3

Like the title says, I was wondering how its possible for hackers to "dig up the dirt" and get peoples personal information such as address, credit cards, bank accounts, social insurance number, etc? I would also like to know if there is anyway to protect yourself from this? I also would like to note that I am asking how this is possible and I am NOT asking this so I can do it.

SameOldNick
  • 729
  • 3
  • 10
  • 22
  • I think that getting 'dirt' on people and getting basic personal information is totally separate questions. Easiest way would honestly be to steal someones mobile phone and/or laptop. Then there are hardware and software to map a persons complete existence, including those trips to the cheesy hotel during lunch on Tuesdays. – Simply G. May 09 '16 at 05:25

2 Answers2

6

They can gain access to such information through a combination of techniques.

First of all, they can easily do online searches about a person. You will be surprised how much information can be glimpsed about a person just from his Facebook, Twitter or other social networking sites. Google, and other dedicated "people-finder" search engines like Pipl can divulge plenty of information.

After that, using the information they have gotten about you online, they could use a variety of social engineering attacks such as sending you an email impersonating a trusted person to get you to click on a link that downloads malware such as keyloggers into your computer or brings you to a phishing website to trick you to entering sensitive information.

If the computer you are using have any vulnerabilities, an attacker might be able to exploit it to gain access into your system, and dig up any sensitive data you have stored in it.

The only way to protect yourself from such attacks is to be vigilant. Modify the privacy settings on the social networking sites you do use - you will be surprised how bad the default settings are. Be careful about clicking links from email, even if they appear to be from trusted people. Use an encryption scheme like PGP to verify the email if needed. Encrypt the data on your hard drives if it is really sensitive.

The best defense is just to be careful.

  • 1
    There is quite a good podcast by social-engineer.org with background information on all those topics asked. Elaborating a bit on the post of Terry Chia. http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/ – user857990 Aug 04 '12 at 10:13
  • Another source of information for attackers is to call cell phone operators, credit card companies, libraries, stores, ebay, apple, microsoft etc and fetch more information using social engineering. Unfortunately, this hole usually cannot be closed. Another example: https://gizmodo.com/how-i-lost-my-50-000-twitter-username-1511578384 – Mikko Rantalainen Oct 29 '18 at 10:08
2

To be honest with you... one does not need to be a "hacker" to find those things out. I guess what most people, including PIs, do is simply look up publicly available data, call landlords, etc.

And the problem is, although you can try to lock down your social network data etc. you never will be able to control the data that you gave away. They might call your parents and pose as whatever... (most of the time they probably don't even have to pose, but simply ask).

So here is my advice:

  1. Practice data hygiene: Don't give your data to anybody without thinking about it. Make sure you delete old accounts, etc. (one thing I like to do is using a catchall mailbox and using individual e-mail addresses (e.g. walmart@mydomain.com). This way you instantly know when somebody leaked your e-mail address.)
  2. Don't go crazy: You will always leave a footprint unless you use fake names, addresses etc. (but that might get you into other trouble, depending on where you're from). Decide on what data you want to protect, what you don't want to protect and what you can't protect; Act accordingly.
Tie-fighter
  • 755
  • 6
  • 8