identity.

I’m going to look at your email if I have it.  Nine times out of ten, your email is either your name, or it’s some kind of detail about you.  Cowgirl77, bigspender1, johnsmith, etc.  I’m going to go to the site where you have your email (Yahoo, Hotmail, Gmail, etc.) and I’m going to see if you’ve filled out any details in your profile.    You’re “careful” so all that’s on your Gmail profile is Jim H., and your location as Texas.  You think you’re being clever, but you just narrowed my search down considerably.  (You might be lying, but most people don’t.)  Even though your Gmail profile says Jim H., your Facebook uses your real name, and the website you commented on two days ago that sent me into a psychotic rage uses Facebook to power their comment system.  So, now I know that I have the right person–Jim Howard lives in Texas, and while you don’t list the city in your Facebook profile, you post a lot of photos from around the Austin area.  It also seems like you’re a bit of a party guy–lots of pics in various sports bars and whatnot.  You do tag all your friends, though, so that helps me later.  I also think you might have a drinking problem, judging by the frequency of the pics and the fact that you appear drunk in most of them…and that information could be useful too.

Now I’m going to find your family and your job.  The two sites I’d use for this are pipl.com and LinkedIn.  Pipl.com is only one of several linking sites that I could use to do some basic social network analysis.  This search might net me your relative’s names, general age, and maybe even your address (current or past).  I take your name and location to LinkedIn, and I cross-check the Jim Howards in Austin with the list of potential relatives and friends I have so I can find the right one, because most people have at least one relative or personal friend listed in their LinkedIn.  I could also check Facebook for this, but LinkedIn gives me your employer, and possibly your boss and co-workers.  Now the real fun begins.  I already have enough to send your boss an anonymous email saying that I’m a coworker of yours and that I’ve seen you drunk on the job quite often, or even that I was at Shorty’s Sports Bar last Friday and you were there talking about confidential work stuff.  But I’m after your identity, not your job, so we’ll keep going.

I will now look up the county records for Austin and surrounding area for property held by a James Howard.  I’m going to cross-check that info with what I already gained so far, and now I’ve verified your home address.  (If that doesn’t work because your address is an apartment, no worries.  I’ll simply call your apartment complex, tell them I’m calling to verify information on a job application, and poof.)   Next I’ll go to a real estate site and put in your address so I can get photos of the inside and outside of your home (or go to the apartment complex’s website and get a layout/floor plan).  I can get an appraised value of your home, and with a little math, I can ballpark your income.  If I really wanted to do some damage, I’d go put your name in at Ancestry.com and possibly get your mother’s maiden name.

Let’s recap.  In the space of what’s probably about two hours maximum, I may have all of the following:

  • Name
  • Email
  • Home Address
  • Employer
  • Family members and coworkers
  • Income
  • Photos of your home
  • Mother’s maiden name
  • Date of birth

I could even go further if I had the time, and add a few of your friends on Facebook.  Most people are far more inclined to click “Accept” from someone if they see that they have mutual friends, but I’m guessing that out of the 300+ people you have listed on your Facebook, someone’s bound to be stupid enough to blindly click Yes…which gives me an in to your profile.  Would you click “Accept” if you saw that we had 4 mutual friends?  Especially if I made sure that I had stuff on my page that I knew you’d be interested in?  Once I can see your “private” page, I can probably piece together all kinds of information about you:  where your gym is, when you go, the names and faces of your kids and where they go to dance class and school…you get the picture.

In order for me to steal your identity, all I need are your name, date of birth, SSN, and mother’s maiden name.  I’ve already got 3 out of four.  Do you really think I couldn’t get your SSN with a few phone calls to a few places and a bit of social engineering?  Are you okay with some random stranger knowing all of that about you?  If this little demonstration didn’t disturb you, take it for a test drive yourself.  Run your spouse through the process I just described, and take notes only on information that you find through that. Did you get enough to “steal their identity?”  Did you get enough to make them uncomfortable?

There are steps you can take to minimize your exposure, and it’s a good thing to do for a lot of reasons.  Sure, the NSA is all up in your business (more on that later today), and that’s bad enough.  But to think that criminals can do what I just did?  Some crazy freak you got in a debate with on some website?  Imagine your daughter’s college classmate deciding to do this to your little girl.  If someone like me can do it, think about what a criminal who does this all the time can do.

It’s about a lot more than just privacy.  It’s about safety.

 

 

Written by

8 Comments
  • GWB says:

    You are very right about how carelessly most people pass their private/semi-private information around. It’s primarily because they are sitting at home, inside their own walls, posting “on” their own computer, with friends as their visible counterparts, and they feel safe. It’s psychologically hard (for many) to grasp the extension of that private realm (friends sitting around an electric watercooler in your own dining room) out into public because they are doing it on the internet.

    I wonder, Kit, what you could find out about me, based solely on the information you have from my login here. (One of the reasons I comment here is because you don’t use Disqus or FB.)

  • VALman says:

    Since some of us may have a vested interest in the out come, please indicate whether mission was accomplished, without any details about the “target” of course.

    • GWB says:

      Heh. Kit did a nice bit of social engineering to get some more info from me. From which she tracked down some information that was close, but not me. My advantage is that I do not do social media, and some of the other places I frequent on the internet (virtual worlds) have no connection to my real name at all. She also didn’t go into full-sleuth mode. 🙂

      So, I’m good, but not as good as I could be. I should probably close up shop using certain names and email addresses if I want to be even tighter in my security.

      • VALman says:

        Thanks for the update. Sounds as those this might have been a draw. You both learned something which is good.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe
Become a Victory Girl!

Are you interested in writing for Victory Girls? If you’d like to blog about politics and current events from a conservative POV, send us a writing sample here.
Ava Gardner
gisonboat
rovin_readhead
Instagram