How FourSquare might leave you open to harm
Did you know that using a few online services, starting with FourSquare, that you might be putting yourself and your belongings at risk? Seriously. A smart syndicate could target you (from demographic information) for a mugging while his partners were robbing your home. How about stalkers and other preditory types? Well that is EXACTLY what could happen if you're not careful with your online information. Don't be a dork.
Any good search geek worth thier salt has heard of the term; Google Dorking. It essentially refers to using Google (and related operators) to find information that people generally shouldn't be leaving open to the search engines. A classic example is;
"not for distribution" confidential filetype:pdf or a more KW focused; "not for distribution" confidential, travel, filetype:pdf
So, I was doing some 'Twitter hacking' (using advanced search operators for not so nefarious tasks) and accidently found some Twitter dorking ops... and some scary ones too. Let me show you some examples
Twitter dorking for fun and profit
It is best to use a smaller city as larger ones might make finding the person in question a little harder.
Now that we have that, we need to start finding some marks. The goal here being to get a database of people whom are known to tweet their locations that we can get personal data on such as where they live. Once you have that database, simply follow these folks and watch for them to tell you when they've left the house. Thus we have moved from Google Dorking, to Twitter Dorking... here's how it works;
First up is Arthur Tavares. He has, regrettably, made it all too easy by actually Tweeting his home location via 4 Square. Not at all a tough one to sort out because he actually told us.
But we cross reference to be sure... now, we need to case the joint some using Google street view;
Now, obviously the fastidious criminal should be acquainted with the city. Not only to be able to map out targets for further investigation, but also know the better parts of town. There's no point in hitting the lower end targets.
Are we getting the idea/problem here yet folks? Simply follow ol Arthur (and the rest of your targets) on twitter and wait from the next “I am at” tweet... and spring into action. You could even have a list at the ready for certain parts of town. Now for a few more.... just to get the hang of it and see how much of a bloody problem it can be.
Caty Carabillo – while we couldn't readily find information on Caty as far as address, we can get close by location info.
Equally important is that should be so choose, we now have some picture of her and do know where she is and likes to hang out thanks to 4 Square (and works, from LinkedIn).
This means, as you probably guessed, we can simply follow her home, (from 4 Square hangout or work) note the address (case via Google Street View) and then...well, wait for the next tweet telling us she has left home. Not the same, but I thought it was worth showing. And Catherine? As a social media geek, you really should know better, m'kay?
Giancarolo Lopisani – is the next on our list. He's an interesting fella since he also tweeted via 4 Square his home location.
Oh, and just for fun we can also grab his cell phone number in case we want to call first to ensure he's not at home. You know, listen for street sounds etc.. while saying, “I must have called the wrong number"... sigh.
And of course, we can get an idea of the area....
Vacation man! Serious DORK!
And last but not least, the scariest one that I came across in the very small amount of research that I did. Micah Philbrook. To create this post I had actually chosen the Boston area. As mentioned earlier, smaller cities are likely easier. Anyway, I was looking at one fellow that was tweeting his 4 Square info and I realized real fast that something was wrong... Here, look;
Yup, you guessed it, he is ON FRIGGEN VACATION!!!
Sakes alive this is gotta be a pretty bad idea. Follow the trail once again...
And well, you can start to see some of the problem here.
Refining the process
Now, I am not entirely thrilled about having to write this post, but it surely has to be said. At this point you could actually automate the process. You would start to include some demographic data such as only returning results to the more upscale neighbourhoods, with better jobs (LinkedIn connection) and so on. This could be nicely logged into a database which would make one helluva powerful tool. The application would create a twitter account for the part of town, follow the marks, run a cron evey say, 5 minutes, then text the crimminals when the targets leave the house. Simple to do really.
This is some serious shit folks.
As Terry (VanHorne) noted to me, “peeps are creatures of habit as well so... you could easily find peeps that were signing into the same place every day” and the same times of day and profile their habits. This is way too dangerous a game to be playing my friends.
And as Ralph (aka fantomaster) said, “ Unless they're all dumb (which I doubt), I'm fairly certain some parts of the mob will be leveraging this already. Saves lots of surveillance overhead, esp. if you're working with pre-qualified targets. The irony:having your home burgled while playing MafiaWars on your iPhone or from some cyber cafe..”
And hey, while this is surely fodder for criminals, one can also see private investigators and others making some damned good use of it, think serving papers etc... If you are leaving personal data around, using Twitter and playing Four Square, you just might want to re-think things
NOTE; I was truly hesitant to post this because there is the obvious potential for the information here to be used for evil. I juxtaposed this with the need to make the public aware. I found even more ways this could be used, this post merely highlights some high level elements in hopes the word gets out. PLEASE do pass this along to everyone you know. Keep your online information closely guarded please.
PS; this has been thought of before, but not nearly on this scale