Archive for the 'Privacy' Category

Power User 115 - The Page File

Published
by
Richard McEachin
on July 28, 2008
in Power User Tips, Privacy, Security and The Investigator's Computer
. Comments

With Windows XP, to clear the page file on shutdown go to Control Panel->Administrative Tools-> Local Security Policy->Local Policies->Security Options->Shutdown: Clear Virtual Memory Pagefile … enable it. It is wise to enable this setting on every computer you use.

We tell people to travel with a “clean” laptop.  However, Windows creates a lot of  temporary files. The most damaging can be the Page file. Everything that went into virtual memory is there in a file on the hard drive. Of course you should also use a good file erasure programme before shutting off the laptop.

Power User 114 - File Wipers

Published
by
Richard McEachin
on July 23, 2008
in Power User Tips, Privacy, Security and The Investigator's Computer
. Comments

Even computer ‘wipers’ leave a mark

Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.

But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.

“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”

I recommend the use of file erasure tools, especially when crossing international borders with computers. If you use such a programme regularly you have plausible deniability if you’re accused of erasing data to keep it from the police or the courts. If you always use it, then its “fingerprint” will always be there. If the install date matches the computer’s purchase date, then they can’t say you did this to eliminate the evidence the courts or police were seeking. Also, get a receipt for the wiper programme to show when it was purchased for the same reason.

File erasure programmes are part of prudent security practices and should not be viewed as something suspicious.

Secret Laser Printer ID Codes

Published
by
Richard McEachin
on July 18, 2008
in Forgery, Privacy, Private Investigator, Report Writing and Security
. Comments

This is not a new issue. A 2004 PC World article described the technology. In February, 2008, I wrote about the EU concerns that these secret printer ID codes may break EU Privacy laws. The EFF has a list of the printers that print these secret codes used by the US government to match a document to the laser printer that produced it.

Another article about this appeared in USA Today a few days ago.

Printer dots raise privacy concerns

The dots, invisible to the naked eye, can be seen using a blue LED light and are used by authorities such as the Secret Service to investigate counterfeit bills made with laser printers…

Privacy advocates worry that the little-known technology could ensnare political dissidents, whistle-blowers or anyone who prints materials that authorities want to track.

The dots are produced only on laser devices and not ink-jet printers, which are most commonly used at home…

As an investigator, this might present an opportunity if the dot pattern is consistent enough to be matched to a particular printer or printer type without being able to decode the dots. If this were the case, then you might not need the ability to decode the dots in some instances. For example, at a company with many different types of laser printers. The process of elimination might indicate which printer(s) could have created a document.

Incompetence and Non-compliance to the Rescue

Published
by
Richard McEachin
on July 10, 2008
in Competitive Intelligence, Privacy and Private Investigator
. Comments

An interesting  study that found that 87% of data breaches are the result of incompetence and carelessness.

Another study shows that a large disconnect between the executives tasked with protecting customer data and marketing departments, which use the data for advertising purposes or share it with third parties.

a third of marketing execs said they don’t place any limits on the data they share with third parties, such as e-mail marketing agencies or online advertisers. By contrast, 75% of privacy officers believe that their companies limit the sharing of customer data.

These findings are a good reminder that asking questions will yield useful data that they shouldn’t divulge. It’s all in how you ask the question.

Tracking Internet Users - Phorm

Published
by
Richard McEachin
on April 16, 2008
in Privacy
. Comments

Fears over advert system privacy

Online advert system Phorm could make the net less secure and breaches human rights, the service’s creators have been told.

BT, Virgin and Carphone Warehouse have signed up to trial Phorm.

Phorm works by connecting a users’ web surfing habits to a series of advertising channels in order to target adverts.

Keywords in websites visited by a user are scanned and connected to advertising categories, and then matched to particular adverts.

Tracking Internet Users

Published
by
Richard McEachin
on April 15, 2008
in Privacy
. Comments

Experian to Track Internet Users

James Ashton writes on The Times Online:

Experian, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broad-band users’ activity so they can be targeted with advertising.

Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology.

Observers expect it to compete in part with Phorm, an AIM-listed company that has stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers’ behaviour so they can be sent advertising messages on the websites they are looking at.

However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service” would play little part in dispatching the advertising to web pages itself, something that Phorm does through its Open Internet Exchange.

Google & Reckless Personal Information Handling

Published
by
Richard McEachin
on April 8, 2008
in Canada, Espionage, Privacy, Private Investigator and Security
. Comments

I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.

Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.

In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.

Web-based Collaborative Tools

The Globe and Mail recently published an interesting article about this:

Patriot Act haunts Google service

by SIMON AVERY, Globe and Mail March 24, 2008

Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.

