This tutorial is an upgrade of the original info gathering tutorial written by Raven. There was a huge need to expand information gathering techniques on targets because the old tutorial was very small. This tutorial has been assembled with new information and links to aid in your investigation. This tutorial won’t cover the basic techniques, like finding the IP address or other small things that might be useful. This tutorial covers more significant concepts that will exploit offline databases and other tools that are accessible to the general public
Author's Notes:
This tutorial is an upgrade of the original info gathering tutorial written by Raven. There was a huge need to expand information gathering techniques on targets because the old tutorial was very small. This tutorial has been assembled with new information and links to aid in your investigation. This tutorial won’t cover the basic techniques, like finding the IP address or other small things that might be useful. This tutorial covers more significant concepts that will exploit offline databases and other tools that are accessible to the general public. This tutorial will mainly cover offline databases in the United States, but the techniques can also be used elsewhere in the world. Please note, this tutorial is written for the hacker who wants to track down their target, as well as the ordinary person who wants to find a long lost relative, friend, or school mate. Enjoy!!
Disclaimer:
I created this tutorial for informational purposes only! Much of the information in this document can be used to perform illegal activities! Don't attempt to do anything stated in this document! If you do attempt to do anything, you are solely and fully responsible for what you do! If you get caught and get in any kind of trouble, it's your own fault! If you intend to use this information to impress your friends, leave it and grow up! If you don't agree to this, do not read any more! If you use this information to harm or to perform illegal activities, you will pay for your actions in JAIL.
Introduction:
The purpose of this tutorial is to provide the everyday Internet user with general legal information available both on and offline for locating people. This tutorial won’t make you an expert investigator, but will teach you new techniques available for free so you can find that long lost schoolmate or that guy who ripped you off with ease.
The Internet is a huge library of billions of web pages, hundreds of search engines, and tons of legal facts just waiting for your use. To begin an investigation, you first need a target, in this case a person. It is best to think optimistically about finding that person. Plenty of information can be obtained on anyone from online references or offline departments, so think positively! With the exception of adoption cases and those that have been closed from the general public, like certain military investigations, everyone leaves a paper trail that can be followed when you know how to go about it. Like all investigators, you should keep notes on what you find. Hopefully this tutorial will allow you to locate the person your searching for quickly, but if you don’t, you might be able to use your common sense to track them down. Please remember, things like this take time and require a lot of patience.
First off, let’s begin to gather information via basic internet tools that are available all over the internet.
Simple Internet People Locator Tools:
Internet Search Engines:
Search engines, like www.altavista.com and www.google.com, can be effectively used to locate someone if that target has information about themselves on a web page. People usually submit resumes, message board posts, and, at times, websites to the major search engines in hope of getting more hits. They might have done the submitting or they just happened to have their name on a webpage that was submitted without their knowledge. Now, usually no one is stupid enough to put their real name, phone number, or address, but hey you never know. So simply submit the name of that person into the search engine of choice, try the above one, or any one you prefer. It is also wise if you know the name of that person’s parent(s) and brother(s) or sister(s). If you do, search for those too. By doing so you might find some information that can aid you in locating that person. Try to search by using the advanced features available to you by the search engines. For further information, read this nice tutorial called Search Engines Ripped Apart, hey i got to get hits for my tutz! This method might yield limited info, but it’s very effective.
Internet Registries:
With the emergence of cgi and perl scripts, hundreds of internet registries have sprung up. There are many types of registries; some include old high school registries, military veterans registries, and other groups or clubs registries. I will list some registry databases here which you can search for information. This method is also very effective, but will yield you no information if that person has never submitted their name in the registries. I am sure you all have seen that banner of high school classmates, or university classmates. The same goes for war veterans, like the WWII and Vietnam war veterans registries. When visiting a registry, one can usually search using various keywords such as a last name, and hope of finding an entry left by the individual they are searching for.
Newsgroups:
Newsgroups are another effective resource for your investigation. Go to www.dogpile.com and click newsgroups, then simply search for the name you’re searching for and you might get some useful information. One newsgroup called “soc.net-people” has been created to help people locate others. So just post a message asking for aid, you never know what you might find there. Below is a step by step example of searching Usenet messages for a target's email address.
