When doing IIR, I often come across files that I don’t want to handle for security reasons. These can be Word documents, PDF documents, PostScript, or even Gzipped PostScript files. These file may include a load of malicious code. I sometimes don’t want any record of viewing the file on my computer. To accomplish this I must load these files remotely and safely so they don’t touch your system (the web cache should be disabled to accomplish a true remote viewing of the file as should the swap and home partitions, if the whole system isn’t encrypted).

Unless you verify each file through checksum verification (like MD5 or GPG) there’s a chance they could’ve been trojaned or the file may contain phoning home instructions or some other type of malicious feature within the file. If I don’t want to be recorded as a recipient of the file via something like ReadNotify then the file must be verified clear of such code or it must be viewed remotely.

The Remote File Viewer

I use the site at http://view.samurajdata.se/. I have only used it with PDF and Word documents. PDF and Word files are transformed into single paged graphics which you may navigate through. Most of the time it works, occasionally a PDF does not load. It doesn’t require Flash and works without cookies or javascript enabled.

I don’t know anything about the site’s privacy policy and how that might that might affect anonymity.

A recent engagement began after some libelous Internet posts. What struck me was that the libel was directed at people who had no direct interest in the libeled company, but rather at a low income neighbourhood near its main plant. This agitating nearly forgotten resentments, fanning hostilities, and exaggerating a controversy from decades past struck a cord in me. It was like a nearly forgotten memory that I couldn’t bring out of the shadows.

After analyzing pamphlets, flyers, and Internet material, it struck me what I was witnessing.

Very quickly a small group of organisers began recruiting local groups to the ill-defined cause — churches, unions, politicians, and an assortment of unsavory gadflies. This was quickly followed with events that were obviously intended to goad the company into rash actions and statements. A so-called news reporter ambushed a senior executive at a charity event and began asking slanderous questions intended to elicit an angry and intemperate response.

What I was witnessing came straight out of Rules for Radicals, written by Saul Alinsky in 1971, which begins, “Lest we forget at least an over-the-shoulder acknowledgment to the very first radical: from all our legends, mythology, and history… the first radical known to man who rebelled against the establishment and did it so effectively that he at least won his own kingdom — Lucifer.”

Fortunately, I had read a lot of 60′s and 70′s radical literature at one point in my career. Being older and more cynical I realised that this would evolve into a shake-down to acquire something from the company unrelated to the needs of the community.  With that expectation, substantial resources were used for surveillance, lawyers, and police involvement.

Surveillance identified vandals and organisers. Police interrogated. Lawyers sued. Prosecutors prosecuted. One Rochdale College educated con man turned crooked property developer is now on the lam after being exposed as the “brains” behind the scheme. It looks like he won’t get his kingdom any time soon.

I recommend reading Rules for Radicals first, and then proceeding to Reveille for Radicals as these books are as relevant today as they were when they were written. The tactics and strategies are relevant for today’s G20 ruckus as they were in the 50′s and 60′s.  I don’t want to change the world, but I like to know how other people try to.

Raps BOT : Predicts Insider Cyber Terrorism Threat HIGH

Raps Bot : Sniper Attack Methods – Number 1 Cyber Terrorism Threat

First, the case of Shirley Sherrod, the black U.S. Department of Agriculture official accused of racism. The evidence of her racism was a short, edited video clip offered up by a partisan web gadfly, Andrew Breitbart, who has a small empire of web sites. This guy knew such a controversial and inflammatory out-take would drive millions to his web sites. This huge burst of site traffic is money in Brietbart’s pocket.

What surprised me was that the NAACP and the Obama administration swallowed this hook, line, and sinker. They didn’t review the full video, interview people present at the event, or evaluate Breitbart’s motives for publishing the edited video.

Second, the leaked military documents that now appear on the WikiLeaks site need closer examination.

The founder of WikiLeaks, Julian Assange, is what a judge would describe as an unreliable witness. He pleaded guilty to 25 charges of hacking in Australia; and according to the National Post, “Before he set up the website in 2006, Julian Assange spent years hacking into government and company computers, including those of the U.S. Department of Defense, as part of a group calling themselves the International Subversives.”

With Assange’s talk about “war crimes” and his background, it isn’t hard to understand that this guy has an agenda. How his agenda distorts the picture of events depends upon what documents he publishes from this large volume of previously classified material.  We will never know what he didn’t publish and this creates a very similar situation to the selectively edited video clip published by Breitbart.

