on defending against doxxing: benjamin brown
TRANSCRIPT
On Defending Against Doxxing
Benjamin Brown
Who Am I? Benjamin Brown Akamai Technologies
- Incident Response - Threat Research - Actor Profiling - System Architecture Reviews - Security Training and Workshops
Overview of Terms - Doxxing: “Publicly releasing a person’s idenCfying informaCon including [but not limited to] full name, date of birth, address, phone number, and pictures”
- SWATing: “To cause a SWAT team to be deployed on (an unsuspecCng vicCm) by falsifying a threat”
Why Should We Care?
Pranking, MarkeCng SensiCve InformaCon Leaks
Harassment, Bullying, Stalking Iden:ty The= SWATing
Targe:ng For Physical ABack
Why Should We Care?
Why Should We Care?
Why Should We Care?
Why Should We Care?
Why Should We Care?
From: Tim Oblivious Sent: Wednesday, October 31, 3:55PM To: Paul Bossman Subject: Family Emergency
Paul, I just wanted to let you know that I will not be able to come into work tomorrow. Something came up at home and I had to go to New York this morning for the next couple of days. I apologize for the delayed noCce.
Kind Regards, Tim
Real Cases
From: Paul Bossman Sent: Thursday, November 1, 4:54PM To: Tim Oblivious CC: Jill Director Subject: RE: Family Emergency
Tim, Thanks for le_ng us know – hope everything is ok in New York. (cool wand)
Cheers, PB
Real Cases
Real Cases
Sunil Tripathi -‐ Missing Since March 16th 2013 -‐ MisidenCfied as Boston Bomber -‐ Doxxed on Reddit & 4chan -‐ Family Death Threats, Harrasment -‐ Body Found in Providence River
Real Cases
Amanda Todd’s Bully -‐ Commifed Suicide Following Cyberstalking and Blackmail -‐ Anonymous Doxxed Wrong Man -‐ Had to Quit Job, Move Across Country, Legally Change Name
Real Cases
Michael Brown Shooter -‐ Anonymous Doxxed Wrong Man and His Mother -‐ Never Part of Ferguson Police -‐ Death Threats, Thrown Items -‐ Both Financial VicCms of ID Thei
Real Cases
SWATTing
• Live Recordings of Various Online Gamers • MulCple Gamergate Targets • Ashton Kutcher • Brian Krebs
SWATTing
Chinese "Human Flesh Search Engine" (人肉搜索, Rénròu sōusuǒ) -‐ CollaboraCve, Distributed Human Research on a Mass Scale
Russian Celeb Doxxing -‐ Eastern Bloc, Europe, Americas -‐ Kim Kardashian, Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton, Britney Spears
Global
The Googles - Search Operators (“Google-‐Fu”) - Usernames <-‐> Email Addresses - Cached Websites
- (Way Back Machine) - VariaCons of Usernames and Email Addresses
Resources and Methods
Tools -‐ theHarvester -‐ Maltego -‐ Cree.py -‐ Recon-‐NG
Resources and Methods
Social Media - FB, Twifer, LinkedIn, etc.
- Contact Info, Family Members, Friends, Acquaintances
- Interests, Haunts, Paferns - Skillsets, Jobs, Colleagues - Answers to Security Ques:ons
Resources and Methods
Resources and Methods
Social Media - Forums, Groups, Mailinglists
- Birthdate, Age, LocaCon - Hobbies, FeCshes - Trusted Usernames - Breaches
Resources and Methods
Resources and Methods
Resources and Methods
Yahoo Groups -‐ Freecycle
- Whois
- Full Name - Phone Number - Fax Number - Email Address(es) - Physical Address
Resources and Methods
Resources and Methods
Data Brokers - Spokeo, Intelius, pipl, peekyou, etc.
- Free - Full Name (Incl. Maiden Name), Age - Current and Former Addresses - Family Members / Ages / Addresses
- Paid - Criminal Records - Schools - Retail AcCvity InformaCon
Resources and Methods
Resources and Methods
Resources and Methods
Public Records - Business IncorporaCon, Deeds, etc.
