The browser is the most used outward facing software you will use. It interacts with suspect web sites and other internet sites. Firefox is still my first choice for security and plug-ins, even though Chrome offers a speed advantage that adds-up over the course of many hours of research, while this little problem makes me avoid MS Internet Explorer: Microsoft warns of critical IE9, IE10 zero-day-Just visit the wrong web site and get remote-code execution.
In Firefox, go to Tools>Add-ons>Plugins and set the Java Script and Toolkit to Ask to Activate. I also set all the other plugins to Ask to Activate as well. This prevents a plugin from activating at the wrong time and thereby sending out data to the site that caused it to activate. A malicious site may activate a plugin to have it to transmit data that can be used to thwart your investigation.
Third party cookies compile a long-term record of your browsing history. This is dangerous as it can reveal what you are investigating. In Options>Privacy>History select Never for third party cookies. In my sandbox, I have several versions of the browser with different settings. For example, I prefer to never accept cookies of any kind, but some sites need them to function so I have a version with normal cookies enabled.
The online exif viewer at www.gbimg.org has a lot of widgets on it.
My last discovery was the Exif site at http://www.findpicturelocation.com. Just upload the picture and it will show the location where it was taken. It only works with .jpg or .tif files. You must upload the image to the site, so who knows where it might end-up. This uses the Google API for the mapping. Not all pictures have the GPS coordinates in them.
There is nothing slipperier than a politician or bureaucrat trying to avoid accountability while extolling how transparent and open they are. These craven creatures turn our access to information laws into the proverbial greased pig. Continue reading ‘Sly Pols & Crats’
Bitcoins have interested me of late as I am writing my next book which is about issues of security, privacy, and anonymity while doing investigative internet research. Continue reading ‘Taking Bitcoins to the Laundry’
I previously wrote about Bluetooth and Surveillance Detection and how Bluetooth could be used to determine if you were being followed.
Prior to a recent surveillance assignment, I scanned for nearby devices and was able to identify each of the other investigators’ mobile phones. This was not a good start. I required all the team members to demonstrate that they had shut off both Bluetooth and WiFi or at least set the Bluetooth signal to be hidden except to authorized devices and shut-off the WiFi.
The apparent demise of Google Alerts forced me to turn to Talkwalker and Mention for alerts. However, Yahoo! Alerts offer some utility for keeping up with the world. In the past Yahoo! Alerts was only good for news. It now extends into the full web as catalogued by the Bing database. If you don’t already know it, Microsoft swallowed Yahoo! search whole in 2009. Perhaps we should call it Microhoo.
You need a Yahoo! account for Yahoo! Alerts. The results cannot be pushed to an RSS feed, they only arrive via email, Yahoo Messenger, or mobile device, depending on what you have set-up in your Yahoo! account. Not all alerts allow for delivery using all three of the above delivery options.
To create an alert, select Y! Search from the drop-down list on the right side of the opening page or select Y!Search from the list on the initial screen. Next sign-in to your Yahoo! account. In the Search keyword field add the search terms as you would in the normal Yahoo! search box. In the next drop-down list select what you want searched, I normally select Web or News. Finally select the frequency of the search. The search preview will only show anything added to the database in the last 24 hours.
I don’t like doing surveillance work. It’s hectic and often unproductive, but somebody has to do it.
I have always preferred using a real camera whenever possible — the real SLR type with a long lenses. Knowing this, a colleague asked me to help out as the second man.
This white-collar type went from one office complex to another and coffee shop to coffee shop all morning. He met people and I got good pictures of the people he met. He went for lunch in a shopping mall food court. This was rather strange as he was wearing a $2000 suit. From the mezzanie I watched. He opened his briefcase and I took pictures of its contents.
The briefcase contained three intersting items, all were books. The titles were:
- How To Survive Prison For The First Time Inmate: Take a look at a dangerous society within our society
- Prison Guide: Prison Survival Secrets Revealed
- The Suburban Inmate: A Man’s Guide To Surviving Prison
Now this shone an entirely different light upon what we were doing. You guessed it, he was settling his affairs before the sentencing.
You don’t need to hack into a computer to learn about someone. Today, most people that I investigate leave a revealing online profile — I just have to connect the dots or the publicly available dox (documents).
Online malefactors try to do their misdeeds anonymously through an alias. Usually, they tend to reuse their aliases. It only takes one obscure use connected to the miscreant’s real name. Now I have the real name to run through the usual searches which will reveal other aliases, Facebook pages, and Twitter accounts, all of which yield titbits of useful information.
Managers sometimes tie themselves into knots worrying about the risk or threat rather than analysing the impact of interrupted business processes. My advice is to stop fretting about the cause and concentrate on alleviating the impact of the interrupted business processes.
To do this, defeat the problem in detail as follows:
- Decide which processes are critical and which are not.
