Human Hacking - Using social engineering and other techniques to d0x. Written By:LycanDarko Shoutz to #suidrewt Preface: What is a d0x? A d0x is finding out a persons personal, real life information when it is not intended to be known. Ex: Name, DOB, phone #, etc. From the title of the paper, you see that I have mentioned Social Engineering. The reason this I mention it, is because, that is the door to opening all of the possibilities to piece together a successful d0x, no matter what. To me, doxing someone is more Social Engineering than anything else. So it begins... 0x00 - Intro What first started out as a tutorial, has manifested itself as a paper. I pondered long and hard on how I would explain how it is I am so skilled at finding out who the people are behind the keyboard. The fact of the matter is, this is something that can not easily be taught, or maybe even not taught at all. I will place this in the best words I can to give people a good structural foundation to dig the oppositions identity up. This paper will also prove useful in sheilding yourself from these same techniques, and protecting you from attack. But there is one rule you must know: Everyone is doxable. Even me. 0x01 - Simple techniques There are loads of ways to reveal a persons identity, the most common way being a simple search on an enigine of choice (i.e. google) for the persons handle, and seeing if they have slipped up somewhere, on something such as a flash games site etc. with a real name, or some sort of revealing info. From that point, you could look for the persons name, try to find where they work, what school they go to, and see how much info they have dumped on the many social networking sites that are at the worlds disposal. Always take notes and cross-reference your findings, or you will find that you can become quickly lost in what you find. That is people’s main weakness, Social Networking. People have an unrelenting desire to be in other peoples busniess, look at attractive people, and be ‘in the loop’. Use that to your advantage. Getting a persons email is the start to their demise. What you should’ve learned: - Google is your friend - Don’t keep a social networking site (if you DO just need to keep one, for the love of god, make it private.) - Don’t use a real name - Keep the sites you frequent to a minimum, people don’t need to know your habits (more on this later) - Use some fake info 0x02 - Intermediate Techniques There are a number of free services that exist on the internet for you to use at your disposal to aid you in getting someones personal information when you have only a little to begin with. www.pipl.com: Pipl is a search engine that I’m sure most of you know of. It searches non-indexed web pages, as well as indexed, for common usernames, email addresses, phone numbers, as well as name and location. This is a great tool. Sadly, this is where the d0x stops for most people, not many people know what to do if they don’t have a d0x at this point. www.tineye.com: Tineye is an advanced, reverse-image lookup tool, whereby you can take an image on the internet, then find sites that have the same image in it. A helpful tool, if say, you aren’t getting anywhere with a d0x. The person uses different usernames, got a fake name on their facebook, and it’s all private, besides the default picture. You can take that picture, and find their other sites, since people most commonly use the same default profile picture, you will likely end up with another social networking site, that can perhaps reveal more info. www.archives.com: This little gem of a site is one I found that’s got quite the interesting flaw. They have real records of peoples employers, phone numbers, previous residences, family tree’s (even kids), arrest records, newpaper articles that the person has been mentioned in, and more. This is a PAID service. But don’t be alarmed, I said it had a flaw. Go down to a gas station or Walmart, and buy a prepaid debit-card, spend the money on something you actually want. Then, make an account on archives.com (use a new spam email, they send boat-loads of the stuff). Search the user and buy records of choice, even if you have no money on the card, the transaction goes through and they give you the records. The website has a mechanism that retries a card number if the transaction fails, and gives it about 30 minutes. So you can go nuts for a little while, ‘buy’ what you need, and gtfo. It’s a great little glitch, but after that, they ban the card from use on the site. (This was personally found and tested by me.) So the intermediate techniques are straight forward, use your brain, use the tools that exist at your disposal and what you have learned in the previous section and you can more than likely get the job done. Let’s move on to what most of you are here for. 0x03 - Advanced Doxing with Social Engineering This is reserved for those tough cookies. The high-profile targets that you absolutely NEED to nab. Read and learn something. It’s difficult to know where I should start with this, so if this sounds sloppy, my humblest of apologies to you. I’m not your average person. I was born a con-man, and a natural social engineer. I can tell when people are lying when they speak, and I can indeed read books by their covers, people are always exactly as I think of them to be (besides my fiance, which is what causes me to love her, she is the only person I can not predict 100% of the time). People have naturally taken a liking to me, and feel the need to ‘fit in’ with me, even if I am, say, outside of their ‘social barrier’. It is an abnormality that I believe is caused by determination and confidence. Everyone wants to be accepted by the douchebag in school, right? Why, though? People have strange aura’s that attract other people, and there is a general personality type, that most people will take a liking to. If you are blessed with this advantage, use it (being a girl works too). I will use myself as an example. I am a much beloved member on HaxMe.org, and I love that community back. I contribute loads of material and quality stuff that