USENET-ADDRESS SERVER:
The following step-by-step example is a server that will perform an email search on the Usenet Address Database, which is at rtfm.mit.edu . In this method of searching, you will email that server and it will return the results to you via email. Simply click this email address mail-server@rtfm.mit.edu and in the body of your message write send usenet-addresses/ after the / write the name of the person, you should write last name first then the first name. If you think the person has nicknames then simply, underneath that search string write another one with a send usenet-addresses/ and after the / write another name. The order of the names or the case doesn't matter so simply do that and send the email. After a few minutes depending on the connection, you should receive a reply with a listing of possible matches. Then look to see if they are of use to you.
E-Mail Addresses:
Many people have made it their job to help with the compilation of email addresses of lost friends or family members. By searching for a surname you might be able to find an email address that you might be looking for. Many times, you might not find the person’s email address but if you search for the last name, you might find other family members with their last name in their email address so if you email that list you find, someone might be able to help you out. Don’t send to thousands of email address cause some last name email queries might yield hundreds of results, so if you email all of them it might be seen as a form of spamming. If you have obtained the email address or if you are still searching for the email address you can use special search servers called ph servers. Ph servers are systems that allow you to search and look up information like email addresses at research institutions or college universities and many government agencies. At the links below you can use information databases available all over the internet, simply click on the available sites and input a name you are searching for and it will try to find an email address. Try first to search for a last name, which is more precise than searching for a first name.
This tutorial is taken from a compilation of tutorials that my friend H||JinX in 29th May 2001. This is written by M3DU54 of +44.The full compilation can be read here, I ask readers to mirror this compilation, because its a really valuable source of information. Below is one of the compilations, not a word has been changed from the original release. This method has been the heated topic of forum posts and other controversy. Yes it is possible to obtain a telephone number from an IP, If this method doesn't work for you, don't flame it must have worked when M3DU54 wrote it.
--=[ Tracing a telephone number from an IP ]=--
Check the server to see if its RAUDIT equipped, if so you may be able to pull the dialup details while they are online or for a short time after using their IP and ISP's local Date/Time. (You may have to do a lookup to get the hostname in order to find the connection reference for your query - most don't reference in IP form, never did understand why)If not or you fail to crack access to it, try a simpler method ... assume they use a modem with the cheaper Rockwell chipset and hope they haven't changed the 2nd s-register (Attention character) to an inhibit value (i.e. MSB set) ... send a standard +++ath0 ping packet to see if you can disconnect them, just ping about 5 times with 2 second intervals, at least the last 3 should fail to return - if so, do the following:NSLookup their ISP and try to get some idea of which country they are in, then find someone you know and trust in that country (Hopefully it is your own) ... Send the victim an +++ATDT{friends number}; ping packet - and their modem will drop and call your friend (Who of course has CallerID - heh)Many people have CallerID barred by default, but they have to disable the CID barring to dial their ISP ... and to do this they sometimes use a prefix that tells the exchange to enable CallerID for this single call ... so you may want to know that prefix first before you try to make them call you. This is a damn easy method :)There are many other methods ranging from stealing their connection and forcing the answering(Call Handling) Modem (Which is of course CID capable) to do a confirm sequence (On some bulk equipment - check the manufacturer docs for the various call confirm sequences)Finally, for completeness ... Get the actual postal address ... take their number and pass it through a local, regional or national CNA, e.g. in England I would try calling BT InterVue and get the number for Jumper Control for the area (Say Heaton, Newcastle - would be the NETEA exchange) - Then call NETEA Jumper Control with a valid OUC/BCS to get the subscriber address for the terminating equipment. If you don't know how to run CNA checks in the targets country check the 2600 meeting for that city or country (Payphone numbers and meeting times are listed publicly) There will be someone there that can hopefully run a CNA for you.That's how I take down paedos equipment cus the law hear wont do @!