Wednesday, November 3, 2010

Subroutine Hell

I've given it a bit of thought, and it seems that my current method of detailing the greater aspects of Social Engineering and "Ruin Life Tactics" as anon calls it isn't very efficient. What I'm doing now, and should have done from the beginning, is creating a flowchart for the entire process. Doing this not only allows me to visualize the process more effectively, but shows me where I can make certain processes more effective in the long run. I've spent the better part of the day working on it, and should have it finished soon. After that I plan on writing more about research methods, social engineering and finally some ruin life.

Monday, September 27, 2010

Ruin Life Tactics - Data Mining 02

Ruin Life Tactics
Data Mining Lesson 02: Target Name

Introduction:

If you've read the previous post you'll probably be asking yourself why I've bothered to cover this seemingly redundant topic: "I already (should) have a name because I've been stalking online monikers for the past hour!" Yes, by now you probably do, but some people are definitely more secretive than others. There are some occasions where a person will only reveal a partial name or will use an online only pseudonym. This can be extremely frustrating when trying to connect points of data only to realize halfway through that you've somehow entirely fucked up the nomenclature.

The other possibility is that this person has a fairly common name such as Jones, Smith, or Johnson. You might also be attempting to establish familial ties for verification purposes with someone that has an unusual last name shared by a several people that are only distantly related. For example, a person I happened to examine with Greek ancestry presented a problem. This person had a fairly unique first name shared with one other person and a fairly large collection of distant (irrelevant) relations that made certain geographical correlations sketchy and inaccurate.

This article will seek to cover all of the above.


Victim Name:

What you'll want to do is consider all of the statistical information you've been able to gather about your target and lay it out. You can use specialized tools for this but I prefer to cover all of this in Notepad++; my text editor of choice. I use + and - signs to separate likely matching points of data from unlikely, * for designating emphasis or significance and the various marking and highlighting tools to group information.

Section I

Assuming that you have no name or a partial name:

First, collect all the information you've gathered directly from the target. Sift through this and categorize by geological data, hobbies, interests, skills, tasks, responsibilities, political/personal outlook, ad nauseum. The more you can categorize and assign groups to this data the more you are able to define the target as a set of statistics and stereotypes. This is an essential skill, and it must be learned.

Second, try to do the same for all of the data you've collected from sources external to the target (or from a search you are currently performing) and try to filter out the data that is unlikely to be applicable. Save this data, because you might need it later. I keep it within the same file I'm using until I have a confirmation- remember, people change over the years so unlikely might not mean irrelevant.

Now take all of this matching data and focus on anyone related to this data in your search. While people are generally a hodgepodge of stereotypes the weight, function, and prevalence of these differs uniquely per person. Another thing to consider is that people often tend to clique together and form social groups based on similar views and interests. Finding people that closely match these data clusters in your search opens the possibility that they might know your target.

EXPLOIT THIS POSSIBILITY!

Using your disposable identities and crafting your online presence to become more favorable to these people will allow you to create a network that you can use to ensnare your target and lower their predisposition toward obfuscation. People are often more likely to disclose personal information when they feel surrounded by peers that share converging interests- it makes them feel safe. On a related note you might find a person that will blab to no end about your target and give you all the information you need.

Section II

Assuming that you have a name that is common or problematic:

Sometimes a problem arises when you have a name that for one reason or another is indistinct from a large group of others. Jonathon Smith, Michael Jones, Paula Johnson- these are just an inkling of very common names. A far easier form of this is when you have a regionally unique surname with multiple first names that match. The former is much harder to trace, while the latter groups tend to collect in certain cities across the continent as family groups have gradually been dispersed over the years.

The same methods are used in both cases- follow the names you have with the information used in the first section to assist you in your cross-examination of the list of names you'll collect from various databases.

You'll want to start with a basic search at Intellius, USSearch* or a similar engine and simply record all of the results. You'll sometimes be lucky enough to obtain the ages and relatives of a few of these people- this is important. While people may share the same name, the likelihood of being born on the same year, month or day grows further apart as the time frame narrows. People with the exact same name don't often live in the same city, share matching relatives, etc.

*Do not under any circumstances pay for this data. It's already free and in the public domain. You'll also leave a trail pointing to your financial data. <-very easy to trace!

Start by grouping this new data as directed above. The people listed in the data will grow more distinct as you begin to sort through your list. Keep irrelevant data as it will help you distinguish false positives in your online research. When looking for a 31 year old male it's nice to know that a 66 year old match is the only person that's lived in Seattle, so any information relating to Seattle can be tossed aside.

Now that you have a list of names and locations it's time to explore public records. These are the most important sources, so make sure you write these down:

County Clerk of Courts: Land, sometimes criminal records, marriage records, occasional family court data

County Assessor: Definitive land info, address, aerial photos.

County Appraiser: The same as above, but look for either.

State Department of Commerce/Corporations: Business info, fictitious names, registered agents (Addresses!)

