Big Brother vs Little Brother: On-Line Detective

Online Detective

TODO: Add blog post prompt about personal security and what can be found online.

Overview

Students will use online resources to learn as much as possible about a “target”. This type of reconnaissance is commonly used by hackers as part of a social engineering attack.

Purpose

Teach students about the publicly available information and what can be learned by going through official data sources to find information about someone.

Objectives

Students will be able to:

  • Use publicly available data to research a person
  • Identify what information is publicly available

Preparation

  • Find sites for publicly available data in your area.
  • For the Teacher
  • For the Students

Vocabulary

Teaching Guide

Getting Started:

  • Discuss the existence of public records and how they are accessed.
    • Discuss why these records are public.

Public Records:

  • Omaha Assessors Website
    • http://www.dcassessor.org/home
  • Data Omaha - Public Salary and Other Data
    • http://www.dataomaha.com/salaries
  • Sex Offender Registry
    • https://sor.nebraska.gov/
  • Driving Record Search
    • https://www.nebraska.gov/dmv/dlrcc/index.cgi
  • Voter Registration Records
    • https://www.votercheck.necvr.ne.gov/VoterView/RegistrantSearch.do

Other Search Tools:

  • Spokeo:
    • https://www.spokeo.com/
  • Pipl
    • https://pipl.com/

Activity

Search for a person

  • Can you find their house –
    • How much did it cost?
    • When did they move?
    • What was their previous house?
  • Can you find their salary?
    • How much do they make?
  • What political party are they registered and where do they vote?

  • Can you find their:
    • Email Address?
    • Twitter Handle?
    • Facebook Page?
  • Do this for yourself, someone you know.

  • Play Anti-Phishing Phil
    • http://www.ucl.ac.uk/cert/antiphishing/

Wrap-up

Discussion:

  • What are some strategies for avoiding Phishing e-mails?
  • How can you tell if a site is valid or if it is a fake?
  • Based on the info about you available online, could a hacker call into your phone company or other service provider and convince them to give personal info?
  • How can you make yourself more secure from this type of attack?

Assessment Questions

  • What information about yourself is available online?
  • What information can you control? What is beyond your ability to control?

Extended Learning

Read: Blown to Bits - Chapter 2; Naked in the Sunlight Blog Post:

  • What information about yourself is available online?
  • What information can you control? What is beyond your ability to control?
  • What are some strategies for avoiding Phishing e-mails?
  • How can you tell if a site is valid or if it is a fake?
  • Based on the info about you available online, could a hacker call into your phone company or other service provider and convince them to give personal info?
  • How can you make yourself more secure from this type of attack?

EFF Locking Down Social Media

  • https://sec.eff.org/topics/locking-down-social-media