Hunting YouTube Content

A successful hunt for data includes dragging your prey home and preparing it for consumption. If you have a hungry client to feed, then you will have to chop-up your prey into digestible chunks, cook it properly, and then serve it up all pretty-like on a fancy platter, because clients are picky eaters.

Here is what you need to make a delightful repast of what you find on YouTube.

After the disappearance of Google Reader, Feedly became the new standard in RSS readers. However, Feedly is much more than an RSS reader. It allows you to collect and categorize YouTube accounts.

For example, you can monitor the YouTube accounts of politicians, activists, or anybody else who posts a lot of YouTube videos. You get the latest uploads to their YouTube accounts almost instantly. This continuous stream of updated content can be viewed and played in Feedly and does away with individual manual searches of known YouTube accounts.

Of course, Feedly has other uses, but the YouTube use is the greatest time saver. The time saved can be applied to summarizing the video content and analyzing it in terms of how it relates to your client’s objectives.

Inoreader is another feed reader that can organise YouTube account feeds into folders along with a limited number of feeds from Twitter, Facebook, Google+ and VKontakte. It also allows the user to gather bundles of subscriptions into one RSS feed and export them to another platform to go along with the YouTube content.

Just paste the URL of a YouTube video into Amnesty International’s YouTube Dataviewer to extract metadata from the videos. The tool reveals the exact upload time of a video and provides a thumbnail on which you can do a reverse image search. It also shows any other copies of the video on YouTube. Use this to track down the original video and the first instance of the video on YouTube.

A lot of fake videos appear on YouTube. Anything worth reporting needs to be examined to see if it is a possible fake. The Chrome browser extension Frame by Frame lets you change the playback speed or manually play through the frames. While this is the first step in uncovering a fake, it is however, an easy way to extract images from the video for inclusion into a report.

Of course, you will use the Download Helper browser extension, which is available for both Firefox and Chrome, to help download the videos. Just remember to set the maximum number of ‘concurrent downloads’ and ‘maximum varients’ to 20 and check ‘ignore protected varients’ to speed the process.

To make a long list of videos to download, you can use the browser extension, Copy All Links, or Link Klipper or Copy Links in Chrome, to make a list of the links to every video you find. In addition to using this list in your report, you can turn it into an HTML page and then let Download Helper work away on it for hours by downloading all the videos for you.

Collecting all this video is the easy part. Sitting through all of it to extract useful data and then analysing it to see how it helps or hinders your client’s interests is the painful and expensive part, but it is the only way cook-up what the client wants to eat.

Verbatim

In Google, Verbatim is not a command. If Google misbehaves by including strange terms that have nothing to do with your search statement, or if the search results entirely ignore some of your seach terms, then apply Verbatim to the search results by selecting ‘Search tools’, then ‘All results’  and  finally ‘Verbatim’.  Doing this will force Google to search on all of your terms without dropping any or looking for variations and synonyms.

Darknet Proxy

Normally,  you must connect to the underground network known as the darknet by using the Tor browser to view pages hosted there. I recently found a new way to view pages without the need for the TOR browser. It’s a free service called Tor2Web.

As an example, the DuckDuckGo page on the TOR network is https://3g2upl4pq6kufc4m.onion/. If you try this in your noraml browser, you won’t get anything as this requires use of the Tor browser to connect to the server. If you go to Tor2Web and insert the above link you will connect through the Tor2Web proxy. This is is a pure proxy that forwards requests to the hidden service. Alternatively, you can just add .to to the address of the hidden service as in https://3g2upl4pq6kufc4m.onion.to/.

The Tor2Web site warns that it cannot offer any anonymity for the visitor., saying “both onion.to and the hidden service itself can see the visitor’s IP address, and use browser fingerprinting to track users across different sessions.” However, Tor isn’t as anymous as you might think even when you use the Tor browser.

For something that doesn’t require anonymity this is a quick and simple solution.

Saving Bozo Eruptions

I normally suggest using the WayBack Machine to preserve Bozo Eruptions, but there is another way to do this.

Archive.is takes a ‘snapshot’ of a webpage that will always be online even if the original page disappears. It saves both text and a graphical copy of the page for better accuracy. Saved pages will have no active elements and no scripts, to guard agianst malware. However, the stored page with all images must be smaller than 50Mb. Pages which violate our hoster’s rules (cracks, porn, etc) may be deleted.

Bear in mind that when you archive a page, your IP is being sent to the the website you archive.

This site also shortens URLs of what you archive much like tinyurl, goo.gl and bit.ly do and only supports search by URLs and domains as in the Google or Bing site: command.

A handy bookmarklet button for your toolbar is offered on the site.

When things get complex

Advangle helps you build complex web-search queries in Google and Bing.