#$ unless you give them an address they can raid - give them an IP and they try to freaking phone it (I'M SERIOUS LAW ENFORCEMENT SUCKS) ... it proves the old addage ... "If you want something done right - do it yourself"You send him a ping packet with '+++ATDT{number};' in the body of the packet.You can do this with the 'ping' command from your *nix box or shell type 'man ping' for help with this (TIP: You will prolly need to covert the string to HEX first :). Unfortunately the ping command that comes with windows doesn't allow this.If you are stuck with a windows box only - then there are a number of 'hang-up ping' programs that send these packets ... look for one that allows you to change the body of the ping :)If you have no luck remember that ANYTHING that causes him to send +++atdt911; back to you will cause his modem to respond :)for example, you can do a CTCP PING on IRC using /RAW or, if he has a port open 'such as telnet' that echoes characters back - pasting the +++ command at him so that it all comes back as one string will get him :)Or abusing FTP or MAIL services by logging in as user +++... so that he sends you ...'No such user +++atdt911;' [disconnected]-or-'Password required for +++atdt911;' [disconnected]Many ways to pull this off and it does work on a lot of the modems out there ... namely the cheap Hayes clones.This is because the original Hayes patent required that a silence (called a 'guard time') was required before a +++ sequence to make the modem go into command mode from data mode.Rockwell didn't really want to pay Hayes to use their modem technology so they twisted the patent slightly and didn't include the guard time ... this also made them vulnerable to dropping into command mode at any opportunity - heh.Since true Hayes modems are more expensive than Rockwell's this vulnerability is still found quite widely despite being years old and quite lame - however, it is the first thing to try when looking for a victims telco number from the IP.If YOUR modem is vulnerable then it will disconnect as you try to send the nasty packet to the victim, and the victim will not be affected ... so if you have problems with your own modem dropping each time you try it, you may need to set the MSB of s-register 2 on your modem.================>How many of these modems are out there ? Looks like lots.SSS================> Oh, TOO many ...Europe is the worst because Hayes modems and USR's have higher import charges so people go for the cheaper Rockwell's, almost all of them there are Rockwell based.In the US and Canada I'd say its about a 50:50But many are learning to put the s2 register settings in their init strings, so some Rockwell's wont respond.M3DU54CL4US "+++ath0h0h0h0 ... bellowed Santa as he dropped carrier"Also....But shadow seems a bit confused as to how the command actually gets acted upon. Well ... here goes ... This has NOTHING to do with TCP/IP protocol stack or internet, it is simply an issue of basic modem operation.A modem starts in command mode ... in this mode anything you send at it is assumed to be an AT command sequence, anything else will return an error string.When a connection is made to another modem the modem switches to data mode (before even a PPP is established - we are just talking about modems here not protocols) In data mode everything the modem receives is assumed to be data.This leaves us with a problem ... how do we get OUT of data mode if EVERYTHING we say is interpreted as data to be sent ? Well, we have an 'attention sequence' this is a sequence we send to a data modem to get it to accept a command from us.The attention sequence is '+++' and will make a connected modem stop and listen to a command before returning to data mode.So ... if in the middle of sending the data '1234567890' I wanted to turn the modem speaker on I would send ...'1234+++ATM1L3[CR][LF]567890'See how that works ?
'1234' is sent as data to the remote side
+++ makes the modem treat the next string as a command
ATM1L3 turns the modem speaker on and volume to full
the CRLF ends the command and returns the modem to data mode
'567890' is sent to the remote side
now ... this obviously makes +++ a dangerous sequence to send through a modem.Hayes modems original patent said that to prevent any accidents a '+++' must be preceded by a period of silence known as the 'guard time' This was to prevent an accidental triggering of the modem due to sent data containing command sequences.But, Rockwell modems didn't want to pay Hayes ... so they took out the guard time in order to defeat the patent. (Bad Move)So ... on many non-Hayes/USR modems you can easily command the modem to do what you require, since no guard time is needed prior to a +++ sequence it becomes an easy matter to trick a remote machine into sending back a string that the modem will interpret as a command!hope this made some degree of sense.================>Hello again. This post is in reference to my last one. The question about which file on a *nix system is the IP stack was unrelated to my question about sending +++ data to modems. I'm sorry for any confusion but I would still appreciate an answer to this question so here it is again:What file on a *nix (Linux, FreeBSD, Solaris, OpenBSD) system is the IP Stack? Where can I find the source for the IP Stack if it's not in clear text form?Now I'd like to discuss the +++ topic once more. This will pretty much be the same point I tried to make in my original message but I felt it wasn't accurately answered. Modems speak datalink protocols to each other. IP is a network layer protocol and as we all know the network layer is above the datalink layer. Additionally I'm sure we are all aware of how protocol stacks operate when receiving data: strip header, send to next layer up the stack. Everything past the header info in a packet is the packets payload and isn't used by the current layer. So to clear things up the modem would receive it's data, strip any header information and pass the packet up the stack. The +++ data you mention sending in an IP packet wouldn't be evaluated by the modem, but would rather be passed up to the network layer. So how can this work? Are you suggesting any data with +++ passed through a modem can accomplish this same thing? Could I send it in a http request, for example: GET /cgi-bin/noscripthere.pl?