SEO Blog - Internet marketing news and views  

Social Darwinism; a guide to Twitter dorking

Written by David Harry   
Tuesday, 22 June 2010 12:52

How FourSquare might leave you open to harm

Did you know that using a few online services, starting with FourSquare, that you might be putting yourself and your belongings at risk? Seriously. A smart syndicate could target you (from demographic information) for a mugging while his partners were robbing your home. How about stalkers and other preditory types? Well that is EXACTLY what could happen if you're not careful with your online information. Don't be a dork.

Using FourSquare can be VERY dangerous

Any good search geek worth thier salt has heard of the term; Google Dorking. It essentially refers to using Google (and related operators) to find information that people generally shouldn't be leaving open to the search engines. A classic example is; "not for distribution" confidential filetype:pdf or a more KW focused; "not for distribution" confidential, travel, filetype:pdf

So, I was doing some 'Twitter hacking' (using advanced search operators for not so nefarious tasks) and accidently found some Twitter dorking ops... and some scary ones too. Let me show you some examples

Twitter dorking for fun and profit

It is best to use a smaller city as larger ones might make finding the person in question a little harder.

TweetDeck

Now that we have that, we need to start finding some marks. The goal here being to get a database of people whom are known to tweet their locations that we can get personal data on such as where they live. Once you have that database, simply follow these folks and watch for them to tell you when they've left the house. Thus we have moved from Google Dorking, to Twitter Dorking... here's how it works;


Major Dork!

First up is Arthur Tavares. He has, regrettably, made it all too easy by actually Tweeting his home location via 4 Square. Not at all a tough one to sort out because he actually told us.

Aurther Taves

But we cross reference to be sure... now, we need to case the joint some using Google street view;

Arthur Tavares 2

Now, obviously the fastidious criminal should be acquainted with the city. Not only to be able to map out targets for further investigation, but also know the better parts of town. There's no point in hitting the lower end targets.

Are we getting the idea/problem here yet folks? Simply follow ol Arthur (and the rest of your targets) on twitter and wait from the next “I am at” tweet... and spring into action. You could even have a list at the ready for certain parts of town. Now for a few more.... just to get the hang of it and see how much of a bloody problem it can be.


Caty Carabillo – while we couldn't readily find information on Caty as far as address, we can get close by location info.

Equally important is that should be so choose, we now have some picture of her and do know where she is and likes to hang out thanks to 4 Square (and works, from LinkedIn).

Catherine Carabillo
Catherine 2

This means, as you probably guessed, we can simply follow her home, (from 4 Square hangout or work) note the address (case via Google Street View) and then...well, wait for the next tweet telling us she has left home. Not the same, but I thought it was worth showing. And Catherine? As a social media geek, you really should know better, m'kay?


Giancarolo Lopisani – is the next on our list. He's an interesting fella since he also tweeted via 4 Square his home location.

Giancarlo Lopisani

Oh, and just for fun we can also grab his cell phone number in case we want to call first to ensure he's not at home. You know, listen for street sounds etc.. while saying, “I must have called the wrong number"... sigh.

Giancarlo 2

And of course, we can get an idea of the area....


Vacation man! Serious DORK!

And last but not least, the scariest one that I came across in the very small amount of research that I did. Micah Philbrook. To create this post I had actually chosen the Boston area. As mentioned earlier, smaller cities are likely easier. Anyway, I was looking at one fellow that was tweeting his 4 Square info and I realized real fast that something was wrong... Here, look;

Micah

Yup, you guessed it, he is ON FRIGGEN VACATION!!!


Sakes alive this is gotta be a pretty bad idea. Follow the trail once again...


And well, you can start to see some of the problem here.


Refining the process

Now, I am not entirely thrilled about having to write this post, but it surely has to be said. At this point you could actually automate the process. You would start to include some demographic data such as only returning results to the more upscale neighbourhoods, with better jobs (LinkedIn connection) and so on. This could be nicely logged into a database which would make one helluva powerful tool. The application would create a twitter account for the part of town, follow the marks, run a cron evey say, 5 minutes, then text the crimminals when the targets leave the house. Simple to do really.

This is some serious shit folks.

As Terry (VanHorne) noted to me, “peeps are creatures of habit as well so... you could easily find peeps that were signing into the same place every day” and the same times of day and profile their habits. This is way too dangerous a game to be playing my friends.

And as Ralph (aka fantomaster) said, “ Unless they're all dumb (which I doubt), I'm fairly certain some parts of the mob will be leveraging this already. Saves lots of surveillance overhead, esp. if you're working with pre-qualified targets. The irony:having your home burgled while playing MafiaWars on your iPhone or from some cyber cafe..

And hey, while this is surely fodder for criminals, one can also see private investigators and others making some damned good use of it, think serving papers etc... If you are leaving personal data around, using Twitter and playing Four Square, you just might want to re-think things

Over/Out


NOTE; I was truly hesitant to post this because there is the obvious potential for the information here to be used for evil. I juxtaposed this with the need to make the public aware. I found even more ways this could be used, this post merely highlights some high level elements in hopes the word gets out. PLEASE do pass this along to everyone you know. Keep your online information closely guarded please.

