How to hunt somebody down on the internet – Part 1.

Posted by Pointman on August 7, 2014 · 31 Comments 

What I’m going to show you here requires no technical skills – anyone with a basic knowledge of surfing the net can do it. What is does require though, is some imagination, patience and a degree of persistence. It’s totally legal and is not hacking, though it uses some of the techniques of the reconnaissance phase of a well-constructed external security breach. The intent is to give the ordinary person some basic techniques which they can build on in their own time. If you do happen to have some technical skills, you’ll be able to add a lot of additional methods yourself.

Some caveats and guidelines before we go any further.

There is no guarantee that you’ll find whoever it is you’re after. To a large extent, success or failure depends on how much time, creativity and effort you’re prepared to put into it. Where it’s come down to a choice between being strictly accurate in a technical sense and clarity, I’ve gone for the latter because of the intended audience, but it’ll still be functionally accurate and I’ll try to flag those points up where required.

As usual with any topic that’s even just a bit technical, there’s always more to everything that’s going to be discussed, but I won’t be diving into an unnecessary level of detail because I want to keep this article clear and uncluttered for the people I hope it will be useful to. Yes, there are quicker and slicker ways of doing some of the things I’ll be demonstrating, but again I’ve gone for simplicity.

I’ve added several links to relevant articles on this blog in the text. Feel free to click them or not, they’ll open up into new tabs, so you won’t lose your place in this article. If you decide to do some hunting yourself, I’d recommend you reading them all. In this area, the 6 P rule definitely applies.

A couple of years ago, I wrote an article about my interactions with a person wishing to play some comment games here under an anonymous name. I went into some detail doing an analysis of each of their comments, but from the viewpoint of picking out grammar tics which could be used to track them down and identify who they actually were. When I’d collected enough of these tics, I unleashed what I called my spiders to crawl the net to find them, which they did.

Before getting into the detail of the methods by which you can do that, it’s necessary to step back and consider the problem from a higher level of abstraction, but even before doing that, there are a couple of relevant misconceptions about the internet that you need to be aware of.

The first one is that whatever you’re doing on the internet is private. It’s not.

The internet is really one giant big tape recorder. Everything you do on it is logged by your internet service provider (ISP) because they’re obliged to do so by force of legislation, except when it comes to the NSA, GCHQ and similar organisations who steal most of their information directly – if you don’t believe me, just ask Angela Merkel.

Everything digital is logged; all internet activity, any email interaction and the same applies to your mobile phone for calls, texts and internet usage. It doesn’t need a specific court order or anything, because everything that everybody is doing gets logged. It’s very democratic like that; absolutely everyone is being snooped on. That’s the reality. Nominally, the only people who can access those logs are law enforcement and the internal and external security services.

Your phone calls, your texts, your emails, your web surfing – they all in the end come down to electronic packets of information shuttling back and forth between computers. Think of the whole lot of them as old-fashioned letters.

Every time you post one, there’s a guard standing by the mail box who writes down your name, the name of the recipient and some details about the content. When a letter arrives at your house, there’s another guard posted in front of your door who writes down the equivalent details of anything coming through your letterbox. If you are a person of interest, all letters will be opened and photocopies taken.

Wiping your browsing history off your computer or clearing the call history on your mobile phone is irrelevant, because all the logging has already been done by the respective service provider at their data center. In the case of serious crime, the first thing law enforcement does is to pull those logs.

It’s an irony of the modern age that the most secure method of communication an ordinary person can use is a hand-written letter posted at a random location to an agreed accommodation address for pickup by the recipient. Despite all the advances of modern technology, it can’t be used to open every letter. Even intercepting them is almost impossible, most especially if someone else is doing the posting or collection for you.