You can quickly build a query with multiple parameters (such as the ‘domain’, ‘language’ or ‘date published’) and immediately see the result of this query in Google or Bing search engines. Any condition in a query can be temporarily disabled without removing it to allow you to try several combinations of different conditions and choose the one that works best.

Canadian Criminal Court Documents

The following lists the court documents that you should order when reviewing an accused’s involvement in a criminal prosecution in Canada.

In Canada, the charges are contained in the ‘Information‘. A person must swear under oath that the information about the crimes committed is true. This document usually contains a list of appearances and a synopsis of the verdict. It also identifies the victim and any co-accused.

The Bail or Recognisance will explain the conditions of the accused’s pretrial release. This may identify the sureties, where the accused must live, and other conditions such a a prohibition of having weapons.

Search warrants are a treasure trove of useful information because the police will meticulously explain their need for the warrant. However, court staff often try to prevent you access to these, but they are public record unless sealed by a court order.

Probation orders are like the Bail document in that they set out conditions. However, they also may indicate where the subject lived. In some cases, the probation order will be sent to another province. In that case, you know that during his probation, he was living in that province and a search of criminal court records in that province is indicated to see if he abided by the conditions of his probation.

Exhibits also represent a valuable source of information. Once a case is concluded, you may view the exhibits. Like search warrants, the court staff often tries to deny your access to exhibits. Persevere and demand access to the exhibits and you will eventually get to view them.

Searching Periscope & Meerkat

Periscope, the free iPhone app from Twitter is the clear winner against first-comer Meerkat. Periscope is mobile live streaming that lets the user share what is happening right now and relive it later thanks to the service’s saved streams feature.

At the moment, from the investigator’s perspective, Periscope and Meerkat offer an opportunity to see a lot of useless streaming video if you don’t know how to search effectively. Both are hard to search by keyword or topic–you usually have to search via people.

You can use Getxplore and link your Twitter account to them. This will then allow you to see current Periscope and Meerkat streams and then enter search quires to find the types of streams that you are looking for.

Another option is the Twitter search and programs such as Tweet Deck or Hootsuite which you can setup to constantly pull Periscope and Meerkat streams direct to you dashboard. Simply add #Periscope OR #Meerkat as a search term and now you will have access to every single live-streaming video that is shared to Twitter.

You can refine the search by geography as in  #periscope OR #Meerkat near:”Toronto, Ontario” within:50mi. To further filter results add keywords to make the search even more specific, (#periscope OR #Meerkat) AND (Jays OR Skydome).

OPSEC & Social Network Sites

OPSEC

An investigator can use LinkedIn, Facebook, and other sites to build a profile of someone’s personal and work life, but like so many things in life, this is both good and bad. What might happen if it is done to your business’s employees? How might this hurt your company? Most businesses do not think about this and if they do, they usually consider key executives to be most at risk. This is entirely wrong!

Operational security (OPSEC) is the lens through which to view this risk. View each employee in terms of what he knows and to what he has access. This will change your entire outlook.

The janitor has keys and is in the building alone. Security guards possess sensitive information. The secretary to the VP of Marketing knows when you will launch a new product. Are you starting to get the picture? This leaves the problem of how to analyse the content of sites like LinkedIn and Facebook.

Facebook

For example, Facebook identifies your friends and family, and where they live. It knows your likes and dislikes. It knows your travel destinations. It knows posting habits and posts to which you will respond. All of this creates an OPSEC nightmare.

The Wolfram Alpha Facebook Report lets you see what information Facebook knows about you and your friends. It yields easy-to-understand charts, tables, and graphs in a personalized report.

This needs the account holder to log into Facebook before it will run, however, this will not stop an industrial spy, foreign agent, gangster, or terrorist. In certain dark corners of the Internet, hacking a social media account will cost about $350. Changing the privacy settings is a meagre deterrent. With the hacked account and the Wolfram Alpha Facebook Report, the crook or spy has everything he needs to plan the compromise of an employee.

LinkedIn & Spies

Using LinkedIn, researchers found the personal details of 27,000 intelligence officers that the researchers say are working on surveillance programs. They compiled the records into the ICWatch database, which is searchable by company, title, name, and location.

What might a skilled researcher find regarding your employees?

Solutions

The biggest part of dealing with this OPSEC risk is recognising that it exists. The rest of the solution involves a combination of strict social media policies, non-disclosure agreements, conditions of employment, and employment contracts coupled with employee indoctrination and training.

How to Hide Your Searches from Google

Are you uncomfortable with how much Google knows about you? Google makes a lot of money mining your search history. A Boston-based privacy company Abine has a solution to this problem.

The Blur Private Search service prevents Google from linking a search query to you. Search results appear normally, except your search, IP address, and the links that you click on can’t be identified or connected to you by the search engine. It is easy to set-up and use—you don’t have to sign-up using Gmail or other service. Create an account using a throw-away email address.