PS; this has been thought of before, but not nearly on this scale

 

Comments  

 
0 # Peter Young 2010-06-22 13:22
Great post Dave, think it highlights just how easy it is to find out a persons whole life just from their online behaviour - and really puts the whole Facebook issue into the shade.

Social Media may not have the same issues as "real life" but that doesnt mean you shouldnt take the same precautions as you would in "real life"
Reply | Reply with quote | Quote
 
 
0 # Martokus 2010-06-22 13:41
Honestly I find this pointless. Even if a thief is interested in someone in particular he wouldn't trust some online service that the house is empty or whatever. That would be the lamest criminal ever, worse than the guys in Home Alone :-)
Reply | Reply with quote | Quote
 
 
0 # Dave 2010-06-22 13:46
Martokus - methinks yer not thinking it though. Criminals already case ops... this would just make things far easier to create a seed list of places to look at. Once more, we even went further with this as far as creating a program to do this. Demographic info an more. It would be an east system to create and running a cron job to alert folks when pre-qualified targets had left the house would be incredibly easy. You need to think beyond what we've posted.
Reply | Reply with quote | Quote
 
 
+1 # Roger 2010-06-22 14:14
This could work both ways. The first thing I'm doing is updating all my social media bios with "Rottweiler owner, demolition/booby-trap expert, and assault rifle collector. Nickname: 'Trigger Happy.'"
Reply | Reply with quote | Quote
 
 
0 # David 2010-06-22 15:23
I mean why would you!

As you have pointed out and other people have in the past its easy sometimes they have tips associated with their home such as "i live here"

Come on does anyone really need to know that or care?

also a funny post showing how even some social media types don't understand the risk in oversharing...
Reply | Reply with quote | Quote
 
 
0 # Dana Lookadoo 2010-06-22 16:17
So agree and have been thinking the same thing. Not only has this already been shown to be happening, but insurance companies in the UK are charging higher home insurance premiums to people active in social media.

The problem is not FourSquare or Twitter but the people using them.

Not only is it ridiculous to post where you are every moment, but most of us don't really want to know one's every movement (or thought - but that's a different topic).
Reply | Reply with quote | Quote
 
 
0 # Phil Bradley 2010-06-22 23:29
Sorry to break it to you, but this is very old news. Couple of guys created www.pleaserobme.com in which they ran a script on Twitter for Foursquare notifications, which they then posted onto their site. They've stopped doing that, but the site is still there so you can what they did.

The point was generally made that an easier way of working is just to case a place - just because someone is away from home, doesn't mean the place is empty, so it doesn't save much work for the burglar.

The important point, which is the one that everyone misses is that insurance companies are the ones who are likely to use this data and try and wriggle out of paying claims if someone is making their location known - they'll argue that they're not taking care of their property. Only a matter of time that a clause gets added. Wait and see.
Reply | Reply with quote | Quote
 
 
0 # Mike Wilton 2010-06-23 04:04
Great post Dave. You're not the first person I have seen do a piece on this, but I think you were the first person to go this in depth with it. This is exactly why I only check-in on Fourquare on the random whim, or if I'm trying to win back my mayor status at Waba Grill. lol

I'm amazed that people are Foursquare-ing from home though. That's just ridiculous, especially since you would have to add your home address for it to even show up in Foursquare.
Reply | Reply with quote | Quote
 
 
0 # Dave 2010-06-23 20:20
Actually Phil entirely did see that and linked to it. I think YOU are missing it. Those scenarios involved people you ALREADY knew... they weren't giving back home information for strangers. This one, if you think it through, could be used by organized crime for entire areas of a city. As I said also in the post, I left a fair bit out as it's wise to. But please understand a half assed programmer, a few of these sites, and you could send B&E teams real time data on pre-qualified marks. Much better a system than they currently use.

On and on... the original site didn't really catch the full scope of what CAN be done. And really, it's not about who feckin thought of it, we should ALL be writing posts about it until people get the picture here. Once more, could even be used for things far more dangerous as well.

Mike - it sure was odd and the more I dug into it, talked to my programmers, found more profiling information, the scarier it seemed. And for what? Shiny bobbles? A badge or to become the 'mayor'? sheesh.... not good at all.
Reply | Reply with quote | Quote
 
 
0 # micah 2010-08-23 08:53
hey david.
i'm micah, the "serious dork" mentioned at the end of your post.

i see your point. and it's pretty alarming.
i guess.

but just cause you can find info online doesn't mean it's accurate. (i.e. wikipedia)
surely you're aware of that?
for instance, the address you pulled up for me is wrong, it's almost 10 years old.
and i wasn't on vacation, i was working.
on a cruise ship.
for 4 months.
so consequently, i had no home, no place to rob while i was away. had you read any of my tweets or location sharing things, or even my blog, you ,ight have picked up on that.

but then doesn't help your sensationalist non original piece that you almost didn't post.

"this ain't rocket science".


-micah

p.s. thanks for calling me a dork. that means a lot coming from a guy that writes an SEO and internet marketing blog.

p.p.s i'm in NYC now for a show, timandmicahproj ect.com, not on vacation, despite what my tweets might have you believe.
Reply | Reply with quote | Quote
 

Add comment


Security code
Refresh

Search the Site

SEO Training

Tools of the Trade

Banner
Banner
Banner

On Twitter

Follow me on Twitter

Site Designed by Verve Developments.