Ethical Creeping
Small sidebar before I get started. The other members of the OSINT community I regularly engage with on Slack (shameless plug... Join us! https://openosint.signup.team) have debated the best way to demo OSINT tools and techniques without doxxing (publishing private info about somebody) others. I refer to this as ethical creeping. We've seen bad examples of this at conference security talks and even vendor demos. A presenter carelessly enters some random info and displays address, phone number, IP address or other information to the audience, solely to the benefit of the demo. Please do not do this! If you are going to take the time to demo something that can potentially disclose the info of others, take some precaution. For example, ask for a volunteer that doesn't care, use someone in the public eye already or do the work to obscure the info for your presentation before your demo. Bare minimum use some common courtesy, please and thank you. In the following demo I show some details, but nothing that general white page listings wouldn't show
SpyDialer
I have used Spydialer in the past to see if a target number had a voicemail greeting that could identify an account. It is a nifty trick and nice way to check a number anonymously** (I'll come back to those 2 little stars) without directly dialing the target number yourself.
Last night one of the OSINT forums I frequent, notified me SpyDialer had added some functionality to the website. I wanted to check it out and also make sure that the updates had left my previous Opt-Outs intact.
** 2 Little Stars
So back to the anonymity disclaimer. If you go to the 'How it Works' part of the Spydialer page you see the warning that the voicemail check isn't really anonymous.
This is true, if you enter a target number the target cell phone will either display missed call or get a quick ring before displaying the missed call. So make sure if you have a jumpy target you choose another tool or you may spook your subject.
Opt-Out
The opt out link is at http://www.spydialer.com/optout.aspx
There has always been debate in the security world on whether to trust the opt out process or not. The main argument being that if you opt out, you are in turn validating your data and maybe the site will sell that validated data over to another marketing group. I think that debate is the equivalent of which came first 'chicken or egg?'
My Stance is:
1. Know what the service is capable of pulling on you (OSINT yourself!)
2. Figure out if they actually have an opt-out process and do it
3. See if they have a privacy policy listed online saying what they share with others
4. Follow the path of the others... if possible
5. Repeat steps 1 through 4... forever. (Kidding, but not really)
I can happily say that the opt outs I put in place a few months ago seemed to stay in effect even within the new features that SpyDialer launched. Kudos to SpyDialer for following a degree of honor regarding privacy.
No phone number for you!
New Features
So the 'People', 'Address' and 'Email' portions of the SpyDialer search seemed to be the new features. Let's check them out!
New Feature... Address
With Ethical Creeping in mind, let's see what the 'Address' Function can find for us. My approach was to look up an address that people have probably google searched many times already and any non-standard info I will obscure. Let's creep on fictional Dad, Danny Tanner from Full House. A quick google search for 'real address from Full House' nets the info of 1709 Broderick Street in San Francisco. Input into Spydialer and get:
If we hit the details tab for Record 1 we see:
The neighbor reporting feature could come in handy as I have previously used a tool like Melissa Data Property Viewer to see public records info of addresses and nearby neighbors. That's a nice added feature to get a quick listing of nearby addresses.
New Feature... People
Continuing the Full House themed OSINT I input a search for Danny Tanner, the fictional father from the TV show.
There are no Danny Tanners in San Francisco but SpyDialer is nice enough to tell us there are some elsewhere.
Details view of Danny Tanner Record 2 shows us that SpyDialer kindly obscures the last 4 digits of a cellular number.
Now would be a good time to point out that many sites partially obscure data due to being a 'free' website. SpyDialer kindly advises you that BeenVerified is paid site that discloses full addresses and phone numbers. Fortunately for OSINT investigators, there are many open source ways to see the incomplete info on SpyDialer. FamilyTreeNow.com is one of those sources. Using the name Danny Tanner from above, and finding an entry with location ties to Citrus Heights, CA is easy enough. Being an ethical creeper I won't publish the last 4 digits of a stranger's cell phone, but see if you can find them.
New Feature... Email
Let's do a search for Danny Tanner's email. Randomly I enter DannyTanner@yahoo.com
Well there's a surprise, Dannytanner@yahoo.com belongs to somebody name Geoff. To try the email lookup service more completely I tried a few more.
And
OK so maybe the email lookup tool isn't the best. SpyDialer uncovered another Danny in Florida, and deduced a potential name from my 3rd search reporting the email MAY belong to somebody named Danny Tanner... brilliant!
Verdict on SpyDialer
OSINT tools constantly change, update, lose or gain functionality. One thing stays the same in my own usage of them... I never use just one tool. SpyDialer can be a decent starting point if you have a target phone number, but inevitably I will end up running the phone number through a PIPL.com search or see what other related addresses or phone numbers I can find listed on FamilyTreeNow.com. My search methodologies go through a bank of OSINT resources and that bank changes depending on which data I already have and which data I am trying to find. While the email search feature is pretty basic, I will continue to use SpyDialer if I have a starting phone number and no name. If a site is good enough for me to want to opt out of it, the site is good enough for me to utilize it in an OSINT investigation.
Random
http://www.full-house.org/fullhouse/fullhouse_house.php
When researching the house location info for this demo I found that site and was impressed with the level of detail and research somebody put into the house from the show. Maybe a little creepy... but impressive.
If you have any techniques to share or comments please drop me a line on Twitter @baywolf88
Happy OSINTing
