File erasure is something every Investigator needs to consider. Investigators collect a lot of data that never makes into a report. Sometimes that data is irrelvant or something that cannot be reported. That stuff should not be left hanging around to be recovered later and then missused. Some form of file erasure software should be used to make it unrecoverable.
Some examples of file erasure software:
Google isn’t a search engine — it’s an advertising engine. Google makes its money from advertising. You may have noticed that the advertisments that appear on your Google search results page is related to what you are searching.
Some of this advertising results from cookies placed on your computer. If you use Gmail, it is even more intrusive as each email is read, and you get ads associated with the content of your email. This is a good business strategy for Google but intrudes upon the user’s privacy. You should shut-off the collection of web history in your Google account. To do this sign into your Google account and then go to http://google.com/history. Once there, click on Remove all Web History and then click on Pause to stop further collection of your web history. There is also a way to rid yourself of the intrusive monitoring of you normal web searching.
Google uses DoubleClick to monitor your web browsing. To eliminate this monitoring go to http://google.com/ads/preferences/plugin and download this small file for each browser that you use. The instalation prceedure will vary with each browser. This file won’t disappear when you use a file wiping program to clearout all the trash web browsing accumulates.
Most people give up a frightening amount of information in a very short period of time during their social interactions, both on social media and in person. Marital status, children, hometowns, schools, and more are the nuggets of information given out which can end-up in the wrong hands.
Safe topics for making conversation with strangers is not your job, but rather a “safe” hobby, like woodworking, sports, or local history. It’s good to avoid politics and religion.
Most privacy conscious Investigators create a throwaway profile. They learn about something that is not related to their identifying features – cooking, gardening, fishing, etc. – and know enough to pass as a amateur enthusiast. This becomes the first-contact profile used to evaluate a stranger.
The Citizen’s Arrest and Self-defence Act comes into full force on March 11, 2013. The act may be found at http://laws-lois.justice.gc.ca/eng/AnnualStatutes/2012_9/FullText.html and some background on the act may be found at http://www.justice.gc.ca/eng/news-nouv/nr-cp/2012/doc_32762.html.
The Canada Gazette entry regarding the act coming into effect may be found at http://gazette.gc.ca/rp-pr/p2/2013/2013-02-13/html/si-tr5-eng.html.
A browser extension for Firefox called Disconnect disables tracking by Google, Facebook, and Digg. The same firm provides the Collusion extension for Chrome and Safari that does the same thing.
Disconnect provides more more protection than the Do Not Track feature in the browser. Firefox, Internet Explorer (9 and later versions), and Safari have Do Not Track privacy options that you may enable. However, implementation of Do Not Track is voluntary on the part of the websites you visit. Disconnect and Collusion stops tracking on all sites.
Once you acquire good research skills, you can apply those skills to support many endeavors. Recently, I have been doing risk assessment matrices for Business Continuity and Emergency Response planning.
One such job involved identifying the risks to a Business Continuity site. This site was in a rural area outside a large city. I collected the usual maps, aerial imagery, and satellite imagery of the site. This revealed a zoo was nearby. This led to the examination of a risk that few would normally consider — wild animals.
While the predatory carnivores such as lions and tigers seemed to be the greatest risk, we also learned that the large non-carnivores owned by zoos and feral livestock can be very destructive, especially to the fencing intended to keep out the carnivores.
You might not think this would be a risk, but just think of why a Business Continuity site might be in full operation and the risk become obvious. It would be operating due to a black swan event and that would probably entail the failure of normal utilities and services. Many of these animals would eventually escape due to broken fencing or be released to fend for themselves. The prospect of a number of large cats or grizzly bears loose near the site sparked a search for some very strong fencing.
This led us to examine which animals would be the most dangerous over a two year period. The most dangerous animals soon after a catastrophe would be feral dog packs followed by any domesticated pigs let loose and feral hogs. Neither of these animals are afraid of people and in a major disaster they might resort to feeding on corpses which would make a living person also look like a good meal. Hogs and pigs also represented the biggest risk to the fencing.
After the dogs and hogs, the greatest risk seemed to be Grizzly Bears. These animals are dangerous predators that are not afraid of man and they are adapted to the North American climate. The next was the lions and tigers. Next came the lesser cats and canids if they escaped from the zoo. In the two year span none of these zoo animals seemed to present a great risk if recent history in war zones is any guide.
Along with the dogs and hogs, it seemed that vermin such as rats and mice would be the constant threats, not the exotic creatures from the zoo.