+++(modem_command) HTTP/1.1After all the data is still passing through the modem (assuming the webserver is connected via a modem), so this will work the same will it not?I could imagine the +++ technique possibly working if 2 modems are talking directly to each other using only a datalink protocol but not if the data is in an IP packet. Before I finish this post I'd like to clarify that I am aware this is an outdated hack, and only certain modems are vulnerable. I'd appreciate any clarification you can add to this topic to help me understand. -Lady Shadow================>It doesn't matter about the network protocols as long as the bytes of data are contiguous, and they will be.If I send it inside a ping packet, the body of the ping packet contains the string '+++ath0;' and this passes through the modem to the remote, and then up the TCP/IP protocol stack transport SPI till it is served to the target application.NOW ...The application makes a response (In the case of an ICMP PING it will be a ping reply packet) ... the packet is formed and travels down the TCP/IP transport SPI layers and via the device driver to the modem ... which sees:{ipheader garbage}+++ath0[CRLF]{more garbage}and decides it is an indication to drop into command mode and issue the AT Hayes command H0 (Hang up) before continuing to send data.Remember that the modem is pretty much dumb - and doesn't realise it has occurred in the middle of a packet. It just sees an attention sequence followed by an AT command. See? This has nothing at all to do with the protocols used - since no matter how you wrap the data it will always look like an attention sequence.Also remember that this ONLY affects the modem when the data is sent upstream, hence the need to get the remote side to issue the string through its modem as part of the data stream.Remember that TCP/IP does not encrypt the data, it merely wraps and quotes it (And fragments it into happily sized packets)If I wanted to exploit HTTPd I would try to coerce it into reporting an error with the resource '+++AHT0'If I wanted to exploit FTPd I would login as user '+++ath0' and coerce it into saying:'password required for +++ath0.[crlf]'I suggest if you still don't follow this then you should really play with your modem. Its a VERY old exploit and I only mentioned it because its the first thing you should try when trying to get a telephone number from an IP.Its not complicated, its not clever - its old, dumb, and I previously thought everyone understood its simple manner of operation. I expected to have to clarify the other methods of acquiring a number from an IP, but not this one as its so self explanatory.Please lets not waste another thread on it.As for which file is the IP stack ... there is not one specific file - the Protocol stack is a STACK of layered services and each is handled differently.For example, a firewall is a layered service and also takes its place as part of the stack. The protocol stack is a dynamic entity.From the amount of lines I have had to type about the simplicity of sending command mode sequences to modems I really don't know if I want to get into the vagaries of local protocol implementation.
Another Method to Obtaining a phone number from an IP address:
Here is a tutorial that i promised my friend HardW1r3 to publish along with this tutorial. You will find that this method is useful because as you will see HardW1r3 was able to obtain their phone number and call the people up, wouldn't you wish you can try that, well read on!
So this is a little trick I read about a long time ago (if someone knows who first came up with this please drop me a line so i can give credit) which can be very helpful when trying to find out the real identity of someone online.Using this trick you can get the name, address, and phone number of people online, provided they are dumb enough to fall for it.
Ok so the first thing your going to need to do is surf on over to http://www.ureach.com/. These folks have vmb's and you can set one up for free. The great thing about these is that, as of the time of this writing the vmbs have ani on them. Which means when someone calls your vmb it will also record the number they are calling from. So you need to sign up for the account and write down all the information and your ready to begin. Now the best way I can think of to explain how to use this is to just tell you how I have used it before. I went on to dalnet and was just looking around when I decided I needed someone to vent rage on so I joined into a certain racist channel (I hate racism) which I wont name and posted this.
HardW1r3 Call up the racist joke line at 8774294500 ex 543.
Then I called up the vmb and changed my greeting to "This is the joke like leave your joke and nick at the beep then stay on the line." I then just got offline for awhile and watched tv. After about 30 minutes I called back the vmb and listened to my messages, I now had the nick and phone number to two of the usuals in the channel. So I took the phone numbers over to www.5551212.com (now you have to have an account to use it so try something like anywho.com instead) and I did a reverse lookup on the numbers and got back the owners names and addresses. So now for each racist pig that called my line I had their nick, their name, their phone number, and their address. You could change this around anyway you like to make it suit the situation I just wrote this to show you how I did it.
