1 00:00:00,000 --> 00:00:02,720 Welcome to this episode of our podcast. 2 00:00:02,720 --> 00:00:05,240 I'm Matthea, an open source intelligence analyst 3 00:00:05,240 --> 00:00:09,200 and winner of the operation Safe Escape CTF by Trace Labs. 4 00:00:09,200 --> 00:00:11,860 With a wealth of experience in open source intelligence, 5 00:00:11,860 --> 00:00:13,960 I have worked on numerous projects in this field 6 00:00:13,960 --> 00:00:16,320 and I am an expert in the collection, analysis, 7 00:00:16,320 --> 00:00:17,700 and dissemination of intelligence 8 00:00:17,700 --> 00:00:19,960 from publicly available sources. 9 00:00:19,960 --> 00:00:22,080 In today's podcast, we will be discussing 10 00:00:22,080 --> 00:00:23,680 the fascinating topic of phone number 11 00:00:23,680 --> 00:00:26,200 open source intelligence, which is a crucial aspect 12 00:00:26,200 --> 00:00:28,960 of open source intelligence and can provide valuable insights 13 00:00:28,960 --> 00:00:31,360 for various investigative purposes. 14 00:00:31,360 --> 00:00:33,800 So join me as we delve deeper into the world 15 00:00:33,800 --> 00:00:35,840 of phone number open source intelligence. 16 00:00:36,860 --> 00:00:39,060 The phone number is a valuable piece of information 17 00:00:39,060 --> 00:00:40,800 for open source intelligence purposes 18 00:00:40,800 --> 00:00:42,920 since people tend to change it infrequently, 19 00:00:42,920 --> 00:00:45,160 it can be easily associated with a person 20 00:00:45,160 --> 00:00:47,720 and it is reused in multiple accounts. 21 00:00:47,720 --> 00:00:50,220 In the upcoming chapters, we will see how to obtain 22 00:00:50,220 --> 00:00:52,980 more information starting from a phone number. 23 00:00:52,980 --> 00:00:55,380 In part two of this course, we will instead see 24 00:00:55,380 --> 00:00:57,920 how to find a phone number starting from other data. 25 00:00:57,920 --> 00:01:01,880 Throughout the course, we will often use mobile applications, 26 00:01:01,880 --> 00:01:04,400 so it is recommended to install an Android emulator 27 00:01:04,400 --> 00:01:06,600 and link it to a newly created Gmail account 28 00:01:06,600 --> 00:01:08,160 before proceeding. 29 00:01:08,160 --> 00:01:11,820 Personally, I find LD Player emulator to be very efficient 30 00:01:11,820 --> 00:01:13,920 and you can download it from the following link, 31 00:01:13,920 --> 00:01:15,800 LDPlayer.net. 32 00:01:15,800 --> 00:01:18,200 Often, it will be necessary to use a phone number 33 00:01:18,200 --> 00:01:19,980 to register for various services, 34 00:01:19,980 --> 00:01:22,320 so it's recommended that you buy a new SIM card. 35 00:01:23,920 --> 00:01:27,040 What is the home local register, HLR? 36 00:01:27,040 --> 00:01:29,760 All mobile network operators have one. 37 00:01:29,760 --> 00:01:32,880 It is a database that contains information about subscribers 38 00:01:32,880 --> 00:01:36,560 such as the International Mobile Subscriber Identity, IMSI, 39 00:01:36,560 --> 00:01:40,120 the phone number associated with the subscriber, MSISDN, 40 00:01:40,120 --> 00:01:43,320 the account status and the last known location. 41 00:01:43,320 --> 00:01:45,320 Home location registers are a component 42 00:01:45,320 --> 00:01:48,280 of 2G and 3G mobile networks. 43 00:01:48,280 --> 00:01:51,440 In the case of 4G networks, the database is called 44 00:01:51,440 --> 00:01:55,400 Home Subscriber Server, HSS, while in 5G networks, 45 00:01:55,400 --> 00:02:00,320 the name changes again, becoming Unified Database Management, UDM. 46 00:02:00,320 --> 00:02:03,360 Every time a device tries to access a cellular network, 47 00:02:03,360 --> 00:02:05,520 a message switching center, MSC, 48 00:02:05,520 --> 00:02:07,960 requests the data present in the HLR database 49 00:02:07,960 --> 00:02:09,860 to determine if the subscriber is authorized 50 00:02:09,860 --> 00:02:11,160 to access services, 51 00:02:11,160 --> 00:02:13,600 how to charge the subscriber for those services 52 00:02:13,600 --> 00:02:16,620 and how to route transmissions to and from the device. 53 00:02:16,620 --> 00:02:18,560 When a subscriber's contract ends, 54 00:02:18,560 --> 00:02:20,700 the provider removes them from the HLR, 55 00:02:20,700 --> 00:02:22,840 preventing them from accessing the network. 56 00:02:22,840 --> 00:02:27,280 The HLR for open source intelligence purposes. 57 00:02:27,280 --> 00:02:29,520 Obviously, these databases are private 58 00:02:29,520 --> 00:02:32,280 and not analyzable in most cases. 59 00:02:32,280 --> 00:02:34,980 However, through fake virtual operators, 60 00:02:34,980 --> 00:02:36,800 it is possible to access this data 61 00:02:36,800 --> 00:02:39,640 even if only partially and not updated. 62 00:02:39,640 --> 00:02:42,840 There are various online services, both free and paid, 63 00:02:42,840 --> 00:02:45,760 that allow HLR requests for a phone number. 64 00:02:45,760 --> 00:02:47,900 Personally, I think the best service, 65 00:02:47,900 --> 00:02:49,880 although practically unknown in Italy, 66 00:02:49,880 --> 00:02:51,960 is the one offered by SMSC, 67 00:02:51,960 --> 00:02:56,920 available at the following address, smsc.ru-test-hlr. 68 00:02:56,920 --> 00:02:58,200 Through this Russian service, 69 00:02:58,200 --> 00:03:01,040 it is possible to make a real-time HLR request, 70 00:03:01,040 --> 00:03:02,560 but it has a strong limitation. 