From Easter Egg Hunter to Online Sleuth

From Easter Egg Hunter to Online Sleuth

As a child, one of my favorite parts of spring was Easter. It’s easy to say, “Sure, every kid likes chocolate,” but the reality was that I liked the hunt. My parents hid those tiny chocolate eggs all over our house, and my sister and I – and occasionally our cousins – would run all around racing to be the one to find the most eggs. The door handle for the oven, the heater vent behind the couch, in the soil of each potted plant. Everywhere had chocolate and a lot of it was easy to find. Some of the eggs, however, were more difficult to find and you really had to search. The top of the door (clearly out of reach for little kids) meant shaking the door back and forth to see if any fell. The eggs in front of the old CRT television brought you to the less obvious trail on the carpet around the corner of the entertainment center. On that morning, you weren’t just a kid in pajamas running around with a colorful wicker basket, you were a detective honing your skills like Nancy Drew and the Hardy Boys. Your parents, on the other hand, had forgotten where they’d placed the eggs the night before and were secretly hoping you really were the world’s greatest sleuth, so that they could avoid finding melted chocolate behind the couch a month from now. As you got older, your parents stop hiding eggs or you start hating chocolate (both if you’re me) and the chance to be the Sherlock Holmes disappeared.

I suspect that I’m not the only one that feels a loss when they think back to that overflowing basket on Easter morning and realize their sleuthing days are over. Puzzle solving video games are incredibly popular and reddit is filled with amateur detectives just looking for a mystery to solve. Look at what happened when Netflix premiered Making a Murderer, everyone started sleuthing around, pausing their TV and analyzing the images that were displayed. Facebook is constantly showing me sponsored ads for Hunt a Killer and I’ve seen multiple friends mention the monthly interactive mystery game. One of the most popular forms of social entertainment today is the escape room – where you are locked in a room with friends and you must use your powers of deduction to solve the mystery and beat the buzzer. Deep down, we all secretly want to be the next Jim Rockford or Jessica Fletcher (Shawn Spencer or Veronica Mars for the younger readers).

Personally, as an avid online gamer and security professional, I find it fun to play detective with my fellow gamers. We live in a world where cyber bullying and doxing are an all too common occurrence, so it’s important to know just how much you reveal about yourself when you jump online to play your favorite MMO with gamers around the world. Whether it’s your teenager taming a Devilsaur in World of Warcraft after they finish their homework or you logging in to join a fleet in EVE Online, it’s important to understand just how much you reveal about yourself in private conversation and how those comments can be used to associate your online identity with your physical one. Disclaimer, when I engage in this form of entertainment, I involve the person I’m researching; they always know I’m doing it and are actively involved in the verification of data.

The first thing to keep in mind is that you are likely revealing information about yourself every time you speak. This information, over time, can help others identify who you are. More importantly, remember that every time you interact with a service controlled by another gamer, you are revealing information to them. This could be a voice chat like TeamSpeak or Mumble or simply a forum that you use for planning and conversation. You are revealing your IP address (assuming you don’t use a VPN) which is likely to reveal your country (by determining your ISP) and potentially your city or state (depending on how your ISP sets up DNS – the service that translates domain names into IP addresses and vice versa). If we look at the domain name assigned that my IP address resolves to, we see the following: toroon####w-lp###-##-##-##-##-##.dsl.bell.ca. (all numbers are replaced by #). Right away, we know that I get my internet services from Bell Canada, one of the biggest Canadian ISPs. A quick Google search for toroon bell.ca domain reveals a list of DNS servers in Canada hosted by public-dns. A quick search for bell.ca in their full list of 446 valid servers reveals that Bell uses 6 characters, 4 for the city (otwa for Ottawa, mtrl for Montreal, and toro for Toronto) and two for the province (on for Ontario and qc for Quebec). Immediately, anyone who has access to my IP address knows that I live in Toronto, Ontario, Canada.

We know that a minimal number of people will control services that you access, so you may think this is a small risk, but it’s not the only way that you reveal data about yourself. Casual conversation with online friends can lead to all sorts of discoveries with a minimal amount of sleuthing.  Perhaps, you’ve mentioned casually that you live in Idaho but you’ve avoiding telling people the city you live in because you don’t feel comfortable sharing it online. What happens when you mention that your spouse ran out to Walmart? A website like Allstays.com will quickly tell me where I can find a Walmart in Idaho (there are 25 of them). Google Maps will even let me focus on a specific section of the map and use Search This Area, letting me focus on specific areas within Idaho. Maybe you mentioned that you were only about an hour from the Canadian border after I mentioned I was Canadian. Using directions on Google Maps, I quickly learn that the northern most Walmart in Idaho, located in Ponderay is only 75 minutes from Lister, British Columbia, a town close to the US border. Maybe you live in Kootenai or Sandpoint (neighboring towns to Ponderay), but we’ve now narrowed your location down to Bonner County, population 41,000. Perhaps in another conversation you mention living on the water or watching planes land in the backyard, each of these pieces of information allowing an online “friend” to more closely narrow in on your location.

It only takes a matter of minutes and a few innocent comments about life for an online stalker to narrow down your location. With a longer term conversation, what else are you likely to mention in passing? Your first name? Your high school? Perhaps that you “ran across the street to grab McDonalds for lunch today” or “stopped at Starbucks during your 2 mile run.” Now imagine that it’s not you, it’s your teenager or child and they’re playing Minecraft or League of Legends with some other “kid” on the internet. It’s amazing how these little bits of casual conversation can help someone build a profile and identify you.

As I mentioned, this type of thought exercise brings me back to my dreams of being a detective while egg hunting as a child. It also provides a form of entertainment for myself and my fellow gamers. We’ve played video games together for years, we’re mostly in our late 20s to early 40s, and many of us have met outside of video games. It’s become a game for us, “How fast can Tyler find <insert information request here>?”  This is where you realize how scary this is and how important it is to educate our children with regard to online privacy, because with a couple of pieces of information dropped in casual conversation, it’s often easy to identify someone in under 30 minutes.

Consider that the next time Facebook asks you to verify your privacy settings or you wonder how much detail you should add to LinkedIn to aid in your upcoming job search. Educate your kids, spend time online with them and see what type of information they are sharing with strangers. Consider reviewing my Checklist for Online Gaming Privacy with them. Even more importantly, however, pay special attention to where you place those Easter Eggs this Sunday, you may have just created a spy school for the next budding 007.

Posted by Tyler Reguly on Mar 30, 2018


Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

  • Mobile Access Adoption

    Smartphones and other mobile devices have had a profound impact on how the world securely accesses the workplace and its services. The growing adoption of mobile wallets and the new generation of users is compounding this effect. Read Now

  • Changing Mindsets

    We have come a long way from the early days of fuzzy analog CCTV systems. During that time, we have had to migrate from analog to digital signals. When IP-based network cameras arrived, they opened a new world of quality and connectivity but also introduced plenty of challenges. Thankfully, network devices today have become smart enough to discover themselves and even self-configure to some degree. While some IT expertise is certainly required, things are much smoother these days. The biggest change is in how fast security cameras and supporting infrastructure are evolving. Read Now

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3