It’s a useful anachronism that many countries still need an individual court order to legally open your mail, and I’ve heard stories of things like a surveillance-aware individual posting twenty letters at as many widely spread locations, timing each posting to be minutes before the box was due to be emptied. Try getting a court order from a judge quick enough to cover that lot before the letter is safely hidden in the millions of others in the postal system. Pulling moves like that is how you wreak havoc on even a good surveillance team.

Anything on a digital medium has to be considered as already compromised, but there are ways around that. A piece of paper as I’ve already said, is obviously immune. The Syrians got within touching distance of completing the construction of a weapons-grade nuclear refining facility before anyone knew a thing about it, by rigidly enforcing the rule that any and all communications about it were to be on paper. The Israeli air force hurriedly levelled it but the lesson was pretty stark. Because of a dependence on high-tech, super-duper technology, a clever off the grid low-tech approach had slipped completely under everyone’s digital radar for years.

Interestingly, within hours of the strike, the Israeli PM sent a message to what passes as the Syrian PM, the essence of which was – if you don’t do the unprovoked Act of War whinge to your Arab brothers, who anyway won’t be that pleased at what you’ve been up to, we won’t crow about penetrating deep into your airspace undetected and flattening your most vital project. There wasn’t any reply, but not a word of the raid ever hit the headlines in either country.

The second misconception is that you’re anonymous while on the internet. You’re not.

Every message between the computer you’re using and the computer you’re communicating with has both a sender’s and recipient’s Internet Protocol (IP) address. An IP address is a number which uniquely identifies every computer connected to the internet. When you click on a link and in response a new web page appears on your screen, the computer that sent it had to know which computer on the internet to send it to. It used the return IP address on your original click message. Using the letter analogy again, the front of the envelope containing any communication has the intended recipient’s address written on it and the sender’s on the back.

There are many techniques, some technical, some physical, to mask your IP address for a while or to ensure that when a back trace has eventually burned through to it, you won’t be at that location. Interesting though they are, they’re not germane to this article, but I would like to talk about them at a future date for a different article on internet privacy.

The big message here is that if you’re considering doing something naughty, don’t involve anything electronic in it. Hunting them down like a mangy dawg is one thing, taking your revenge on them in some criminal way is something you do at your own risk. If you’ve gone to the trouble of exercising imagination, brains and creativity to find them, then using those same talents to redirect their efforts into activities more favourable to you is a bigger payoff. Failing that, I suppose there’s nothing wrong with mounting their head on a stick as an example to others.

Okay, hopefully you’ve now got a context for the jungle we’re about to go hunting in. Final equipment check, lock and load, and in we go.

As a private individual, there are only three broad methods you can use to identify them; their IP address, social engineering and something, which for lack of a term which doesn’t sound like an obscure branch of calligraphy, I’m going to christen Fist Analysis, because that’s actually what it is. FA for short, by the way.

I was tempted to give it the grandiose name of fistology, but I tend to avoid ologies and anyway, it occurs to me that particular name might be open to some pretty rude connotations. Then again, depending on how evil your intentions are, it might actually be quite accurate. I’ll be moving on to what exactly social engineering is shortly, and yes I know, stop calling you that.

If you have their IP address, it usually narrows their location down to somewhere in a general area, which though useful, is not precise enough. If you don’t have their IP address, it’s not an option. If you do happen to have it and can convince a court to compel their ISP to turn over their name because a civil or criminal offense has arguably been committed, you’ve got them.

However, a court order issued by a magistrate in British Columbia to an ISP located in Murmansk will most likely end up in a Russian paper bin. Also, it really doesn’t need much technical expertise to leave a misleading IP return address behind on a one-way communication like a comment dropped on a blog. As no reply to the sending IP address is required, a spurious return address causes no problems. For a private individual, IP addresses are rarely a realistic option.

The second is to use what’s called social engineering, which is just a fancy name for tricking people – in this particular case getting them to give you their name or enough identifying detail to find them. There are absolutely a zillion ways of doing this but they all come down to research, reading the mark correctly and how imaginative and daring you are. The height of cheek works brilliantly. When you get it right, there’s no better buzz.

