Accessing Geo-blocked Content with Hola

Many websites confine access permission to specific countries. If you live outside the US, you may get this a lot.

There are three ways around this. The first is using a VPN. The second is using a third-party DNS server. The final method is Hola.

Hola is the easiest method. It comes in the form of a very intrusive browser extension that is free and easily installed. It is available for Chrome and Firefox. Just click the Hola icon in your browser’s toolbar and select a country. It will route your browsing activity through IP addresses in that country.

Remember, I said this thing was intrusive. If you are a professional investigator, you must always keep the rules of evidence (S. 30 & S. 31) in mind. Your computers must be free of malicious code or code that could change the content of the collected evidence. I always run Hola on a clean machine that is separate from other evidence collection. If you use Hola to collect evidence, then you will have to be a very good Internet Eyewitness.

My first objection to Hola for investigators is that it is only available for Windows, Mac OS X, and as an app for Android devices. It is easier and quicker to create a clean machine with Linux.

Secondly, Hola sends your web browsing through other servers. More importantly, it uses your computer’s idle bandwidth for other users. Sharing bandwidth with other users exposes your machine to outside threats other than the websites you visit. I have seen  DNS Spoofing when using Hola that does not happen when using other methods. Unfortunately, you have to prepare for this if you want to route your browsing activity through other locations and not pay anything.

Third, you must disable Hola when not using it. Install it in a separate browser. For example, if you use Firefox for most things, then install Hola in Chrome to access geo-blocked content. When you are finished using Hola, close the browser.

Finally, you must really spend some time rehearsing the visual, logical, and reproducible nature of your testimony. If you do not, then you will not be able to reproduce the process of collecting the evidence in court. Explaining how Hola works is not something I want to do in court if the other side is sharp and scrappy.

Even with all my reservations, I still use Hola, particularly for reconnaissance prior to using other collection methods.

Why I am Never Wrong

You might think the headline was written tongue-in-cheek. You might be right, but you lack relevant data upon which to draw that conclusion.

Nobody pays an investigator to collect data. You earn the big paycheck for interpreting and analysing data.

You must quickly collect data from a variety of sources knowing their content, date-range, and how this data relates to the matter at hand. Next, you must summarise what you find. Then, you must interpret how this data might add to the progress of your investigation. Finally, you must analyse the new data in view of how it either supports or refutes your mandate, objectives, or hypothesis.

If you start with a logical mandate, objective, or hypothesis, and collect relevant data upon which you apply a reasoned analytical process, then, based upon available data, you will never be wrong either.

Online Resume Searches

If you are doing a background investigation, then the subject’s employment history is important data. Here are a few sites where a subject may post a resume.

Of course, the first stop is LinkedIn to start getting a handle on the subject’s employment history. Next, go to indeed.com for the US and ca.indeed.com for Canadians. Use the advanced search and enter the subject’s name in the phrase search. Then do the same for all of the words of his name.

Odesk.com is for hiring freelance professionals. Use the search box with ‘freelancers’ selected and search the subject’s name.

Resumebucket.com is an interesting site. I often get better results using the Google site: command and the person’s name than using the site’s search facility.

Beyond.com requires an account to search or you may use the Google site: command with the subject’s name.

You can also search the relevant local craigslist site and use the search facility to search the subjec’t name in quotations. Sometimes you will find brief resumes for people seeking work.

The monster.com job sites have a lot of resumes but you have to pay to search them. If you do enough searching then this is worth the cost.

Preparedness, Business Continuity, and Risk

A recent study indicates that a two day interruption of key business functions could cost your business $3M.  As most businesses are in urban areas, you could face much worse. One of my clients is located in Ferguson, Missouri and they have had weeks of disruption.

If your company is to continue operations during an upheaval, then the people who do the work must have the skills and resources needed to get through each workday. This requires a common-sense approach to urban survival planning for your employees rather than trying to create urban survivalists who grow an acre of food, raise goats, and live in underground bunkers, or worse having an entirely unprepared workforce. As most of your workforce probably lives in an urban setting, this bears serious consideration.

After researching this topic for several years I have come to the conclusion that you can’t train all your employees. You must select key people and train them and then make every reasonable effort to retain them. This may require a change in the corporate culture. It will certainly require looking beyond the next quarterly results.

Unfortunately, most business owners are risk-takers. They will see a major urban upheaval as an unlikely event. They will take the risk that during their tenure the event will not occur. This characteristic also explains many business failures, data breaches and large scale fraud events.

