So it doesn’t sur-prise me when I see police reports like the one shown in Figure 11.62... Figure 11.63That Means Your Victoria’s Secret Account Info Is TooThis police report records the
Trang 1This file also reveals the product key of the installed software, which could be re-used to
install the software illegally Last but not least, check out Figure 11.61, submitted by CP
Figure 11.61Hey, Can I Get All Your Web Passwords?
This document lists usernames and passwords for various websites.The document was stored on a website, presumably to allow the owner easy remote access to it However, at
some point the document’s location was made public, and Google dutifully crawled it
Remember, public websites are generally just that—public Don’t combine public and
pri-vate data without a great deal of forethought
Police Reports
From what I understand, most police records are a matter of public record So it doesn’t sur-prise me when I see police reports like the one shown in Figure 11.62
Trang 2Figure 11.62 Police Reports Are Public Record Okay.
However, when I find a police report like the one shown in Figure 11.63, I begin to question the sanity of posting unfiltered police records
Trang 3Figure 11.63That Means Your Victoria’s Secret Account Info Is Too
This police report records the details of a theft of a woman’s purse.The problem is that the contents of the woman’s purse are listed in great detail, including the account number of her Victoria’s Secret card! This is not the only occurrence of such a detailed police report
found on the web Figure 11.64 shows another more revealing report
Figure 11.64 Robbed Twice, Thanks To Open Police Reports
Trang 4This report details another petty theft, this time listing the account numbers of the Visa and MasterCard credit cards that were stolen It’s very likely that the cards were cancelled immediately after they were reported stolen, but the police report shown in Figure 11.65 lists personal numbers that are not as easy to replace
Figure 11.65 Police Report Triple Robbery or “Mom, I have bad news”
In this case, not only is the victim’s driver’s license number posted, but their social security number is listed alongside their mother’s driver’s license number—all of this posted on a public website, ripe for an identity thief ’s picking.1
Social Security Numbers
The Social Security Number (SSN) is the most sensitive piece of information a United States citizen possesses Even an inexperienced criminal can use a pilfered SSN to establish a bank account, open a line of credit or more—all under the victim’s name In this section, we’ll take a look at some of the ways an individual’s SSN may end up online Be advised that like the other sensitive searches in this book, every effort has been taken to obfuscate the selected documents and obscure the Google search that was used to locate them
In most educational facilities, it is common to assign an identification number to stu-dents in order to keep their grades and personal information private However, as shown in Figure 11.66, the identification number most often used is the student’s social security number
Trang 5Figure 11.66Social Security Numbers as Student ID Numbers
The SSN by itself is not necessarily a big deal, and when posted alongside student’s grades (as shown in Figure 11.67) the system works well to keep student’s progress private
Figure 11.67“Anonymous” Student Numbers and Grade Postings
Trang 6However, in many cases, student’s names are posted right alongside their Social Security Number, as shown in Figure 11.68.This of course destroys the anonymity gained by using
an identification number instead of a name
Figure 11.68Names and Social Security Numbers Together Again
In some cases, these documents are not intended for public viewing, but somehow end
up on Internet-facing websites.This is, of course, an unsafe handling practice and the docu-ments end up in Google’s cache.The document shown in Figure 11.69 was discovered sit-ting in an open directory by an anonymous Google hacker Notice that it lists student’s names, SSN and more.To make matters worse, this document was found on a US
Government training facility website.The document has since been removed
Trang 7Figure 11.69 SSN and Names, an ID Thief’s Birthday Present
Social Security numbers appear on the web in other ways, most notably through user ignorance.The resume request shown in Figure 11.70 lists an individual’s SSN in a message
group post
Figure 11.70Hire This Guy Here’s His SSN
Trang 8The document shown in Figure 11.71 is known as curriculum vitae, or a CV I wasn’t sure what a CV was, but after a bit of research I discovered it is a sort of résumé for really smart people
Figure 11.71I’m Smart Want to See My CV?
As for me, I think I’ll keep my plain old résumé, especially if maintaining a CV means that I have to publicly expose my birthday and social security number Finally, check out the spreadsheet shown in Figure 11.72 which lists the name, date of birth, sex, date of hire and SSN of a company’s employees
Trang 9Figure 11.72Employee Out Of the Closet Day
Credit Card Information
Credit card numbers are obviously very valuable, and should be kept well protected
However, as we’ll see in this section, those numbers can be found on the web with very
little effort Figure 11.73 shows a relatively small document that lists a Visa credit card
number alongside the associated expiration date
Trang 10Figure 11.73Google Hacking Credit Card Info
Figure 11.74 shows a larger document that lists no only credit card numbers and their associated expiration dates, but also the card certification value (CVV) number which is often used to validate that the card is in the hands of a legitimate bearer
Figure 11.74Google Hacking More Credit Card Info