Digital Footprint – “Googling” Yourself
I originally posted this post on understanding your own digital footprint on LinkedIn as an article, then remembered I haven’t written any content for this blog in about 400 years, so I thought it would make sense to add it here too. I finished my book last summer (and you can buy it now from Amazon – That’s a UK affiliate link so I’ll make a few pence extra if you are kind enough to purchase). But after finishing the book I needed a break from writing and I was super busy launching my business too, so writing blog content fell by the wayside a bit. So, sorry! But I am keen to start posting more regularly and contributing back to the community, so keep it peeled for more OSINT and CTI goodness!
When was the last time you “Googled” yourself?
When was the last time you “Googled” yourself? Or instead, considered your digital footprint?
I bet it’s not very often, is it? And yet, you’d probably be quite astonished at what information is out there about you. Your digital footprint likely contains dozens if not hundreds of disparate pieces of information that can be used to target you directly.
Yes, you. Not a random person on a bus or in another city, you.
Whether it’s those Myspace photos from when you sipped apple sours in some dingy nightclub, or you left a phone number on a classified advert, the Internet never forgets. And (un)luckily for us, neither do the villains. You see, by piecing together little tidbits of information shared across several disparate places, you can start to form a good idea about someone, their life and other things you probably wouldn’t want a determined adversary to know.
Like the fact you log into your favourite high-brow adult entertainment site with the same username you use on social media, or that innocent photo of your kids on a school trip gives away their exact location at that time. If you’re the CEO of a multi-national, that makes them an attractive kidnap target for anyone looking for a quick payday. And all because your Instagram or Facebook was a little too public.
Data Breaches are your worst enemy
And that’s before we even think about #databreaches. Did you know that there are places where you can just get that information? Suddenly it’s not only your email address you left on a forum post in 2011; it’s your password that you definitely didn’t re-use everywhere else, right? If you’re lucky, it’s just some cheapskate using your Netflix logon to watch movies, if you’re not… Well, I really hope your banking details are kept more secure. And when did you last check or even sign up for alerts from services like HaveIBeenPwned?
Imagine all this starting from a simple Google search. It can, and it does happen. Now imagine that the people targeting you are more capable than just doing that – They have tools to do it at scale, access to breach data and where to use it. They understand your hobbies so that they can target you more directly. And then they get your home address – That extension you had built a few years ago gives them the properties floorplan, an indication of what each room is, and Street View lets them remotely check out how they may want to access your home.
All from nothing – They’ve likely never met you and almost certainly never will. Whether it’s selling your banking information, stealing your streaming service credentials, targeting your or your family because you have wealth – It’s likely nothing personal. You’re just in the wrong digital place at the wrong time.
Utilising information in the public domain, or OSINT (open-source intelligence) as we call it in cybersecurity, is one of the most significant pools of information in the known universe. This is reflected by wider industry starting to use it to support #cyber defence, protecting businesses and technologies at a considerable scale. But the part that always falls by the wayside is you, the human. Mainly because a company will only protect you to the point it serves the business, and your personal presence online is your mess to sort out. Harsh, but ultimately fair, you’ll probably agree.
So I’ll ask again when the last time you Googled yourself was? I’m hoping it’s today. And if you want to understand just how this is done – Consider looking at tools like Maltego and Spiderfoot, which help intelligence analysts research this kind of information. Bear in mind how these tools could be turned around, and then consider why your own digital footprint is something you should be very aware of and actively reducing. As always, you can reach out to me on Twitter and LinkedIn if you have any questions.