Little Snitch

Just to be different, I started using a Mac to do some IIR. One of my quick fixes for security was  Little Snitch, a firewall for OSX. It monitors outgoing network traffic and alerts you if a program you’re running is trying to contact a strange server. This could be a shell or a program that snaps photos using your webcam or one that takes screenshots and sends them to an outside server.

Android Phone Security Risk

Android handsets ‘leak’ personal data

Many applications installed on Android phones interact with Google services by asking for an authentication token …

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot…

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

Now what might an unscrupulous person do with this? Might one be able to observe a person using his Android phone, capture the  token, then use it to find-out more about the person?

Only in the U.S. — Pity

The Identity Theft Evidence Trail

In June 2004, the Cantwell/Enzi amendment of a federal bill called FACTA finally permitted ALL identity theft victims access to the credit applications and the transaction records in accounts opened fraudulently in their names. The reality is that once an account has been identified as fraudulent, the credit issuer must provide application and transaction information to you and to the designated police, as long as you send a police report with your request. That law is FCRA section 609(e).”


Dyed hair and false beards are childish. Mere physical traits are of little use for identification. Context or ‘atmosphere’ are what matters.

If your subject gets into entirely different surroundings from those in which he was first observed — and this is the important part — really plays up to the new surroundings and behaves as if he had never been out of them, then he would be invisible to even the cleverest Private Investigator.

A fool tries to look different; a clever man looks the same and is, at the same time, different.

The deceiver assumes the new role by actually becoming the person he is impersonating. He is quietly absorbed into his new surroundings. In essence, the person you are seeking may be hiding in plain sight.

In Plain Sight

When he’s out and about near his Denver home, former Broncos quarterback John Elway has come up with a novel way to travel incognito—he wears his own jersey. “I do that all the time here,” the 50-year-old Hall of Famer told me. “I go to the mall that way. They know it’s not me because they say there’s no way Elway would be wearing his own jersey in the mall. So it actually is the safest thing to do.”  (Source:

Detecting Firesheep

I wrote about Firesheep awhile back. Predictably, a countermeasure has appeared called Blacksheep.

New Firefox Add-On Detects Firesheep, Protects You on Open Networks

If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.

Hijacking Social Network Connections

The Firesheep Firefox plugin makes it easy to hijack someone’s social network connections. For example, Facebook authenticates the client using cookies. If someone logs on using a public WiFi connection, the cookies are sniffable. Firesheep uses Wincap to capture the authentication information which allows you to hijack the connection.

Protect yourself by forcing the authentication through TLS or stop logging into Facebook using public networks.

UK to Axe Identity Card Scheme

National identity card schemes usually end badly for somebody, usually the average citizen. These overpriced schemes usually assist death-by-government programmes or become one point of failure that usually fails through corruption and/or criminal action.

Identity cards scheme will be axed ‘within 100 days’

The National Identity Card scheme will be abolished within 100 days with all cards becoming invalid, Home Secretary Theresa May has said.

Evidence of a Person’s Identity

Question #10 is, “What evidence do you have that this is all true?”

Identity documents and what the person in question tells you are not sound evidence of a person’s identity. A person’s identity is  rooted in their life — where they have lived, worked, gone to school, their relatives and friends.

Countries that have a national identity card system run the risk of the identity card becoming  the single point of failure by making the card the only source of identity information. When this happens, the crook can hide behind the card produced by a compromised system.

If you are in a position that requires you to test claims of identity, then you have to dig deeper for supporting documentation and verification.

The best place to start digging is the persons employment. This may be faked by providing fake companies with phone numbers that are answered by confederates. Check for the  existence of the firms before contacting them. A good place to start is to Google the firm’s phone number to see if appears associated with the firm and nothing else.

For current residence ask for utility bills and home insurance policies. A faker may have a utility bill but they rarely pay for a fake home insurance policy.

When checking references, always ask for the names and contact details of the subject’s friends and family. Of course, you rarely get this, but you may get  useful corroborating data, or you may learn that these people don’t really know the subject if they do not know any of his friends or family.

