Hello all. This is my first article ever written for anything anywhere,
and my first real attempt at teaching anything. So any feedback is much
appreciated. You can reach me (sometimes) by e-mail at
firstname.lastname@example.org. You might even be lucky enough to catch me on
Google Talk. Do not e-mail me saying "it's M-A-Y-B-E", and please be sure
that you've checked for subtle humor before you complain, unless you're
complaining about the subtle humor. I will answer any question, pertaining to
this article or not, provided it is intelligent, and I have the time. Good
luck on the latter.
Part 1 - Generic disclaimer
This information is meant for instructional purposes ONLY. This site and I
are not responsible in any way for anything you may be dumb enough to do with
any knowledge gained here, or elseware.
Part 2 - The introduction
With 'social networking' becoming more and more popular nowdays, it's easy to
meet people online, and in many cases, people that you have never met face-to-
face, or 'in real life'.
This opens quite the array of possibilities, and some questions.
What if this person isn't who they say they are? Often times people will lie
about their identity to protect themselves from those 'online predators' you
hear so much about on those talk shows designed to scare mothers into locking
their children in a cage. Perhaps they are one of these people looking to do
bad things to you, the kind of bad things that are beyond the scope of this
article, and perhaps this whole site (I do have to wonder sometimes, though).
What if you want to know more about this person without revealing too much
about yourself? This is also a valid question. In many cases, there may be a
bit of information you want to know about someone, and even though you have
the best of intentions (right?), they may not want to share this information
This article is intended to help you in these situations. This topic is far
too complex for step-by-step instructions in most cases, in fact, it's rare to
see any one method give you all the information you need, in most cases
personal information is put together by obtaining many small pieces of
seemingly useless data and putting them all together to reveal the whole, it
may even come to process of elimination.
In other words, this article is an introduction to uncovering information such
as age and location (personal information) about someone without directly
asking. Or, in a broader scope, this is an article on social engineering.
The person's information you want will be called the 'victim' hereon. You
will be 'you'. I will try to make as little assumptions as possible, but I
will assume you have the victim's e-mail, and that the bulk of interaction is
taking place over some sort of instant messaging (Google Talk, MSN, Yahoo,
pretty much any chat room, that sort of thing). I will also assume you have a
good memory, as it's almost essential, unless you want to waste countless
hours looking through notes and conversation logs.
Part 3 - What to do with e-mail
Obviously, you'll want to somehow con them into sending you an e-mail. This
shouldn't be hard, and there's a good chance that it will happen without the
need for any fancy social-engineering. Maby not, though, but the lamest
excuses are known to work here. You may try asking them to send you a file
by e-mail so you can download it later, you might first send them an e-mail
and hope they will reply to it.
Anyhow, once you have a message they sent you, and not a message sent by some
automated service, the first thing you'll want to do is check the 'from'
header. Some people put their full name here, and their real one at that.
Naturally, this is useful information.
You'll also want to flip through ALL the headers. For those that don't know
there are many headers beyond to, from, and subject. In gmail you can view
these headers simply by clicking "show original". There are ways to do this
on other mail services, and figuring that out is your problem. It should be
noted that many of these headers can be spoofed. The from field for example
is similar to the return address on a letter. There's nothing preventing a
person from writing someone else's address here
Back again, you may see a line like this
Received: from [126.96.36.199] by web53506.mail.re2.yahoo.com via HTTP...
Those numbers in the brackets represent the victim's IP address. This is
also useful information that will be explained later.
There is one more thing I'll discuss here. As you may know, many social
networking services (Myspace, for example) allow you to search for users by
their e-mail. This can point you to information you don't have, and provides
a good way to check if you have their real e-mail, if you happen to know their
page, profile, whatever on said site. You can, and should, even try to Google
the address. You may be surprised, but you should use your better judgement
with Google results. Say something you found with Google directly contradicts
something the victim told you. Were you lied to? Maby. Google could be
wrong, though. I can't tell you the answer.
There are other things you can do with an e-mail address. Play around with it
and have fun.
Part 4 - IP addresses
Every computer has an IP address. Even ones that aren't on the Internet.
Even ones that aren't connected to ANY network (I'm talking about the loopback
address). I'm not going to get into internetworking here, but you need to
know that an IP is not always specific to any one computer. As if that wasn't
enough, some computers are given IP addresses dynamically when they connect to
the Internet. This means that a computer's IP can change from time to time.
To combat this, you should try to find out everything you can about an IP
while you can be sure the victim's IP hasn't changed (in most cases, if the
victim hasn't 'singed off' or anything like that, the IP should be the same.
