« Correction: WPA not c… | Home | Overcoming a DNS Atta… »

Open Source Investigation

No matter how hard I try, I cannot seem to convince some people just how powerful open source research is. Google is your friend, I say. Unless you’re trying to hide something, of course. But RJMetrics has put together a great demonstration of what you can discover by searching the Internet, and how he did it. It’s very enlightening, and hopefully inspiring enough to get you to solve whatever mystery has been bugged you lately.

His article describes those “Single? www.foosingles.com” signs that are popping up around the country. Depending where you live, you may or may not have seen them — but if you live anywhere near one of the areas that has them, you’re probably sick of them. They’re everywhere.

His interest was piqued when he saw a sign for HaddonHeightsDating.com, which he knew was a small town. Using Wikipedia he discovered Haddon Heights had 7,000 residents, 56% of whom were married, and 25% of whom were under the age of 18… Leaving about 1,330 potential customers, assuming all unmarried people over 18 in the town were seeking partners. Since no dating company could possibly survive with such a small customer base, he decided to decode the business model for this company.

Using DomainTools.com, he was able to find 8,870 domains that fit the formula town plus a dating keyword, such as “putzvillesingles.com” or “schittsvilledating.com”. But the 8,870 domains all resolved to three IP addresses at three different hosting companies. Next he wrote a small script to pull the town names out of the domain names, and compare it to a list of towns in America. Obviously, a lot of towns exist in multiple states, but with a little fine-tuning he discovered that these signs are all over the country — but a few states like Texas and Wiscosin were very heavily hit.

Not having any luck deciphering the business model, he tried to figure out who was behind the scourge of signs. Not surprisingly, the thousands of websites were virtually identical — and contained no contact information. Using whois didn’t seem to help, as all the websites were registered via either a web development company in Panama or a marketing company in India. So he did something sneaky — historical whois, which often reveals who is behind a company before they get smart enough to hide behind proxies.

Before long, he found one domain originally registered with a name and a new company — therightone.com. A dating service. With 500 employees in 80 satellite offices around the country, which roughly match where the signs are found.

WIth a company name, real digging can occur. RipOff Report had claims the company made $3,000 to $15,000 off each customer. By massmarketing to zillions of Americans with pseudo-localized content, weeding out the smarter, er, normal customers and focusing on the gullible and rich, the company can rake in $54 million a year. Wow.

What’s my point? Without breaking any laws, without even leaving his computer, this man was able to track down the size and scope of a company that’s intentionally tried to cover its tracks. He was able to get a name and identity behind a scam that’s undoubtedly bordering on illegal, if only for littering. His resourcefulness is an inspiration.

And if you’re going to try some Internet research, make sure you hit The Wayback Machine, which combined with Google, is a great way to really dig up dirt on your friends. Or just read the original article here.