The Passport

Questions #8 and #9 are, “What is your passport number?” and “Where was it issued?”

Most people regard a passport as the most reliable and secure identity document. However, this is far from the truth of the matter. For example, Citizenship and  Immigration Canada does not accept certain travel documents because they are easily forged or obtained through fraud.

On March 11, 2010, CIC amended the Immigration and Refugee Protection Regulations to clarify the factors used to determine which travel documents can be used to apply for a visa, and to travel to or enter Canada.

Under the new Regulations, the following travel documents are considered unreliable and are not acceptable for entry into Canada:

  • any passport claiming to have been issued by Somalia,
  • non-machine readable passports issued by the Czech Republic,
  • temporary passports issued by the Republic of South Africa, and
  • provisional passports issued by Venezuela.

We have not found any way to link a passport number to the issuing country and the person named in it. Nor, have we found a reliable source of information about how to recognise a forged passport. This makes relying on such a document without expert knowledge and the resources of a government department unwise.

If the current passport was issued through an embassy outside the country of residence, then you may have reason to investigate further. Also, remember, it is easier to make yourself look like the person pictured in the passport than it is to forge the passport. If you have any doubt that the person in the passport is the person before you, then action must be taken.

Phone Numbers and Identity

Question #7 is, “What are your phone numbers?”

I always ask for home, work, fax, and mobile numbers.  I always Google these numbers and search them in D&B and other databases with a telephone number field. It is amazing what turns-up when you do this. For example, dozens of businesses using the same fax number, or prostitution ads using the same number. Things like this have to be investigated.

I recently found a subject’s mobile phone number on eBay where he was selling goods from his former employer who found this very odd, but the police didn’t — they charged him with a series of thefts.

Email addresses should be treated in the same manner but also search for usernames and social sites associated with the subject.

Guide to Names and Naming Practices

Question #1 is, What is your name?

This isn’t a simple question. For example, Russian surnames have masculine and feminine versions. The UK government provides A Guide to Names and Naming Practices to help guide its personnel through the process of understanding names from other cultures. This guide is the best of its kind that I have seen.

What’s Your Address?

Question #6 is, Where do you live?

This isn’t as straightforward as it seems. People often have mailing addresses, contact addresses for service of process, employment addresses, and an address for government contact. You have to sort through all this and determine what each address is used for and then determine where the person actually resides. As a matter of course, you verify that the provided address is a residential address and that he or she does in fact live there. (The best verification is that you find him at home in the evening in the middle of the week.)


Question #5 is, “What is your Social Security Number or Social Insurance Number?”

The SSN in the USA and the Social Insurance Number (SIN) in Canada are national identifiers.

In Canada, it is rare to find somebody with two Social Insurance Numbers (SIN).  Where this happens it may be a case of clerical error or a reference to a former SIN appropriated by an identity thief. Both reasons are  extremely rare. In thirty years I have only encountered this once. The Canadian SIN is used as an identifier less than the SSN is in the USA. In Canada it is primarily used as an identifier between the person and government.

In the USA, the case is somewhat different. When searching through database aggregators such as IRB, it is common to find a subject referenced with two or three Social Security Numbers (SSN). Here are some of the reasons a person may show-up with multiple SSN’s:

  • a wife’s or child’s SSN could end up with father’s name
  • a parent’s SSN could show up with a child
  • the subject bought something with someone else and the SSNs could end up with each other’s name
  • the database producer is relating several SSN’s to one address
  • an error by whoever entered the data

You need to understand these national identifiers and be able to determine if they are valid or not, and determine if the person using the number is the person to whom it was issued.

Place of Birth

Where were you born?

This is Question #4.

This may tell you that the subject immigrated to your country and may not be a citizen. A citizen of another country may  have loyalties that pose a security risk or the country of origin may have a culture with a history of producing criminals. This person may not have a legal right to reside in your country. It is important to understand these things for a variety of reasons. For example, an employer may be at risk of prosecution for employing an illegal immigrant. In a fraud, the proceeds of the crime may be sent to another country.