Archive for the 'Private Investigator' Category

Productivity in Perdition

As I make my way through the infernal regions of the Internet, I have had to start using new tools. The most disconcerting form of torment has been the change to Linux to avoid malicious code. This has forced me to start using alternatives to Microsoft Office for some work.

There is nothing more disconcerting than changing word processing software. Nothing is in the right place and productivity decreases dramatically.  I’m not sure which of the two flavours of the open source alternatives I like best–I lean towards LibreOffice at this point.

Some people who don’t really work for a living will say it’s stupid to try to attempt to use Microsoft Office on Linux, but they don’t have to quickly produce reports on a daily basis. I have tried running MS Office 2010 (32 bit) with some success using Wine. This makes report creation easier and faster. However, this isn’t as stable as using LibreOffice–but that’s perdition for you.

Survival in the Netherworld

Over the last couple of years we have seen a trend developing in the nether regions of the Internet that is changing how I conduct research. This netherworld is populated by malign crooks who create sites loaded with malicious code.

I now conduct a lot of research using fresh installs of Linux and the programmes that I need for each job. I conduct the research from behind my own anonymizing proxy and an assortment of VPNs. Browsers operate in a sandbox to prevent movement of malicious code from an attack site to other programmes on my machine.

This is a nasty environment. It takes time and experience to operate in this infernal region. In two years I have learned a lot, but most of all, I have learned how little I really know. The crooks are much further along the learning curve in this environment.

Finding Deleted Tweets

Paper.li is a web service that let’s members create a daily newspaper of sorts containing their favorite material that they then sharing it with their followers. Here are some points that the investigator should note:

  • A lot of content of these papers comes from Twitter.
  • These papers are archived.
  • Twitter users sometimes delete Tweets
  • Deleting Tweets on Twitter are not deleted on sites like Paper.li

Paper.li is a content curation service. A Content Curator is someone who continually finds, groups, organizes and shares the best and most relevant content on a specific issue online. These sites are a good place to find content deleted from the originating social networking site.

If you go to Paper.li and use their search feature, you won’t find anything unless your search is for the title of a paper. Their search doesn’t look within individual articles.

To find mentions of content from Twitter, or any other content, use the Site: operator. When using this search strategy, search by the Twitter account’s name and the user name (@username) along with any keywords that might apply to what you are looking for.

Murder starts with your Mouth

The excellent book The Dark Side Of Man reports that David Luckenbill studied all of the murderers in a California county over a 10-year period and asked them why they killed their victims. All the death row inmates interviewed listed one of only two reasons for killing:

  • 34% said they killed because the victim challenged the killer’s authority
  • 66% said they killed because the victim insulted them in some way

What matters is the criminal’s perception. If he perceives a challenge or an insult, he is more likely to kill you.

This information provides a basis for planning a strategy for dealing with criminal violence.

Understand that the criminal is not operating under the same moral imperatives as his victim. A large proportion of violent criminals are psychopaths without any empathy for their victims. Never think, “He won’t shoot me because I wouldn’t shoot him in the same situation.” You would be wrong and this will cost you your life.

False bravado will also get you killed. Criminals learn to quickly judge people and use that judgement to manipulate them. Your bluff will be transparent and you will experience a violent response to your challenge.

Never insult an attacker. There is a big difference between screaming “GET AWAY FROM ME!” and screaming “GET AWAY FROM ME YOU MOTHERFUCKER!” Insulting an armed criminal will not yield positive results.

Be especially cautious during the times when the criminal is under the most stress and be chose your words carefully, especially at the early and end stages of the attack.

Develop a verbal response for the most likely scenarios you may face rather than thinking on the fly, just say exactly what you have practiced. Your script should avoid any challenging language or insults. Deliver your script in a calm monotone even if you are planning violent resistance. Surprise is a very potent weapon in your arsenal.

If you are in an environment that exposes you or your staff to the risk of criminal attack, then The Dark Side Of Man is a book you must read.

Know your enemy and plan to prevail.

Drones and the PI

The use of an unmanned aircraft (UAV) or drone to conduct surveillance is contentious public issue when government does it. When the private sector does it, it is particularly contentious.

As a speaker at a training event in Toronto, Ontario, I was asked about using UAVs for surveillance. This surprised me, as these were experienced private investigators. What follows was my answer to these questions.

If a private investigator intrudes into an area where the subject has a reasonable expectation of privacy and takes pictures and video, then that material is likely to be excluded by any court in Canada. The investigator must respect the Criminal Code as well as all municipal, provincial, and territorial laws regarding trespassing and privacy. The investigator may also face criminal charges or civil suit. A civil suit will name everybody even remotely associated with the sordid affair. These consequences pale in the face of what will happen next.

