GEO Tracking Online Personas
After I have released the paper on Web2.0 hacking/security, I’ve been asked, on a numerous occasion, to come up with some tools that can be use to better understanding the security implications involved into these new technologies which I had referred to. So I did that by introducing the Renaissance project, which was more developer oriented. That was still not enough, so today, I would like to show you how easy it is to pin-point someone’s geographical position even if they have never shared that information on the Web. Welcome to the world of digital stalking.
The idea is very simple. All attackers need to do is to get as much data about the victim as they can. Live data is the best option in this case. The attacker will simple enumerate various info sources such as blog feeds, twitter and flickr feeds, comments, etc that the victim has generated online. Then, they will feed that information into some of the free AIs that are available online in order to extract the GEO information, which is stored in a hidden and obscured form inside, and lay out the data on a map.
I could of come up with a GEO data extraction algorithm myself although its quality wouldn’t have been as good as the quality provided by Yahoo’s GEO Extraction Pipes’ service. Therefore, I followed my instincts and basic principles (reduce, reuse, recycle), and went ahead creating a very simple Pipe interface. The pipe simply grabs a feed of data and annotates each item with data about the places which the content refers to. The annotations are in GEO format (lat and alt). The resulted feed is yet again exported into KML and feeded onto a map (Google, Yahoo or Microsoft Live maps).
I’ve create an application that simplifies the entire process. All you need to do is to place some feeds and render the maps. As soon as you enter a significant number of items, you will start seeing the bigger picture. The concentration of dots will help you to triangulate the online persona and possibly reveal their real GEO location. If this is not hacking like in the movies, I don’t know what it is then.
comments
Yeah, it’s looks nice, but… it’s not working. I realised that this GEOTrack works only when I use feeds.feedburner.com’s rss. So, You can say anything about this project, but at this moment it’s fake.
well, the concepts are there. they tool, well it is not very reliable. it just a POC which I coded in 5 minutes. the reason simetimes you don’t see any results is because the Yahoo Pipe I am using sometimes times out. In order to solve the issue just import the feed several times until it works. Or you can use the interface from here:
http://pipes.yahoo.com/pipes/p.....CMxf6kjTQA
enjoy
I think it’s pretty good for a rough example. I noticed that it seems to have trouble deciphering countries when there is a state with similar initials such as California and Canada. Perhaps you can expand upon it to look for more phrases in order to avoid this, but I like it pdp.
thats really cool, and it worked for me
you can begin to know your victims and there life patterns :D
it worked for me … nice work pdp ;)
Ok, on Pipe it’s working, but not as good as I thought. IMHO, RSS is not a good place where hackers should start looking for information. Better way is open Flickr, Digg, etc. and starting to looking for similar (to our aim) login.
It works, I used this for over 5 years now. I owned a lot of pr0n websites that GEO located surfers, and presented them a payed dialer in their language. :)
That works pretty good :)
I know it works cuz I already tried it life and proved that it is an effective way to extract GEO data. this is one of the things that we are going to face with the so called Web2.0.