GEO Tracking Online Personas

Fri, 30 Nov 2007 14:37:45 GMT

After I have released the paper on Web2.0 hacking/security, I've been asked, on a numerous occasion, to come up with some tools that can be used to better understand the security implications involved into these new technologies which I had referred to. Today, I would like to show you how easy it is to pin-point someone's geographical position even if they have never shared that information on the Web. Welcome to the world of digital stalking.

The idea is very simple. All attackers need to do is to get as much data about the victim as they can. Live data is the best option in this case. The attacker will simple enumerate various info sources such as blog feeds, twitter and flickr feeds, comments, etc that the victim has generated online. Then, they will feed that information into some of the free APIs that are available online in order to extract the GEO information, which is stored-in anf obscured form inside, and lay out the resulted data on a map.

I could have come up with a GEO data extraction algorithm myself although its quality wouldn't have been as good as the quality provided by Yahoo's GEO Extraction Pipes' service. Therefore, I followed my instincts and basic principles (reduce, reuse, recycle), and went ahead creating a very simple Pipe interface. The pipe simply grabs a feed of data and annotates each item with data about the places which the content refers to. The annotations are in GEO format (lat and alt). The resulted feed is yet again exported into KML and feeded onto a map (Google, Yahoo or Microsoft Live maps).

I've create an application that simplifies the entire process. All you need to do is to place some feeds and render the map. As soon as you enter a significant number of items, you will start seeing the bigger picture. The concentration of dots will help you to triangulate the person and possibly reveal his or her real GEO location.

File attached! Happy digging!

MegaemceMegaemce
Yeah, it's looks nice, but... it's not working. I realised that this GEOTrack works only when I use feeds.feedburner.com's rss. So, You can say anything about this project, but at this moment it's fake.
pdppdp
well, the concepts are there. the tool... well it is not very reliable. it is just a POC which I coded in 30 minutes. the reason sometimes you don't see any results is because the Yahoo Pipe I am using sometimes times out. In order to solve the issue just import the feed several times until it works. Or you can use the interface from here: http://pipes.yahoo.com/pipes/pipe.info?_id=UPBGkR1f3BGBCMxf6kjTQA
Awesome AnDrEwAwesome AnDrEw
I think it's pretty good for a rough example. I noticed that it seems to have trouble deciphering countries when there is a state with similar initials such as California and Canada. Perhaps you can expand upon it to look for more phrases in order to avoid this, but I like it pdp.
NIXNIX
thats really cool, and it worked for me you can begin to know your victims and there life patterns :D it worked for me ... nice work pdp ;)
MegaemceMegaemce
Ok, on Pipe it's working, but not as good as I thought. IMHO, RSS is not a good place where hackers should start looking for information. Better way is open Flickr, Digg, etc. and starting to looking for similar (to our aim) login.
ronaldronald
It works, I used this for over 5 years now. I owned a lot of pr0n websites that GEO located surfers, and presented them a payed dialer in their language. :) That works pretty good :)
pdppdp
I know it works cuz I already tried it life and proved that it is an effective way to extract GEO data. this is one of the things that we are going to face with the so called Web2.0.