71 00:03:02,560 --> 00:03:06,440 You can make only two requests every 24 hours per IP. 72 00:03:06,440 --> 00:03:10,040 While the prefix of a mobile phone number, example, plus 39, 73 00:03:10,040 --> 00:03:12,140 will clearly tell us the nation of registration 74 00:03:12,140 --> 00:03:14,860 of the phone number, plus 39 equals Italy, 75 00:03:14,860 --> 00:03:17,080 an HLR request on this site will provide us 76 00:03:17,080 --> 00:03:19,400 with additional information such as 77 00:03:19,400 --> 00:03:21,800 the network to which the phone number is attached, 78 00:03:21,800 --> 00:03:23,560 this information is useful if a person 79 00:03:23,560 --> 00:03:26,120 with an Italian phone number is abroad. 80 00:03:26,120 --> 00:03:27,040 Through this search, 81 00:03:27,040 --> 00:03:29,880 we will immediately be informed of this fact. 82 00:03:29,880 --> 00:03:31,320 Also, for example, 83 00:03:31,320 --> 00:03:33,920 we could know if the phone number is in roaming. 84 00:03:33,920 --> 00:03:35,320 The last known location, 85 00:03:35,320 --> 00:03:38,160 very similar to the previous one, in most cases, 86 00:03:38,160 --> 00:03:40,160 at least for numbers located in Italy, 87 00:03:40,160 --> 00:03:42,240 only the country will be shown. 88 00:03:42,240 --> 00:03:45,280 However, it has happened that four foreign phone numbers, 89 00:03:45,280 --> 00:03:47,440 a much more precise location was shown, 90 00:03:47,440 --> 00:03:50,480 such as a single province or even a city. 91 00:03:50,480 --> 00:03:51,920 The originating operator, 92 00:03:51,920 --> 00:03:54,640 many online HLR services search for the operator 93 00:03:54,640 --> 00:03:56,960 based on the first few digits of a phone number, 94 00:03:56,960 --> 00:03:59,480 which declare the originating operator. 95 00:03:59,480 --> 00:04:01,200 With real-time access to the network 96 00:04:01,200 --> 00:04:04,040 to which it is connected, we could understand 97 00:04:04,040 --> 00:04:05,920 if the number is active. 98 00:04:05,920 --> 00:04:07,920 Sometimes we may come across phone numbers 99 00:04:07,920 --> 00:04:10,360 that are not connected to any network. 100 00:04:10,360 --> 00:04:12,560 In this case, it doesn't necessarily mean 101 00:04:12,560 --> 00:04:14,120 that the number is deactivated, 102 00:04:14,120 --> 00:04:15,840 it could be that the SIM card is forgotten 103 00:04:15,840 --> 00:04:17,520 in a drawer somewhere. 104 00:04:17,520 --> 00:04:19,320 However, through this website, 105 00:04:19,320 --> 00:04:20,760 we can check whether the phone number 106 00:04:20,760 --> 00:04:22,760 is really active or not. 107 00:04:22,760 --> 00:04:25,080 Some operators do not immediately remove the number 108 00:04:25,080 --> 00:04:26,760 from the HLR databases, 109 00:04:26,760 --> 00:04:28,840 so a number that has recently been deactivated 110 00:04:28,840 --> 00:04:30,960 may still erroneously appear as active. 111 00:04:32,560 --> 00:04:34,600 Caller ID services. 112 00:04:34,600 --> 00:04:36,960 Caller ID services are all those applications 113 00:04:36,960 --> 00:04:38,960 available on mobile devices that can tell us 114 00:04:38,960 --> 00:04:41,240 whether a call is spam or not. 115 00:04:41,240 --> 00:04:43,360 These services are fueled by the same users 116 00:04:43,360 --> 00:04:45,520 who download them, as one of the prerequisites 117 00:04:45,520 --> 00:04:47,520 for accessing these databases is to grant 118 00:04:47,520 --> 00:04:50,480 the service access to our entire phonebook. 119 00:04:50,480 --> 00:04:52,400 This is therefore a never-ending cycle, 120 00:04:52,400 --> 00:04:54,280 the more users download the application 121 00:04:54,280 --> 00:04:56,080 and grant access to their phonebook, 122 00:04:56,080 --> 00:04:58,720 the more useful the application will be to other users, 123 00:04:58,720 --> 00:05:01,560 and the more it will be downloaded by new users. 124 00:05:01,560 --> 00:05:04,400 With that being said, the best caller ID applications 125 00:05:04,400 --> 00:05:06,880 are the most downloaded on the Play Store. 126 00:05:06,880 --> 00:05:09,320 Therefore, open your Android emulator, 127 00:05:09,320 --> 00:05:12,240 connected to a new Gmail email with no contacts in it 128 00:05:12,240 --> 00:05:14,720 to avoid granting access to our contacts, 129 00:05:14,720 --> 00:05:17,000 and download the following apps. 130 00:05:17,000 --> 00:05:22,000 Sync.me, Truecaller, Showcaller, CallApp. 131 00:05:22,600 --> 00:05:25,760 I believe these four apps are the best, by far. 132 00:05:25,760 --> 00:05:28,200 Many other applications available on the Play Store 133 00:05:28,200 --> 00:05:30,560 are unofficial clones of the apps listed above, 134 00:05:30,560 --> 00:05:33,360 with the only difference being the name of the app. 135 00:05:33,360 --> 00:05:35,520 However, you are invited to try other apps 136 00:05:35,520 --> 00:05:38,360 to improve your efficiency with phone numbers. 137 00:05:38,360 --> 00:05:41,360 By entering a phone number, these apps will return a name 138 00:05:41,360 --> 00:05:43,600 known as the real user, if available, 139 00:05:43,600 --> 00:05:46,240 which could be different from the SIM card owner. 