Do you ever ponder how much of your past life is left on the internet from the MySpace era? What if someone found some of your old blogs posts or those selfies you thought you deleted years ago? On a serious note, more concerning than finding less-than-flattering content, it’s relatively easy for someone to investigate where and when you’ve been spending your time on the internet further back than you probably remember.
A simple, cleverly named tool called Sherlock acts as a lighting-fast private eye that scours the internet for major accounts linked to a particular username. The results are quite impressive, as once the program finishes checking every reference to major websites, it creates an entire text file as a reference for every successful match and includes links to each account. The software checks over 300 websites, so you’re almost guaranteed to have plenty of intel if you know the username you’d like to check.
But why would someone even make something like this? Is this just some open-source tool for criminals to get more information about me? Well, not always. Hackers come in a variety of shapes, sizes, and moralities, but there is one distinction everyone should understand: the difference between a white hat hacker and a black hat hacker.
Let’s say you have a $100 dollar bill dangling from your back pocket. A black hat hacker would be the person who unsuspectingly snags your cash and runs before he gets caught. Contrarily, a white hat hacker is the person who snags your cash, taps you on the shoulder, and says “Hey, you should really put this somewhere safer.” They don’t want your money; they just want to help. Tools like these are open so that good guys can find internet vulnerabilities before bad guys can.
It’s also important to keep in mind that this product is not dangerous entirely on its own. In order for someone to do anything useful with it, they would need to have some sort of hacking knowledge to pair with the information. In innocent hands, the worst someone can do is see some embarrassing questions you’ve asked on Reddit. (Don’t look for mine, please). Not to mention the results will come back with misleading information and duds, like people who just happen to have the same username as you on another website.
Under malicious intent, however, this is the type of tool that could be used to start a data collection phase of a cyber attack. While many of the accounts it finds are harmless, the list of references includes sites like Venmo, Ebay, Spotify, Instagram, and more. Social media and entertainment sites can show someone exactly what your interests are, and if your Venmo and Ebay activity are public, it easily points to where you spend your money as well.
It would take more advanced hacking knowledge for a black hat hacker to be more dangerous from that point forward, but there are still a couple things you can do to keep yourself safer just in case.
- Diversify your usernames
- Create strong passwords
- Set social media accounts to private settings
If you have more than one username that you use for different accounts, it makes it more difficult for people to trace you. In the event that a malicious hacker does find you, having a strong password will keep you safe from brute force attacks on your account. And think about it, does your Venmo or Facebook information really have to be public? Keeping your settings as private as possible will make your entire internet existence far more secure.
Null Byte from YouTube has a great video that dives deep into Sherlock and provides a visual of how the product itself is used. He’s extremely informative and I highly suggest giving the video a watch. Stay safe and have a happy, healthy new year.
Ad Caelum 