- Business Partners - Addresses - Histories - Mappings to Other Business
Resources and Methods
Resources and Methods
Resources and Methods
Resources and Methods
Resources and Methods
Public Records - PoliCcal ContribuCons
- Name, Address, PoliCcal AffiliaCon, DonaCon Amounts
- PeCCons - Name, Geographic LocaCon, Fuel For Social Engineering
Resources and Methods
EXIF Data - Photos, Videos, Audio
- Device / Computer InformaCon - Soiware InformaCon - Times and Dates - GPS Coordinates
Resources and Methods
Resources and Methods
Social Engineering
- ISP / Phone Company as Spouse or Delegate
- Current/Former Place of Work - Family as Friends - Friends as Family
Resources and Methods
Social Media Mindfulness - Tighten Security and Privacy Se_ngs
- Facebook, Google+, LinkedIn, etc. - Restrict Personal InformaCon - Vet ConnecCon Requests - Untag Judiciously - Block, Uninstall 3rd Party Apps
Defense Methods
Secure Your Accounts -‐ Use Strong Passphrases -‐ Use Two-‐Factor Auth -‐ Do Not Reuse Passwords -‐ Shutdown and Clean-‐out Old, Disused Accounts -‐ Don’t Let Retail Sites Save Data
Defense Methods
Defense Methods
Data Clearinghouse Opt-‐Outs - Spokeo:
- hfp://www.spokeo.com/opt_out/new - VerificaCon needed: Email address
- Pipl - hfps://pipl.com/directory/remove/ - VerificaCon needed: Email address
- ZoomInfo - hfp://www.zoominfo.com/lookupEmail - VerificaCon needed: Email address
Defense Methods
More: hfp://www.computerworld.com/arCcle/2849263/doxxing-‐defense-‐remove-‐your-‐personal-‐info-‐from-‐data-‐brokers.html
Data Clearinghouse Opt-‐Outs - Whitepages:
- hfps://support.whitepages.com/hc/en-‐us/arCcles/203263794-‐How-‐do-‐I-‐remove-‐my-‐people-‐search-‐profile-‐
- VerificaCon needed: Email address and Phone Number
- Intellius (and subsidiaries) - hfps://www.intelius.com/optout.php - VerificaCon needed: Government ID
Defense Methods
More: hfp://www.computerworld.com/arCcle/2849263/doxxing-‐defense-‐remove-‐your-‐personal-‐info-‐from-‐data-‐brokers.html
Registering a Fic::ous or “Doing Business As” (DBA) name -‐ Protect Your Name, Your Partners, Your LLC or CorporaCon -‐ County Clerk’s Office or State Government Website or Office
Defense Methods
Land Trusts / Holding Corpora:ons -‐ Protect Your Name, Address, Etc. -‐ Keep Sales Price Private -‐ Consult a Real Estate Lawyer
Defense Methods
Wiping EXIF Data From Media
-‐ ExifTool by Phil Harvey (Win/Mac/Nix) hfp://www.sno.phy.queensu.ca/~phil/exiiool/
-‐ Windows: Property Details
Turn off Loca:on Tagging on Devices
Defense Methods
Маскировка (Maskirovka)
-‐ Use different and ‘Meaningless’ Email Accounts, Usernames, and Passwords
-‐ Employ Pseudonyms -‐ Be Wary of Cloud Services -‐ Rotate Phone Numbers and Passwords Oien
-‐ Shred All IdenCfying Paper / Mail
Маскировка (Maskirovka)
-‐ DifferenCated InformaCon Release -‐ False InformaCon -‐ Pics of Places You Haven’t Been -‐ “Evidence” of Hobbies You Don’t Have
-‐ Early InformaCon -‐ Late InformaCon -‐ Don’t Post Photos Right Away
-‐ Family / Friends Corroborate
Маскировка (Maskirovka)
-‐ Always Use (No-‐Split) VPN -‐ Watch for DNS / IP Leaks
-‐ Consider TOR -‐ Don’t Use Skype -‐ Start Building Other IdenCCes -‐ Encrypt All The Things -‐ OTR, PGP, Etc.
Маскировка (Maskirovka)
- MiCgate Immediate Danger - Call 911, File a Police Report
- Fully Document - Shreenshots, Printouts, etc.
- Clean-‐up - Close Down Accounts
I’ve Been Doxxed!
- Credit Watch Services - ID Thei Watch Services - ID Thei or Blackmail Afempts = Contact FBI
- Inform Local Police About any SWATing Concerns
I’ve Been Doxxed!
