Your private life exposed online
Former private eye Davey Winder discovers just how much data you can dig up about someone online.
Back in the early 1980s, I used to be a private investigator - when building a profile of and tracking down a target involved rummaging through rubbish and conning banks, councils and others to pass on valuable information. The gumshoe and the ID thief have a lot in common; they both need as much personal information about someone as possible to do their job. The difference between then and now is that neither I nor the ID thief needs to rummage in bins to build that profile: all that's required is a PC, an internet connection and some time.
To reveal just how easy it is to unearth personal information online, I set about profiling my "victim". I sought their permission to do so beforehand, on the condition that PC Pro wouldn't reveal any precise detail of the information uncovered. Although Mr X was aware that I'd attempt to build a profile, he had no idea how or when this would occur.
I chose someone who wasn't known to me personally, but who was a friend of a friend. That way, the only information I had was the bare essentials of name, location and his job title. It's possible to build a profile using nothing more than a name, but the truth is that you're likely to be on a hiding to nothing. Without some kind of additional identifying data in the first place, you can never be sure that the Derek Smith you've spent hours investigating is the Derek Smith you're interested in. A geographical location really helps to narrow down your search, but an additional identifying factor can be the deal-maker. Anything that stamps "this is my Derek" firmly on the forehead of your target when the search data starts coming in.
From small acorns...
In the case of Mr X, I knew his name; that he lived in London, and that he worked as a network engineer. So I headed off to Google, where a search on his name quickly led me to a Twitter account. Bingo! Not only did he have an account, but Mr X was an active Twitterer. By opting to "follow" my target I could see his updates. Not particularly useful to an ID thief, granted, but within a day I discovered that he was "on the beach in Portugal" and wouldn't be home "for three more days"; gold dust for a burglar.
Another update mentioned his wife by name, and the fact that she was missing their dog that was in kennels. Pets' names are often used as answers to password reminder questions and, indeed, as part of a password itself. In this case, the name was unusual enough to be one of Bob Geldof's kids, and so instantly became a pretty valuable "phoraging" hit. Phoraging is defined by Andrew Horbury, at digital identity specialist VeriSign, as simply being the collecting of data "from many different online sources to build up the identity of a consumer to commit identity theft". It harks back to the rubbish rummaging I mentioned earlier, but is a lot less stinky. Importantly, phoraging is much more relevant to online profiling now that social networking has become such a part of everyone's lives.
What's yo name?
Social networks, business networks - in fact networks of any kind - are an essential feeding ground for the online profile builder. However, it can be time-consuming doing the rounds of all of them until you hit the one or two of which your target is an active member. Which is where dedicated, and free, search tools such as yoName (www.yoname.com) come in rather handy. This allows you to search across social networks and blogs with only a couple of clicks, and presents all the hits in neat tabs arranged by those networks. It took precisely 30 seconds to reveal Mr X had accounts at Bebo, Facebook, Flickr, LinkedIn, Twitter, Vox and Yahoo 360.