What I did with this info is really beyond the scope of this article. If any of this stops working or if you know the original guy that came up with this trick please drop me a line at hardw1r3 or see me on irc.box.sk. If any of this is inaccurate please let me know so I can fix it.
Adoption Cases:
Now you can skip this section if your not searching for a long lost relative who was adopted, but the techniques that will be explained might be useful for other incidents. Adoption searches are usually very difficult because of privacy laws concerning such matters. When a parent gives up their child for adoption they expect that their privacy will be protected and it is by law for states to do so.
However, depending on what state you will be conducting your research, laws might differ from one state to another. Hopefully this gives hope that you might be able to have some assistance. To begin investigating what you can and cannot legally obtain its is best you first visit this url, it will show you what laws and services are available to you by the state government in which you will be looking up information.
The Internet has been the new linking agent for long lost relatives, to link again with their parents and friends. I have obtained several sites which are really adoption related registries, which you will have the ability to search national and international adoption registries. Registries work best when both parties are searching for each other. Hopefully others might be searching on the other side and have left a post at one of these sites.
Adoption Internet Resources
Adopt Search Registry
Free search forum and registry
Adoptees Database
On-line searchable database for adopted children
Adoptees Miracle Search Network
Offers a searchable database for adoptees and birth parents .
Adoptee Search Center
One of the largest online databases available on the net.
Adoption Connections Project
A site that brings together birth mothers, adopted daughters, adoptive mothers, foster mothers and other family members.
Adoption Records and Queries
A forum to post queries.
Birth Quest
Online international database used for searching adoptees, birth parents and adoptive parents
Find Me
Online adoptee/birth parent database registry that is sorted by decade.
International Soundex Reunion
Huge reunion registry on the net.
Lost Connections
Many adoption resources and a reunion registries.
Relinquished Registry
Registry, forum and other resources.
Seekers Of The Lost
The largest search registry online with over 42,000 records.
Who? Me?
Search registry for people searching for others around the world
Birth date Search Use this site to find information on someone's birth date, contains over 135 million records.
Global Info Network Find people, perform background checks, business payment analysis, and much more
Acc-U-Data This site has lots of including missing person searches, telephone searches and more!
Instant Data Research This site has many reports and services like back account checks, and criminal checks.
Sherlock Supplies reports that you can order on-line using the Sherlock Holmes script method.
Military Cases:
If the individual you are searching for had served or is currently serving in the United States military, then you might be very lucky in finding that person. To do so, all you have to do is search the appropriate military search database service and you might get lucky.
So now you might ask what can a simple search return for us? Lets reveal some information about military people that you might/will be able to find.
You will be able to find their
Rank
Military Schools attended
Present and past duty assignments
Gross salary
Awards obtained in their military service
Possibly other things not listed here
Like we talked about using the whois service above, a military whois also exists. To use this I should tell you now that it is is really used for searching for people currently active within the military. This whois searchable database will return for you with their unit number and installation.
Military Whois
http://www.nic.mil/cgi-bin/whois
This whois query might provide some promising results. If it doesn't yield any significant information, you can always use snail mail to inquire a search about the person your looking for. What you don't know what snail mail is? Well in the past, before email people used to write letters on paper and it will usually took forever not seconds for the message to be received, hence snail mail. haha! Ohh well, if this is your last hope here are the military locator services for the US Army.
Military Locator Services Agencies
Military
Active Duty
Army Locator Ft Benjamin, Indiana 46249
Retired
Army Personnel Center Attention: DARP-PAS 9700 Page Boulevard Saint Louis, Missouri 63132
AIR FORCE
Active Duty
Air Force Locator Service AF Military Personnel Center Randolph Air Force Base, Texas 78150
Retired
Retired Personnel Command AF Military Personnel Center Randolph Air Force Base, Texas 78150
MARINE CORPS
Active Duty
Marine Corps Locator Service MMRD-10 Commandant - Marine Corps Washington, DC 20380
Retired
Marine Corps Retired Locator Service MMRD-06 Commandant - Marine Corps Washington, DC 20380
NAVY
Active Duty
Navy Personnel Locator Service NMC-21 Washington, DC 20307
Retired
Retired Personnel Command Locator Service 4400 Dauphin Street New Orleans, Louisiana 70149
- Please note, you can find many of these addresses by searching or asking your local librarian about helping you inquire about such matters.