140 00:05:46,240 --> 00:05:48,640 For example, if a minor is using a SIM card 141 00:05:48,640 --> 00:05:52,280 registered to a parent, we will find the name of the child. 142 00:05:52,280 --> 00:05:53,880 As the data is retrieved directly 143 00:05:53,880 --> 00:05:55,520 from the phonebooks of other users, 144 00:05:55,520 --> 00:05:57,720 the number may be associated with a username, 145 00:05:57,720 --> 00:06:00,160 nickname, or other details. 146 00:06:00,160 --> 00:06:02,120 I remember the time when I found the name 147 00:06:02,120 --> 00:06:05,120 Marco Bianchi Drug Dealer on one caller ID, 148 00:06:05,120 --> 00:06:08,200 and Mauri98Weed on another. 149 00:06:08,200 --> 00:06:10,560 Of course, these are just fictitious names, 150 00:06:10,560 --> 00:06:12,040 but they are useful in understanding 151 00:06:12,040 --> 00:06:13,880 how by searching these keyrids, 152 00:06:13,880 --> 00:06:15,920 I not only obtained the probable profession 153 00:06:15,920 --> 00:06:18,360 of the target subject, but also a username to use 154 00:06:18,360 --> 00:06:20,280 to identify other accounts associated 155 00:06:20,280 --> 00:06:22,160 with the target subject. 156 00:06:22,160 --> 00:06:24,560 Another useful feature of some apps is that they allow us 157 00:06:24,560 --> 00:06:27,720 to know a social media profile associated with the subject, 158 00:06:27,720 --> 00:06:30,440 assuming, of course, that the user from whom this data 159 00:06:30,440 --> 00:06:32,800 was taken has linked the social media profile 160 00:06:32,800 --> 00:06:34,320 to a phone number. 161 00:06:34,320 --> 00:06:36,900 As most users do not read the terms of service, 162 00:06:36,900 --> 00:06:38,880 it is very likely that some of your acquaintances 163 00:06:38,880 --> 00:06:42,000 have granted access to your phone number to these apps. 164 00:06:42,000 --> 00:06:43,900 It is always good to know that it is possible 165 00:06:43,900 --> 00:06:45,640 to request removal. 166 00:06:45,640 --> 00:06:48,360 Sync.me and Truecaller are also available online 167 00:06:48,360 --> 00:06:50,480 without the need for an Android emulator, 168 00:06:50,480 --> 00:06:53,120 both requiring access with an email. 169 00:06:53,120 --> 00:06:55,680 Be careful not to grant access to all the contacts 170 00:06:55,680 --> 00:06:58,920 you have in your mailbox, phone numbers, and email addresses. 171 00:07:00,260 --> 00:07:03,200 Working with multiple contacts can be a daunting task, 172 00:07:03,200 --> 00:07:04,800 especially when dealing with hundreds 173 00:07:04,800 --> 00:07:06,520 of different phone numbers. 174 00:07:06,520 --> 00:07:08,600 Fortunately, there are apps like CallApp 175 00:07:08,600 --> 00:07:10,960 that can help us synchronize our entire address book 176 00:07:10,960 --> 00:07:13,900 and automatically update contact names. 177 00:07:13,900 --> 00:07:16,600 However, before synchronizing, it's most convenient 178 00:07:16,600 --> 00:07:19,640 to create a VCard to add all of the contacts. 179 00:07:19,640 --> 00:07:21,920 We can use one of the many online programs, 180 00:07:21,920 --> 00:07:26,840 like csvtovcard.com, to convert a CSV file to a VCard. 181 00:07:26,840 --> 00:07:28,820 Here are the steps to follow. 182 00:07:28,820 --> 00:07:31,940 Create a CSV file with your contacts. 183 00:07:31,940 --> 00:07:36,240 Convert the CSV file to a VCard using an online program. 184 00:07:36,240 --> 00:07:39,240 Import the VCard file into your address book. 185 00:07:39,240 --> 00:07:41,920 Synchronize it with the caller ID app. 186 00:07:41,920 --> 00:07:44,600 Remember that all the contact names received automatically 187 00:07:44,600 --> 00:07:46,160 should be exported and saved somewhere 188 00:07:46,160 --> 00:07:48,360 before deleting the entire address book, 189 00:07:48,360 --> 00:07:50,360 inserting the file with only numbers, 190 00:07:50,360 --> 00:07:53,680 and repeating the operation with another caller ID app. 191 00:07:53,680 --> 00:07:55,500 This is to prevent the replacement of names 192 00:07:55,500 --> 00:07:58,120 already identified with other names. 193 00:07:58,120 --> 00:08:00,460 Our goal is to have as many names or nicknames 194 00:08:00,460 --> 00:08:02,240 as possible for each phone number 195 00:08:02,240 --> 00:08:04,020 in order to get an accurate idea. 196 00:08:05,600 --> 00:08:07,320 Data breaches can be a game changer 197 00:08:07,320 --> 00:08:09,600 during phone number analysis. 198 00:08:09,600 --> 00:08:10,840 There are numerous databases 199 00:08:10,840 --> 00:08:12,280 that contain phone numbers mixed 200 00:08:12,280 --> 00:08:13,960 with other identifying information, 201 00:08:13,960 --> 00:08:15,920 such as social media profiles, 202 00:08:15,920 --> 00:08:18,720 various identification codes like the fiscal code, 203 00:08:18,720 --> 00:08:21,240 address data, and much more. 204 00:08:21,240 --> 00:08:23,920 Facebook's violation is one of the most notorious, 205 00:08:23,920 --> 00:08:26,720 exposing over 36 million Italian phone numbers 206 00:08:26,720 --> 00:08:29,500 and more than 500 million worldwide. 207 00:08:29,500 --> 00:08:31,480 In addition, many Italian operators 208 00:08:31,480 --> 00:08:34,320 have experienced violations of their systems over the years, 209 00:08:34,320 --> 00:08:37,960 such as HomeMobile, Tim, and LeicaMobile. 