So about six months ago I started researching how to disappear from the internets. I opted out of all the things. I threw mud in the water on social media and I even deleted more than a few accounts. No luck, I still get junk email and, shockingly, some how, even more real junk mail.
Then I got to thinking… If I can’t beat these companies, why not figure out how they’re getting my data, duplicate it if I can, and then abuse the heck out of it to raise awareness.
Alohomora is Born
So originally this application was nothing more than some c# printing out to a console window. As I continued down this path though I quickly realized that I had stumbled onto a method that could be abused to seriously harm others. You can read about the method I used in the 2017 Summer Edition of 2600
I decided that I needed to take one of two paths. Either I was going to fully weaponize this tool and just present it but not release it or I was going to release it and it’s source. I opted to release the tool because I believe wholeheartedly that if the public isn’t fully made aware of what’s out there and how it’s being used, then policy will never change.
I presented version one of Alohomora at Defcon 25 2017. During my presentation I showed how the tool can quickly build target profiles on employees of critical infrastructure, police officers, fire fighters, soldiers and more. With these target profiles a person can see home address, phone number, full name, date of birth, relationships, sexual orientation and more.
The target profiles are just an example of how someone could use this tool. That information could be used for targeted phishing campaigns against nuclear power plants, police departments, schools, and more. It could also be used to locate specific people of interest and harm them physically. I know that when I was a soldier / police officer I wouldn’t have wanted people being able to easily find out where I live.
The Next Stage For Alohomora
Currently I’m prepping version two of the tool for DerbyCon 2017.
Some of my goals are:
- Clean up the UI
- Be able to locate targets within your immediate vicinity
- Write a linkedin plugin
- Write a twitter plugin
You can find the source for the tool on my github and you can download a build of the tool at the top of the page.