When a UAV is used for work done for hire and reward, as in a private investigation, a Special Operation Flight Certificate (SFOC) from Transport Canada is required. Aeronautics Act defines hire and reward as “any payment, consideration, gratuity or benefit, directly or indirectly charged, demanded, received or collected by any person for the use of an aircraft.”

The Canadian Air Regulations (CAR) Section 602.41 states that no person shall operate an unmanned air vehicle in flight except in accordance with a Special Flight Operation Certificate. Any violation of the CAR may result in substantial penalties: up to $5000 for an individual and $25,000 for a corporation. The UAV operator bears civil liability if property damage or injury occurs. If the video or image evidence was gathered in contravention of CAR do you think any court would allow the material in evidence? If the court did allow it, would the rest of your evidence be credible?

It takes 20 days to get a SFOC for each flight. Do you think the Transport Canada would even consider giving a private investigator such a permit? Can you plan your surveillance 20 days in advance?

In the U.S.A., commercial operation of a UAV it is still illegal. The Federal Aviation Administration (FAA) is considering allowing commercial UAV use in 2015.

Three Rules for Success

To be a successful private investigator follow my three rules.

  1. Spend 95% of your workday doing billable tasks.
  2. Be incredibly organized, and maintain a fastidious filing system.
  3. Don’t get distracted by things that aren’t billable hours.

Site Investigation Tools

When you start to investigate a particular Internet site, I suggest you begin with these resources.

Domain Dossier Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report.

InterNIC Public Information Regarding Internet Domain Name Registration Services

Network Solutions’ Whois

DomainSearch.com  Search multiple top level domains at once to see if the domain name is in use. I use it to find the domain name in other top level domains.

Convert Host/Domain Name to IP Address and vice versa  Find the IP of a host machine (convert host to IP) or domain name (convert domain name to ip address) or find the name of one of the hosts at an IP address (convert ip address).

Using Traceroute Learn how to use and interpret traceroute results.

Additions thanks to Kirby:

hostcabi.net  Provides lot of information, but most importantly, it identifies other users of same Google Analytics account and all the sites using that account.

sitedossier.com  Sometimes shows older servers, which is useful when website has upgraded to cloud service or CloudFlare.

Getting a Date

Date formats are easily misinterpreted. For example, if you write 06-07-07, an American might assume that it represents June 7, 2007 or 1907 and an European might assume that it is 6 July 1907 or 2007. Some might  recommend using an unambiguous date system, such as an ISO 8601 European date format, (YYYY-MM-DD) but unless the reader  is a government worker they might get the month and date mixed-up.

The best method is to use a 3-letter abbreviation for the month preceded by the day and followed by the full year to avoid any confusion thusly, 6 Jul 2007.

Forgotten But Not Gone

The European Union “right to be forgotten” law that allows individuals to demand the removal of links from Google’s EU search sites is starting to come into play.

The EU “Right to be Forgotten” is clearly a form of censorship in the 28 member nations and 4 other European countries that encompasses over 500 million people. Google has 90% of the search engine market there.

Demanding the removal of an indexed item only renews interest in the story. As the law only applies to Google and not the pages themselves or other search engines, traffic to the articles in question increases thanks to journalists calling attention to them once they receive notification that the article was removed from the EU sites. This is known as The Streisand Effect.

European Google search results for any name display the disclaimer that, “Some results may have been removed under data protection law in Europe,” even if nobody requested the removal of anything.

Of course, people will soon tire of writing about the removed articles and people will stop demanding the removal of indexed items.

Certainly, a free speech enthusiasts will start to collate all the missing search results and make them available. This has already started with Hidden From Google. This site archives articles that Google must remove from European Union search results. I’m certain a Twitter account like @gdnvanished will also appear to provide similar content.

The easiest way to circumvent this censorship is to search using the Google.com site instead of the local EU search sites—or better yet, use other search engines like DuckDuckGo, Yandex, and blekko.

Perception & Disguise

I was working on a small surveillance crew recently and we needed to change our appearances on the fly. Changing clothing is an old ploy but it wasn’t enough for this group of very alert subjects.

We bought used clothing in bigger sizes than we normally wear. I tested this clothing around people who haven’t seen me in a while. They all commented on how much weight I had lost. Some asked if I had been sick. I didn’t change, but the clothes made me look like I had lost 30 pounds. Adding a little makeup under my eyes made some people think I had a terminal illness.

Perception goes a long way. People quickly jump to conclusions–my disguise made sure it was the conclusion I wanted them to make.

Critical Thinking & Reality TV

Critical thinking is the investigator’s greatest tool. You might have developed a good way of evaluating sources such as my 13-point check list for evaluating information, but you must apply it with intellectual rigor.