210 00:08:37,960 --> 00:08:40,000 To find out which database to search, 211 00:08:40,000 --> 00:08:42,000 it's best to start with Havabimpund, 212 00:08:42,000 --> 00:08:43,320 a website that indexes 213 00:08:43,320 --> 00:08:46,180 the most significant data breaches worldwide. 214 00:08:46,180 --> 00:08:49,040 Then, search for these databases on underground forums 215 00:08:49,040 --> 00:08:50,400 such as BreachForums, 216 00:08:50,400 --> 00:08:53,280 or on dedicated portals like IntelX, LeakCheck, 217 00:08:53,280 --> 00:08:55,740 Dicht, and similar sites. 218 00:08:55,740 --> 00:08:57,000 Please note that it's essential 219 00:08:57,000 --> 00:09:00,000 not to purchase credentials from cyber criminals. 220 00:09:00,000 --> 00:09:01,440 Not only is it unethical, 221 00:09:01,440 --> 00:09:03,680 but it also fuels the market for passwords, 222 00:09:03,680 --> 00:09:05,880 not to mention the illegality of this action. 223 00:09:07,440 --> 00:09:09,000 One convenient way to find out 224 00:09:09,000 --> 00:09:12,120 who owns a phone number and discover associated social profiles 225 00:09:12,120 --> 00:09:15,880 is through contact synchronization, available in many apps. 226 00:09:15,880 --> 00:09:17,260 In the upcoming chapters, 227 00:09:17,260 --> 00:09:19,720 I will share the methods that I know of. 228 00:09:19,720 --> 00:09:21,320 Please note that the results may vary 229 00:09:21,320 --> 00:09:24,160 depending on the privacy settings of our target. 230 00:09:24,160 --> 00:09:26,560 Instant Messenger, WhatsApp. 231 00:09:26,560 --> 00:09:28,840 To obtain a WhatsApp account from a phone number, 232 00:09:28,840 --> 00:09:31,280 simply download the app on our Android emulator 233 00:09:31,280 --> 00:09:33,600 and create a WhatsApp profile. 234 00:09:33,600 --> 00:09:35,000 After a brief update, 235 00:09:35,000 --> 00:09:36,700 all the saved numbers in our contacts 236 00:09:36,700 --> 00:09:38,040 that have WhatsApp profiles 237 00:09:38,040 --> 00:09:39,840 will have the messaging service icon, 238 00:09:39,840 --> 00:09:42,840 allowing us to start a chat or a video call. 239 00:09:42,840 --> 00:09:45,100 The profile picture can give us valuable clues 240 00:09:45,100 --> 00:09:46,720 for our analysis and can be searched 241 00:09:46,720 --> 00:09:49,940 in reverse search engines to identify other accounts. 242 00:09:49,940 --> 00:09:52,200 Additionally, the bio can be used as a dork 243 00:09:52,200 --> 00:09:55,480 to obtain other accounts if the user tends to reuse it. 244 00:09:55,480 --> 00:09:58,280 We will also have a name associated with the phone number, 245 00:09:58,280 --> 00:09:59,920 and we can check if the user is active 246 00:09:59,920 --> 00:10:00,840 or not on this service 247 00:10:00,840 --> 00:10:04,020 through the online slash offline status. 248 00:10:04,020 --> 00:10:05,940 Monitoring the subject's social activity 249 00:10:05,940 --> 00:10:07,860 will allow us to understand their sleep, 250 00:10:07,860 --> 00:10:10,720 wake cycles and other useful information. 251 00:10:10,720 --> 00:10:13,160 Instant Messenger, Telegram. 252 00:10:13,160 --> 00:10:14,380 Similar to WhatsApp, 253 00:10:14,380 --> 00:10:17,400 the method for Telegram is also straightforward. 254 00:10:17,400 --> 00:10:20,120 Install the application on our Android emulator, 255 00:10:20,120 --> 00:10:22,000 add the contact to the address book, 256 00:10:22,000 --> 00:10:24,980 and synchronize the contacts with the application. 257 00:10:24,980 --> 00:10:26,040 The useful information 258 00:10:26,040 --> 00:10:29,260 for open source intelligence purposes is the same as WhatsApp 259 00:10:29,260 --> 00:10:30,760 with the addition of the username, 260 00:10:30,760 --> 00:10:32,980 which is not present in WhatsApp. 261 00:10:32,980 --> 00:10:34,460 More information on Telegram 262 00:10:34,460 --> 00:10:36,800 can be found in the next episode. 263 00:10:36,800 --> 00:10:39,200 Instant Messenger, Signal. 264 00:10:39,200 --> 00:10:40,960 Signal Private Messenger is a free 265 00:10:40,960 --> 00:10:44,080 and open source application for Android, iOS, 266 00:10:44,080 --> 00:10:46,520 and desktop Windows, Mac, and Linux 267 00:10:46,520 --> 00:10:49,640 that uses end-to-end encryption to protect text, image, 268 00:10:49,640 --> 00:10:51,500 and audio and video messages, 269 00:10:51,500 --> 00:10:53,680 as well as phone conversations between users 270 00:10:53,680 --> 00:10:55,160 of the same app. 271 00:10:55,160 --> 00:10:57,160 The method for Signal is equally simple, 272 00:10:57,160 --> 00:10:59,080 although slightly different. 273 00:10:59,080 --> 00:11:01,000 Simply download the Signal application 274 00:11:01,000 --> 00:11:03,500 and create an account on this service. 275 00:11:03,500 --> 00:11:06,160 After adding the target phone number to our address book, 276 00:11:06,160 --> 00:11:08,640 it will also appear within the Signal messaging service 277 00:11:08,640 --> 00:11:10,560 if the target possesses it. 278 00:11:10,560 --> 00:11:12,920 Instant Messenger, WeChat. 