_________ SWAT MAGAZINE ISSUE SEVENTEEN: MAY 1999 __________ / \___________________________________________/ \ / Information gathering \ / By -=The Firestarter=- \ ----------------------------------------------------------------------- I'm sure that a few of you out there will know about SWAT's information gathering techniques, well this time i'm going to look at a finding out somebodies full name and address from just there e-mail address. Yes it can be done with about 80% of the people out there as long as you have there ISP's e-mail address, and unlike the last time i went on about this, you don't have to hack anything. Let's use the e-mail address Anaylor@email.msn.com Why people use there e-mail address that comes with there paid for ISP account I'll never know, I mean if you want somebody to own you then that's the perfect thing to do. Ok so let's look at it, we know that there first initial is A and there sir name is Naylor, or maybe they used an alias like bumboy@email.msn.com, but i'll get to that in due course. So what country does our target live in? well the best way to get that information would be from there IP address, if you've got there e-mail address then chances are that somewhere you'll have an IP (maybe from a newsgroup post or an old e-mail), so you'd run a trace on it, I use Visual Route since it shows a map of the globe and shows you where abouts the IP terminates. Right we'll assume that A Naylor lives in the UK, perhaps you got lucky and managed to trace the IP address to a city, actually if you know the name of a city or town you can save yourself a lot of trouble, once again i'll get to how you'd find that out. Right so armed with his name, well his sir name and a city it's time for our first stage in finding out where they live. A quick visit to www.192.com (because he lives in the UK) and we'll search the UK info disk (If you already own the disk then you will save yourself a lot of online time), ok we'll put in his Sir name and the initial into where it asks for the first name, now put in the city or town where he lives (if you don't have a city or town, then leave it blank and get ready for a long night). One quick search later and you'll probably have about 10 or 12 entries to go though, most of these will obviously not be yuor target, since it wil probably give names like "Naylors" or "Naylories" or a load of other stupid spellings, only go for the names where the sir name is spelt right and the first name begins with the letter you entered. Ok so you'll narrow it down to a few people, from 10 or 12, you now may only have 3 or 4, in this case we'll say that they are "Alice Naylor" "Alec Naylor" "Adam Naylor" and "Andrew Naylor", so make a good note of there names and addersses (saves time later), and head over to www.bigfoot.com, here is where we narrow down our victim, we put in the name of our first suspect into the search box, did Alice Naylor come up with a result? nope, time to try Alec Naylor, BINGO we got a result. What do you know? it's also the e-mail address we tried to trace. How can we be sure that this is the Alec Naylor we're looking for? well look at the other bits of info that are there, things like the town etc, well since we only found one Alec Naylor on our little search through the directories, I think that you can safely say that you have found the person your looking for. You might want to look up the other people on your list as well, just to eliminate them. But since you already know that Alec Naylor owns the e-mail address Anaylor@email.msn.com then it's kind of pointless. So there you have it, you now have the full name, address and phone number of your victim, i could go on about how to get more information on them, but that goes beyond this article. Ok so what if they used an alias in there e-mail address? something like bumboy@email.msn.com well finger works wonders here, that would get you there name, well in a few cases it will. I'm sure that you all know how to use finger? well simply telnet to port 79 of msn (well ok, so msn doesn't run finger like that, but hey, this is hypothetical) and type in: bumboy if your lucky then you'll get some interesting information, but all your really after is there name, you might get lucky and get a lot more information, it all depends really. So now you've got there name, time to trace them (just use the above method). Right what if you've encountered a few problems with your tracing? maybe you don't have a city or perhaps finger failed to work, time for a little social engineering, just when uou though you didn't have to talk to a scary operator, but don't worry, remember that operators are paid to help you and answer your questions. Ok so first off you'd need a little valid information on them, best to make them e-mail you, either a fake "please reply with the subject "remove" to unsubscribe from hot studs gay newsletter" or something similar, ok await your reply, what do you have? a valid IP address and a time, ok now to give MSN's support line a ring. Ok this is the good bit (well the bit where you get to talk to a loverly operator), right a number of excuses can be used, a good one might go like this: Op: "Hello, MSN support line; underpaid operator speaking" You: "Hello there, my names Michael Patterson, I'm in charge of an FTP server known as Leecher's, i wish to get some information on an MSN subscriber who recently logged onto the FTP server" Op: "What?" You: "OK, on the 7th of this month, at about 7:30pm an MSN subscriber logged onto the FTP server, I know that because of the e-mail address left on the servers logs and the IP address confirms it" Op: "Ok, so what's the problem?" You: "Well i need to check up one or two things because of a problem that we had" Op: "What's the problem?" You: "All i need to know is if the address bumboy@email.msn.com is valid and belongs to a Mr Michael Hunt" Op: "Erm, hang on let me check" Op: "No sorry, that address belongs to a Mr Alec Naylor" You: "Ok then, thanks, we just had a mix up with the records and i didn't want to bill somebody else, thanks again" Well you get the picture. Just make something up, a good excuse for needing to know just who owns that e-mail address, or course you can always go for there whole address, it's all down to you. Well that's one way to do it, in the near future i'll go into some more ways on how to find out information on anyone, and how to stop people from finding out information on you.