Should.), and try to get a new IP and check it every once in a while.
Getting the IP address can be done several ways, depending on the way you
converse with the victim. My personal favorite is setting up a webserver,
configuring it to log IPs, and asking the victim to 'see if it works' for you.
The are many other ways.
The only thing you can do with an IP is trace it, and try to map it
geographically. Neither of these are completely accurate, but can be helpful,
if you want more proof of the victim's location. There are plenty of online
tools to do this for you, and they aren't hard to find, so find them.
I lied earlier. There are other things you can do with an IP address, but
most of them are beyond this article, and I've never found them particularly
helpful in uncovering personal information.
Part 5 - Social networking
Most people make use of some social networking service nowdays. Facebook,
Twitter, Myspace . . . Many people even have more than one. Finding a 'page'
that belongs to your victim is outright easy. Ask them, they'll probably tell
you. There are other ways, like mentioned in the e-mail section if you don't
want your victim to know you've seen their page.
These services are gold mines for people like you. Few stop to think about
unwanted viewers before posting to these things, much less what kind of
personal stuff might be in it. Even if they have it set to 'private' or
'protected' (the name varies), there may be useful info for you. Example:
Myspace allows users to set their profile to 'private', meaning only people
they have allowed can see their full information. However, even if they have
enabled this option, a non-allowed user still sees their age, location, and
gender as entered (yeah, smart people tend to lie here). Along with a
picture and a 'username' of sorts.
Alternatively, you can request that they allow you to see this page. This
usually requires you to have an account with the same service, but most people
will allow this regardless of how well they know you.
Besides that, you can use them to validate information. Think you've found
your victim's real name? Search for them on Myspace. Does it turn up their
real Myspace page?
You can literally spend weeks digging in these mines, but it's usually worth
it. At least in my experience.
Part 6 - Direct interaction
Finally. Some real social engineering. I can't stress this enough - log your
conversations. There is no way you will remember everything, but the time
will come when you can faintly remember something said, and you'll be able to
look it up in your logs. The most important thing is that you pay attention
and watch for things that go against eachother, and it's nice if you can
confirm it before you confront the victim.
Anything that your victim says can potentially be useful, even if it doesn't
seem so. For example:
12:00:00 <Phantom Wolf> Hey, dude, what time is it?
12:00:01 <Helpless Victim> 1:00
Now you know their timezone. Which helps narrow down their location.
Timezone may not seem all that important, after all, it's a pretty general
area. But, think about it. Many people will lie about location on social
networks and even to your face, but most won't think to lie in telling you the
time. Seriously, this works more than you'd expect.
How about this:
<Phantom Wolf> What's up?
<Helpless Victim> Gettin' ready to go to a concert
<Phantom Wolf> Cool. What kind of concert?
<helpless Victim> Metallica
How does this help you location-wise? With Metallica being the most over-
played band on radio today, I'm sure you can look on the Internet to find out
where they're playing, which is another way to narrow down their location.
Most people will not travel too far for a concert, unless they're following a
tour, in which case you'll probably already know.
In other words, pay attention to what events the victim attends, maby the
event will be big enough for you to find out where it's hosted.
You should also pay attention to the way they talk. Often times, you can give
a good guess at their heritage, location, and age from how they talk, and how
mature they seem to be. Someone who says "y'all" a lot is likely from the
south. Someone who uses "eh" all the time could live in the north. Someone
who uses a lot of question marks could be French. Someone who uses a lot of
exclamation may be Irish.
Gender is usually an obvious one to pick up on. Men and women tend to have
different personalities. I think it's safe for me to assume that anyone that
may read this article knows the differences between men and women.
It may also help you to identify phrases, punctuation, quirks and the like that
the victim tends to use more often than not. These sort of things may help
you identify the victim in certain situations, and may help you spot
impostors. Over time (years), you will be able to recognize the victim
without putting any thought into it, but in the short run, you can look for
unique tendencies, like myself and the word 'maby'.
Part 7 - Conclusion
This may seem like a lot of information to a complete newbie, but I've just
scratched the surface. Uncovering personal information is a broad topic, and
an art that takes years to learn and master. The best way to learn is to make
a few online friends and see what you can learn without them knowing. Or you
can try to surprise your current friends with your skills. Be patient,
listen, and you may surprise even yourself.
Again, please provide feedback either here, or to my e-mail.
Cast your vote on this article 10 - Highest, 1 - Lowest