279 00:11:12,920 --> 00:11:15,040 WeChat or WeChat in the Chinese language 280 00:11:15,040 --> 00:11:17,440 is a messaging service for text and voice messages 281 00:11:17,440 --> 00:11:21,220 for mobile devices developed by the Chinese company Tencent. 282 00:11:21,220 --> 00:11:23,840 It is the most widely used messaging app in China, 283 00:11:23,840 --> 00:11:26,400 with over 1.2 billion active monthly users 284 00:11:26,400 --> 00:11:28,240 of different age groups. 285 00:11:28,240 --> 00:11:29,600 As with the previous methods, 286 00:11:29,600 --> 00:11:31,900 simply add the phone number to the address book, 287 00:11:31,900 --> 00:11:33,880 after downloading and creating a profile 288 00:11:33,880 --> 00:11:36,520 within the application, and contact synchronization 289 00:11:36,520 --> 00:11:38,320 occurs automatically. 290 00:11:38,320 --> 00:11:40,400 Opening WeChat will show the target profile 291 00:11:40,400 --> 00:11:42,960 among our contacts, and we can view the information 292 00:11:42,960 --> 00:11:44,720 extremely easily. 293 00:11:44,720 --> 00:11:47,320 Social Network, Snapchat. 294 00:11:47,320 --> 00:11:49,320 Unlike other similar social networks, 295 00:11:49,320 --> 00:11:52,160 Snapchat allows users to exchange audio or video 296 00:11:52,160 --> 00:11:54,640 of up to 10 seconds, known as snaps, 297 00:11:54,640 --> 00:11:57,320 which are deleted immediately after viewing. 298 00:11:57,320 --> 00:12:00,220 Additionally, users have the option to share their stories 299 00:12:00,220 --> 00:12:03,240 or content that remains visible for 24 consecutive hours 300 00:12:03,240 --> 00:12:05,320 and then disappears permanently. 301 00:12:05,320 --> 00:12:07,560 To synchronize contacts on Snapchat, 302 00:12:07,560 --> 00:12:09,060 we need the mobile application, 303 00:12:09,060 --> 00:12:12,100 which we can download on our Android emulator. 304 00:12:12,100 --> 00:12:15,520 Once we have created the account, we simply need to 305 00:12:15,520 --> 00:12:17,160 tap the profile icon at the top 306 00:12:17,160 --> 00:12:21,220 to go to the relevant screen, click add friends, 307 00:12:21,220 --> 00:12:23,320 touch all contacts. 308 00:12:23,320 --> 00:12:25,600 At this point, we will have identified the account 309 00:12:25,600 --> 00:12:27,640 or accounts of our target, and we can choose 310 00:12:27,640 --> 00:12:30,880 whether to add them to our friends on Snapchat. 311 00:12:30,880 --> 00:12:33,680 Here's the improved text for an audio book on TikTok, 312 00:12:33,680 --> 00:12:37,320 Twitter, Nextdoor, Facebook, and Instagram. 313 00:12:37,320 --> 00:12:39,760 Social Network, TikTok. 314 00:12:39,760 --> 00:12:41,920 TikTok is a social network that lets you share 315 00:12:41,920 --> 00:12:45,020 15 or 60 second clips with music, sound effects, 316 00:12:45,020 --> 00:12:46,520 and filters. 317 00:12:46,520 --> 00:12:49,400 These clips include dances, mini comedy sketches, 318 00:12:49,400 --> 00:12:51,520 musical parodies, or lip syncs, 319 00:12:51,520 --> 00:12:54,680 and are characterized by fast and intuitive editing. 320 00:12:54,680 --> 00:12:57,720 Just like Snapchat, all you need to do is sync your contacts 321 00:12:57,720 --> 00:12:59,720 to get your target accounts. 322 00:12:59,720 --> 00:13:02,380 Once you've created an account on your Android emulator, 323 00:13:02,380 --> 00:13:05,780 open the app and tap profile at the bottom right. 324 00:13:05,780 --> 00:13:08,780 Then tap find friends in the top left corner 325 00:13:08,780 --> 00:13:10,960 and find contacts. 326 00:13:10,960 --> 00:13:13,240 Allow TikTok to access your contacts 327 00:13:13,240 --> 00:13:15,800 and the accounts associated with the analyzed phone numbers 328 00:13:15,800 --> 00:13:17,380 will be returned. 329 00:13:17,380 --> 00:13:19,640 Social Network, Twitter. 330 00:13:19,640 --> 00:13:21,520 Twitter is a free microblogging platform 331 00:13:21,520 --> 00:13:25,560 that allows you to share messages up to 140 characters long. 332 00:13:25,560 --> 00:13:27,280 To sync your contacts with Twitter, 333 00:13:27,280 --> 00:13:30,080 you need to create an account and go to the following URL, 334 00:13:30,080 --> 00:13:35,080 https://twitter.com slash settings slash contacts. 335 00:13:35,600 --> 00:13:37,160 Once you've added your contacts, 336 00:13:37,160 --> 00:13:39,480 the corresponding Twitter accounts will be returned, 337 00:13:39,480 --> 00:13:41,240 provided that your target hasn't changed 338 00:13:41,240 --> 00:13:43,060 their privacy settings. 339 00:13:43,060 --> 00:13:45,540 Social Network, Nextdoor. 340 00:13:45,540 --> 00:13:47,840 Nextdoor is a private neighborhood social network 341 00:13:47,840 --> 00:13:50,440 that was launched in the United States in 2011 342 00:13:50,440 --> 00:13:53,380 and arrived in Italy in 2018. 343 00:13:53,380 --> 00:13:55,040 The platform is useful for finding 344 00:13:55,040 --> 00:13:56,440 and getting to know your neighbors, 345 00:13:56,440 --> 00:13:58,560 creating micro communities. 346 00:13:58,560 --> 00:14:02,040 To use Nextdoor, users must use real names and addresses, 347 00:14:02,040 --> 00:14:03,640 associate their phone numbers 348 00:14:03,640 --> 00:14:05,260 and request a postcard online 349 00:14:05,260 --> 00:14:08,560 that will physically arrive at their home within five days. 350 00:14:08,560 --> 00:14:10,440 Once you've created your neighborhood, 351 00:14:10,440 --> 00:14:12,640 you can report news and events in your area 352 00:14:12,640 --> 00:14:14,200 with posts visible only to those 353 00:14:14,200 --> 00:14:16,640 who belong to a specific community. 