The news about madmen shooting people in the U.S.A. raises the issue of planning for such an event. Here is an excellent video that offers sound advise on how to deal with this on a personal level.
I recently assisted a family that suffered from the actions of a small group of misguided, radical, and dangerously fanatical persecutors who use the Internet as a force multiplier. This campaign degenerated into a violent attack on the children. Fortunately, the family has the support of the employer. The provided security driver got the children to safety before the attackers caused any serious injuries or death.
The family can’t sell their city home because of the risk this would pose to the new owners. Their country property was located by the radicals and the onslaught of harassment, vandalism, and arson started again. After vacating the country property, it must now be guarded around the clock like the vacant city home.
This type of crowd-sourced attack is something that executives and security professionals must deal with before it occurs. People who might be exposed to this risk will have to go through their lives to find the leads that motivated persecutors will use to find them. These leads will have to be removed, made irrelevant, or altered. This is not a small task and it is very difficult to do when things are peaceful. Doing it while under attack might be impossible because the attackers probably possess the data you would seek to remove or obscure.
A good investigation can be derailed by tracking cookies. Disable cookies when doing an investigation. Here are some detailed instructions on how disable cookies in the most common web browsers:
Both Yahoo and Google offer an encryption option in their IM clients, but they have full access to the original content as they handle the encryption.
Your best bet for secure IM communication is to use Pidgin for Windows or Adium for the Mac OSX. Both programs have an encryption that uses 256-bit AES that is applied before the message is sent through the IM service. They work with all major IM servers and offer other useful features:
For low-risk communications using web-based “secure” e-mail services that encrypt your messages before sending might be reasonable. However, when a third-party service or server is used the email isn’t really secure. If the email represents a low risk to the sender, then some security is better than no security. Some “secure” email services to check out:
The best solution is to encrypt messages yourself before sending them. This can easily be done using MEO Encryption which can be used with your existing e-mail provider. The message can be sent as a self-extracting executable file so that the recipient doesn’t need any software to open the message. The sender will need to communicate the password to the recipient.
Another encryption option is an public-key system like PGP. This is much more secure. However, Symantic now owns this and that means it will become difficult to use and expensive. Managing the keys is the problem with any public key encryption, but it is the most secure if used properly. If a public-key system is used, everybody needs to learn how to use it and how to find and control the public keys.
Rule #3, always use encryption when communicating.
Every e-mail message will go through numerous servers before it is delivered. At any step in that route the message may be read or copied. Rule #1, if you don’t want it overheard or read, don’t say or write it, might be your best course of action. If the risks involved warrant exchanging the information by email or other internet-based method, then you can start with file exchanges.
Using an encrypted third party service adds an unknown level of risk, so I just don’t use such services.
To exchange encrypted files with others, there are some free solutions that offer encryption. However, the recipient also needs the same software along with the password to decrypt the files, unless the encrypted file is in a self extracting file like the ones produced by MEO Encryption.
The next article in this series will deal with email communications.
If you are starting to employ encryption for the first time on a computer, then you must do so on drives that do not have any readable data. Specialised software exists to examine hard drives and extract otherwise invisible data. This can also be done if the drive has been overwritten up to seven times. Copies of what you want to protect might be sitting there for the data thief or other snoop to read. Continue reading ‘Rule Two – Privacy & Security’
I am not a data security expert, but I have spent many hours a day for almost two decades using the internet and watching it evolve. During that time, I have also observed the growing number of snoops monitoring everything we do when we communicate and conduct research.
The following should help you maintain the small amount of privacy we have left when it comes to the data on our computers and in our online activities. However, there is no such thing as absolute privacy or security. Encryption can be broken if enough resources are committed to the effort.
There are three rules regarding privacy and security for computer and internet users:
- if you don’t want it overheard or read, don’t say or write it
- always start using disk encryption on an utterly clean machine, and
- always use encryption when communicating.
The first rule should be obvious, but I am always surprised at how lazy, thoughtless, and undisciplined people can be.
The second rule is a necessity. Erasing files or formatting a drive does not remove the data from the hard drive. If it is a flash drive, then there is no effective way to remove the data.
If your machine has a normal hard drive, then use Boot and Nuke. Create a CD or DVD from the downloaded .iso file, and then re-boot using that disc to wipe clean the hard drive to DoD/NSA over-writing standards.
If you simply encrypt data already on the hard drive, then remnants of the data may still be readable on the drive. The next article will deal with encrypting a large number of files or drive partitions.