The method is best illustrated by discussing a few examples of it in action.

For instance, if they’re a real domineering type, join his gang because every bully will always accept the attention of a new and suitably meek follower. Just create your own troll identity and slowly ingratiate yourself as one of their fawning lackeys. Start slagging off the climate criminals, the deniers and anyone else they don’t like, but always wait and follow their lead. I find getting in touch with my submissive female side is particularly successful with those personality types. Even in cyberspace, the faint possibility of a shag works wonders.

Please them, stroke them, be shameless, flutter those Betty Boop eyelashes at them. Swallow your ego, become a lackey, join Henchmen R Us. Take your time, flatter them, wiggle your sweet ass at them coyly while flicking them that old over the shoulder come hither glance. Move slowly towards an off-blog email conversation and they’ll begin bleeding information about themselves.

If you’ve stayed in role convincingly but still don’t have their name, all you have to do is wait patiently for something like their birthday, when you’ll of course want to send them a card or little present in grateful recognition of their sterling leadership against the denialist hordes. Bingo, you’ve got them! Personally, I always send the present because that particular approach is a relatively large investment of time that’s only justified if you want to keep on-going track of someone of interest. If they’re leaking interesting stuff, why blow a good information pipeline to satisfy nothing more than personal pique?

If you read them as some sad angry individual starved of attention in the real world, why not cast yourself as the alpha male, irrespective of whether you’ve got dangly bits or not? Go butch, occasionally throw them a few grudging sugar lumps of recognition and watch them trying to wheedle their way into your affections. If you’ve read them right, you’ll soon have a bingo, and possibly a few presents from a grateful lackey arriving at an accommodation address.

The reverse, a quick frontal assault approach, can work once in a while. Again, it just depends on your reading of them. The angry ones tend to be easy to manipulate. Years ago on James Delingpole’s blog at the Telegraph, a very aggressive troll calling himself Ruari burst onto the scene, challenging anyone who disagreed about global warming to meet up with him for a fight or shut up. If you thought being a skeptic was a tough gig nowadays, you should have seen the pure hatred directed at us five years ago when climate hysteria was at its peak.

After a period of fun taunting him mercilessly so he’d lose his rag, I accepted his challenge, giving him an email address I’d just set up to arrange a venue. He duly sent me a message from his troll email address, which I taunted him for not having sent and calling him a coward. Everyone else, as if on cue, started giving him hell for ducking out of a fight he’d picked. He got so enraged at me (an effect I seem to have on some people) and successive emails apparently not getting to me, the idiot finally used his personal email. Bingo, a name!

Of course I outed the violent little thug and by the time the skeptics there had finished picking over the sad bastard’s real internet life and generally giving him a hard time, he ducked out and back under the slimy rock he came out from under, never to be heard of again. I couldn’t find that exchange at the Telegraph, it was probably deleted when that discussion killer called DISQUS was introduced. If anyone can or has a record of it, please post a link.

It was a pity he bingoed so quickly. I had intended to eventually name a date, time and a suitably remote and desolate location for the big rumble but with absolutely no intention of turning up and every intention of slagging him off for not appearing there. Never give a sucker a break, never mind an even one – always manoeuvre them into the lose-lose zone.

Angry in-your-face trolls like Ruari have no long-term utility, but they’re a good way of sharpening up your quick people reading skills. They come after you hard, so read them, turn them, twist them, burn them and spit them out the other side. Use their anger and momentum against them; it’s internet Jujitsu.

The lesson here is that before plunging straight into more technical methods of locating them, always try to read them, get a feeling for who they are and what they want, and think of a way of utilising it. To do that, you should scour the internet for any and all comments they’ve made. In the second part of this article, I’ll go into some techniques on how you can do that more precisely.

