Data Mining
Hey guys,
I read the article on data mining and found that it was pretty basic, and checked out Intelius. so,
-
How does Intelius get all that info? I really don't want to shell out 100 bucks for two people, can I do a more manual search of online public records that Intelius draws upon, if so, any ideas where to start?
-
Does anybody know where I can get some more advanced data mining material?
I am trying to dig up as much dirt on two corporate members as I can.
Very much appreciated,
whitecell
Hit NurBo up he'll attempt to do it for free
Postby NurBo on Mon Oct 13, 2008 4:51 am
- [ Basic Google Profiling Author: NurBo Msn: wakeupneo@live.com
$_Introduction $_Basic Profiling $_Social Accounts $_Ask A Friend $_Disinformation Campaign
Introduction;; Google is one of the most known search engines people are using it know days to manipulate it such as finding information on people finding downloads etc etc. ('google dorking') Now sense Google holds so much information ('Big Brother') It's used by alot of people to start the bases of a profile on some body.
Basic Profiling;; Now I will show you some nice Google searches on how to start yourself a profile on somebody threw Google. People use the same email address (obviously) so im assuming if your trying to profile somebody you already have some sort of information on them. So let's say you have there email address let's start Google
Several results show up you go thew the websites looking for more information on the person such as other email address or aim/msn/yahoo accounts. But maybe you searched there email address ('heyitsnurbo@gmail.com') and nothing shows up try this
heyitsnurbo@
And you might get a few results which is another start :) Ok now here are some searches to find more information on the target
heyitsnurbo@ heyitsnurbo msn: heyitsnurbo heyitsnurbo Myspace heyitsnurbo contact me heyitsnurbo name heyitsnurbo age
You can get several different Google results with those!
Social Accounts;; Now I just searched ('heyitsnurbo Myspace') and a result came up with his Myspace and its a public Myspace [if your going to make a social networking account such as Myspace,Bebo,Facebook then always make your profile private. So I just found his Myspace I go threw his Images save them all now if he/she doesn't have there first name as there Myspace name ('which most people do') Then I'll just go threw his/her comments looking for there first name. Now I have his first name,photos,emails,what websites hes signed up on.
Ask A Friend;; Ok now I have heyitsnurbo email address,picture,firstname,his friends information, what website he hangs out on. Now one of the biggest things alot of people like to use for a quick way to get information is look at that persons comments on there social networking profile. And see who talks to him the most and says his real name etc look at there profile and see if they live in the same city.
sidenote;; you can also look at there top friends and look at all of there locations and confirm what state and city that person lives in. And usually at least one of there top friends has a "Hi im NurBo and I goto STFU High School".
Now you can just message one of there top friends (I prefer girls) and say Subject:hey!?!?!? =]] HeYy do you know Brent Junker???… were suppose to goto gamestop today but i lost my cell phone >_< do you know his celly thanks.
"New Message" 555-555
So now you have pictures,emails,what websites hes active on,phone number,city/state/school there you go you have a basic profile.
Disinformation Campaign;; Now if you are in the security scene and your active know alot of people im sure one or two people will try to profile you. Now to have the upper hand you always want to put fake information out there about yourself fake pictures fake names supposedly your "phone number". Its always good to make the attacker think he has all of your information when in actuality he has no clue just go with the flow.
Its best not to release any sort of information but im sure you'll have those good online friends so you'll release some information here and there just stay safe and anonymous. -NurBo
Public information is made to be public. Very basic things like phone numbers, addresses, and birthdays can be gathered from a variety of sources (banking, work, mailing lists, etc), and there aren't really too many legal restrictions. Just don't abuse it, and no one will care if you have that information.
criminal records/ sex offenses, can only be accessed by judges and licensed investigators. Intelius has access to this information because money talks.
social security numbers can be used to get information, but you can't give legal information and get a ssn. You can have an ssn verified though. And obviously the ssn are linked to the names on those sites' db, so… And of course the government has even more even more inclusive db.
This is all public/legal information. It means nothing to someone in the corporate world, unless you actively abuse it. In that case, it is far more trouble/liability than it's worth. Learning the US laws first will hopefully show you where the information in that field is. look at "privacy" not data mining / cyber stalking. Same book, different cover.
Zephyr_Pure wrote: 403 is an .htaccess-protected folder. You could start by trying to find that. Also, LFI attacks can circumvent that. new_hack8912 wrote: Don't many sites store .htaccess and .htpasswd files below the root directory? I guess LFI could still exploit it though. If you mean "above the web root", then yes, many sites do. Many sites also store those files inside the folder they're password-protecting. Obviously, since there are still simple XSS and SQL Injects floating around on a number of sites, we can't assume that best practice is always in place with htaccess/passwd, either. It could even turn out to be as simple as using a directory traversal with or without LFI. For that matter, you could even take a non-related attack and aim to escalate it to the point of gaining root on that site… which would effectively render an htaccess/passwd irrelevant.