Before I jump right to it, let me begin with a quick story. This story inspired my journey into cybersecurity and was the major reason why I became mindful of the kind of information I share online.
Seated upstairs in my duplex apartment on the peaceful island of Mauritius. At the balcony downstairs, my phone lay on the table. Suddenly the Phone was gone after I heard the creaking sound of the door downstairs. The phone had been stolen. After reporting to the Police, it was close to a month and nothing has been said about the case yet. As a cybersecurity enthusiast at the time, I had to find my Phone utilizing methods other than Google Find my phone and geolocation which was turned off. I have always been skeptical about Google monitoring my activities.
A few days into my search an opportunity unfolded, the new user was taking pictures, which were automatically uploaded to my google photos. This was the first step to success in recovering the Phone. Having this information, I had to brainstorm what other trails of this new user would be left on my Google Account. I went on to Dig! I checked my Youtube account for activities, Playstore for a new app installed, and activities, and could see notable changes. Unfamiliar IP addresses and unusual activities that were not mine all connected to my account.
What struck out in this investigation was the new IP address seen on my account activity. I had to trace this IP address. After much search, I stumbled upon an IP tracker website. This is a simple website where you can search IP addresses and get results of the most possible location of IP.
At this point, the picture of the new user of the phone and a possible location was in my possession. I needed more information to narrow this investigation down. Eventually, it occurred to me how useful Facebook would be. I could go on Facebook, with the image of the new user in my mind, select the location and search for new friends. This tasking process took roughly 4 hours of skimming through different profiles before arriving at victory.
The catch was not over, the story would have been different if the user protected their Digital self. On his Facebook page, I stumbled upon loads of other pictures with detailed descriptions of the environment, this helped me to narrow down to a few streets. The structure of the house around also played a huge role in this. Other tags from family, friends, and associates. Vivid pictures of cars, bikes, and the company where he works.
Read also: Digitally excluded Nigerians drop from 40m to 15m
I prepared a report with screenshots of these findings and proceeded to the local CID, handing it over to them. Less than an hour later, my phone was in their possession and the rest is history. In a situation where I am the attacker with malicious intent, I gathered more than enough information to proceed and be successful because the Digital Identity of this social media user was not protected.
Internet users need to be mindful of their digital footprint. Attackers use open sources and free software to collect information about a user. These tools are classified as OSINT (Open Source intelligence) with social media inclusive.
Digital Footprint can include information about every social media post or activity, pictures, and videos posted as well as an appearance on other websites. It also includes IP addresses, browser information, and location saved from cookies interaction and others on websites.
Digital footprints are classified into two; Passive and Active. Passive Digital Footprints are information that users leave without really noticing. For example, websites collect location information, gather user statistics, and others. On the other hand, Active Digital footprints are left knowingly, these include personal information shared online, social media posts, and others.
Here are a few ways to protect your Digital Self.
· Be mindful of information shared on Social media – Personal information should stay hidden as much as possible.
· Be mindful of how much information websites collect about you. Applications that track your activity should be properly reviewed to safeguard your privacy. Enable use of cookies on websites you are familiar with and trust.
· Adopting the usage of a two-factor authentication method and strong passwords on social media websites and another application is also a plus. If you can use a password manager application, this is also an additional step to securing your Digital Self.
· Also, review your social media account, set them to private mode. Only people you know and have connected with will be able to see your profile and activity.
Lastly, continuous information security awareness education is beneficial for Protecting your Digital Self. It is important to keep up with the trends of attackers and know ways to evade and protect yourself. Knowledge is power! Stay Safe Online for the Holidays.