The authority of the source and the accuracy of the information are key issues to examine.

  • What is the reputation of the data, and the data-provider? Has this source of data been cited elsewhere?
  • What is the reliability of the source?
  • How can you document or qualify the source of the information?
  • Are the complex issues of data integrity and validity oversimplified?

With regard to authority and accuracy, I suggest you read the interview with Cody Lundin who is a professional survival instructor with over 25 years of experience. Read this to learn more about Survival TV from his perspective as an expert. He calls this stuff, Survival Entertainment with good reason and says, “…anyone who would trust their life to what they see on reality television shouldn’t breed.”

Microsoft’s Ban on Guns & the Investigator

Since 2009 Microsoft’s Code of Conduct has been applied to more and more of their online services. Under this Code of Conduct, users are prohibited from using it in  “any way that promotes or facilitates the sale of ammunition and firearms” (See bullet point #13). You have to trust that Microsoft’s definition of “promotes or facilitates the sale of ammunition and firearms” is the same as yours and that one of their robots doesn’t delete all your data. Not recognising this risk could mean the loss of all your investigation reports and data. A lot of my investigations have included large volumes of data on firearms and ammunition. Imagine the damage to your reputation, if at a crucial juncture in the investigation, some Microsoft employee or robot decides my data and reports are “promoting guns” and deletes everything.

Most of Microsoft’s online services are covered by their “Code of Conduct”. This includes Windows Live, Office 365, Microsoft Sharepoint, Bing.com, Outlook.com, Windows OneDrive, Exchange Online, MSN and more.

Searching for firearms and ammunition data on Bing may already produce censored results as a result of the Code of Conduct.

Only Skype, Microsoft Azure and XBox Live are now exempt. I expect Skype will be the next to come under the Code of Conduct.

Windows OneDrive, formally Microsoft SkyDrive, is part of Windows 7, Windows 8, Windows 8 for Phones and Windows 8 for Tablets. If you handle information about firearms you should avoid these products. You could find your account terminated and all your emails, contacts, calendar, and everything else deleted.

Windows Live powers a number of Microsoft services including Microsoft’s cloud email and cloud Office suite. Windows Live, Outlook.com and Exchange Online power many large institutions. If you work in such an institution be very careful, especially if you have signed documents agreeing to abide by Microsofts Terms of Use.

If you use Microsoft Office and the Office 365 service to share files about guns, then you will eventually find everything has gone down the memory hole.

Microsoft’s Code of Conduct can affect everything an investigator does. Searching, email, voice calls, storing data, and preparing reports are all potentially at risk if you use these services in relation to firearms and ammunition related topics. Now ask yourself how Microsoft knows the content of your data and think about the confidentiality and security of your data.

You must have a due diligence process in place before starting to even look for online and cloud services. You have to read and understand the implications of all the stuff hidden in the fine print.

How to Take Veracious Surveillance Video

I don’t like going to court, who does, but sometimes it’s a necessary evil.

I once conducted a surveillance as part of a complex investigation. Of all the surveillance operatives, I was the only one subpoenaed regarding the primary subject. During a break in the proceedings I asked the barrister, why only me?

His answer was simple and direct. He said, “you started or finished each video segment by panning up and out to wide angle to clearly show where the video was taken. The visible landmark buildings and the surroundings make your video more credible.”

None of my evidence was questioned until they got around to a segment of my “camera in a cardboard box” video taken on a city street. Those questions ended when pictures of me with my box on the street were entered into evidence. These were taken by facing a reflective shop window–there I was in my Dickie work clothes holding the cardboard box that concealed the the camera.  The other side didn’t like the fact that I captured the licence plates on both the subject’s car and that of his mistress parked on the same side street by walking down the street with my cardboard box. They were later connected through the licence plate and surveillance, which in turn, led us to an apartment on the same side street that was purchased with embezzled funds.

I don’t know if questioning the truthfulness of all surveillance video based upon the location of the person recording it will become standard practice or if this was just a bit of aggressive lawyering, but these courtroom tactics can be defeated by proper technique, documentation, and reporting.

Searching Google Anonymously While Signed In

I know you still want to use Google without giving away all your personal data. To accomplish this while using Firefox, use the Searchonymous extension. With this, you can stay signed into your Google account while searching and Google won’t know it’s you doing the search. It also gets rid of most of the annoying ads.

If you use Chrome or a browser like Comodo Dragon that is based on Chrome, then you might try Search Disconnect which purports to do the same thing.

Smartphone Security

Losing your smart phone can be more that inconvenience if your are an active private investigator. Over at PInow, Kelly Cory’s article titled How to Keep Your Smartphone Secure offers some sound advice.