How Much of Your Personal Information Is Online?

.

Purpose and Scope

To analyze how much of your personal information is online.To make you question how much data you put on the Internet.

2

Juggling Information

Email

Privacy

UserName

Phone #

Not Secure Too Secure

Who wants your details

Spammers – targeted phishingCorporationsCyber criminals – Identity theftInvestigatorsHacktivists – DOX

Facebook CIA video: bit.ly/xPjEax4

Who wants your details

5

What details do they want?

EmailUsernamePhone #’sIP addressFriendsGPS locationPhoto’s (public and private)NameHometown

6

Connect an email to a site

Does an email exist?

7

Connect an email to a site

Does an email exist?

8

Where does your card go?

Jigsaw.com – find business card info

9

Where can they dig up this info?

Search EnginesSocial NetworksReverse Image SearchPrevious Version Archive (archive.org)School & Alumni SitesDating SitesJigsaw.com

10

Prevention

Avoid using work email for non work sitesAvoid using same password anywhere

P@ssw0rd#8 vs. NascarP@ssw0rd#8Make user ID uniq and difficult to guessKnow your footprint to know your exposureUse a separate junkmail email address

Gmail, etc lets you check bothBCC instead of CCCode contact forms instead of “mailto:”

11

Photo MetaData

12

www.stolencamerafinder.co.ukSearch by serial number

Picasa metadata

Photo To Address

13

• Pictures with Geotagging can lead to an address

Original Image Photo Viewing

14

• camerasummary.com

Pipl.com

Search name, email, username & phone

15

Namechk.com

16

Knowem.com

17

Map Emails to Profiles

Map profile to an email (normally private)Correlate different social networks against same email and/or usernameEnrich emails with private user info for phishing attacksHidden profiles

SwingersCreepersCheaters

Map passwords18

Scripted

19

Identity Hunt Script

20

I scripted a mass email, username query

Identity Hunt Script

21

•Scripted 60+ different site checks

Maltego

Visually search and correlate

22

Privacy Settings

Average Facebook user has:245 friends and 156,569 friends of friends

23

Monitter.com (Live Twitter feed search)

Tweets containingHome aloneHome numberLeaving vacationBirthday

24

Social Search Engines

25

www.facebook-search.comsearch.twitter.com/search.atom?geocode=39.802941%2C-89.655697%2C1mi&rpp=100computercrimeinfo.com/twittersearch.htmlyouropenbook.orgopenfacebooksearch.com

Password reset questions

Birth dateZip codeMother’s maiden nameFirst carI Recommend using a password insteadExample: Sarah Palin yahoo account.

Used Yahoo for official state business“Rubico” sentenced to 1 year in custody

www.wired.com/threatlevel/2010/11/palin-hacker-sentenced

26

Q&A

.

27

bit.ly/yrysPz