FBI posts fake hyperlinks to snare child porn suspects

The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.

Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images…

The implications of the FBI’s hyperlink-enticement technique are sweeping. Using the same logic and legal arguments, federal agents could send unsolicited e-mail messages to millions of Americans advertising illegal narcotics or child pornography–and raid people who click on the links embedded in the spam messages…

Civil libertarians warn that anyone who clicks on a hyperlink advertising something illegal–perhaps found while Web browsing or received through e-mail–could face the same fate.

When asked what would stop the FBI from expanding its hyperlink sting operation, Harvey Silverglate, a longtime criminal defense lawyer in Cambridge, Mass. and author of a forthcoming book on the Justice Department, replied: “Because the courts have been so narrow in their definition of ‘entrapment,’ and so expansive in their definition of ‘probable cause,’ there is nothing to stop the Feds from acting as you posit.”

Iranian HoneyPots

The Iranian authorities are creating a different type of honeypot to catch people who may object to the re-election of Ahmedinejad and his crowd.

Marked for Death by Twitter

But in recent days people believed to be members of the Iranian security apparatus have set up apparent decoy Web sites about the demonstrations to gather IP addresses that will allow them to locate the computer of anyone tricked into clicking on them. Others—again believed to be government agents—have begun what appears to be an active campaign to mis- and dis-inform through Twitter postings.

The 20-year-old has been ordered to write an apology and perform community service for the misdemeanor charge, and should consider herself lucky. She was originally charged with identity theft, a felony that would have entailed time in an unflattering orange jumpsuit.

Ad triggered ransacking of victim’s home

APRIL 1–A week after dozens of people ransacked an Oregon home in response to a Craigslist ad offering its contents for free, police have arrested a couple for orchestrating the online hoax as part of a bid to cover up an earlier burglary at the property. Brandon and Amber Herbert were nabbed last night for allegedly posting the March 22 Craigslist ad, which claimed that the Jacksonville ranch’s owner had to leave town so suddenly that his belongings–which included a horse–were available for the taking. The Herberts, investigators charge, did this to cover up their prior theft of several saddles and other items from the garage of the rural southern Oregon house, which is owned by contractor Robert Salisbury. After learning of the Craigslist ad, Salisbury returned to his property to find about 30 people rummaging through his home and remaining belongings. After subpoenaing Craigslist records, Jackson County Sheriff’s Office investigators traced the online posting to the Herberts, according to the below probable cause affidavit. As a result, Brandon, 29, and Amber, 28, were both hit with burglary and computer crime charges.

Bank & Identity Fraud

One of my Realtor pals from Louisiana told me today that someone had commandeered one of her listings for sale and was advertising it for rent on Craig’s List.

The person advertising this bogus rental claimed to be the wife of an oil company executive that was suddenly transferred to Lagos, Nigeria.

Hmmmm, Nigeria, that should be waving some big red flags. I used to get email all the time from people claiming to be in Nigeria that needed to send their fortune out of the country and wanted to give me a 20-40% cut if they could just stick it in my bank account for a few weeks until they could escape and get over here.

This supposed ‘wife’ had an application for potential renters to fill out and she would then overnight the keys to them so they could go inspect their potential new home.

Of course the ‘application’ wanted some bank references as “proof of your financial capability” including account numbers.

And while you were busy watching for FedEx guy to show up with your keys the scammers were busy emptying your bank accounts.

Yeah, it’s that easy if someone get hold of your bank account numbers.

Hedge Fund Dirty Tricks and the HBOS Implosion

You’ll love this article from The Daily Telegraph – an inside look at the “dirty-tricks unit” of a London-based hedge fund. This story has all the good stuff – PIs, hacking, the obligatory sub-prime mortgage crisis connection, rogue traders, market manipulation – it’s one stop shopping.

Adam…asked a pricing question about an application component that could not be purchased alone…

…this question doesn’t pass the “Smell Test”…

Called him anyway…Cell Phone, with no company name provided…

…search Adam’s name in LinkedIn. Lo and behold – Adam works for a competitor. I called the competitors office, asked for Adam, and let him know that I would love to chat with him, since it’s always good for competitors to get to know each other. At the time of this posting, Adam has not called me back, and has likely joined the witness protection program.

This kind of amateurish nonsense passes for Competitive Intelligence far too often.