UPDATE (1/12/2011):
I received an email from Steve regarding this post. He sincerely apologized for his actions and realized now that what he did was wrong and simply asked that I modify the post to protect the identities of his family. I felt that this was a fair request, considering that his family had nothing to do with what Steve did and it doesn’t jeopardize the impact of the article. So, if you’re wondering why you’re seeing all the “[withheld]“‘s, that’s why!

PS – Yes, I realize the names are still shown in the images, but they’re not indexed by Google. I figured I’d point this out before I had 20,000 comments informing me of it.
END OF UPDATE

DISCLAIMER:
This is ABSOLUTELY for informational purposes ONLY. attackvector.org nor I will be held responsible for how you choose to use the information that I post on my blog. This individual, though he is a douche for sending spam, is a real person with a real life. By misusing the information found here, you have the power to potentially destroy someones real life. There’s a fine line between a legal hack and a felony. Information gathering is not illegal so long as it’s obtained through legal means. Using the information, however, is quite another story.

UPDATE: Because of something that one of my readers brought up, I want to clarify. The email that I received was not the run of the mill malware/spambot/whatever style email. The email was coming from his email address, using his business’s name, and advertising his business. I would have never posted this had I had any doubt that this may not have actually been sent, by him, in some fashion.
END OF DISCLAIMER.

I use spammers and pedophiles as test subjects when I’m working on something. This is mostly because it’s unlikely that they would go to the authorities and point the finger at me, knowing that I could easily turn around and say something to the effect of, “Well, yes I did pwn his box.. but you should have seen all the child porn I found on it.” owned x 2.

I happened to receive a piece of spam at the exact moment as I was going to start a post about privacy and anonyminity on the internet. I will consider this to be a sign from God that this dude needed to be set straight. Okay, maybe not. I’m not sure what the bible says about spam.. but if I were God, it would be into the pits of hell for them. So, since I cannot cast people into eternal suffering in a firey pit, I will have to settle for second best. Pwnage!

Whats even better, none of what I’m about to do is illegal. It’s a serious, serious invasion of privacy, and you definitely don’t want it to happen to you, but all of it can be harvested through public record, social networks, forum posts, etc etc etc.

First, lets take a look at the email that I received.

..snip..
Received: from unknown (HELO p3pismtp01-017.prod.phx3.secureserver.net) ([10.6.12.17])
(envelope-sender )
by p3plsmtp09-04.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for ; 7 May 2010 01:05:53 -0000
X-IronPort-Anti-Spam-Result: AjYCAOP/4kvYI8QXnGdsb2JhbACeChUBAQEBAQgLCAkRIrxZgmCCMwSDQQ
Received: from server299.com ([216.35.196.23])
by p3pismtp01-017.prod.phx3.secureserver.net with ESMTP; 06 May 2010 17:58:47 -0700
Received: (qmail 10509 invoked by uid 3287); 7 May 2010 00:58:46 -0000
Received: from 67.185.122.64
(SquirrelMail authenticated user steve)
by www.barteritemsfortrade.com with HTTP;
..snip..

Ok, so, his email address is steve@barteritemsfortrade.com.. he’s sending email through server299.com.. and his real IP address is 67.185.122.64. All we really need is his email address and his IP. Lets see what we can find.

Non-authoritative answer:
64.122.185.67.in-addr.arpa name = c-67-185-122-64.hsd1.wa.comcast.net.

Now we know that he’s connecting from Washington (wa.comcast.net). Lets see what Geo IP location says. I use this service, but there are many others. I’ve also written a few tools to do this as well, but we’re going to use what the average Joe has access to.

Just put the IP address in the box and hit “search”. Here’s what we find.

Region: Washington
City: Spokane
Postal code: 99205

So, we’re narrowing it down.. we now know that it’s Spokane, Washington. Now we’re going to take a look at his email address. First, obviously, just google the email address. This will bring up information for virtually anything that the person has ever used their email on. Forums, social networks, etc.

In this case, however, nothing came up on google. We must dig deeper. Enter, whois!

BIZ TWO, LLC
PO Box 8421
Spokane, Washington 99203
United States

Biz two? Does that mean there is a Biz One and a Biz Three, perhaps? Also, he’s using a PO Box.. blah.

