Turning a Name Into an Address
This case study has been pulled straight from a digital footprint investigation that I recently completed on a prominent high-net-worth individual (HNWI) within the Australian cyber security space. This person is someone that liaises directly with the Prime Minister of Australia; as such, I have had to heavily redact details and black-out large sections of images. However, this article will still convey the core thought processes, ideas and resources used to find and confirm the home address of the individual.
Before we begin, I would like to state that this entire investigation took less than a week and began with only a first and last name. No other details were provided.
TL;DR — Google & Pivot, Inspect SM thoroughly and Purchase Title Certificates. Resources towards bottom
The Groundwork
As with any OSINT investigation or digital footprint assessment, you need to put in the hours; as boring as they may be; to collect all the low hanging fruit such as social media posts and Google dork results. These findings form the foundation for your investigation and allow you to pivot off them to find increasingly sensitive information on the target.
This particular assessment was no different. To say I wanted to rip my eyeballs out after looking through 5 years of Twitter posts in one session, is an understatement!
Having said that, this initial probe into the individual typically returns significant results. For instance, some of the information collected on the individual solely from Google Dorks and SOCMINT included but was not limited to:
- Date of Birth
- Full Name (I was not provided the middle name at the start)
- Email Addresses
- Aliases
- Previous Residential Addresses
- Phone Numbers
- Credit Cards
- Bank Details
- Family details including: D.O.Bs, Addresses, Phone Numbers, Education History
- Signatures
All this from just Google dorking and pivoting! I cannot overstate how essential it is for anyone doing OSINT to NOT depend on fancy tools such a Maltego and others. Which leads us to our next section of the article…
Catching A Break
“Ladies and gentleman: We got him”. This is what I jokingly said to myself when I found the single piece of information that would allow me to find the individuals home address.
Now what was this piece of information you ask? It was the individuals residential suburb. I found it casually while dorking the “persons name” + “hometown”, it was displayed on a high school reunion page, where each student that graduated xx college in 19xx, posted where they were located in the world currently.
I know at this point you’re probably thinking something along the lines of… ‘but Cassius, the title says turning a name into an address, how am I meant to do this for my assessments without the persons suburb and just their name’ and to that I say: did you really think that was possible? Luck plays a part in this game we call OSINT. No single case is alike and each one plays out differently.
What I’m trying to say is… I got lucky.
Assembling The Puzzle
Now for the most exciting part of the article. Putting all the pieces together that were gathered from the groundwork. Below you will see a series of photos and the highlighted clues within them which eventually lead to confirming the address. All these photos were gathered from social media and show a lack of basic understanding about how personal photos, spanning several years, can; when viewed collectively; paint a picture for the person doing the investigating.
So we have the individuals suburb which; depending on where you are in Australia; could be massive, with tens of thousands of residents or tiny with only a few hundred. Luckily the suburb listed was not too large.
First I noted down information that (I thought!) would help me differentiate the house using satellite images. For instance:
“Should be easy” I thought to myself. What I didn't realise immediately was that the HNWI individual lives in an affluent, family friendly suburb…meaning pretty much every house had a swimming pool and trampoline!
Okay, so what other clues do we have to narrow it down:
Now the image that helped the most. Aside from identifying a community centre in the background, I noticed that the individuals children were barefoot. Suggesting that their residence is close by to the centre.
I then looked at satellite images of the area surrounding the community centre.
Looking in the intimidate vicinity, I spotted this house which ticked all the boxes.
- Long drive-way
- Swimming pool
- Trampoline
- Grey roof
- Next to orange roof
- Large grey pavement area
I then Googled the address, which lead me to multiple real-estate websites containing only one photo of the house.
Following that, I compared further images obtained from social media. As you can see, quite a unique pattern on the veranda.
Okay so at this point I was 99.9% sure it was the individuals house. So what can we do to confirm it? If you didn't know this already then its a game changer, but you can actually purchase title certificates which display the current owners full name and the bank the mortgage is with.
In this instance I just used InfoTrack:
Though you can go directly to the state based websites such as:
Conclusion
In conclusion, the only sources used to identify all the information were really Google, Social Media, Satellite Imagery and InfoTrack. A big factor in this investigation was that the individual enjoyed posting photos of their children and family.
Although many people may think that the 1 or 2 images they post a month on social media are harmless, this case study is a perfect example of how ultimately those images can be used to compromise your privacy, security and potentially the well-being of your family.
Sometimes luck is a factor in OSINT investigations. However I am a strong believer of putting in the hours, collecting the low hanging fruit and going through each piece of evidence thoroughly.
Satellite Imagery resource I use:
I will be posting more helpful articles about OSINT, cyber security, threat intelligence and investigating, so make sure you follow me on here and on my Twitter @CassiusXIII