Nothing is perfect. Private Search only works with Firefox because Chrome tells Google about everything you do all by itself. It won’t protect you from other search engines like Bing or Yahoo.

ProfileSwitcher

Normally, I don’t use different browser profiles because I might confuse profiles and make a mistake. ProfileSwitcher might change that.

This extension makes it easier to use different profiles in Firefox and Thunderbird. I have installed it successfully in Firefox and Comodo IceDragon, which is based on Firefox.

It adds two items to the File menu to start another profile or the profile manager. From the extension’s preferences, you can choose what to do when you launch another profile. It allows you to choose to close the profile in use or not and if you choose to run the profile manager in safe-mode, the current profile will be always closed. In the options, I set it to display the current profile in the status bar. This allows easier control over the profiles than using the clumsy process offered in Firefox.

On my dedicated research computers, this seems to work quite well. It works in a Virtual Machine (VM) and closing the profile running Hola seems to stop Hola in its tracks.

Accessing Geo-blocked Content with Hola

Many websites confine access permission to specific countries. If you live outside the US, you may get this a lot.

There are three ways around this. The first is using a VPN. The second is using a third-party DNS server. The final method is Hola.

Hola is the easiest method. It comes in the form of a very intrusive browser extension that is free and easily installed. It is available for Chrome and Firefox. Just click the Hola icon in your browser’s toolbar and select a country. It will route your browsing activity through IP addresses in that country.

Remember, I said this thing was intrusive. If you are a professional investigator, you must always keep the rules of evidence (S. 30 & S. 31) in mind. Your computers must be free of malicious code or code that could change the content of the collected evidence. I always run Hola on a clean machine that is separate from other evidence collection. If you use Hola to collect evidence, then you will have to be a very good Internet Eyewitness.

My first objection to Hola for investigators is that it is only available for Windows, Mac OS X, and as an app for Android devices. It is easier and quicker to create a clean machine with Linux.

Secondly, Hola sends your web browsing through other servers. More importantly, it uses your computer’s idle bandwidth for other users. Sharing bandwidth with other users exposes your machine to outside threats other than the websites you visit. I have seen  DNS Spoofing when using Hola that does not happen when using other methods. Unfortunately, you have to prepare for this if you want to route your browsing activity through other locations and not pay anything.

Third, you must disable Hola when not using it. Install it in a separate browser. For example, if you use Firefox for most things, then install Hola in Chrome to access geo-blocked content. When you are finished using Hola, close the browser.

Finally, you must really spend some time rehearsing the visual, logical, and reproducible nature of your testimony. If you do not, then you will not be able to reproduce the process of collecting the evidence in court. Explaining how Hola works is not something I want to do in court if the other side is sharp and scrappy.

Even with all my reservations, I still use Hola, particularly for reconnaissance prior to using other collection methods.

Online Resume Searches

If you are doing a background investigation, then the subject’s employment history is important data. Here are a few sites where a subject may post a resume.

Of course, the first stop is LinkedIn to start getting a handle on the subject’s employment history. Next, go to indeed.com for the US and ca.indeed.com for Canadians. Use the advanced search and enter the subject’s name in the phrase search. Then do the same for all of the words of his name.

Odesk.com is for hiring freelance professionals. Use the search box with ‘freelancers’ selected and search the subject’s name.

Resumebucket.com is an interesting site. I often get better results using the Google site: command and the person’s name than using the site’s search facility.

Beyond.com requires an account to search or you may use the Google site: command with the subject’s name.

You can also search the relevant local craigslist site and use the search facility to search the subjec’t name in quotations. Sometimes you will find brief resumes for people seeking work.

The monster.com job sites have a lot of resumes but you have to pay to search them. If you do enough searching then this is worth the cost.

How to be a Facebook Spy

If you need access to someone’s Facebook profile this is how to accomplish that task.

Set up an appealing Facebook account, then request to be friends of some people friended by the subject. Wait until some of them accept your friend request. With mutual friends in hand, request to be the subject’s Facebook friend. The subject will see that you have mutual friends and he should accept you as a friend. Then you have access to his profile, photos, postings, and perhaps you may find what you need. However, there are a few legal issues to consider.

If you are an Investigator, and your subject is represented, then asking permission to see his or her page is contact with a represented litigant. In Canada, if the opposing litigant is represented by council, then you may not contact him or her in person, by telephone, or electronically. In most cases you have to ask to be listed as a friend to view the subject’s Facebook page. Doing this will be considered improperly making contact with the litigant and whatever you find will be deemed inadmissible.

However, what you find in Google, other search engines, and unrelated Facebook pages may be used as the basis for a motion for the production of the subject’s entire Facebook page as happened in KOURTESIS V. JORIS (2007) O.J. No. 2677 (Sup. Ct.).