Department of Veteran Affairs
This department will forward a letter from you to any veteran that they have on file. So try it out, you have nothing to lose.
Dept. of Veterans Affairs VBA - Admin. Support Staff (20A52) 810 Vermont Ave NW Washington, DC 20420
Post Office Investigation:
When people move to a new location they usually still receive mail to their old address so in order to have their mail not sent to the old address, they fill out a change of address form at their local post office. This form will allow any mail to be forwarded to their new address, and will allow anyone to query about their new address for a time period of two years. Now in that period of two years any citizen can go to the post office and ask for the address of that person and it will be legally available. This is a good aide for many people but a devastating thing for people who leave because they are being stalked so keep that in mind. If you have an old address of a person then simply file a letter to the post office or go and ask in person.
I live near a post office so I asked them about this, the old postman said ohh do this:
“Address an envelope to the old address and write on the envelope with ‘Do Not Foward - Fowarding address requested’ and simply mail it.” The post office will write the forwarding address on the envelope and will send it back to you, with the return address as the person's new address. Ohh he also said don't forget to put a stamp or he will get mad, haha.
Note: For you guys who are running away from the mafia don't get scared that suddenly the mafia will be after you. There is an alternative method for protection. If you use a PO Box to receive your mail, the post office will not provide anyone the physical address information, so that should keep you relaxed.
Now, if a person or company runs a business using a PO Box, the post office must provide the business owner’s address information to those that request it so that should aid us in gaining more information if they run some sort of business, and hopefully its a legal business, :-)
Department of Motor Vehicles Service:
The department of motor vehicles is simply the best known, most used legal source for obtaining information when faced with the task of locating someone. You simply search your state laws and pray that the department of motor vehicles will be your information source.
Now you have obtained the needed data to begin your investigation from the DMV. First you should request your target’s driving record. Now there are many states and each has their own law, but the requested driving record could give you these pieces of information.
Your targets personal information (Address, Social Security Number, Date of Birth)
Your targets physical characteristics/appearance (Eye color, hair color, height, weight)
Your targets driving information (Accidents, license restriction, tickets)
Even if you obtain this amount of info usually the address is old but Americans usually don't move much if they own a home then they stay there for years. Now to obtain the new address you can use the methods I have/will present to you. If you are able to find that they had a traffic ticket then simply request the information about these incidents. You might be able to obtain the current address and if your really lucky you might obtain the license plate number. If your that lucky and you have the license plate number then you can obtain the current address by requesting the vehicles registration records. Vehicles registration records are more up-to-date than driver’s records because Vehicles registration records have to be updated every year so enjoy!
Now one thing that can halt your investigation is if the vehicle's info revealed it is owned by someone else. Well now just use your common sense. If they let them use their car then they must know them. Just give that person a visit and see if they know your target.
Vessel/Boat/Aircraft Registration Records:
Many states require the owners of boats or vessels to register their vehicle. The internet will be our source in obtaining registrations. There are many online searchable databases that you can legally access and check for such registrations. I will present you with some accessible databases.
If you want to inquire using email simply send an email to this email address and in body put the state you want the address from. Now the same goes for aircrafts. If your target owns one of those small planes then they are required to register it. Again this information is open to the public and you guessed it, the owners address is also legally available for you. Here are some databases you can search to obtain the registrations.
Government Online Links [DMV]
Alaska Motor Vehicles Regulations, manuals, forms and information.
California Motor Vehicles Regulations, manuals, forms and information.
Connecticut Motor Vehicles Records information, manuals, forms and information.
DMVSearch.Com For a small fee this company will save you the time of writing for DMV records with online (email returned results) DMV searches.
Florida Motor Vehicles Very detailed information on all aspects of motor vehicles including public records and computerized data.
Georgia Motor Vehicles Driver's license information, manuals, regulations and other related information.