Sometimes when doing the research, the information you’re looking for is found just a few clicks away from a comment they made elsewhere. On hostile turf, they’ll naturally be careful, but on what they think is safe ground they sometimes let down their guard. An example of exactly that was reported by a lady called Creeperoo on this blog. I hope she’ll forgive me for saying so, but she was far from being a technical whizz kid and yet once she read it was possible to find them, she still bingoed the creep once she went looking for him.

The big advantage a social engineering approach has for the ordinary internet user, is that it requires no technical expertise, but it always requires some research, imagination and a slightly cheeky personality.

Despite my best intentions, this article has already comfortably cruised through the three thousand words barrier and is still heading north, so I’m going to cover the fist analysis approach in the next instalment, but I’d like to leave you with some overall thoughts and a few guidelines on using social engineering.

Everyone is always en garde against a frontal assault, so they focus on that axis of attack. What they are rarely prepared for is the unthinkable, because by definition it actually is unthinkable. Never go after them with a tomahawk from the front, but rather something totally out of left field. Get in close, wiggle yourself into the protection of their closed ranks through any available chink in their armour, become a virus floating along in their bloodstream which they’ve long ago ceased to notice. Think the unthinkable, plan carefully, do the preparations and when you’re ready, be resolute in execution.

If you’re a regular visitor here, you’ll probably have realised by now that I’m fond of using the method, but usually for longer-term objectives or the occasional bit of fun or devilment – though which is which, take your pick. Breaking through a troll’s anonymity undoubtedly has a momentary satisfaction, but its effective exploitation over a few years pays bigger dividends. It’s usually slower than the fist analysis approach but when that fails, it’s always my reliable fall back.

To do it successfully, you absolutely have to get inside their head. That’s vital. If you can’t do that, you’re unlikely to succeed. Do your homework, take your time, read everything of theirs you can find. Study them, see the world through their eyes, find a way to love them. Mull it all over and when you’ve done all that, a natural approach usually suggests itself.

Then you have to use your intelligence, imagination and your keyboard to weave a beguiling but false reality for them, one you’re sure they’ll really want to believe in. It’s a sort of courtship. If you’ve read them accurately, they’ll fall for it because they want to. Late into the relationship, they might even begin to vaguely suspect, but they won’t want to know for sure. By that stage, you’ve got a lot of ammo on them and they’ve actually got nothing on you. You own them.

If you take on a persona, then maintain their legend, not only the broad details but the continuous day-to-day evolution of their life, their travails, their ups and downs as well as the obvious mechanical things such as setting up their own email account. Be them, live them online but never ever link them electronically to yourself. They are your cut-out. If it all goes pear-shaped, you should be able to just walk away from them at a second’s notice.

If they don’t take the bait, it’s because you’ve misread them or been clumsy. Dump the approach persona, go back to researching them and after a few months take another pass at them.

If this all sounds vaguely like espionage, that’s because it uses the same deceptive elements and some basic internet tradecraft, but we’re talking the subtlety of John le Carré here, rather than the shoot the Baddies approach of the James Bond fantasy.

Be safe. Your intention should always be to get nuggets of information out of them without ever giving them a single damn iota of useful information about yourself. If you realise you’re the one bleeding information, get out of there – they’re playing the game better than you.

At its heart, this piece is about empowering you. You do not have to endure malicious, aberrant or anti-social individuals persistently spoiling your enjoyment on the internet. It’s up to you. They are findable, you yourself can do that, and once found, even the merest hint of naming and shaming them is enough to rid yourself of them forever.

Be careful, but do give it a try and happy hunting. Let me know how you get on.

©Pointman

Part 2 of this article is here.

Related articles by Pointman:

Anatomy of a computer hack.

Moderating, trolls, soup ladles and Ethics.

Social engineering as a long game.

Social engineering as a short game.

Intentions, profiles and predictability.

Let’s be safe out there.

Click for a list of other articles.

 

 

 

Filed under Article · Tagged with Fist analysis, Hacking, Profiling, Social engineering, Trolls