Over the last couple of years we have seen a trend developing in the nether regions of the Internet that is changing how I conduct research. This netherworld is populated by malign crooks who create sites loaded with malicious code.
I now conduct a lot of research using fresh installs of Linux and the programmes that I need for each job. I conduct the research from behind my own anonymizing proxy and an assortment of VPNs. Browsers operate in a sandbox to prevent movement of malicious code from an attack site to other programmes on my machine.
This is a nasty environment. It takes time and experience to operate in this infernal region. In two years I have learned a lot, but most of all, I have learned how little I really know. The crooks are much further along the learning curve in this environment.
Operative research is the process of learning how things work in a particular area. As an investigator, I often have to learn how something works or the nature of the skills used in a certain area of human endeavour.
I sometimes start by interviewing people who are in the field, but more often, I do a literature search of the topic before conducting interviews. That leaves me with the task of locating relevant published material that will give me an overview of the topic and allow me to formulate a list of questions to ask during interviews.
The first task in this is to understand how the subject matter is indexed. That means understanding who might have a use for this material. For example, many military topics are also useful to engineers, construction companies, outdoorsmen, miners, sailors, and many more individuals and organisations. Another example would be the topic of physical security.
Once you know who might collect and catalog the subject material that interest you, learn what terms they might use to describe the material. Now add the words “library” and “subject guide” to your search. What you are looking for is a targeted collection of material. Once you find such a collection search the site using the site: operator.
Using the above search strategy in a recent search for information on evacuation of urban areas, I found urbansruvivalsite.com and its library of ebooks. While searching for data on electrical wiring led me to the Pole Shift Survival Information site and its library of publications about wire where I found tables of wire-gauge sizes. When trying to decipher old shorthand notes in a deceased lawyer’s file I found a library of publications about shorthand.
The focus of each of these ‘library’ sites is far removed from my interests, however, the people who created these sites had their own use for the information and that made my job easier.
When you start to investigate a particular Internet site, I suggest you begin with these resources.
Domain Dossier Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report.
InterNIC Public Information Regarding Internet Domain Name Registration Services
Network Solutions’ Whois
DomainSearch.com Search multiple top level domains at once to see if the domain name is in use. I use it to find the domain name in other top level domains.
Convert Host/Domain Name to IP Address and vice versa Find the IP of a host machine (convert host to IP) or domain name (convert domain name to ip address) or find the name of one of the hosts at an IP address (convert ip address).
Using Traceroute Learn how to use and interpret traceroute results.
Additions thanks to Kirby:
hostcabi.net Provides lot of information, but most importantly, it identifies other users of same Google Analytics account and all the sites using that account.
sitedossier.com Sometimes shows older servers, which is useful when website has upgraded to cloud service or CloudFlare.
The European Union “right to be forgotten” law that allows individuals to demand the removal of links from Google’s EU search sites is starting to come into play.
The EU “Right to be Forgotten” is clearly a form of censorship in the 28 member nations and 4 other European countries that encompasses over 500 million people. Google has 90% of the search engine market there.
Demanding the removal of an indexed item only renews interest in the story. As the law only applies to Google and not the pages themselves or other search engines, traffic to the articles in question increases thanks to journalists calling attention to them once they receive notification that the article was removed from the EU sites. This is known as The Streisand Effect.
European Google search results for any name display the disclaimer that, “Some results may have been removed under data protection law in Europe,” even if nobody requested the removal of anything.
Of course, people will soon tire of writing about the removed articles and people will stop demanding the removal of indexed items.
Certainly, a free speech enthusiasts will start to collate all the missing search results and make them available. This has already started with Hidden From Google. This site archives articles that Google must remove from European Union search results. I’m certain a Twitter account like @gdnvanished will also appear to provide similar content.
The easiest way to circumvent this censorship is to search using the Google.com site instead of the local EU search sites—or better yet, use other search engines like DuckDuckGo, Yandex, and blekko.
During research projects I sometimes come across astounding levels of stupidity posted for all to see. Sometimes this occurs in obscure corners of the interweb, sometimes it’s done on Twitter.
If I think an instance of stupidity might become important in the future, I manually archive the web page or Tweet by submitting it to the Wayback Machine using the Save Page Now option.
This doesn’t work with all sites, but when it works, the “Bozo Eruption” will be available on an authoritative site in the future. There won’t be any question that the eruption occurred if someone has second thoughts and removes it from the site.
Images that appear on a web site offer many insights into the people who created the site. They tell you if they have the money to buy copyrighted content, or that they took the time to create their own imagery to get across their message. The imagery may also tell you that they don’t respect copyright law. The use of the same image on several sites may indicate a relationship between the sites that use the image.
Bing now offers an image search facility that allows you to paste the specific image URL into the search box at Bing.com/images. If you have a picture that you want to match, then you may upload it directly to Bing.com/Images and Bing will search for matches. To match an image, submit a URL, or upload an image, just click on image match.
When you come across an image on a site you find in the Bing Web results, go to Bing Image search and clear the search box. That will make the Image Match link appear next to the search box. When using this, the best approach is to have Bing Web open in one tab and Bing Images in another. As you click on Web results, they will open in a new tab between Bing Web and Bing Images. To isolate the images you wish to search, in Firefox, right click the image and click on view image. This will take you to the image itself and its unique URL. This makes it easier for Bing to isolate the image it is trying to match.
So you want to use Chrome as your browser. Are you aware that it has recently been reported that a Chrome Bug Allows Sites to Listen to Your Private Conversations?
The best way to avoid this threat is as follows:
- Go to chrome://settings/content
- Scroll down to Media
- Select “Do not allow any sites to access my camera and microphone.
This will disable Google’s Conversational Search, etc. but security will be increased.
I never liked the way Chrome ‘phoned home’ to Google with user tracking, bug tracking etc. I have also found extensions that had malware-filled updates. However, it is faster than Firefox, which over the course of a research project may save hours of extra time. I resisted using Chrome due to security & privacy issues.
I now use is Comodo Dragon, which is based on the open-source Chrome browser, however, it is more private and secure if used properly. I disable the camera & mic as SOP, so I haven’t investigated how Dragon responds to this exploit. The setting change that I outlined was in reference to the actual Chrome browser and this particular exploit, there may be more that I don’t know about.
I am very careful about exposing myself to the internet. My outward-facing computers don’t have cameras or mics to entirely circumvent malicious software like this and the likes of Finspy.
The online exif viewer at www.gbimg.org has a lot of widgets on it.
My last discovery was the Exif site at http://www.findpicturelocation.com. Just upload the picture and it will show the location where it was taken. It only works with .jpg or .tif files. You must upload the image to the site, so who knows where it might end-up. This uses the Google API for the mapping. Not all pictures have the GPS coordinates in them.