File erasure is something every Investigator needs to consider. Investigators collect a lot of data that never makes into a report. Sometimes that data is irrelvant or something that cannot be reported. That stuff should not be left hanging around to be recovered later and then missused. Some form of file erasure software should be used to make it unrecoverable.
Some examples of file erasure software:
I always use the subject’s known email addresses as search terms. I assume that any good Investigator would do the same. However, where you search matters.
Have you ever searched an email address and found that it was compromised? Groups like Anonymous and Lulzsec sometimes post lists of compromised email addresses along with the associated passwords. Do you know where to search for this and how to report it?
“I didn’t post that! My account was hacked!” is a common ‘Weinergate’ inspired excuse. If the Investigator doesn’t make a reasonable effort to search for the possibility of a compromised account, then he may be judged incompetent or negligent.
Without the co-operation of the subject, the Investigator must start an organised search for indications that the email account has been compromised.
Always search for the name of the email service provider and the words ‘hacked’ and ‘compromised’ along with ‘accounts’ and ‘email’. If you find something, then compare the date of the security breach to the time of your own Weintergate.
Next, search shouldichangemypassword.com, pwnedlist.com, and hacknotifier.com. The first two only tell you if the account might be compromised, while the last one sometimes links the searcher to online information about the security breach.
Of course the Investigator should document the search and explain the sources that were searched.
The Boston Marathon incident is somewhat instructive from an Investigative Internet Research (IIR) perspective.
News reporters are skilled at IIR — some to the exclusion of real journalistic skills if the preponderance of churnalism in the popular media is any measure. However, one instance of a reporter finding the terrorist’s Amazon Wish List is interesting. The reporter was drawing conclusions about the terrorist from the contents of the wish list.
The default Amazon Wish List setting is ‘Public’. The other settings are ‘Shared’ and ‘Private’ which seems to defeat the purpose. The default setting is the most common.
Google isn’t a search engine — it’s an advertising engine. Google makes its money from advertising. You may have noticed that the advertisments that appear on your Google search results page is related to what you are searching.
Some of this advertising results from cookies placed on your computer. If you use Gmail, it is even more intrusive as each email is read, and you get ads associated with the content of your email. This is a good business strategy for Google but intrudes upon the user’s privacy. You should shut-off the collection of web history in your Google account. To do this sign into your Google account and then go to http://google.com/history. Once there, click on Remove all Web History and then click on Pause to stop further collection of your web history. There is also a way to rid yourself of the intrusive monitoring of you normal web searching.
Google uses DoubleClick to monitor your web browsing. To eliminate this monitoring go to http://google.com/ads/preferences/plugin and download this small file for each browser that you use. The instalation prceedure will vary with each browser. This file won’t disappear when you use a file wiping program to clearout all the trash web browsing accumulates.
Most people give up a frightening amount of information in a very short period of time during their social interactions, both on social media and in person. Marital status, children, hometowns, schools, and more are the nuggets of information given out which can end-up in the wrong hands.
Safe topics for making conversation with strangers is not your job, but rather a “safe” hobby, like woodworking, sports, or local history. It’s good to avoid politics and religion.
Most privacy conscious Investigators create a throwaway profile. They learn about something that is not related to their identifying features – cooking, gardening, fishing, etc. – and know enough to pass as a amateur enthusiast. This becomes the first-contact profile used to evaluate a stranger.
The Citizen’s Arrest and Self-defence Act comes into full force on March 11, 2013. The act may be found at http://laws-lois.justice.gc.ca/eng/AnnualStatutes/2012_9/FullText.html and some background on the act may be found at http://www.justice.gc.ca/eng/news-nouv/nr-cp/2012/doc_32762.html.
The Canada Gazette entry regarding the act coming into effect may be found at http://gazette.gc.ca/rp-pr/p2/2013/2013-02-13/html/si-tr5-eng.html.
I have written about the site: command in Google before.
The site: command in Google is an invaluable tool for doing Investigative Internet Research (IIR), especially in combination with other advanced operators.
Google site: Tool
Google site: Tool only works Firefox 14 or later on Windows 7.
It allows you to add site: or -site: to modify your Google search results. To limit your query to a particular site in the results, or to re-run the query excluding that site from the results, click the green URL below the result header. This works best on Google.com rather than the country-specific versions of Google. It also works on the encrypted version of Google.com.
This addon requires Greasemonkey.
While doing Investigative Internet Research (IIR), you find a document from an organisation that changes its name before you finish your report. The document was retrieved before the name change. How do you cite reference? Do you cite it with the old organisation name or the new name?
Normal practice is to use the name as it was when you found the document. However, this can cause problems when someone does fact-checking to independently verify the citation. Someone must then find and document the history of the organisation name.
The solution is to cite the date the document was retrieved and in square brackets include the new name. For example, [currently, XTS Organisation] or better still [as of 11 Jan 13 the name changed to, XTS Organisation]. The latter addition to the citation creates a dated history of the organisation’s name.
Boounce is a simple browser add-on available for Mozilla Firefox and Google Chrome that helps you bounce between search engines, topical databases, and searchable websites. It mercifully eliminates duplicate results from Google, Bing, and Blekko.
This works quite well if you need to search through a lot of sites quickly. However, you should only use uncomplicated search terms containing words that are not likely to be filtered-out of the results by the default porn filters of the sites you are searching.
If you copy a lot of material while searching, then in the addon’s options deselect “Use text selection as search term”. This is particularly annoying if you cut and paste to MS OneNote as you conduct your research.
One feature I really like is the ability to right-click on webpage search box to add it to the list of boounceable sites.
The list of search sites included with Boounce may be found at http://www.boounce.com/search-engine-list/
The Daily Mail newspaper in the UK reports that the receptionist who was subjected to a pretext call by two Australian DJs may have committed suicide.
In the call at 5.30am on Tuesday impersonating the Queen, Miss Greig said: ‘Oh, hello there. Could I please speak to Kate please, my granddaughter?’
Thinking she was speaking to the Queen, the receptionist replied: ‘Oh yes, just hold on ma’am’.
She then put the presenters through to one of the nurses who was caring for the Duchess.
The nurse also believed she was speaking to the Queen and went on to make a number of deeply personal observations about Kate’s health.
This prank/pretext was bragged about by the two Australian DJs. This no doubt subjected the receptionist to a lot of ridicule.
The Australian DJs violated two of the three rules for doing pretext calls.
The three rules:
- Do not personate a living person.
- Do not personate a representative of any existing company (or business) or anything to do with government.
- Do not cause anybody to be concerned for their own safety or the wellbeing of any person, business, company, or property.