Archive for the 'Private Investigator' Category

Page 2 of 17

What You See Matters

I don’t like doing surveillance work. It’s hectic and often unproductive, but somebody has to do it.

I have always preferred using a real camera whenever possible — the real SLR type with a long lenses. Knowing this, a colleague asked me to help out as the second man.

This white-collar type went from one office complex to another and coffee shop to coffee shop all morning. He met people and I got good pictures of the people he met. He went for lunch in a shopping mall food court. This was rather strange as he was wearing a $2000 suit. From the mezzanie I watched. He opened his briefcase and I took pictures of its contents.

The briefcase contained three intersting items, all were books. The titles were:

  • How To Survive Prison For The First Time Inmate: Take a look at a dangerous society within our society
  • Prison Guide: Prison Survival Secrets Revealed
  • The Suburban Inmate: A Man’s Guide To Surviving Prison

Now this shone an entirely different light upon what we were doing. You guessed it, he was settling his affairs before the sentencing.

Connect the Dots and the Dox

You don’t need to hack into a computer to learn about someone. Today, most people that I investigate leave a revealing online profile — I just have to connect the dots or the publicly available dox (documents).

Online malefactors try to do their misdeeds anonymously through an alias. Usually, they tend to reuse their aliases. It only takes one obscure use connected to the miscreant’s real name. Now I have the real name to run through the usual searches which will reveal other aliases, Facebook pages, and Twitter accounts, all of which yield titbits of useful information.

Business Interrupted

Managers sometimes tie themselves into knots worrying about the risk or threat rather than analysing the impact of interrupted business processes. My advice is to stop fretting about the cause and concentrate on alleviating the impact of the interrupted business processes.

To do this, defeat the problem in detail as follows:

  • Decide which processes are critical and which are not.
  • Determine how long any particular process can be interrupted before it’s loss become detrimental to operations, profitability, and customer satisfaction.
  • Design a plan of action to determine if the disruption will continue beyond the tolerable time limit.
  • Have a plan to replace each missing process.
  • Plan for the concurrent loss of several critical processes.

The key to a successful business continuity plan is concentrating on the critical day-to-day operations.

How does this relate to investigtion and research? The answer is quite simple:

  • Have you ever done a security survey?
  • Have you ever done a competitor SWOT analysis?
  • Have you ever done due diligence on a critial supplier?

Libelous Questions

I recently conducted a series of interviews that were quite sensitive in nature. This used to be a common occurrence for me. Today, it is less so. The prevalence of small electronic recording devices has curtailed my willingness to conduct such interviews. My concern is that you never know where the recording will go, nor do you know how it will be used or edited. You have no knowledge of the motives, ethics, or interests of the people who may at some point possess the recording.

Libel happens when you publish or make public a statement that is untrue about someone. Any investigator may inquire about things that prove to be untrue during an interview. Ask yourself what might happen if a snippet of the interview is published and it contains questions about something that was later proven untrue. The concept of the libelous question is well established in law. Investigators may have a certain privilege to ask questions but, this won’t stop someone from suing you. The public disclosure of private facts that might be part of an interview also causes concern. What if the interview reveals information that is not of public concern, and the release of which would offends someone? Unlike libel, truth is not a defense for what may be seen as an invasion of privacy.

You can never be certain that a recording device is not present. As a private investigator, I cannot search people and confiscate their electronic devices. Private investigators do not have any control over the people they interview, nor do they usually have control over the physical surroundings in which the interview occurs. This alters the nature of the questions asked and how they are put to the interview subject.

An extreme example from the U.S.A is one where a defense lawyer sat down with a prospective client in San Juan, Puerto Rico and asked about the GPS bracelet required by as a condition of bail. The prospective client told the lawyer that, “They speak to me through that thing”.  He filed a motion at the Puerto Rico State Superior Court to have the device removed before he interviewed prospective client. During that motion, he learned that it could be used to eavesdrop on their conversation without the lawyer or prospective client knowing. ( A recording knowingly made by the interview subject is not the only thing investigators need to consider.

This does not mean that every question will result in a libel action or that every room is bugged. It does mean that being dragged into an expensive libel action or media circus is something to consider before you start asking questions – especially ones that are sensitive.

ICANN Wants to Close Whois

A working group for Internet regulators at ICANN wants to close all Whois databases. They what to force anybody needing this data to grovel before them before granting access. They are trying to centralize global control over a key component of the Internet. WHOIS allows you to find out who owns a domain name. Without this data, fraud and other crimes will become easier to commit and harder to solve.

Are you a Suspicious Person?

The surveillance conscious subject is more common today than forty years ago when I started in the business. Lawyers coach claimants on how to deal with surveillance. Criminals teach each other on how to recognise surveillance. Unfortunately, PI’s do not receive much training on how to avoid detection of their surveillance efforts.

Clumsy choice or use of the initial vantage point may doom the entire surveillance effort. If the subject sees someone repeatedly over Time, in different Environments and over some Distance, and if the surveillant displays poor Demeanor, then he will know that he is under surveillance. This means that initial vantage point, and the PI’s presence there, must not be remarkable in any way.

Don’t chose the initial vantage point without first evaluating the location. Understand the appearance and behaviour of the people likely to be at the vantage point. Don’t be like the inept guy in the old detective movie — you know the one — the guy leaning against a lamp pole reading a newspaper in the middle of the night.

Observe the vantage point from a position that the subject cannot see — you have questions that need answering. What type of person is at or near the vantage point? How long can you remain at the vantage point without arousing suspicion? What appearance, behaviour or persona will allow you to remain in place without arousing suspicion? Can you follow the subject in your adopted persona or must another team member do that?

