7 minute read
HVCK : Issue 1 - 2022
BRAVE NEW WORLD
by Ryan Williams
Advertisement
The shrill trademark battlecry of one of my favorite local rough sleepers got me thinking. The end truly is nigh. Privacy as we conceive it dead. A myth. Its something our children will speak to there children about in wonder but never truly understand what it was, why it was important to us and how we unwittingly traded it in for convenience. We give it away for the privelege of using “free” products, services and platforms. It would be oddly comforting to know it was taken from us by some despotic world government as a means to suppress the masses but the reality is far less Orwellian. Collected, parsed, correlated and analysed, this sea of information is put to task. To more effectively sell us stuff. Products, ideas, truth.
The day is coming when everyone, will know or have access to every bit of information about everyone. Until that day, it might be worth protecting what little privacy remains. First stop. Your digital foot print.
A classic over sharer
I get told all the time I share too much, too easily online. What these paranoid naysayers don’t understand is that I have lived a very public life and with only a cursory search all manner of skeletons begin to tumble out of my digital closet. While this didn’t really concern me when I was working in the music industry, a potential client, giving my name a casual google search and stumbling across some “very DJ” video content isn’t congruent with my companies brand or professionalism for that matter.
An individual’s digital footprint isn’t usually given a second thought but legacy content can be a liability not only to one’s professional reputation but to an individual’s personal security posture. The larger the pool of personal information available about you online, the easier it is for threat actors to effectively target you. We all know posting is forever but there are some relatively straight forward steps a person can take to get their digital footprint in check.
Its OSINT time
First and foremost, a realistic understanding of how much personal information is available about you online will enable you to gauge just how big an undertaking the clean-up is going to be. It was an eye opening experience for me to discover just how much personal identifying information was out there, including, but not limited to, the very first DJ website I built myself (circa 1997).
How you choose to OSINT yourself will depend upon your skill level and personal preference. First port of call for me on any OSINT investigation is always google. It’s amazing how much information can be gathered with a few wellcrafted Google dorks. Below are some editable dorks you may find handy.
Google Dorks to get you on your way[name] + “hometown”[name] + “company you work for”inurl:resume “john smith”intext:resume “john smith”site:http://linkedin.com/in + ”<location>” + “<name>”“text of a tweet” -site:https://twitter.com@twitterhandle -site:twitter.com/twitterhandle
[Prospect’s name] + contact number (or) other contact details
Site:companywebsite.com + [name] + contactSite:companywebsite.com + [name] + other contact infofirstname.lastname [at][domain]firstname [at][domain]
Other sources
Searching social media sites is your next best bet. Create a list of accounts past and present across as many platforms as you have accounts. We will utilise this list later. Sites like https://socialcatfish.com can help you locate accounts you may have forgotten about.
You might also consider: Government websites, Business Registration Sites, Doing Reverse Image Searches, Name & Alias search on https://namechk.com
OSINT TOOLS
Though not essential, there are some amazing open source OSINT tools available that can expedite the information gathering process. Below are a few of my go to’s.
https://recontool.org
If you are new to OSINT this site is a great help. Input your asset information and OSINT Recon Tool will auto generate the queries for each of the relevant resources. Copy, paste, booooom.
https://www.maltego.com/maltego-community/
Maltego is the a go to for any serious OSINT work. It is available as a free community edition that is more than capable of the todays tasking. The learning curve can be a little steep but dont worry. You got this.
https://www.spiderfoot.net/
SpiderFoot is an open-source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It’s written in Python 3 and GPL-licensed. Spiderfoot HX (pictured above) is the hosted versioin and is one of my go to platforms.
You can never have too many resources when it comes to OSINT. These should keep you out of trouble.
https://github.com/jivoi/awesome-osint
repository of OSINT resources
https://www.osintcombine.com/osint-bookmarks
OSINT Combine’s bookmarks is a curated list that are usefulf or OSINT activities. They are broken down into appropriate categories such as: Area & Event Monitoring, Person of Interest Search, Corporate Profiling, Mapping, Artificial Intelligence, Reporting Tools & Collective Tools.
By now, if your anything like me you should have found all there is to find. It’s time to start the clean-up. ]
The Clean Up
Unsubscribe
The first step is a fairly easy but time consuming one. Go through your email accounts and unsubscribe to the mailing lists, daily horoscopes and newsletters you are still subscribed to but don’t actually read anymore. Not only will this hopefully reduce your unread emails total to triple digits but it will also deny threat attackers a method of profiling you.Retire those legacy accounts
Next step is to delete all those old, unused accounts. You know the ones. They are full of pictures of the ex and video evidence of all your youthful indiscretions. This not only benefits in reducing your digital footprint but mitigates any risk of future breaches on the platform. https://justdelete. me has direct links to the account delete page of many services.
Lock down any current accounts
The following steps are an example of actions one can take to reduce digital footprint and increase your overall personal security posture.
Delete old photos, posts and comments and any posted content that may give clues to your location. Eg. Photos that show your home or identifiable landmarks near your location
Untag yourself from any photos, posts, events or comments you don’t want to be associated with. That socialist party rally may have been fun at uni but may impact that all important government vetting down the track.
Tragedy.... belonged to the ancient time, to a time when there was still privacy
George Orwell
Make sure your account is not visible to the general public. Lock down your privacy and security settings. If you didn’t already know, unique complex passwords and MFA might be an idea too.
A little misinformation goes a long way. Try adding a few curve balls here and there to keep potential profilers guessing.
Conclusion
These aren’t the only steps one can take to reduce their digital footprint but it definitely a good step in the right direction. Being conscious of what you are posting and the potential implications it may have on your digital security will help keep your nicely groomed footprint as minimal as possible. The internet can be a dangerous place but with a little common sense and some good housekeeping you will hopeful avoid any unpleasant conversations with future employers, financial ruin at the hands of threat actors or well-deserved shit from your mates for that mullet you had in the 90’s.