Business leaders need to understand their risk-taking behaviour. Without this risk-taking the business wouldn’t exist. Unfortunately, this same risk-taking may also destroy the business. Does your business have a risk committee of the board and does it consider this risk? Many businesses have an audit committee and compensation committee, why did so many abandon the practice of  having a risk committee?

The full board has overall responsibility for risk oversight and this mirrors board responsibility for overseeing strategy. When an audit committee takes responsibility for risk management, the result is usually, in my experience, unfocused and inept. They do not have the skills and knowledge needed to evaluate all the business and operational risks faced by the enterprise. Audit committees often obscure the transparency needed for effective risk management and risk oversight by authorising such things as off-balance sheet transactions.

A separate risk committee of the board is not a one-size fits-all solution, but companies facing rapid changes in the business environment and emerging risks such as new technologies and security threats, should have a risk committee. Deteriorating urban infrastructure, poor city governments, inept policing, IT security, and other factors that affect business operations in our degenerating urban conditions certainly advocates the creation of a proper risk committee with business continuity on its agenda. The committee usually requires independent directors with specialised knowledge and experience with the critical risks facing the enterprise.

Quotes, Citations, & Markup

When collecting data for a report, I come across data in a multitude of markup formats. A markup language is a format for annotating a document in a way that is distinguishable from the text. Each markup language has its own syntax. The differing syntax between languages creates a problem when I need to extract quotations, create citations, and create appendices. What I need is a program that can understand and convert document text annotated with different markup languages.  It must handle footnotes, tables, definition lists, superscript and subscript, strikeout, enhanced ordered lists, and the render the text into a form usable by MS Word. It must also translate math equations into something useful.

If you have been struggling with this too, try a programme called panddoc. This programme will take a while to learn, but once you have experimented a little, you will learn how to solve most of your markup-to-report conversion problems.

Wearable Cameras

Wearable cameras have some utility for the investigator. Here are three that are at the leading edge of this trend.

Narrative Clip

This has been around for about one year and it is about the size of an iPod shuffle. the newest version has an eight megapixel sensor and a wider angle lens with Wi-Fi and Bluetooth that allows using your mobile phone as a remote to control or you can transfer photos over Wi-Fi. The camera battery lasts for 30 hours and when you charge the battery with your computer you also offload the photos.

It doesn’t take video, just still images, but you can expect that to come in the future.

Logitech Bemo

Logitech is better known for its keyboards, mice, and webcams. The Bemo is between wearable cameras and larger devices such as the HTC Re. It includes a clip, but its video must be activated by holding down the button. Part of this may be due to the product’s relatively slow Bluetooth connection back to the phone, a design that yields better battery life. The Bemo captures 8 megapixel photos and high-definition video.

HTC Re.

This company is best known for smartphones.  The Re is larger than the Bemo and lacks an integrated clip, but HTC has some accessories that allow it to be worn. In addition to video, also captures the highest-resolution photos at 16 megapixels and it has a wide-angle lens. The Re is always on and ready to capture as soon it’s picked up. It has a time-lapse mode to create a video made up of a day’s worth of stills without one having to be there.

None of these devices have a screen or flash and  video shot in low-light may be blurry or grainy. They all connect to a smartphone which makes it easy to handle the captured images and video.

Drowning Quietly

I recently investigated the circumstances surrounding a drowning death in a commercial property. The most disturbing and contentious thing was that several people didn’t recognise that a person was in need of assistance and drowning.

The witness statements to that effect were the cause of a lot of avoidable unpleasantness. Most people don’t understand that drowning people rarely splash about, wave, or scream for help. This only happens on television and unfortunately, that is where most people get their impression of what drowning looks like.

The article, Drowning: A Deceptively Quiet Event, represents a good summary of my report on what a drowning really looks like.

Beating the Polygraph

For a good article on this topic see The Polygraph & Polygraph Countermeasures and read the related books by Doug Williams in our Reading List under the heading of Polygraph.

Drones and the PI (UK Edition)

Back in November I wrote about the Drones and the PI and the Canadian Air Regulations.

In Britain, the Civil Aviation Authority has approved three companies to provide training for unmanned aerial vehicles (UAVs) operators who fly UAVs weighing less than 45 pounds.

Upon completion of the training, the pilot must provide the Civil Aviation Authority with an explanation of how the drone will be used and  provide proof of liability insurance. Then the pilot may receive flight permission, with a few stipulations. Generally, those stipulations are that they must fly in the line of sight and not within 50 meters of people or buildings. UAVs weighing over 15 pounds must get clearance from air traffic control and those under 15 pounds may operate freely in airspace that isn’t congested, such as near airports.

This seems to rule out their legal use for surveillance and security purposes.