Travelling with Electronic Devices

Published
by
Richard McEachin
on March 19, 2008
in Canada, Industrial Espionage, Intellectual Property Rights, Intelligence Services, Privacy, Private Investigator, Security and The Investigator's Computer
. Comments

When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:

In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.

Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.

WikiLeaks

Published
by
Richard McEachin
on March 5, 2008
in Dirty Tricks, Methods and Privacy
. Comments

I just found this:

WikiLeaks.org is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis.”

I’m not sure how I might use this site, but it does have some very interesting instructions on how to submit material anonymously.

Secret Printer ID Codes May Breach EU Privacy Laws

Published
by
Richard McEachin
on February 29, 2008
in Forgery and Privacy
. Comments

Many color laser printers embed secret code on every page printed to identify the printer. European Union justice watchdogs are concerned that “Big Brother” computer printer technology that allows security agencies to track printed documents. It seems they think these codes may breach EU privacy laws.

Why Ethical Hacker Training Fails

Published
by
Richard McEachin
on January 28, 2008
in Espionage, Fraud, Industrial Espionage, Intellectual Property Rights, Privacy, Security and Training & Education
. Comments

An excellent CI related blog, Brand Killer Robots, offers this fun comparison of the black-hat hacker and the good guy training people to protect their assets.

Why have Ethical Hacker Training companies got it so wrong?

We ask, just who are the people that you are sending on Ethical hacker training courses and why are you sending them?

So lets first look at the white hats. Continue reading ‘Why Ethical Hacker Training Fails’

Surveillance Society

Published
by
Richard McEachin
on January 1, 2008
in Privacy, Security and Surveillance
. Comments

The January 2008 issue of Popular Mechanics magazine has an excellent article titled Surveillance Society: New High-Tech Cameras Are Watching You. This article outlines some of the new video surveillance technologies and how they are used.

GeoSlavery, Surveillance, & Murder

Published
by
Richard McEachin
on December 31, 2007
in Dirty Tricks, Privacy, Security and Surveillance
. Comments

I wrote about the dangers of mobile telephones a while back. Now we have a new term for the abuse of GPS tracking associated with mobile telephones — Geoslavery.

This story links geoslavery to the probable murder of Stacy Peterson.

Problems with AskEraser

Published
by
Richard McEachin
on December 21, 2007
in Privacy and Search Engines
. Comments

In a letter to Ask.com, EPIC and several other privacy organizations have asked CEO Jim Lazone to change AskEraser, a new search tool that the company says “will offer its searchers unmatched control over their privacy.” After a study of the search product, EPIC found that Ask Eraser (1) requires an opt-out cookie, (2) creates a quasi-unique identifier, and (3) will be disabled without notice. All three attributes create substantial privacy risks for Internet users.

Apart from the cookie issues the following is quite disturbing when you read the ask.com news release describing AskEraser and the following in the EPIC letter:

Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which makes identifying the computer easier. The letter recommends using a session cookie that expires once the search result is returned.

Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask does not notify searchers when the feature has been disabled and misleads them into believing their searches aren’t being tracked when they actually are, the EPIC letter said.

Private Investigators Indicted for Pretext

Published
by
Richard McEachin
on December 21, 2007
in Dirty Tricks, Ethics, Fraud, Identity Fraud, Identity Theft, Privacy and Private Investigator
. Comments

We wrote about this here in Ten Private Investigators Indicted on 7 Dec 07.

Wired Magazine has posted the Indictment of the accused who allegedly employed false pretenses to gain personal information. A related Wired article compares this type of pretexting to the HP mess.

The accused are from Washington, California, Oregon, Texas and New York:

Emilio Torrella, BNT Investigations, Washington State
Brandy Torella, BNT Investigations, Washington State
Steve Berwick, BNT Investigations, Washington State
Victoria Tade, C.I., Inc., California
Megan Ososke, P.I. and Information Services, Oregon
Robert Grieve, Robert Greive International, Texas
Ziad Sakhleh, Robert Greive International, Texas
Darci Templeton, sole proprietor, Texas
Patrick Bombino, AAA Allstate Investigations, New York
Esau Pinto, AAA Allstate Investigations, New York

The Indictment alleges that BNT supplied the improperly obtained personal information to the PI’s for a fee. BNT was not identified as a private investigation firm in the Indictment, but was identified as a company that sold its pretexting services to PI firms. Some of the PI firms even advertised for sale to other PI’s what they were obtaining from BNT.

Accusations #17 and #21 allege that BNT obtained medical information by pretext, much in the same way as was revealed by he Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario, Canada, by Mr. Justice Horace Krever.

« Older Entries