[Tutorial][Hot] Doxing Tutorial[Tutorial][Hot]

The Basics

Whats Doxing?
Doxing is basically finding out information about a person. The vast majority of people on the internet are anonymous and with anonymity comes power because you cannot hurt the physical person behind the username.

Doxing takes away this power, that is why people will go to extreme lengths to make sure they remain anonymous.
However, the internet stores information from decades ago. Almost everyone can be found on the internet if you know what to look for.

What Are You Looking For?


Anything and everything. The main goals of doxing are to find out;

  • Real Name
  • Address
  • Phone Number
  • Parent's Names
  • Parent's Jobs
  • Place of Education (School/University etc.)
  • Job
  • Relatives

With these you have power of the person you are doxing. However you are not limited to this. Look for absolutely anything on the person.

Methods


Doxing is subjective, there is no set way to do it because all of it depends on the person you are doxing.

Here is the method I use and have found to be highly effective:

Start with the person's username

I am assuming this is a person on a forum you want to find out information on.
Everyone registers on a forum with a username, most people will use this username for several forums.
Start by googling this.
If however you are like me, your username means something else. Mine is the Greek God of Death, so if you simply google Thanatos you will get thousands of results. You will be searching for the proverbial needle in a haystack.

However, you know that I am on a hacking website so the chances are I will be on others. So you begin to look for results using "Thanatos" and "computer security" or "hacking" etc. (Don't worry you won't find much on me)

If you find the person on multiple forums register on that forum (use an untraceable username) and read every post your slave has ever posted. People will usually let some information slip (I just went and edited a post I made on another forum a month ago because I remembered I left too much information there)

Most forums have a "Post A Picture Of Yourself" thread or something along those lines, so you can normally get a picture of your slave at this point. However, if they are careful you might get nothing.

Write down any piece of information, no matter how trivial. With every new piece of information, new roads of investigation open up.

E-Mail Address

As I begin to write this section I decided to google my e-mail address. It links to two pages dated 2006. I went on these pages and found links to a very old social networking page I used to have which contained information about me that I don't like on the internet. Thankfully I closed the account so it's all deleted now.

Back on topic now; e-mail addresses. Google the person's e-mail address if you have it. This is a very effective way as all posts with their e-mail address in it provide great amount of information. If someone registers on forums using different usernames but the same e-mail address it can be used to link them.

With the e-mail address, go to;

http://www.myspace.com
http://www.bebo.com
http://www.facebook.com

and search the e-mail address. You can find old social networking pages which are a goldmine of information. Many people started these pages before they were aware of the dangers of all the information they left. People will use their real names on these pages so they are very useful. Location details are very important too.

You are looking to build up a rough profile of someone before you begin to narrow down.

Next Steps


If your slave is under the age of 18 then the person will not be on any electoral registers etc. so they are a dead end. However, if they are over 18 then the electoral register is a good place to look. Also the slave's parents will probably be on the electoral register so you can try to find them. A problem with this could be generic surnames "Smith" etc. will produce lots of results whereas something a bit less common such as "Christie" will produce less results

Look at your profile and start to cross-reference pieces of information. I know someone's name and rough location let's look through a phonebook:

https://www.intelius.com/
http://pipl.com/
http://www.ukphonebook.com/

are 3 very good sites for the USA and UK. They allow searches of people and locations. I have used these sites many times with great results and reverse lookup of phone numbers (so if you manage to get a phone number without the address you can look it up)

Now if you are ex-directory (like myself) then you will not show up on these records but the majority of people will not be. This tends to be something outwith the control of a 13 year old threatening someone on a forum so it is usually a good way to find information.

These records will be under the parent or guardian name so you will have to search using the person's surname.

If you have the name of your slave's parents then you may want to repeat the whole process again but searching for the parent. Social networking sites are a great place to start for adults as they will usually give out name, age, job etc. pretty freely.

Maltego is a very good program for doxing, it allows visual representation of how websites etc. are linked to a person and allows you to build a comprehensive profile.

http://www.paterva.com/maltego/
http://ctas.paterva.com/view/What_is_Maltego


Conclusion

False positives are common. Cross-reference everything. If I think someone goes to a certain school and find a possible address for them inside that school's catchment area then there is a high probability that the address and school are correct.

Doxing requires intelligence, you need to know where to look, what to look for. I treat it as a puzzle. The more information you have the more information you can find out. You can find information in the wierdest places. Did you ever win a big award at school? Chances are that's on the internet somewhere. Ever take part in an outside club that did something special or went on a trip? That's probably on the internet somewhere

Example

The following is an example of a dox I did. It was by no means a complete dox as I didn't really care enough to constantly search for the guy. But the guy turned up on the news for being arrested so I feel I will share it here.

Ghost Exodus
Remember Ghost Exodus? The hacker who was arrested for hacking into a hospital system. I doxed him a few weeks before he was arrested. My dox had nothing to do with his arrest but some of the information I found was later found by the security consultant that was behind his arrest.

The story behind this dox started when a member called "r00t34d" joined this forum. In his signature was the mention of the Electronik Tribulation Army (ETA). After several of his posts caught my attention I decided to look into that organisation.

The following is a PM I sent to a friend (he can reveal himself if he wishes) regarding R00t34d and the ETA :
Quote:Sent: Tue May 26, 2009 12:23 am
by Thanatos

What do you make of r00t34d?
I cannot decide if the ETA is a bunch of script kiddies or not. I am thinking that they are.
They talk of being skillful etc. but I found incriminating evidence on them within minutes.

The irony is that they are going to try to DDOS anonymous by using a downloaded botnet.
After insulting anon for using DDOS they are going to do the same.

http://www.youtube.com/watch?v=E46vE6xf4...r_embedded


The video has now been removed after Ghost's arrest but it contained a message regarding botnets etc. which was illegal.

I looked into the ETA even more and their leader GhostExodus caught my eye. If there was someone in the organisation with brains it would be him. After more investigating I sent another PM

Quote:Sent: Tue May 26, 2009 2:31 pm
by Thanatos

I found most of it at http://www.defconsystem.tk/

Really didn't take much doing. I didn't even bother googling all the member's names.
Although I did find they hacked a myspace account....how 1337 of them lol

The leader of them seems to be a nutjob http://www.youtube.com/watch?v=R_ySj_4k7RQ
he dresses in a wierd way, and the overall impression I get is that this guy is very paranoid.

thefixer25@gmail.com is the email address of the leader. Although I think this is a secret one as it's not the one he lists on the website.

I found mention of him in this post
http://legal-beagle.typepad.com/wrights_...oyees.html
I even found one of their members on Hack Forums haha
http://www.hackforums.net/member.php?act...&uid=30905

After his arrest I read this article:
http://www.darknet.org.uk/2009/07/hospit...-arrested/

The second line reads: Man this guy made so many mistakes for someone so paranoid
As I had wrote in my pm, he was paranoid.

This was a very quick dox of him. I quickly forgot about him until he was arrested. Wesley McGrew did a very in-depth dox on him which led to his arrest

The story behind it can be found here:

http://www.mcgrewsecurity.com/2009/06/30...ic-part-1/

http://www.mcgrewsecurity.com/2009/07/02...dus-part2/

http://www.mcgrewsecurity.com/2009/07/06...ic-part-3/

http://www.mcgrewsecurity.com/2009/07/07...dus-part4/

For Mc Grew's method on doxing GhostExodus it can be found at the following link:
http://viewer.zoho.com/docs/ev6li

So this ends my tutorial, hope you enjoyed it, found out something new.

0 comments:

Post a Comment

top