..snip..
Administrative Contact:
Nicholas, Steve steve@bestimpressionz.com
..snip..
(509) 283-7030 Fax — (509) 456-3813
..snip..

Jackpot! We now have a last name and a phone number. We also have an additional email address/domain.

Administrative Contact:
Your Logo Here snicho@juno.com
139 west 30th Avenue
Spokane, WA 99203
US
509-456-3813 fax: 509-456-3813

Hmm.. a real address.. no PO box on this domain. Is that an office? A house? Is it his house? I can assume that ‘snicho’ is short for ‘steve nicholas’, and it’s the administrative contact, which means he owns the domain.. so the address has something to do with him.

Enter.. Google Maps.

(If you’re wonder why it says “140 west 30th” and not “139 west 30th”, it’s because I slid the camera down a bit and Google tried to be helpful by changing the address)

Well, it’s definitely not an office building, so at this point I’m going to assume that it’s his house until I find out differently. We can further verify this by googling his name + city + state.

That address looks rather familiar… oh yeah, it’s the address that was associated with his domain. We can be virtually certain at this point that that is his real address and house. Lets see who else lives in the house with him – just google the phone number listed.

Ok, so, [withheld] has the same last name as Steve, so I think we can safely say that this is his wife.

We’ll come back to her later. Lets see what else we can find about Steve.. I’m really starting to feel like family at this point.

Back when I googled his name + city + state, I noticed that below the address result, there was a LinkedIn page.. lets check that out.

Ok, so there’s all sorts of useful information.. but I found another email address.. steve.nicholas@itex.net Not often do I meet someone with as many email addresses as me.. lol.

So, back up to the top, we google for steve.nicholas@itex.net.

Some interesting stuff, but nothing really useful for my purposes. Lets check out Facebook and see if he’s a social butterfly. I log in and “search for friends” and enter his email address(es). His account is registered with the itex.net email address.

He doesn’t have his Facebook stuff set to private, so he’s kind of letting it all hang out. Thanks, Steve!

Yawn. The only thing interesting there, is that we’ve now definitely verified that that address is correct and that his wife’s name is definitely [withheld]. Maybe her page is more interesting.. lets look

Note: Passwords.. by building a profile of someone, you begin to get a feel of who they really are. I’m willing to bet that at least one of Steve’s passwords has something to do with fishing, trout, or cutthroats (type of trout – according to his facebook page).

[withheld]‘s Facebook:

I teach 7th & 8th graders at Salk Middle School in Spokane WA. I married Steve 27 years ago and we have 2 daughters, [withheld] and [withheld]. [withheld] married [withheld (both first & last name)] 2 years ago and they are expecting their first child in March. [withheld] is an attorney and [withheld] is a special education teacher. [withheld] is living in Las Vegas where she teaches special education to preschoolers and kindergarten. We have an awesome family!!!!

Here’s something to take a mental note of. Women are generally more open about their personal lives and love to share with others. In one paragraph, we learn that she teaches at Salk Middle School, they’ve been married for 27 years, they have 2 daughters, [withheld] and [withheld], [withheld] is married to [withheld (both first & last name)] (note – this probably means that [withheld] is no longer [withheld] Nicholas, she’s probably [withheld (both first & last name)]). [withheld] lives in Vegas.

How ever would we find out more information about [withheld] and [withheld]? Oh yeah, friends lists. If the parents have Facebook, the kids most certainly have Facebook.. and barring any family drama, they’ll all be on each others friends lists. And, of course, I’m right.. found [withheld], [withheld], and [withheld].

Also, going through her wall posts gave up some information. They’re new grandparents.. their grandaughter [withheld] was born on March 15th.. this was [withheld] and [withheld]‘s daughter.

Now, lets see what Intelius says about [withheld] (note – I skipped Steve on Intelius because his entry is all screwed up.)

Now we have ages, too. It’s interesting that there’s a “Ralph Steve Nicholas” listed, who has the same age as the other two Steve’s listed. Could Steve’s real name be Ralph??

Ok, anyway, lets see what I can find out about their house. Just about every county in the country allows you to view property tax records on the internet. I googled “spokane washington property tax records”. What you’re looking for is like, the assessor’s home page then just punch in the address and you can find a wealth of information.