Tim Horton’s & Investigative Internet Research

An article titled, Tim Hortons apologizes for blocking gay and lesbian news website by The Canadian Press on Friday, July 19, 2013 caught my attention. Tim Hortons is a popular Canadian coffee shop chain.

The online site of a popular paper that caters to the gay community was blocked by the coffee shop chain as “not appropriate for all ages viewing in a public environment.”. Once the outrage got going, Tim Hortons relented and changed its WiFi network policy.

What has all this got to do with Investigative Internet Research (IIR), you ask? Well, think about it. We often work while on the road and that means doing some aspects of IIR in places like coffee shops.

When you do IIR outside your normal work environment, different rules apply. How do you know what the WiFi network allows and what it doesn’t? How do you know if some things are censored and others are not? How do you know that your results are complete?

Now do you understand the dangers that doing this presents? I haven’t even mentioned the security issues.

Google Reader is Gone

Canada Day (1 Jul 13) has come and gone, and so has Google Reader. You have until 15 July to get your data out of Google Reader.

Now what? Do I need an RSS reader? Where do I get a web-based RSS reader? Have Twitter lists (which you may divide into different topics that focus on blog sources, news feeds and individuals) supplanted RSS? So many questions! So many decisions to make!

The RSS sky isn’t falling quite yet. There are alternatives and choosing one is a good reason to do some digital housecleaning. Alternative readers offer versions for Web browsers, mobile devices running iOS and Android, and cloud-based service. Hopefully, we will see innovation and competition in RSS apps and platforms.

Certainly, social media offers a human element that isn’t present in RSS feeds. However, RSS usually offers focused technical or industry information, the details of which social media usually omits. In the short-term, using  Reeder and Feedly as a front-end for RSS won’t work as these relied on Google Reader. I’m sure that will change very quickly, if it hasn’t already. (I don’t use either of these.) Twitter and Flipboard won’t replace an RSS reader for the information worker. The passing of Google Reader will only affect the ‘normal’ user who relied upon it.

The demise of Google Reader hasn’t changed how we deal with RSS feeds while doing Investigative Internet Research (IIR).  For a detailed explanation of how to handle RSS feeds while doing IIR get my new book, Sources & Methods for Investigative Internet Research, which is scheduled for publication in September.

Addition: Here’s How You Can Extract All Your Google Reader Data

Geofeedia allows searching by location first then keyword for uploaded images from a many photo sites and social media sites including Flickr. This is a paid service.

This complements keyword searching by searching by location first to find data. Geofeedia allows you to create a live location-oriented social media stream, or ‘Geofeed’. You create a Geofeed by entering an address or drawing a boundary around an area on a map. Then you can search, monitor and analyze social media content originating from that area or location.

Social Media Gadflies & Imposters

Have you ever come across someone who has such a passion for his job that he just has to tell everybody how he does it? He leaves the location services turned on so that you know where he is doing his job. He takes pictures of places where he does his job and posts them with intact Exif data. He stands next to a famous person in photos when they don’t even know him and  implies that he is working for the famous person. This guy is on every industry forum answering questions using Google search results. He knows all the industry terminology thanks to Google.

Unfortunately, he doesn’t do the job and never has, even if he is employed in the industry, because he is only interested in self-aggrandizement. Be careful, guys like this travel in packs. If one finds your organisation or industry interesting they all will.


File Erasure

File erasure is something every Investigator needs to consider. Investigators collect a lot of data that never makes into a report. Sometimes that data is irrelvant or something that cannot be reported. That stuff should not be left hanging around to be recovered later and then missused. Some form of file erasure software should be used to make it unrecoverable.

Some examples of file erasure software:

Searching for Hacked Accounts

I always use the subject’s known email addresses as search terms. I assume that any good Investigator would do the same. However, where you search matters.

Have you ever searched an email address and found that it was compromised? Groups like Anonymous and Lulzsec sometimes post lists of compromised email addresses along with the associated passwords. Do you know where to search for this and how to report it?

“I didn’t post that! My account was hacked!” is a common ‘Weinergate’ inspired excuse. If the Investigator doesn’t make a reasonable effort to search for the possibility of a compromised account, then he may be judged incompetent or negligent.

Without the co-operation of the subject, the Investigator must start an organised search for indications that the email account has been compromised.

Always search for the name of the email service provider and the words ‘hacked’ and ‘compromised’ along with  ‘accounts’ and ‘email’. If you find something, then compare the date of the security breach to the time of your own Weintergate.

Next, search,, and The first two only tell you if the account might be compromised, while the last one sometimes links the searcher to online information about the security breach.

Of course the Investigator should document the search and explain the sources that were searched.

What’s on Your Wishlist?

The Boston Marathon incident is somewhat instructive from an Investigative Internet Research (IIR) perspective.

News reporters are skilled at IIR — some to the exclusion of real journalistic skills if the preponderance of churnalism in the popular media is any measure. However, one instance of a reporter finding the terrorist’s Amazon Wish List is interesting. The reporter was drawing conclusions about the terrorist from the contents of the wish list.

The default Amazon Wish List setting is ‘Public’. The other settings are ‘Shared’ and ‘Private’ which seems to defeat the purpose. The default setting is the most common.

Social Search —

I bet you know about I also bet you don’t know my super secret way of using it.

I have just shown you how to search usernames using three good sites. Now in this limited time offer, I will tell you about the best and most secret username search. for User Names

Go to and put the suspected username in the field normally reserved for a person’s name, and presto, right before your very own eyes, valid results will appear that may include a lot of other vital information about your subject.

Social Search —

This searches 160 social network sites for a user name. It is powered by the KnowEm search engine and has the same features of interest to the Investigator as NameChk plus a very interesting feature. It allows you to click on the faded-out links, which indicate that the username is in use, and doing so takes you to the user profile for that username.