Dork yourself before “someone” does

Imagine receiving a message one day that contains a surprising amount of personal information about you, including your date of birth, email address, your phone number, the number of siblings you have and the high school you went to.

Initially, you might feel a mixture of astonishment, concern, and perhaps even a touch of vulnerability. It’s unsettling to realize that such private details, although publicly accessible, can be easily obtained by anyone with basic internet skills. In this digital age, where personal information is constantly collected and shared, it’s crucial to remain vigilant about safeguarding our privacy.

Taking proactive steps like regularly reviewing and adjusting our privacy settings, being mindful of the information we share online, and staying informed about cybersecurity best practices can help mitigate the potential risks associated with the widespread availability of personal data.

This article delves into the concept of OSINT, explores the potential risks associated with exposing personal information, and provides practical steps to protect your online identity.

OSINT

OSINT stands for Open-Source Intelligence. It refers to the collection, analysis, and utilization of publicly available information from open sources. These sources include websites, social media platforms, news articles, government reports, academic papers, and any other publicly accessible information.

OSINT is commonly used by various entities, such as intelligence agencies, law enforcement, researchers, journalists, and even individuals, to gather information and gain insights on specific subjects or individuals.

Negative Implications of OSINT Practices

The information gathered through OSINT, if used maliciously or irresponsibly, can potentially be used against individuals in various ways. Here are a few examples:

1. Identity theft:

Personal information such as your date of birth, email address, or phone number can be used by identity thieves to impersonate you or gain unauthorized access to your accounts. This can lead to financial loss, damage to your reputation, or even legal consequences.

2. Social engineering:

Knowledge of personal details, such as your mother’s name or the number of siblings you have, can be exploited by attackers to manipulate or deceive you. They may attempt to gain your trust, trick you into revealing more sensitive information, or engage in phishing attempts.

3. Targeted scams or fraud:

Armed with your personal information, scammers can craft convincing messages or calls specifically tailored to you. They may impersonate a legitimate organization or acquaintance to deceive you into revealing financial information, making fraudulent payments, or falling victim to other types of scams.

4. Physical security risks:

Publicly available information about your whereabouts, routines, or travel plans can potentially be misused by individuals with ill intentions. This information can be utilized to stalk, harass, or target you physically.

5. SIM Swapping :

An impersonation attack where the attacker convinces a mobile provider, either in person or through customer service, that they have lost their SIM card and need a replacement. By leveraging publicly available information like birth dates, address, and phone number, along with other details, the attacker gains control of the target’s mobile number once they obtain the new SIM card.

6. Security questions :

When phoning a bank, or speaking with a phone company, often personal information is requested as a security check. Guidance for these security questions often suggests examples like the below:

• Where was your first school?
• What is your birthdate?
• What was your first pet’s name?

Answers to all of these questions are easily available through social media postings, and it is important that we are aware of this either when setting up the security questions or when posting information online.

Dork yourself

By using Google Dorks, individuals can discover sensitive or hidden information that is not easily accessible through regular searches.

“Google Dork” refers to a specific technique used to perform advanced searches on Google, leveraging specific search operators and parameters to uncover specific types of information or vulnerabilities. These operators allow users to refine their search queries and retrieve more targeted results from the Google search engine. They allow them to search for specific information on websites and within specific file types.

Here are some insights and examples to help you use Google Dorks effectively:

Personal Information:

• Search for your full name in quotation marks:

"Full Name"

• Include additional details like your phone number, email address, or physical address:

"Full Name" email OR phone OR "physical address"

Social Media Profiles:

• Look for your social media profiles by entering your username:

site:facebook.com "username"

• Look for publicly available posts or personal details on social media platforms:

site:twitter.com OR site:instagram.com OR site:facebook.com "full name" OR "username"

Username and Password Exposure:

• Look for any publicly available login credentials associated with your email address:

"email" OR "username" "password"

• Check if any of your usernames or passwords have been leaked:

site:pastebin.com "username" OR "email" OR "password"

Personal Data Leaks:

• Search for instances where your personal information may have been exposed:

site:pastebin.com "full name" OR "address" OR "phone number"

Job Postings:

• Search for resumes or CVs you may have posted online:

filetype:pdf OR filetype:doc "Name" resume OR CV

• Check if any of your personal information is exposed in online job postings:

site:indeed.com OR site:linkedin.com "phone number" OR "email" OR "address" OR "resume"

In addition to Google dorking, there are several open-source tools available that can be useful for gathering intelligence. These tools leverage publicly available information from various sources to uncover insights and assist in the intelligence-gathering process. While it’s beyond the scope of this article to delve into specific open-source tools, it’s important to be aware of their existence and consider their potential benefits and risks when conducting intelligence operations.

Countermeasures

It is crucial to exercise caution when sharing personal information online. Just as you wouldn’t dispose of confidential letters without shredding or tearing them apart, it is essential to refrain from sharing sensitive details publicly on the internet.

This information, when collected, can be exploited for identity theft, fraud, or even blackmail. All it takes is a determined individual with enough motivation to gather and misuse your information. If you must provide personal information for certain services, ensure that your privacy settings are set to private to minimize the ease of tracing your identity. Alternatively, consider limiting the number of services you register for to reduce your digital footprint and mitigate potential risks.

Secure your social media accounts or delete them entirely

Search engines love social media. All of the major search engines’ algorithms rank social media sites high in their search results, and if you have an account with your full name, any search of your name and photo is likely to be near the top of those results.

The first step you should take to remove your name from internet search engine results is to take these steps regarding your social media accounts:

1. Secure them by adjusting the privacy settings, making them private.
2. Review platforms like Facebook, Twitter, LinkedIn, and Instagram for active accounts. Consider permanently deleting any unused profiles to enhance your online privacy.
3. Conduct a search on search engines like Google for your name and scan the first 10 pages of results to identify and delete any forgotten social media accounts.
4. Be aware of public profiles you didn’t realize existed. Disable search indexing or delete unused profiles to minimize your digital footprint.
5. Consider changing your name on accounts to nicknames or aliases only recognizable to friends.

By implementing these measures, you can secure your social media presence and reduce the visibility of your personal information in search engine results.

For serious matters contact Google/Bing

When sensitive information appears in search results, Google offers assistance in removing it. However, this is not a common practice, and google requires proof before taking action.

If someone has posted sensitive information, Google will work with you. To do so, just send a legal request to remove content from Google using g.co/legal.

To facilitate your understanding of the process, there is a helpful video available on the website that provides a step-by-step explanation.

Once it’s out there, it’s out there for good.

It’s important to remember that once information is made public on the internet, it is challenging to completely remove it from search engines. Anything you share online has the potential to remain accessible indefinitely.

Even if you diligently try to erase your personal data from various sources, there is an internet archive called the “Wayback Machine” that periodically captures screenshots of websites, ensuring that even removed information may still be archived permanently.

It is essential to always bear in mind the lasting impact of any information shared on the internet when engaging in future online activities. The understanding that once something is made public, it has the potential to remain accessible indefinitely should guide decisions regarding content sharing and personal information disclosure.