It took me 5 minutes…


‘On the internet, no one knows you’re a dog…’


It took me 5 minutes to find out everything about him, including enough to effectively guess his Facebook password outright. 5 minutes. No tricks, no dirty means, no hacking accounts, just a simple internet search and a name.

In my free time I admin a group forum for a friend, so part of that includes being present during discussions and keeping an eye out for any suspicious activity. Last night started out as any would, with similar posts and questions, people posting memes and discussing their favourite TV or book series. The forum is public, anyone can join and anyone can look at topics posted. It is advertised as family friendly, so anything untoward has to be announced in the topic as an 18+ post.

The individual in question (we’ll call him the target), I discovered, likes guns, Hawaiian shirts and (apparently) dead bodies. The individual in question was very open about sharing his hobbies in the form of posting extremely graphic images through the forum, regardless of the post subject. I found no less than 10 images, each as disturbing in nature as the last and much to my surprise, he was very open about sharing his name. Unfortunately, in the great expanse of the internet, that’s all you need. The standard procedure is to simply ban such an individual and carry on, but this particular incident had me wondering. First of all, where did he get such images? Of course, the internet (and all its wonders) could easily provide such imagery for those willing to seek it out. Secondly, why would anyone post these sort of images in a forum? The thought disturbed me enough to investigate and my investigation didn’t take long.

It’s not the first time it’s taken me zero hours to get information about someone online – whilst buying tickets for an event that was known for selling out quickly, I called my friend to ask if he had signed up. He was on his way to a gig, with no way to sign up and pay in time. So I said I would take care of it. Within a similar time frame, I had found his address, home phone number and his regular online username. I found his shoe size. I signed him up and paid for his ticket. All I had was his name.

There is one relief here; whilst I managed to get enough details to sign my friend up for the event, I still had to pay using my own card details. I’m not clever (or dastardly) enough to get his credit card details.

Here’s the issue: if all these details were that easy for me to find, imagine what someone with skill could do. I am not a hacker, I’m not an IT genius. I can just about fix my own computer (with the help of Google).

Initially, the details I found on the target seemed relatively harmless, but it was enough to physically locate him, which is disturbing. I didn’t need to be an IT genius or track anyone’s IP address to get this information, but if I knew what I was doing and I knew what to look for, there could be no limit to what I could access. All I had was a name. I could essentially become a stalker at this point, it was that easy. In fact, many people do stalk others online. A recent study by the charity Women’s Aid showed that 41% of women reported that they had been stalked online by a partner or ex, with Facebook named as one of most common platforms.

What is condemning about this is the fact that all of the information I found on my own hunt had been willingly volunteered by my target. He had willingly and happily given all of this information in the form of social media. His likes, dislikes, the name of his dog, his favourite colour, his hobbies… All of these things can be used to create a map of him. His life is there on my laptop screen and if I knew what to do with that information I could do a lot of damage. What I actually did, was hand over his details to the mods so that he could be banned and wouldn’t be able to sign up again, at least not with any of his current email addresses or identities. I’m certain he isn’t actually in the process of committing a crime, but the nature of his trolling was so disturbing that I felt compelled to find out. I didn’t expect to see so much. I have a photo of this person holding a gun and boasting about his activities with it. I know what his mother looks like. I know what schools he went to. I know what his house looks like thanks to Google maps and thanks to Google’s imaging service I found the source website of all the photos he had uploaded. I could have sent all the screen shots to his mother personally via Facebook, as well as a list of questionable websites her son visits, but I don’t know what response I would get and to be honest, it is creepy.

Looking at another’s life is creepy to me. I knew things I didn’t want to know, I have seen things I didn’t want to see and what has been seen, as is often with the internet, cannot be unseen. Another administrator may have just banned him and moved on.

The point is, if you were so inclined you could potentially ruin someone’s life. How often do I think back on my own existence within the internet, how much would I find about myself? How easily could someone ruin my life? How many photos, blog posts, forum comments? How many details, that 10 years ago I thought would make me more likable and more accessible as a human being, could be used to make a map of me?

Most of us assume that because we are just ordinary people, we have nothing that anyone would want to take. If we stopped and thought about it, we would start to realise that actually, we have quite a lot to lose.

Shredding all your paperwork might protect you from people rummaging through your garbage, but really they don’t need to do that anymore. They have your social media accounts. They have Google. They already have everything they need to know about you, right at their fingertips.

So what can we do about it?

  • make a list of all your social media accounts, including shopping accounts like Amazon or Ebay. Every time you sign up to a site add it to the list so that you can keep track of every site you signed up to.
  • Use a strong password (we’ll talk more about this later). Your password is your shield. You lock your front door to make it difficult for people to get into your house – use the same logic for your online accounts.
  • Don’t save your payment details on shopping sites. I know they all offer the option for convenience, but I never save details on shopping sites. I don’t link sites either. It does mean an extra minute to order something, but to me it is worth that minute to not lose my credit card details to a stranger.
  • I realise that there are accounts that require you to use your real name, but is it really necessary? Facebook requires users to provide their real names, as does Linkedin. This can’t be helped if you sign up and agree to use their services. That doesn’t mean that you have to share that with the world. There are a number of privacy settings on both sites that can significantly reduce what people see when they look at your profile.
  • It might be tempting to fill in all your details on Facebook, but resist. You don’t have to put where you live, work, spend time or where you eat lunch every day. If I can find it, someone else can find it and they might not have your best interest at heart.
  • Most hackers don’t care about your Facebook or Twitter accounts because they have better things to do, like hacking celebrity accounts or shutting down Xbox live. The people that target you will most likely want your email addresses so they can delve deeper, to your shopping accounts and your Paypal – that’s where the money is kept. If they can get your Facebook account, it will be likely that they can get your Hotmail/Gmail as well.
  • In terms of privacy: This may seem like an obvious one but avoid putting up every single photo you take. Photos are very easy to trace to origin (thanks to Google) and the more incriminating ones can ruin your (current or future) career. My target, who is obviously a teenager, didn’t have the sense to put his Facebook to private, so any potential college/employer could find him, look at his pictures and see what kind of human being they might be employing. Guaranteed they won’t be hiring him.
  • Employers aren’t allowed (and rightly so) to discriminate candidates for their ethnicity, religion or political persuasion, but it doesn’t stop them from looking at you as a person and deciding if you fit as an employee. If they see something about you that they don’t like, it may hinder your chances of being employed.

It shouldn’t happen really. People shouldn’t use your life as a means to better their own or indulge their boredom by terrorizing others, but they do. As surely as death and taxes, there are those using the internet who are out to do harm.  There are hackers, identity thieves, stalkers and worse, all using the internet for their own doing. Let’s not make it easy for them.

– Blog post by Jess Brown.

I work for Invicta Linux, Business specialists in Data, Security & Communications. If you are a business owner who is worried about online privacy, give us a call on: 033020201389

Leave a Comment