Basics of Internet Investigations
Most people assume that while online they remain relatively anonymous. While this is a pleasant myth, it is just that, a myth. Whenever you connect to the internet you leave traces behind. Unless you take active measures to erase your electronic footprints, you can be tracked down, and not just to your IP address, but to your street address.
Working on contracts for various departments of the US government has afforded me ample opportunity to engage in internet investigations. While I will say that social engineering is the best way to dig someone up online, there are several simple steps you can use to track someone down online.
The easiest way to find information about someone is to use 'Member Profile' areas of the large e-mail services. Yahoo! has an excellent profile on all their members, but all the services, from Excite to Hotmail display personal information to the inquisitive if you are not careful when you sign up for these services. The easiest way to avoid giving away personal information online is to develop a dossier on a fake identity that you use whenever you give personal information online. I usually use Father Jay Nick, of Detroit MI as my fake identity. Using a reverse phone number look up (available on Yahoo! I have even supplied Father Nick with the real address and phone number of another Mr. Nick). Because the information is consistent, I am able to recall it if necessary even though it is fake.
Using the 'Member Profile' sections provides you with a wealth of opportunities to find member?s street addresses and phone numbers. Of course, once you can obtain a real name behind an IP address or e-mail address, running it through Alta Vista can turn up everything from high school plays the subject performed in to organizations they attend.
One of the other most helpful information services online is Network Solutions' whois look up (http://www.networksolutions.com/cgi-bin/whois/whois). This service has exposed more spammers and website owners than I care to think about. Network Solutions conveniently provides addresses and phone numbers to anyone online. I used to think it would be easy to provide fake information here, but when you register a domain you must have a valid address to receive materials for signature, etc. The only way to annonymise this information is to rent a mailbox from a service such as MailBoxes Etc.
Assuming these two methods cannot provide any information using IP addresses can reveal a whole host of information as well. Using an IP address look up service such as: http://www.osilab.ch/ can also provide information to use with Network Solutions' resources. Using a tracert (type 'tracert' or 'ping' at the DOS prompt) can show you which networks packets pass through last before being delivered to a host. This will often reveal a subjects ISP (which can be used for their 'Member Profile' section or social engineering).
Using all these methods it is relatively easy to track down almost anyone. If you are also proficient enough to spoof e-mail, recognize e-mail headers, and pick apart HTML for information provided underneath a website's facade, you should have little trouble finding almost anyone online. Good luck, and happy hunting.
MadIrish
1.) Daemon
processes - psyops
2.)Analysis
: Implications of Internet Growth - CptZZap
3.)The Art of
IRC - JesterS
4.)Network
Stacks & TCP/IP - Liquid Sphear
5.)Basics of
Internet Investigations - madirish
6.)Proliferation of
the Internet
7.)Having fun
with system.ini - xearthed
8.)A look into
VPNs and setting one up - L33tdawg
9.)Review of
DIVA LAN ISDN Router - L33tdawg
10.)Strategies
for Tomorrows War - Cpt ZZap