How to be a Facebook Spy

If you need access to someone’s Facebook profile this is how to accomplish that task.

Set up an appealing Facebook account, then request to be friends of some people friended by the subject. Wait until some of them accept your friend request. With mutual friends in hand, request to be the subject’s Facebook friend. The subject will see that you have mutual friends and he should accept you as a friend. Then you have access to his profile, photos, postings, and perhaps you may find what you need. However, there are a few legal issues to consider.

If you are an Investigator, and your subject is represented, then asking permission to see his or her page is contact with a represented litigant. In Canada, if the opposing litigant is represented by council, then you may not contact him or her in person, by telephone, or electronically. In most cases you have to ask to be listed as a friend to view the subject’s Facebook page. Doing this will be considered improperly making contact with the litigant and whatever you find will be deemed inadmissible.

However, what you find in Google, other search engines, and unrelated Facebook pages may be used as the basis for a motion for the production of the subject’s entire Facebook page as happened in KOURTESIS V. JORIS (2007) O.J. No. 2677 (Sup. Ct.).

Free Corporate Searches

In Canada, 10 provinces, 3 territories, and the federal government allow the formation of corporations. Only four of ten provinces and the federal government make corporate filings available  online at no cost, these sites are as follows:

Only the federal corporation site allows searching by a director name (use site: command in Google). Only Alberta and Quebec report share holders.

The only free search for officer and directors are OpenCorporates and LandOfFree.com. Neither of these can be relied upon to have all Canadian corporations or up-to-date databases.

Productivity in Perdition

As I make my way through the infernal regions of the Internet, I have had to start using new tools. The most disconcerting form of torment has been the change to Linux to avoid malicious code. This has forced me to start using alternatives to Microsoft Office for some work.

There is nothing more disconcerting than changing word processing software. Nothing is in the right place and productivity decreases dramatically.  I’m not sure which of the two flavours of the open source alternatives I like best–I lean towards LibreOffice at this point.

Some people who don’t really work for a living will say it’s stupid to try to attempt to use Microsoft Office on Linux, but they don’t have to quickly produce reports on a daily basis. I have tried running MS Office 2010 (32 bit) with some success using Wine. This makes report creation easier and faster. However, this isn’t as stable as using LibreOffice–but that’s perdition for you.

Survival in the Netherworld

Over the last couple of years we have seen a trend developing in the nether regions of the Internet that is changing how I conduct research. This netherworld is populated by malign crooks who create sites loaded with malicious code.

I now conduct a lot of research using fresh installs of Linux and the programmes that I need for each job. I conduct the research from behind my own anonymizing proxy and an assortment of VPNs. Browsers operate in a sandbox to prevent movement of malicious code from an attack site to other programmes on my machine.

This is a nasty environment. It takes time and experience to operate in this infernal region. In two years I have learned a lot, but most of all, I have learned how little I really know. The crooks are much further along the learning curve in this environment.

Finding Deleted Tweets

Paper.li is a web service that let’s members create a daily newspaper of sorts containing their favorite material that they then sharing it with their followers. Here are some points that the investigator should note:

  • A lot of content of these papers comes from Twitter.
  • These papers are archived.
  • Twitter users sometimes delete Tweets
  • Deleting Tweets on Twitter are not deleted on sites like Paper.li

Paper.li is a content curation service. A Content Curator is someone who continually finds, groups, organizes and shares the best and most relevant content on a specific issue online. These sites are a good place to find content deleted from the originating social networking site.

If you go to Paper.li and use their search feature, you won’t find anything unless your search is for the title of a paper. Their search doesn’t look within individual articles.

To find mentions of content from Twitter, or any other content, use the Site: operator. When using this search strategy, search by the Twitter account’s name and the user name (@username) along with any keywords that might apply to what you are looking for.

Finding Bozo Eruptions on Twitter

On Tuesday, 18 Nov 2014, Twitter announced that it has finished indexing every public tweet ever made since the social networking service launched in 2006.

Fortunately for investigators, Twitter does not provide bulk deletion. This means that most people will not take the time to examine their Tweets for Bozo Eruptions. However, batch deletions are possible, by using third-party sites like Tweet Deleter, Tweet Eraser and TwitWipe. If someone deletes some Tweets, Twitter admits that “Deleted tweets sometimes hang out in Twitter search, [but] they will clear with time.” Unfortunately, when a user deletes a tweet, it eventually disappears from Twitter’s search results, as well as from any accounts that follow the account along with any retweets of the deleted tweet.

Fear not intrepid investigator, fore hope and a lot of searching might uncover someone who copied into his own tweet a deleted tweet, which will remain as will any tweets quoted on sites elsewhere.