the community enjoys, so on top of being naturally likable, I do favors for people, thus making me a generally liked person. This gives me something called POWER. I could have been trying to get someones personal info this whole time, and been using all of your weaknesses to gain info about certain members. I could have won contests to see certain members addresses when mailed a prize, I could have become a Mod just to get your IP’s to know where you live, I could have made up gigantic sob stories about my life, to get sympathy for the ones I made care about me, to donate to me to get a real name, to let me live with them in a time of need, for in the end, just to screw them over, and get what I wanted for personal info. These are all tacticts that someone like me could use on the innocent, to exploit the weaknesses in your mind. People have tried to d0x me, yet they can’t, and it’s for one simple reason. When you speak to me, I AM LycanDarko. When you speak to me, I am being my internet persona. I am NOT the same person away from this keyboard. This has lead to people trying to d0x me, and turning up with a male named Andrew Snow. It makes you wonder if I have been ‘him’ the whole time, doesn’t it? Speaking about my life, as if it were his. Lucky for you all, he is a convenient coincidence. I am not him, but I do not personify myself as him either. Enough about that though, lets go over how I would use you and your human weaknesses to exploit you, and find out everything about you. Scenario 1: We recently had a member that I dox’d and they became so ashamed that they up and left HaxMe.org, and here is how I did it. All of this resides on TRUST and user end failures. It all started with the member signing up to be d0x’d in our recent competition. I browsed the forums and noticed he had take a liking to our recent female board member. Members of the male sex are WEAK to females, especially during the teenage years, and you must break yourself from that. This member had become friends with her, yet NOT told anyone else that they were a female. This had told me, he is attached to her, a jealous person, he likes her more than a friend, he wants to keep her to himself, so he thinks he obviously might have a chance with her. Can you see how I can exploit this? If he likes her, chances are 95% or more that he has shared something personal with her, and more than likely she has seen a picture of him, because he would likely try to make her say he’s cute, because people are ego maniacs, especially when it comes to girls. So, in order to get my target, I must target someone else who he easily would fall into their trap. I befriend the girl on the forums, as I do everyone else, and talk to her for a few days, warming up with simple conversation, and become a trusted person to her. She talks about her personal life, etc. I know I’m in now. I do what I think the member has already done to show her his picture, I make a facebook and add her on it. All that was left from there was a solid look through her friends list, and to find the only person with an American name (she was foreign) and BOOM. I caught my fish. All his info, public on facebook. Scenario 2: We had a member in the not so distant past who leeched a bunch of my tutorials, as well as a few others. He had a different handle on the site where he posted my tutorials (hackforums, haha). All I did was take his handle from hackforums, and append the most common email address, @gmail.com. He was found as a user on haxme with a different handle, and didn’t post a thing. From there, I went and out his email on a search, and found a few websites. One site in particular, that he listened to music on, had a first name. From there I searched his name, and other handle and got a forum post of him talking to some friends. There was a town mentioned, and a friends full name. From there, I went to facebook and ‘circle-attacked’ him. Where I friend all of his friends, in hopes that they add me, and that his profile is viewable by friends of friends. I have a special facebook, with a girl that most people would find pretty on it, that I’ve had for ages that I use to social engineer people. You all should have one. The fact that it’s a girl, I have several fake relationships with friends, lots of comments and a decent friends list, and PROFILE AGE makes me a believable person. So it’s easy to add horny teenage boys and get more info. Sure enough, I got the add I wanted, looked on his profile (no picture of him) got a partial name again, sports he played and a school. I went to the schools website to see of they had a listing of atheletes. They did. I got his height, weight, full name and what hand he used dominantly. I knew what hand he wiped his ass with. I then found the phone number .db in an unsecured directory on his schools website with his parents names and phone numbers. Jackpot. You can see how easy it is. Another circumstance I had, was simple too. I sent the person a site of mine with a pic on it, that had an IP logger. I called up the ISP and social engineered them into telling be who leased the IP, because they were hacking my websever, and I was reporting it to the police. Boom, persons name. Find info in pictures: Not many people know, but by default, your smart phones put your exact GPS coordinates inside the bytes of the picture, as well as time, date, OS of the phone, the phones name, and much more. This info can be used as cross-reference with data you know, to confirm a profile belongs to who you think it does, or to d0x a person entirely on its own. Look at the examples below. With all the juicy details, it becomes more than easy to d0x someone. These techinques are not widely used, or known. I am the only person I know of that uses these techinques, and I wish to pass the info on to you, so you can better protect yourself from con-men like me (haha). If you can’t understand the basics of this by now, you won’t ever get it. I wish you all the best of luck, and hope you can make yourself more secure with it. To a master social engineer though, no one is secure. -LycanDarko