Louisiana Motor Vehicles Same as above
Maine Motor Vehicles Same as above
Maryland Motor Vehicles Same as above
Massachusetts Motor Vehicles Same as above
Michigan Motor Vehicles Same as above
New York Motor Vehicles Same as above
Ohio Motor Vehicles Same as above
Oregon Motor Vehicles Same as above
Pennsylvania Motor Vehicles Same as above
Virginia Motor Vehicles Same as above
Census Bureau - Main Data Bank (U.S.) Timely, relevant, and quality data about the people and economy of the United States.
Voter Registration Search:
In many states around the United States, voter registration information is a public record and can easily be obtained simply by knowing the targets name. Now it all depends on your state, but usually there is a centralized source or you can go to the county in which they had voted from and you will be able to find this information. I will also present to you some sites that will facilitate this for you. So now you might ask what can I find from voter registration, well its very scary but I guess you might want to know.
The targets address
Possibly the targets date of birth
Possibly the targets social security number
Note many states have now imposed restrictions on this information but not all states have restrictions. Some states restrict the information only to county level. You can go to your local public library and ask the librarian for the latest current Maybe in the future I'll get all this information in a db and merge it with this tutorial.
Secretary of State:
The Secretary of State is one of the most up-to-date resources if you are planning of finding information about a business or a corporation. Now you might say why would we bother checking for businesses, well lets pretend that your target owns a business well you guessed it, if they have a license issued from a state then you will be able to find their address legally. Now every field of work requires a different license under the state's law so if you have your targets name, you should be able to find their address if they own a business in that state.
To know if your target has a state license, simply request a name search from the appropriate Secretary of State agency, it is simple go to your local library and get the information from them. I have no time to put every state's agencies in this tutorial.
Social Security Death Index:
Lets say that the person your searching for has died and you are still searching for them but you don't know if they have passed away. In order to check, you can always use the social security death index search available on the internet. The web site can be found at http://www.ancestry.com/ssdi/advanced.htm At this site you can either search by name or by social security number to know if the person you are looking for has died or is still alive.
County Courthouse Records Search:
There are many valuable records available at the County Courthouse. Many of these records can aid you in your search for your target. Most of these records usually can be searched simply by knowing the name of your subject. Here is a listing of records available at most of your courthouses:
Affidavits
Assumption Agreements
Amended Judgments
Assignments like leases, and mortgages
Breaches like Leases, and contracts
Business records
Change of name records
Tax Warrants
Various Tax records
and many more!
Here is a site that should supply you with some information: http://www.familytreemaker.com/00000229.html
The Internal Revenue Service:
Now lets say that you have obtained the person's social security number you have been looking for. If you do, the IRS will forward a letter for you to the address that they have on file. Now the current IRS regulations state that the purpose of the letter must only fall under a humane situation, I can't help you there!
Now if you have the SSN and have written why you need this information simply send the letter to this address:
Office of Disclosure RM 1603, 1111 Constitution Ave. N/W Washington, DC 20224
and pray they can help you out.
Credit Checks:
Credit checks are a vital resource that can easily be done if you have a signed release from your subject. By signed release I mean like the ones found on some employment applications or credit authorization forms. There are three major credit agencies that compile credit information. They are:
Trans-Union
Experian
Equifax
These three agencies listed are private agencies. Each one has a compilation of information usually a separate report for each individual. Notice, quite often the information compiled at each credit bureau is usually quite different from the other, so if you can try, consult all three. There is a fee for requesting information on individuals but the service is free if an individual requests information on themselves. Now snail mail service is slow as hell so consult their online services for a faster search.
I have also compiled some online links for you to speed up your search. Many of these services are free but some require you to spend some cash.
Credit Card Information
Accurate Credit Checks Browse through credit reports for real estates, mortgages and tenant screening.
ASI Credit Reports Order copies of your credit reports at this site.
Bankruptcy Clerks' Offices This site is a directory of the bankruptcy clerks' offices found throughout the United States.
Credit Reports Credit reports from TRW
Equifax Collect and provide credit information on subjects
Experian Collect and provide credit information on subjects
Fair Debt Collection Practices Act Full text found at this site on credit information
FreeOnline Personal free credit reports available online
Q-Space Credit This site offers credit reports with online retrieval services
Trans Union Credit Information Provide accurate credit and fraud prevention data
Education Verification:
Many of the people you usually will be searching for have at sometime attended school. Most schools, colleges and other education institutions will provide a past student’s records, usually a transcript or other vital information. Now unfortunately few will ever provide this information over the phone. To gain this information, it is best to have the social security of the person at hand. It is also a must to know their full name and to know their date of birth. If you have obtained the three resources simply send a letter to the agency and consult them about the records. To be ready it is best you call the school or agency and see what you need to obtain the information you need. In the end of the tutorial I will provide links to various online sites that might be of some help.