What this record tells us, is that [withheld] actually owns the home.. Steve isn’t even listed. She’s also the sole person listed paying the property taxes. Interesting.. I wonder why?

Also, further down on the report, there’s two documents. A quit claim deed, and a statutory warranty deed. A warranty deed is issued in some states when a house is sold. It protects the buyer from having third parties come after them for unpaid debts and whatever. So, it appears as though they bought the house in 2001 for $110,000? Seems awfully low.

Now, lets look at the quit claim deed. First thing I notice. R Steve Nicholas is listed as “Husband of Grantee” I think Steve’s real name is Ralph. lol.

This is interesting.. quit claim deeds are used after a divorce to switch the owner of a property from one party to another at the county level. But they’re still married. The other times that I’ve seen quit claim deeds used is when people encounter serious financial trouble and need to file bankruptcy. They file independently and deed the house to their spouse.

Lets find out!

I am not going to tell you what service I use to obtain this information because I don’t want it to get abused and taken away. Also, I don’t think everyone should have access to it. SO.

91-40727 Ralph Steven Nicholas and [withheld (first & middle name)] Nicholas
Case type: bk Chapter: 7 Asset: No Vol: v Judge: John C. Minahan Jr.
Date filed: 05/08/1991 Date of last filing: 02/11/1993
Date terminated: 02/11/1993

Ok, so they did a joint bankruptcy in ’91 and it was discharged in ’93. I also have a list of their creditors.. no wonder they filed bankruptcy. Ouch.

One other piece of information that this offers, is previous addresses and the last 4 digits of their social security numbers. Keep in mind, a lot of people use the last 4 digits of their social for pin numbers.. because most pin numbers are limited to 4 digits. Stupid.

UPDATE: I’ve decided to X out the social security numbers because this post is starting to receive a ton of traffic and I’m not sure I want everyone visiting it to have this information. My intention of this article is not to make it easy to steal this guys identity.. it’s to point out a vulnerability. If you really want to find his social security number, lets just say.. it’s available via the internet.

Debtor
Ralph Steven Nicholas
6747 Crooked Creek Dr.
Lincoln, NE 68516
SSN / ITIN: xxx-xx-xxxx

Debtor
[withheld (first & middle name)] Nicholas
6747 Crooked Creek Dr.
Lincoln, NE 68516
SSN / ITIN: xxx-xx-xxxx

Here’s something to really think about.. I was able to obtain all of the information in this post for 16 cents and by just using an email and IP address from a piece of spam.

Family members, ages, schools, anniversary dates, marriage lengths, hobbies, interests, phone numbers, addresses, property records, property taxes, pictures of their house, pictures of them, pictures of their children and grandchildren, deeds on their house, bankruptcies, employment history, previous addresses, previous creditors, and bits of social security numbers.

I’m pretty sure I’d be able to fake my way through one of those password reset forms.. you know, where you set up a “secret question” asking what your dogs name was, or where you went to school?

Beyond that, I’m fairly confident that at this point, if I were to call his bank and pretend to be him, I could easily pass when they asked me personal questions.

In closing.. you really need to pay close attention to what you’re posting on the internet. If I were a douche, I could ruin this guys life using this information. There are a lot of douches out there that are doing this type of stuff right now. Given an email address, phone number, or whatever, they build profiles on people which can be used to exploit them and steal identities.

The other thing that I’ve actually fallen victim to, is the speed of Google’s spiders and the fact that they index Craigslist. Lets say you run a business.. Catholic Charities R Us and in this post, you include an email address, phone number, something. Lets say you also make a post, days, weeks, whatever, later looking for whores, or something. Both of those posts will come up when Googling for your phone number.

Also, consider what you’re sending in this email. What if this guy had sent me an email trying to extort me, threaten me, whatever? I could turn this over to the authorities and they’d have their work cut out for them.

Not to try to scare people too much, but think about single women in the dating scene. They make a post somewhere with their email address and someone comes across it and is able to determine the same amount of information about them as what I did above? What if that person was more interested in something other than identity theft?

I think you get the idea.. essentially.. guard your personal information with your life. Never post your phone number on the internet (unless you’re using a proxy number, which is what I do), and make sure no personal information is associated with your email address before you go firing off emails to strangers.

No related posts.