Some time ago when researching Google email addresses and accounts, while at the same time seeking new investigative tools, I came across a browser based Google Account Finder.
The tool was built by Epieos, a relatively new French player on the OSINT scene.
Having primarily used Linux command line based open source tools for email and user name research, I was intrigued by the ease of searching enabled by the Google Account Finder.
By simply probing an email address we can obtain a lot of useful information associated with the entire Google account. To illustrate, I used a Gmail address recently reported to be involved in romance scams.
So this is the information you can pull using the Google Account Finder:
Not everything will be readily accessible here (my guest elaborates on that), but there are some pivot points that can be explored further.
To understand all of it better, I reached out to the person who is behind the company and the Google Account Finder – Sylvain Hajri.
Hello Sylvain. To begin with, what’s your background, how did you end up in OSINT?
I have been involved in the wider OSINT community for at least 8 years. I have been working in infosec / cyber security industry, including for the past year I have operated my own company in the OSINT domain, mainly to keep myself updated with what’s happening but also to try some new things.
The main reason to delve into OSINT was my own OPSEC / privacy: identifying what information other people can find on me. We’re talking around 2010 or so, the time when the Facebook graph search was still working!
I also studied cybersecurity in France, so I learned a lot about networks, routers, servers, general IT stuff. And I also studied offensive security, OSINT is a big part of that. I then went to work for Orange, the telecommunications company. I got involved in CTFs, I worked as a consultant and specialised in red team at digital.security, preparing spear phishing campaigns and physical intrusions attacks as part of penetration testing efforts.
So now I have my own OSINT company. Which I have to say I am finding challenging right now, things are difficult during the covid-19 restrictions. Training sessions in businesses don’t happen as often as they used to. You can do them remotely but I always prefer to do training in real life, especially when you can do a bit of travel while you’re at it.
Is this how you got the idea for the Google Account Finder?
No, the idea for it came earlier, as result of the collaboration with a friend online I met within the OSINT community @FrOsint (a community which I co-founded, by the way). In December 2019 or so I read a post by Sector035 on Google IDs, so his write up prompted me to think about it more intensively.
I decided to build on and improve the methodology he outlined by creating a website based tool. This is a much better solution for training purposes, especially when dealing with a less technical audience.
A website-based tool offers simplicity and usability, portability too. Yes, you can use command line tools and scripts. Sometimes they work better and are more accurate, they pull more detailed information.
As somebody who has trained journalists and generally people from outside of our line of work, I understand the value of both website based and script based tools, but I want to give access to these tools to everybody, not only the technical people.
How would you describe the primary use case for the Google Account Finder?
I have used it for red teaming. You can find and collaborate a lot of information too, like a individual’s name with their profile photo (which you can use for reverse image search)and email address. Google Reviews are also handy to profile people and their activity online, what shops or services they go to, what they enjoy, it can be handy for preparing spear phishing attacks for pentesting purposes.
The Last Update timestamp – you can link accounts that are active during the same timeline. Funny enough, when it comes to these details and how useful they can be without knowing what Google does with them, I am as blind to it as everybody else.
Maybe that timestamp is the last time when you accepted the terms and conditions from Google? Google sends timestamp updates to each account whenever that happens, but this is not very precise. I don’t know exactly.
I only grab the information and display it, I don’t analyse anything. Creativity is all though. You can use the tool for other things.
For example, you can check which companies use Google’s G-Suite for their email infrastructure. Even when an address has a custom domain name instead of the “@gmail.com” domain with it, it can still be powered by Google and be successfully queried by the tool.
What was your most interesting find when doing OSINT with the Google Account Finder?
Honestly, I don’t use it much!
I have several projects that I am currently working on, including the development of a new tool. I don’t really have the time for conducting investigations, so I mainly concentrate on developing the tools now.
But I also focus on gathering feedback, so I heard some good stories about interesting finds!
The most interesting stuff with a wealth of information can be found in publicly accessible Google Calendars. But these are pretty rare to find, the ratio of open calendars is I would say 1 to 1000, maybe even lower than that.
By the way, the new tool I am developing will be focused on phone numbers and their reputation, presence on social media, identifying burner phone numbers, etc. So stay tuned for it!
Let me ask you about something that can often be a ball and chain for OSINT investigators – GDPR…
I’m good with GDPR because I don’t log anything or store any data anywhere.
I use only publicly available sources, nevertheless I still had people contacting me, demanding that I remove their information from public search. The people who want their records removed need to go to Google or mobile phone providers, not to me.
OSINT tools, including the Google Account Finder, are based on what people upload or share and what is already publicly available.
I provide automation to manual searches. I understand the people who may be annoyed, I want to protect privacy too, including my own.
These tools can offer a good lesson in showing people what information is available and what can be seen by the outsiders. Like reviews that allow you to know your favourite places or calendars being made public and left open; but as I mentioned, these are rare.
It’s been great talking to you Sylvain, thank you for your time. Is there anything you would like to add as we wrap this up?
Thanks for the interest in Google Account Finder, I hope it’s useful.
So follow us and don’t forget to give feedback and ideas for the Google Account Finder!