Sigh. You would think that, with all my dark web exploring, I’d be better at being confidential. Hey, I’m working on it!
This morning, I was chatting on IRC, and a “random” person happened to pop in. He acted as if he knew me, but in a few seconds, it just turned out he was a troll (or at least I think that was his purpose).
I had seen the same person on Psycho Social Network a few times, and that site has a link to this blog on the homepage. It also has a link to my Twitter account. It appears that said troll just made a connection between the various accounts, and decided to use it against me. Why? Probably because he could.
What happened then was that he left the chat and came back in, using my real name. Do I have a doppelganger or something? Finally, the mods kicked him, but I have to wonder – where else is my personal info being leaked?
As I mentioned on Beware, Maltego Will Find You!, it can be easy to connect different social media accounts and such. Maltego isn’t the only tool for this, but it’s a handy one.
In the instance above, Maltego has collected email addresses from SANS Institute, and will also collect the nameservers and mail servers. Creepy, no?
I tried a similar search on Have I Been Pwned with an email address I came up with off the top of my head (not mine), and lo and behold, it had been pwned. Dang.
It’s also possible to use tools like nmap for this purpose as well, but that takes more expertise – just a matter of preference. Anyhow, I somehow doubt that this troll went to all that effort – I think he just made the obvious connections between my dark web and clearnet social media accounts.
Still, it’s creepy. Maybe I ought to look into that fake identity thing, after all. It just seems like a lot of work to maintain three fake people.