354 00:14:16,640 --> 00:14:19,120 Each member of the platform can attract other profiles 355 00:14:19,120 --> 00:14:21,160 to establish a neighborhood. 356 00:14:21,160 --> 00:14:23,080 To sync your contacts on Nextdoor, 357 00:14:23,080 --> 00:14:24,640 you need to download the application 358 00:14:24,640 --> 00:14:26,680 on your Android emulator. 359 00:14:26,680 --> 00:14:27,960 Once you've created an account 360 00:14:27,960 --> 00:14:30,240 and given permission to access your contacts, 361 00:14:30,240 --> 00:14:31,880 you'll simply find your target accounts 362 00:14:31,880 --> 00:14:34,780 in the invite or invitations section. 363 00:14:34,780 --> 00:14:37,340 Social Network, Facebook. 364 00:14:37,340 --> 00:14:39,160 Facebook is by far the most popular 365 00:14:39,160 --> 00:14:42,040 and widely used social network in the world. 366 00:14:42,040 --> 00:14:44,000 To sync your contacts on Facebook, 367 00:14:44,000 --> 00:14:45,800 you need to download the mobile application 368 00:14:45,800 --> 00:14:47,840 on your Android emulator. 369 00:14:47,840 --> 00:14:49,400 Once you've created an account, 370 00:14:49,400 --> 00:14:52,040 go to settings in the upper right-hand corner of Facebook, 371 00:14:52,040 --> 00:14:53,920 then go to settings and privacy 372 00:14:53,920 --> 00:14:55,720 and then to settings. 373 00:14:55,720 --> 00:14:57,620 Scroll down to the permissions section 374 00:14:57,620 --> 00:15:00,040 and tap upload contacts. 375 00:15:00,040 --> 00:15:02,360 Tap continuous uploading of contacts 376 00:15:02,360 --> 00:15:04,760 to enable or disable the setting. 377 00:15:04,760 --> 00:15:06,380 Once you've synced your contacts, 378 00:15:06,380 --> 00:15:08,320 any accounts associated with phone numbers 379 00:15:08,320 --> 00:15:11,200 will appear among the suggested contacts. 380 00:15:11,200 --> 00:15:12,640 You won't have a precise idea 381 00:15:12,640 --> 00:15:14,920 of which account is associated with a phone number, 382 00:15:14,920 --> 00:15:16,120 but it's still useful, 383 00:15:16,120 --> 00:15:19,060 especially if you already know the target's name. 384 00:15:19,060 --> 00:15:20,620 You'll easily find the target account 385 00:15:20,620 --> 00:15:23,580 among the many accounts suggested by Facebook. 386 00:15:23,580 --> 00:15:25,680 More information on Facebook can be found 387 00:15:25,680 --> 00:15:28,320 in my previous Facebook podcast. 388 00:15:28,320 --> 00:15:30,800 Instagram is a social network dedicated to sharing 389 00:15:30,800 --> 00:15:33,360 and publishing photos and videos. 390 00:15:33,360 --> 00:15:35,640 Users on Instagram have a personal profile 391 00:15:35,640 --> 00:15:37,680 where they can upload photos and videos, 392 00:15:37,680 --> 00:15:39,240 thereby sharing the moments of their day 393 00:15:39,240 --> 00:15:41,360 with their network of followers. 394 00:15:41,360 --> 00:15:44,760 To connect to Instagram, you need to follow these steps. 395 00:15:44,760 --> 00:15:46,680 Tap the profile picture at the bottom right 396 00:15:46,680 --> 00:15:48,720 to access your profile. 397 00:15:48,720 --> 00:15:51,840 Tap on the top right, then tap on settings. 398 00:15:51,840 --> 00:15:55,120 Click on account, then tap on sync contacts. 399 00:15:55,120 --> 00:15:57,060 Finally, click on connect contacts 400 00:15:57,060 --> 00:15:59,720 to activate contact synchronization. 401 00:15:59,720 --> 00:16:02,320 As with Facebook, we may not have a precise idea 402 00:16:02,320 --> 00:16:04,420 of our target profiles. 403 00:16:04,420 --> 00:16:06,600 However, if connected with a phone number, 404 00:16:06,600 --> 00:16:09,920 these profiles will appear in the suggested section. 405 00:16:09,920 --> 00:16:12,760 Now let's talk about VoIP software Skype. 406 00:16:12,760 --> 00:16:14,940 Skype is a free software that allows users 407 00:16:14,940 --> 00:16:18,240 to exchange messages, send attachments, make calls, 408 00:16:18,240 --> 00:16:22,560 and video calls using the Voice over IP VoIP protocol. 409 00:16:22,560 --> 00:16:24,700 It is a hybrid program that separates chats 410 00:16:24,700 --> 00:16:26,560 into conversations, both in groups 411 00:16:26,560 --> 00:16:28,660 and with individual users. 412 00:16:28,660 --> 00:16:30,440 Once you have downloaded the application 413 00:16:30,440 --> 00:16:32,880 on your Android emulator and created an account, 414 00:16:32,880 --> 00:16:35,760 follow these steps to synchronize contacts. 415 00:16:35,760 --> 00:16:38,740 Tap the profile picture from the chats section. 416 00:16:38,740 --> 00:16:42,300 Select settings, select contacts, 417 00:16:42,300 --> 00:16:44,800 activate sync your contacts. 418 00:16:44,800 --> 00:16:46,320 All the target accounts will appear 419 00:16:46,320 --> 00:16:48,720 in our internal Skype address book. 420 00:16:48,720 --> 00:16:51,240 Moving on to payment app PayPal. 