Other issues in this category (40)
OSINT search methods and how to protect yourself from cyber stalkers
Wednesday, November 10, 2021
The Internet is a dangerous place, and in each issue of the Anti-virus Times, we give recommendations on how to make your presence on the World Wide Web as secure as possible. We talk about the mandatory use of an anti-virus and the frequent change of passwords; we advise how not to fall for a phisher's tricks, etc. Today, we will pay attention to the traces that we leave on the World Wide Web—we will talk about what the OSINT methods are and how to make your presence on the Internet as invisible as possible.
What the OSINT methods are
OSINT—Open Source INTelligence. This is the name of set of a public information search methods. Simply put, hacker clichés like "to find a person using a photo" or "to calculate an IP using a game account"—this is all about OSINT methods. If something can be learned about a person, a researcher will carry out an exploration precisely from open sources.
The most popular public resources are social networking sites. We do not hesitate to leave personal information about ourselves there: first name, last name, date of birth, city, school, close relatives in the list of friends—usually anyone can see all this data.
In addition, the photos we publish can tell a lot about us. Imagine such a situation: recently, you met with friends in your house and decided to take a memorable photo in order to share it with your virtual friends but forgot to turn off the photo location. Thus, not only your friends but also "bystanders" will know your house address. In our example, thanks just to one photo, it’s possible to collect a lot of information: when, where and who met with whom. In addition, by the home decor, it will be possible to make assumptions about your income, how you earn money, etc.
Here's a simple method that anyone who regularly visits social networking sites can take advantage of. However, true experts of OSINT can extract even more information from a photo: starting with EXIF (Exchangeable Image File Format)—technical information about a photo—and ending with the exact time the photo was taken based on the position of the sun. Theoretically, absolutely anyone can master OSINT methods, but this knowledge is vital for experts in forensics (the science of investigating computer crimes) and journalism.
How is our data leaked?
As you can see from the example above, we can unwittingly reveal many details about ourselves. Yes, sometimes even our name and a real photo can be a superabundant source of information for potential intruders. For many years, there have existed various paid services that allow a person to be found with the help of a photo or even a fragment of it. This means that users do not need to upload a photo to their social network accounts in order to be found. It is enough to have a few common photos with friends in their accounts.
Knowing your full name and date of birth, an attacker can easily find out everything else, even if you seemingly have not published anything else anywhere. Nothing prevents hackers from looking through the list of your friends, followers, and likes on social networks to find out your interests and exact place of residence.
Suppose that you like fishing—you are subscribed to thematic groups, sometimes you leave comments, and your photos with fish in your hands are published there. Let's say someone wants to find out more information about you than is available on social networks. To do this, that person can try to find a mention of your name or nickname in search engines. What if they manage to find out a little more about your hobbies? If their search was unsuccessful, they will check popular fishing forums—you probably talked with like-minded people there: you boasted about your catch, shared secrets about your fishing skills and tried to find out where to buy that same fishing rod. It’s quite possible that a couple of years ago, in a bitter dispute about the "best place to fish", you wrote that you’ve gone fishing on the same lake all your life. Most likely, you work according to the standard 5/2 schedule, which means that you leave to go fishing in the early morning on weekends. This means that, if necessary, you can be found there.
Anyway, by leaving any messages on forums or social networks, using your real name or commonly used nickname, you are giving too much information to a potential attacker. Sometimes, professionals even manage to find passport data, court appeals, detailed work information, and much more.
How to protect yourself from cyberstalkers
Note that you shouldn't take our examples too seriously. If you are a respectable citizen and have no conflicts with anyone, you can rest assured that no one will ever think of spying on you.
However, there are principles that should be followed in any case. As already mentioned, you need to carefully monitor every trace you leave on the Internet. We've prepared tips to help you protect yourself from potential surveillance.
The Anti-virus Times recommends
- Disable the location on photos you plan to post publicly on social networks.
- Remove meta data from photos if you don't want others to know which device you are using to take them.
- Conduct only private dialogues; try to avoid public communication on forums and other sites.
- Keep a close eye on what web pages and portals you visit. Some of them may require too much information for registration: full name, phone number, real address.
- Use different nicknames on the Internet—it will be much more difficult to find you.
- Switch your profile to private mode if a social network allows you to do this. At the same time, it is important to add to your friends list only those people whom you know in real life.