border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Wednesday, May 11, 2011

So You Want to DOX Somebody ?

First off for the n00bs out in the world who have heard the term, but dont know what it means, dox is short for docs which short for documents. You want to find the information (documents) on somebody for whatever reason. You are doxing somebody.

Today, times have changed a lot. When I was younger back in the 90's and the internet was just getting started, no body even imagined putting ANY personal info up. Now what do we have? Facebook, Myspace, Twitter, Viveo, Youtube, Google, Blogger, Hi-5, Forums, Other blog sites, Paypal, Ebay, Amazon, Emails, Monster (the job listing site), intelius, Google, Google, Google, Google, and Google, If you can post info somewhere, people post it. There are COUNTLESS sites of the self release of information that can be used for your doxing purposes. 

Lets say you find a pedofile on the net who posts under a frequent username. Check the account first off. Perhaps he has an email listed under that username that is publicly available for you and me too contact. Say you don't. You Google that username with a variety of dorks and what not until you find him with his email. Now you have his email. 

You can contact him and try to social engineer him for some kind of personal information, all the while searching the net with that email. Lets say you Google that email and check sites with that email and you find Myspace, Facebook, Twitter, Blogger and Monster listings. BOO-YAH! The holy grail of information is now at your finger tips. You find his name is Rupeshhacktheworld, he lives at 999.999.99.99 Hack Community Lane, 12345, PO Box 39dk9r, he has 59 cats all named RUPESH VERMA, you have his picture, his DOB, friends to contact, possibly his job, family members, favorite music, books, movies, what style of clothes he wears, his cell phone number possibly, see what he posts and blogs about to find out more intimate information. However much he puts up is what you got. Folks, all you need is a name and either a phone number or an address. In five minutes you can have their complete criminal history, SSI number, credit card numbers, credit history, job history. So much.

So I got his name, address, cell, name of his RUPESH VERMA, we find he works as the door greater at Uncle Danger' Fried Chicken, his favorite things, best friends and family, and what he talks about. We decide we can attempt a login to his email. We go through his secret question/answer. First question, Name of your pet... We know his cats, all 59 of them, are named Tom, so BINGO, we got that one. Second question, Who did I lost my virginity too?.. Oh man, we have to dig even deeper. Sometime SE comes in handy and we befriend them on sites they frequent, we know these from the initial Google searches, but say he is hostile to all people and the only time he goes out is too greet people at Uncle Remus' Fried Chicken, who knows how he got that job, perhaps he lost his virginity to the sexy 400lb girl with the looped loop cheeseburger teeth and the limp that she insists is because one of her shoes is too big. All jokes aside, we can't befriend him, so now we have to find it ourselves. 

We add him everywhere (even though we couldn't befriend him anonymously, but surely he'll accept our social network requests, he only has 29 friends, 28 of which are his family members. We dig deeply enough to find out the previous information, and we find his one friend on Facebook is none other than Megan Fox. So we go back and try the email again. Tom and Megan Fox, BINGO! We are on his email, we read through some personal emails and find that him and Megan Fox are secretly cat raping, loner, pedofiles, turn this info into the police, he was under the alias and his real name is Benjamin Bumpkin and you receive an award of $1 million dollars for info leading to his arrest. Good for you. This is a very basic set up to give you an idea of just how easy it can honestly be sometimes. 
A more realistic scenario. Lets DOX yourself. Start with nothing but the primary email that you use to get into sites. Google it. You find all of your social networking accounts, monster job listings, paypal, ebay, amazon, blog posts, forums posts, the porn sites you frequent, religious sites you frequent, EVERYTHING. Make a massive list of everything, leave everything as is, dont mark your pages private and all that, literally test your security against the average person doing this. Make a list of everything of significance and even non-significance. See if people can find out your secret question/answer by Google-ing you. How much they know so they can pretend to be you. I bet right off the bat... I bet $100 that you immediately have name, a picture, and a DOB. This can be compared to public records potentially (if you are at the age of 18 or older) and now we have a phone number and an address. We search deeper and find out according to your blog posts that you play several venues with a band and list the names of the venues. Now you have places to contact for more info about you. You Google Map the address to find a city, state, zip code. You call the venues and ask the bartenders, managers, owners about you. You ask for a cell phone number to reach you at. BAM! Cell phone triangulation becomes a reality. You search deeper on the net with the provided information and compare to more private and public records. We go through Monster if you used it, you have a COMPLETE job resume with all the jobs you worked at which can deduce your average income, and I can compare to your house and car. If you are making $30,000 a year and living in a $250,000 driving a Porsche, I know something is up if I am searching for tax evaders. I can get detailed enough to have a license plate number. I can purchase information through Intellius, and for a few bucks, I have your SSI number and plugged up a lot of other wholes like credit score, banking history, criminal records, job records. I can even start digging up health records if I get deep enough. In about 6 hours or work or less, I can become me or whoever the unfortunate bastard is that I am going after. 

Are you getting a drift. Once you have phone numbers, emails, name, address, all viable methods of contact become possible for some SERIOUS social engineering to take place. You can pry the information from the target. You can pry it from friends, relatives, colleagues, associates. It is up too how creative you are to get the information on that person. That and just simply knowing where to look. 
Privacy is DEAD folks, get over it. You are digital. The minute you fill out any information form on the net and submit, it becomes a countdown timer of how much you are fucked. The timer moves as fast as you do. This is a tutorial on DOXing through practical application. Google has information on everybody. Google is Skynet.

Now, one more thing to go with, IP addresses. Don't think that these are anonymous. They can be de-anonymized in no time. This is another tutorial for another day. 

Anyway, this is some food for thought for you. Very useful information I picked up. Very easy to get. Steve Rambam's talk at The Last Hope is very insightful on the Youtube channel "mediarchives". Watch it, then you will realize just how none safe you are. 

Actually, there are 36, 5 minute parts to this. Here is part 1: 

Watch it when you get some free time. Incredibly insightful. Other videos including ones by Jello Biafra are very good. Im done wandering now, have a good day.

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More