421 00:16:51,240 --> 00:16:53,360 PayPal is a service that not only allows you 422 00:16:53,360 --> 00:16:55,040 to pay for your online purchases 423 00:16:55,040 --> 00:16:56,760 on millions of e-commerce platforms, 424 00:16:56,760 --> 00:16:59,220 but also send and receive money without having to enter 425 00:16:59,220 --> 00:17:00,840 or communicate your credit card number 426 00:17:00,840 --> 00:17:02,920 or bank account details. 427 00:17:02,920 --> 00:17:05,800 In the send money section, you can enter a phone number, 428 00:17:05,800 --> 00:17:07,460 and if the phone number is present, 429 00:17:07,460 --> 00:17:10,900 you will most likely see the profile picture and other data. 430 00:17:10,900 --> 00:17:14,060 Lastly, let's discuss the payment app Wwise. 431 00:17:14,060 --> 00:17:16,880 Wwise, formerly TransferWise, is a platform 432 00:17:16,880 --> 00:17:18,440 for international money transfer 433 00:17:18,440 --> 00:17:21,440 and multi-currency electronic wallet accounts. 434 00:17:21,440 --> 00:17:23,520 Once you have downloaded the mobile application 435 00:17:23,520 --> 00:17:27,580 on your Android emulator, you can also synchronize contacts. 436 00:17:27,580 --> 00:17:30,820 To synchronize contacts, simply go to the recipients screen 437 00:17:30,820 --> 00:17:33,260 for sending money or under contacts on Wwise 438 00:17:33,260 --> 00:17:34,740 in the settings. 439 00:17:34,740 --> 00:17:36,840 You will see the sync contacts form 440 00:17:36,840 --> 00:17:38,440 and all the target accounts will appear 441 00:17:38,440 --> 00:17:40,820 in our internal Wwise address book. 442 00:17:40,820 --> 00:17:42,400 Note that as a security measure, 443 00:17:42,400 --> 00:17:44,320 all profiles now have the default setting 444 00:17:44,320 --> 00:17:46,960 of not being searchable via phone number. 445 00:17:46,960 --> 00:17:49,280 However, many users activate this setting, 446 00:17:49,280 --> 00:17:50,780 making themselves searchable. 447 00:17:52,360 --> 00:17:55,120 Another useful method, perhaps the most obvious, 448 00:17:55,120 --> 00:17:58,120 is to search for phone numbers on search engines. 449 00:17:58,120 --> 00:18:00,180 Let's not focus on just one search engine, 450 00:18:00,180 --> 00:18:02,120 but search at least on the most famous ones 451 00:18:02,120 --> 00:18:06,560 such as Google, Bing, Yahoo, DuckDuckGo, and Yandex. 452 00:18:06,560 --> 00:18:08,160 When searching for phone numbers, 453 00:18:08,160 --> 00:18:10,080 it's important to use a variety of queries 454 00:18:10,080 --> 00:18:13,000 to ensure you find all relevant information. 455 00:18:13,000 --> 00:18:14,980 It's important to search for both the textual 456 00:18:14,980 --> 00:18:16,920 and numerical form of the phone number 457 00:18:16,920 --> 00:18:19,840 and to try different divisions of the number as well. 458 00:18:19,840 --> 00:18:21,920 By doing this, you can increase the chances 459 00:18:21,920 --> 00:18:24,240 of finding the information you need. 460 00:18:24,240 --> 00:18:26,520 So remember, when searching for phone numbers, 461 00:18:26,520 --> 00:18:28,400 be creative and try a variety of queries 462 00:18:28,400 --> 00:18:31,220 to get the most complete and accurate results. 463 00:18:31,220 --> 00:18:32,940 Let's remember to search for phone numbers 464 00:18:32,940 --> 00:18:35,760 on search engines specific to social networks as well. 465 00:18:35,760 --> 00:18:38,220 We may certainly use the most famous social networks, 466 00:18:38,220 --> 00:18:40,140 but also the regional specific ones, 467 00:18:40,140 --> 00:18:42,800 such as VK for users in the East. 468 00:18:42,800 --> 00:18:44,800 A tool that automates this type of search, 469 00:18:44,800 --> 00:18:47,240 but with results that I often find questionable, 470 00:18:47,240 --> 00:18:49,920 is Phononfoga, available at the following link, 471 00:18:49,920 --> 00:18:53,040 https://github.com 472 00:18:53,040 --> 00:18:56,320 slash sundowndev slash phoneinfoga. 473 00:18:56,320 --> 00:18:57,820 Search engine for business cards, 474 00:18:57,820 --> 00:18:59,140 another useful search engine 475 00:18:59,140 --> 00:19:00,920 for open source intelligence purposes 476 00:19:00,920 --> 00:19:03,800 in our phone number analysis is the following CSE, 477 00:19:03,800 --> 00:19:04,920 custom search engine, 478 00:19:04,920 --> 00:19:06,400 which searches the most famous sites 479 00:19:06,400 --> 00:19:10,760 for business cards, CSE.google.com slash CSE question, 480 00:19:10,760 --> 00:19:15,760 mark CX equal sign B5801C31F451E4A. 481 00:19:16,140 --> 00:19:18,400 Just search for the phone number in this search engine, 482 00:19:18,400 --> 00:19:20,200 following the advice given earlier, 483 00:19:20,200 --> 00:19:21,780 to obtain retrievable information 484 00:19:21,780 --> 00:19:24,640 on the business cards created online. 485 00:19:24,640 --> 00:19:26,360 White pages, there are several archives 486 00:19:26,360 --> 00:19:28,400 of fixed and mobile phone numbers, 487 00:19:28,400 --> 00:19:31,220 normally named white pages or yellow pages, 488 00:19:31,220 --> 00:19:34,360 depending on whether they're business or personal numbers. 489 00:19:34,360 --> 00:19:35,920 While until a few years ago, 490 00:19:35,920 --> 00:19:37,880 these archives were in print form, 491 00:19:37,880 --> 00:19:41,440 now the major services of this type have migrated online. 