Dead End?:
When You feel like giving up because you can't find more clues about your target, I advise you not to give up. I have found cases where the best way to track someone down will usually be tracking down their parents or one of their relatives. You can always be sure that they will be able to provide you with some information on your subjects location and if you are looking for a lost friend, simply contacting a relative might provide you with the information you need.
Before you begin to think of ideas one thing you should keep in mind is social engineering. This concept is very vital online and offline. Now social engineering can give you the ability to gain the needed information to track down your subject but I advise you to do your homework. If you don't know anything on social engineering, check this tutorial from BSRF.
If you have given up there are some more things you can try out. You can always try locating your target by consulting his friends and relatives and say that your looking for this subject in order to give the target unclaimed property, lost property, contest winnings, or anything that might pop up in your head. One professional trick you can always use is to provide the relative a business card you have made with some computer software and remember to ask the relative to give it to your target when they see them. Have your number listed in the card and make it professional. Have a day time phone number and night time phone number, also try not to put some weird number, like a cell number. People usually trust legit numbers with an area code they recognize. Now if they actually fall for your trick you can always obtain their number and perform the necessary procedures to obtain the address and name.
If they have used a phone number, not necessarily theirs, it will usually fall within their sphere so it should still provide you with good clues. Another little trick is to send a nice written email with a nice html form and all that fancy professional stuff you can think off. You can send the email to friends, relatives or even your subject and hope that they will answer back. If they have called you you should have a caller ID, which will give you the number. If you simply found their number from another source, you can use these online sites to gain further information like an address or possibly more!
People Search Links
1-800 U.S. Search
A kickass site that offers many searches for finding anyone in the United States.
555-1212 People Finder
Offers many database searches for locating email addresses and phone numbers.
AnyBirthday.com
A free database of over 135 million records great for searching for Birthdates.
AnyWho
Provides many online people searches, also includes reverse phone number lookups. My favorite!
Canada 411
A great searchable address and telephone listings for Canadians.
Civilian Records Facility - NPRC
This site stores IRS records, medical, and government employee records.
ClassMates Online
If you attended school in USA this site asks for your e-mail address, and your High School then sends you the Email addresses of your Alumni.
College Email Search
This site has searchable entries in the College Email Database.
Confi-chek - Free People Locator
Search for people by name or phone number.
Cyber-Detective - People Search
This site has searchable databases to find people using their name, address, or phone number.
Database America
This site allows people to find love ones by searching for their phone number or last name.
Fone Finder
A site offering searchable databases for Local and international phone numbers.
Informus
Perform a name search by using a previous address.
Lyco's - People Finder
Lycos allows you to search for people using their address, phone number or email address.
National Address Server
This site offers searches including Zip codes and map creation.
People Finder
A huge online registry for finding people.
People Search Links
A links page that aids you in finding people.
PI Mall
A phone number lookup simply search by phone number to get the persons name and address.
Populus
Has a ton of online databases, like, phone numbers, college info, and emails
Semaphore Corporation
Has many databases which allow you to find people who have changed their address, phone, email and name.
Switch Board
Find your love ones only by using their surname, address or telephone number.
White Pages - Canada
Find the phone number/address by name for Canada
White Pages - USA
Search the white pages by name for USA residents
Who Where - People Locator
This site allows you to search for people using their name.
These sites are self explanatory so I won't waste my time explaining what to do.
Things to keep in mind:
Now the information I have provide you is legal to a certain point. Whatever you do, you should always keep in mind that you might be doing things that are illegal. It is against the law to claim that you are from a company or agency when your company doesn't exist. You will be thrown in jail and your ass will be abused by your cell mates so keep that in mind when you conduct illegal activities. Now whatever you do to track down your target from hiding make sure that you do not break any law, federal, state or postal law. Always check carefully before you act. These sites and techniques I have talked about are publicly known, i have not invented them up. These methods have been used by investigators to track people down for rewards, I have just shown you methods that people pay investigators to perform when they can do the searching themselves.
Be first to comment this article