- Determine how long any particular process can be interrupted before it’s loss become detrimental to operations, profitability, and customer satisfaction.
- Design a plan of action to determine if the disruption will continue beyond the tolerable time limit.
- Have a plan to replace each missing process.
- Plan for the concurrent loss of several critical processes.
The key to a successful business continuity plan is concentrating on the critical day-to-day operations.
How does this relate to investigtion and research? The answer is quite simple:
- Have you ever done a security survey?
- Have you ever done a competitor SWOT analysis?
- Have you ever done due diligence on a critial supplier?
I recently conducted a series of interviews that were quite sensitive in nature. This used to be a common occurrence for me. Today, it is less so. The prevalence of small electronic recording devices has curtailed my willingness to conduct such interviews. My concern is that you never know where the recording will go, nor do you know how it will be used or edited. You have no knowledge of the motives, ethics, or interests of the people who may at some point possess the recording.
Libel happens when you publish or make public a statement that is untrue about someone. Any investigator may inquire about things that prove to be untrue during an interview. Ask yourself what might happen if a snippet of the interview is published and it contains questions about something that was later proven untrue. The concept of the libelous question is well established in law. Investigators may have a certain privilege to ask questions but, this won’t stop someone from suing you. The public disclosure of private facts that might be part of an interview also causes concern. What if the interview reveals information that is not of public concern, and the release of which would offends someone? Unlike libel, truth is not a defense for what may be seen as an invasion of privacy.
You can never be certain that a recording device is not present. As a private investigator, I cannot search people and confiscate their electronic devices. Private investigators do not have any control over the people they interview, nor do they usually have control over the physical surroundings in which the interview occurs. This alters the nature of the questions asked and how they are put to the interview subject.
An extreme example from the U.S.A is one where a defense lawyer sat down with a prospective client in San Juan, Puerto Rico and asked about the GPS bracelet required by as a condition of bail. The prospective client told the lawyer that, “They speak to me through that thing”. He filed a motion at the Puerto Rico State Superior Court to have the device removed before he interviewed prospective client. During that motion, he learned that it could be used to eavesdrop on their conversation without the lawyer or prospective client knowing. (http://www.thecrimereport.org/news/inside-criminal-justice/2013-10-caution-your-gps-ankle-bracelet-is-listening) A recording knowingly made by the interview subject is not the only thing investigators need to consider.
This does not mean that every question will result in a libel action or that every room is bugged. It does mean that being dragged into an expensive libel action or media circus is something to consider before you start asking questions – especially ones that are sensitive.
A working group for Internet regulators at ICANN wants to close all Whois databases. They what to force anybody needing this data to grovel before them before granting access. They are trying to centralize global control over a key component of the Internet. WHOIS allows you to find out who owns a domain name. Without this data, fraud and other crimes will become easier to commit and harder to solve.
The surveillance conscious subject is more common today than forty years ago when I started in the business. Lawyers coach claimants on how to deal with surveillance. Criminals teach each other on how to recognise surveillance. Unfortunately, PI’s do not receive much training on how to avoid detection of their surveillance efforts.
Clumsy choice or use of the initial vantage point may doom the entire surveillance effort. If the subject sees someone repeatedly over Time, in different Environments and over some Distance, and if the surveillant displays poor Demeanor, then he will know that he is under surveillance. This means that initial vantage point, and the PI’s presence there, must not be remarkable in any way.
Don’t chose the initial vantage point without first evaluating the location. Understand the appearance and behaviour of the people likely to be at the vantage point. Don’t be like the inept guy in the old detective movie — you know the one — the guy leaning against a lamp pole reading a newspaper in the middle of the night.
Observe the vantage point from a position that the subject cannot see — you have questions that need answering. What type of person is at or near the vantage point? How long can you remain at the vantage point without arousing suspicion? What appearance, behaviour or persona will allow you to remain in place without arousing suspicion? Can you follow the subject in your adopted persona or must another team member do that?
An article titled, Tim Hortons apologizes for blocking gay and lesbian news website by The Canadian Press on Friday, July 19, 2013 caught my attention. Tim Hortons is a popular Canadian coffee shop chain.
The online site of a popular paper that caters to the gay community was blocked by the coffee shop chain as “not appropriate for all ages viewing in a public environment.”. Once the outrage got going, Tim Hortons relented and changed its WiFi network policy.
What has all this got to do with Investigative Internet Research (IIR), you ask? Well, think about it. We often work while on the road and that means doing some aspects of IIR in places like coffee shops.
When you do IIR outside your normal work environment, different rules apply. How do you know what the WiFi network allows and what it doesn’t? How do you know if some things are censored and others are not? How do you know that your results are complete?
Now do you understand the dangers that doing this presents? I haven’t even mentioned the security issues.