I read an article that th3j35t3r (hacker alias) had written awhile ago and could
ID: 657839 • Letter: I
Question
I read an article that th3j35t3r (hacker alias) had written awhile ago and could not find it again to reference so I will do my best to explain correctly. An anonymous individual tried to dox th3j35t3r. Th3j35t3r replied with a post to his website wherein he unmasked the Anon and explained that he did so by performing forensics on "Google search." He saw that a majority of the queries to Google for "th3j35t3r" came from a single IP address, did his due diligence and identified the person. My question is: how did he do that or what are ways to do that?
TLDR: If I had a term or phrase, what techniques could be used to get info on its queries on search engines like Google?
Explanation / Answer
What you are referring to what I call a heuristic investigation where the investigator tracks a particular behaviour and tries to tie that to an individual. This technique is used in many fields not just cyber-forensics.
The method your article most likely proposed was somehow obtaining a list of the keyword th3j35t3r correlated with IP addresses that searched for that keyword. I am not aware of any such list publicly available but through legal means, can be obtained by subpena and/or warrants or potentially can be breached by a hacker.
A notable example of what you are looking for is the AOL search log leak where
You can find trends in searches publicly but these are rather anonymous. Some ways to capture specifics would be to setup honeypots such as creating special ads that only target a specific search term (in this case "th3j35t3r"). note: this works well with obscure search terms.