Security Basics mailing list archives
RE: Hunting for Mr Badmouth
From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Wed, 27 Aug 2003 09:31:54 -0700
Messages he posted should contain the originating IP address in the headers. If you can obtain email copies of the messages he sent, you can determine this information.
From there you may be able to discern some information about his location
and/or identity. For example, the IP address may belong to a university or business. If it belongs to a large, commercial ISP, you will probably have to contact that entity for further assistance. Yahoo may be responsive (although slow) to requests for assistance. You can search on Google for phrases contained in his posts. He may have posted similar messages elsewhere and left other clues. Also search for his email address on Google. If the email address was not made up just for the purpose of sending these messages to the message board, you might be able to trick him into revealing more information about himself. I'm not sure what the legal ramifications are, so you might want to consult with counsel before attempting this. :) For example, you could send an email message purporting to be a long-lost acquaintance. He may respond with "who are you again?" or something like that. If you can engage him in some kind of conversation he may give up information about himself. If he doesn't check the mailbox or if it was created only for sending messages to this message board, then obviously that won't work. You might also send a message saying, "I agree totally with what you are saying. That company is the spawn of Satan." You might lure him out into a conversation. Try popping the Yahoo address into Yahoo Messenger. There is a slim chance than he might use it. If he comes online you can try to engage him in a conversation. Be vague and draw him out. Zac -----Original Message----- From: Bob Walker [mailto:bobwalker8 () comcast net] Sent: Tuesday, August 26, 2003 4:46 PM To: security-basics () securityfocus com Subject: Hunting for Mr Badmouth I'm hoping this board can help me. I've been tasked with trying to track down an individual who posted some comments to a yahoo message board defaming a company. Is there any way to track this individual, short of a court order to yahoo? His profile is private, and (duh!) he's not responding to postings to email. Any ideas on a direction to look or a tool to use would be greatly appreciated. Bob --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Infect me Webby Witch (Aug 26)
- Re: Infect me Jan Reilink (Aug 27)
- Hunting for Mr Badmouth Bob Walker (Aug 27)
- RE: Hunting for Mr Badmouth Zachary Mutrux (Aug 27)
- Re: Hunting for Mr Badmouth Tim Greer (Aug 27)
- Re: Hunting for Mr Badmouth khayes (Aug 27)
- RE: Hunting for Mr Badmouth David Gillett (Aug 27)
- Re: Hunting for Mr Badmouth Meritt James (Aug 27)
- Re: Hunting for Mr Badmouth Tomek Perlak (Aug 27)
- <Possible follow-ups>
- Re: Infect me c_brauckmiller (Aug 26)
- Re: Infect me Birl (Aug 27)