Phone books: Name, number, address (somewhat unreliable)

Wikipedia: Crap, but useful for finding out which county a city is in. I'm almost embarrassed to add this.

I’ll cover more of the above sites in upcoming articles, but this mostly concludes the name portion of the series. Remember to always compare new data with existing data as you receive it, and continually narrow and refine your search parameters as you close in on your target.

Saturday, September 25, 2010

Ruin Life Tactics - Data Mining 01

Ruin Life Tactics
Data Mining Lesson 01: Online Identities

Introduction
The following sections in will cover techniques necessary for the retrieval of data needed to discover the identity, location, relationships and other information relevant to your targeted victim. You will need a web browser, several disposable email accounts, some understanding of how search engines operate, and a lot of patience. These are not necessarily the order in which you will find this information and as such you should consider these steps to be non-linear.

Online Identities
It is quite likely that you'll have at least an email address, a screen-name or a forum user-name of your target and this is a good place to start. Before you do any searching, you'll want to examine this to see if you can learn any information from just the identity. Be intuitive- sometimes this could contain part or all of their real name, a phone number or area code, ZIP code, DOB, or even their house number. It's also likely that it'll be something unoriginal such as SweetPrincess69.

Your first step is to do a quick Google search. If you're working with an email address try omitting the '@*.com' or try chopping it into chunks to see if this turns up anything useful. You may simply be led straight back to the source where it came from, but this is fine. Read through as much information on the target as you can at the source of the identities you have and save everything to .txt files. Try to access the sites where your victim resides as little as necessary- constant searches for the same user can make admins curious.

Once you've gathered what intel you can it's time to grab your disposable email and start signing up to social networking sites. Use these as platforms for searching with the email addresses you have, or try to guess the email if you've only got a screen/user-name. This can be tedious, but you should come up with a few hits. Always remember to grab the URL that you've discovered and the ID specific to the site in question. (This ID is generally a number, i.e. Facebook profile_id=#########).

The user-names are generally relevant, but the ID is generally a unique number or string that will greatly assist you in narrowing the scope of your search. Often you'll dig up an older post that's been cached by Google before the target hardened their privacy settings. Facebook and others can be a pain when viewing Google's cache, so be ready to hit the ESC key almost as soon as the page loads. You'll see what I mean.

With some luck you'll have either a name, a list of friends, general likes/dislikes, workplace, hometown, and other small points of data that are too numerous to list. As you record this information be sure to build a profile or dossier of sorts for your target. Think of it as a 'personality prediction' cheat sheet. As you come across data that you are unsure about use this to assess it.

You'll soon discover a pattern, especially related to the way they socialize with others. Humans are fairly predictable creatures, leaving tell-tale signs along the way. You'll see consistent spelling and grammar errors, limited vocabulary, over-use of certain words, and other linguistic idiosyncrasies. This early bit of footwork takes time and requires a bit of intuition though you'll soon find yourself in the mind of your target. This will allow you to easily predict the target's movements as your research draws you closer.

Sunday, July 18, 2010

Ruin Life Tactics

This will be the first post of a series on what is commonly known as "Ruin Life Tactics". It is a fairly advanced form of trolling and goes well beyond the standard, run-of-the mill trolling techniques that everyone is familiar with. Where normal trolling can generate a limited amount of lulz, RLT expands upon this from starting as a minor aggravation upwards to complete and utter ruination.

RLT can range from prank calls and orders of 100 pizzas all the way to what more or less amounts to the end of any semblance to a normal financial life. This may sound strange, but in actuality much of our life depends on our dependency upon a financial structure, free access to it, and the ability to conduct business- even if we aren't business(wo)men.

Imagine that one day you post a stupid comment on YouTube or twitter, and catch the attention of a troll. There is some ongoing banter back and forth for a bit, and then odd things start to happen. It begins with a barrage of phone calls, then pizzas delivered that you never ordered, and weird spam in your inbox. Then one morning you wake up and find that your Blockbuster account has been closed. You check your mailbox and find that you no longer have those annoying bank statements and credit card bills. Irked at the oddities of the morning you go to your favorite cafe and order a coffee, only to find that your credit card no longer works.

It devolves from here:
You try to call your bank, only to discover you no longer have an account with your mobile phone carrier. Frantic, you drive to the bank and discover that your life savings has literally disappeared in the night. You are surprised to find that the last charge on your credit card was to a florist. You phone the police from the bank payphone, and the detective tells you he'll "Look into it." You give him your home number and hang up.

You go to work late and your boss is pissed about that threatening email you don't remember sending him. After work you arrive at your house somewhere around 5:30 PM. The lights are off- they won't turn on. The water doesn't seem to work either. You pick up the phone and are relieved to hear a dial tone, but you can't call out. The next morning a florist arrives at your door bearing an enormous bouquet. The card reads "LULZ".

These are Ruin Life Tactics. This is your ruined life. You will never be able to conduct a financial transaction without going through the enormous hassle of verification, questions and suspicion.