492 00:19:41,440 --> 00:19:43,320 These services are divided by nation, 493 00:19:43,320 --> 00:19:45,520 but registration is optional. 494 00:19:45,520 --> 00:19:47,640 Due to aggressive telemarketing policies, 495 00:19:47,640 --> 00:19:49,380 users who sign up for these services 496 00:19:49,380 --> 00:19:51,320 are in constant decline. 497 00:19:51,320 --> 00:19:53,360 A list of white pages divided by nation 498 00:19:53,360 --> 00:19:55,040 is available at the following link, 499 00:19:55,040 --> 00:20:00,040 https://phonebookoftheworld.com slash wp. 500 00:20:00,560 --> 00:20:02,440 Tool, ignorant through registration 501 00:20:02,440 --> 00:20:03,960 and password reset forms, 502 00:20:03,960 --> 00:20:06,220 it is possible to establish whether a phone number 503 00:20:06,220 --> 00:20:08,620 is registered on a certain service. 504 00:20:08,620 --> 00:20:10,740 While this search can be carried out manually, 505 00:20:10,740 --> 00:20:12,320 there is a tool called ignorant, 506 00:20:12,320 --> 00:20:13,940 available at the following link, 507 00:20:13,940 --> 00:20:16,640 capable of carrying out a search on various services, 508 00:20:16,640 --> 00:20:18,880 currently only Amazon, Instagram, 509 00:20:18,880 --> 00:20:22,840 and Snapchat, github.com slash megados slash ignorant. 510 00:20:22,840 --> 00:20:24,720 Installation instructions are available 511 00:20:24,720 --> 00:20:27,000 directly on the GitHub page. 512 00:20:27,000 --> 00:20:29,460 B2B Software Business 2 business software 513 00:20:29,460 --> 00:20:30,920 is dedicated to corporate marketing 514 00:20:30,920 --> 00:20:32,920 and can provide us with so-called leads 515 00:20:32,920 --> 00:20:34,320 or contacts within a company 516 00:20:34,320 --> 00:20:37,220 that may be interested in purchasing our products. 517 00:20:37,220 --> 00:20:39,800 Obviously, such contacts can be quite useful 518 00:20:39,800 --> 00:20:41,920 for open source intelligence purposes, 519 00:20:41,920 --> 00:20:44,000 also because many of these software index 520 00:20:44,000 --> 00:20:46,440 both company and personal social media profiles 521 00:20:46,440 --> 00:20:48,180 and telephone numbers. 522 00:20:48,180 --> 00:20:50,480 Almost all of these applications are freemium 523 00:20:50,480 --> 00:20:53,520 with limited free features and others for payment. 524 00:20:53,520 --> 00:20:57,040 It is definitely worth investing in non-free licenses. 525 00:20:57,040 --> 00:20:58,880 The main B2B software I use 526 00:20:58,880 --> 00:21:01,720 for open source intelligence purposes are, 527 00:21:01,720 --> 00:21:06,300 Rocktreach, Apollo.io, Lusha. 528 00:21:06,300 --> 00:21:07,720 Simply search for a phone number 529 00:21:07,720 --> 00:21:11,040 within these applications to view target profiles. 530 00:21:11,040 --> 00:21:13,440 B2B software, like caller ID, 531 00:21:13,440 --> 00:21:16,900 feeds on our phone book and email to improve the service. 532 00:21:16,900 --> 00:21:19,840 Use a new email to avoid giving any contacts. 533 00:21:21,600 --> 00:21:24,920 Thank you for tuning into this episode of our podcast. 534 00:21:24,920 --> 00:21:26,240 I hope you found our discussion 535 00:21:26,240 --> 00:21:28,120 on phone number open source intelligence 536 00:21:28,120 --> 00:21:30,200 insightful and informative. 537 00:21:30,200 --> 00:21:32,920 Remember, open source intelligence is a powerful tool 538 00:21:32,920 --> 00:21:35,320 that can provide valuable insights and intelligence 539 00:21:35,320 --> 00:21:37,680 from publicly available sources. 540 00:21:37,680 --> 00:21:39,520 If you have any questions or comments, 541 00:21:39,520 --> 00:21:42,080 please don't hesitate to reach out to me. 542 00:21:42,080 --> 00:21:44,440 And, if you enjoyed this podcast, 543 00:21:44,440 --> 00:21:46,240 be sure to subscribe and stay tuned 544 00:21:46,240 --> 00:21:48,480 for more episodes on open source intelligence 545 00:21:48,480 --> 00:21:50,240 and related topics. 546 00:21:50,240 --> 00:21:51,540 Thanks again for listening 547 00:21:51,540 --> 00:21:53,880 and I look forward to bringing you more exciting content 548 00:21:53,880 --> 00:21:55,260 in the future. 549 00:21:55,260 --> 00:21:58,560 Thank you for tuning into this episode of our podcast. 550 00:21:58,560 --> 00:22:00,600 I hope you found our discussion on phone number 551 00:22:00,600 --> 00:22:03,840 open source intelligence insightful and informative. 552 00:22:03,840 --> 00:22:06,580 Remember, open source intelligence is a powerful tool 553 00:22:06,580 --> 00:22:08,960 that can provide valuable insights and intelligence 554 00:22:08,960 --> 00:22:11,340 from publicly available sources. 555 00:22:11,340 --> 00:22:13,160 If you have any questions or comments, 556 00:22:13,160 --> 00:22:15,760 please don't hesitate to reach out to me. 557 00:22:15,760 --> 00:22:18,120 And, if you enjoyed this podcast, 558 00:22:18,120 --> 00:22:19,900 be sure to subscribe and stay tuned 559 00:22:19,900 --> 00:22:22,140 for more episodes on open source intelligence 560 00:22:22,140 --> 00:22:23,920 and related topics. 561 00:22:23,920 --> 00:22:25,200 Thanks again for listening 562 00:22:25,200 --> 00:22:27,520 and I look forward to bringing you more exciting content 563 00:22:27,520 --> 00:22:28,360 in the future.