Archive for the 'Social Sites' Category

Finding Bozo Eruptions on Twitter

On Tuesday, 18 Nov 2014, Twitter announced that it has finished indexing every public tweet ever made since the social networking service launched in 2006.

Fortunately for investigators, Twitter does not provide bulk deletion. This means that most people will not take the time to examine their Tweets for Bozo Eruptions. However, batch deletions are possible, by using third-party sites like Tweet Deleter, Tweet Eraser and TwitWipe. If someone deletes some Tweets, Twitter admits that “Deleted tweets sometimes hang out in Twitter search, [but] they will clear with time.” Unfortunately, when a user deletes a tweet, it eventually disappears from Twitter’s search results, as well as from any accounts that follow the account along with any retweets of the deleted tweet.

Fear not intrepid investigator, fore hope and a lot of searching might uncover someone who copied into his own tweet a deleted tweet, which will remain as will any tweets quoted on sites elsewhere.

Motherpipe

Do you want a search engine that does the following:

  • doesn’t keep details on what you are searching for
  • doesn’t store your IP address
  • doesn’t use cookies
  • doesn’t track you
  • doesn’t send your search term to the site you clicked on
  • doesn’t store or share your search history
  • doesn’t share your personal information
  • doesn’t have servers in the U.S.A.
  • doesn’t hide the search results amongst a deluge of ads

Try Motherpipe. It operates privacy oriented search engines at motherpipe.com, motherpipe.co.uk, motherpipe.de and motherpipe.se that don’t do things I don’t want done.

It gets its data from Yahoo!Bing. It offers the search operators “site:” and Boolean operators “AND” and “OR“. It also searches Twitter anonymously.

Black Suits & Dark Glasses

I went to a meeting with a client to help solve a problem one of his customers was having. Sitting in the reception area, I witnessed a wondrous spectacle. In struts a guy in a black suit wearing dark glasses and earwig. He looks around ominously and then talks into his sleeve. Next, the great man enters surrounded by a phalanx of black suits, dark glasses, and earwigs. This is Canada. Private bodyguards don’t exist here. They are just for show-offs who like to look important or for those tricked into hiring some feckless cannon fodder.

It turned out that this was the guy with the problem. My client realised that he was ineptly handling the symptoms rather than treating the disease. He had received threats. He had suffered vandalism to his home and car. He couldn’t in any way identify his persecutor. However, he was a senior executive of a company in an industry that sometimes attracts threats and acts of violence.

When the great man was asked how he had received the threat, he said that he received it on his unlisted cell phone, so it must be a serious threat perpetrated by dangerous people. I Googled the cell phone number. Lo and behold, there it was in a Kijiji ad for some stuff he was selling. The picture of the stuff included the front of his house and enough of his car to identify its make, model, and colour.

His name appeared on the title for his house along with that of his wife. Searching his name in social media sites, I was able to identify his children and wife. I found that his son went to hockey practice at the arena where his car was vandalised.

In half an hour I learned where he lived, his cell phone number, identified his family, where his children went to school, and learned his son’s hockey schedule. More importantly, the social media content related to his family members also identified him. This led me to conclude that it was possible that he was not the target. Of course, the wife and kids didn’t have bodyguards.

Each of his bodyguards was questioned regarding their training and experience. It wasn’t surprising to me that they were repurposed security guards with no training. The agency providing the bodyguards did not conduct any investigation nor did the client’s employer.

Without any idea who in the family was being targeted, new security arrangements were made. The house and office got uniformed security guards. The client and his wife got reliable security drivers. We put in place new security arrangements for the children. All social media content was expunged. I ensured that the police and telephone company became involved.

Further investigation produced a list of suspects. The police tied one of these to the vandalism of the client’s car. Police interrogation led to a confession. The offender turned out to be the teenage daughter’s jilted suitor who was also a player on a rival hockey team.

How to Use Boolean to Improve Social Media Monitoring

Twitter and Boolean Searching

Twitter has a robust search facility  that includes Boolean search operators. Twitter Support provides the following table of search operators.

Twitter defaults to the AND operator when you include search terms to the search statement. Don’t forget to use the -sign for NOT to eliminate search terms and OR to broaden the search. To get the results that you really want, you can filter the search results using the selections on the left side of the results page or you can start your search on the Advanced search page. Always search for variations of hashtags, spellings, and sentiment words in order to capture the largest number of tweets possible.

Unearthing a GeoSocial Footprint

I try to learn something every day. Today, I learned about GeoSocial Footprints. A geosocial footprint is the combined bits of location information that a user divulges through social media. Now I had to learn an easy way to unearth someone’s geosocial footprint.

First, I had to find an easy way to uncover which social media (SM) a person uses. To do that, I found an add-on for Firefox called Identify. This extension used to help you explore an individual’s web identity across SM sites. However, it is not compatible with V. 26 or later. It was also not compatible with Comodo IceDragon.

That left me with trying Hoverme. This is an add-on for Chrome that provides a SM profile when you mouse a name on SM sites. You will supposedly be able to view the social web profile of the subject by mousing over the profile picture in Facebook, etc.. It should provide links to the person’s profiles on sites such as Facebook, LinkedIn, Delicious, etc..

I tried installing it in Comodo Dragon, which is built on the open source Chrome browser and doesn’t phone home to Google like Chrome. Unfortunately, Hoverme needs the Kynetx browser extension that many apps require. It’s like Greasemonkey for Firefox, but to install this you need to set-up an account or use Facebook or Google to sign-in. This means I might be giving away too much information. This also means that to collect evidence safely, I will have to install it on a sandbox machine or in a VM and then do my main collection on another machine. I would do this because I don’t know what Kynetx might be doing to the machine that is collecting the evidence and I don’t know what information this might be giving away to unknown parties.

I guess it’s back to good old-fashioned Investigative Internet Research to uncover which SM sites someone uses. From there, I will have to figure-out how to collect, collate, validate, and explain all this geosocial footprint stuff.

Veracity of Online Images & Video

My mother advised me not to believe everything I read remains true today as it was 50 years ago. Today, this advice extends to online video and images.

Hoax imagery and video abounds online. A fake video of an eagle trying to fly off with an infant in a Montreal park is only one example. Students at the National Animation and Design Centre created this ‘Golden Eagle Snatches Kid’ video. Their skill was impressive. It took a frame-by-frame analysis to uncover the fake. Frames that lacked the eagle’s shadow revealed it to be a hoax.

Free editing software like VLC Media Player or Avidemux Video Editor can help split video into frames, but locating and investigating the person who posted the video proves more productive in most cases. The following is a short outline of how I approach this problem.

First, start listing the places you find the item and user names that posted it. Look for the first instance of the item by filtering by date. Try to find the first instance as this may be the original and the original poster of the item. Compare video thumbnails to find the earliest and largest as that may be the original. Search the thumbnails in Google Image Search, TinEye, and Bing. However, searching TinEye, et al, will require an image with high contrast and distinctive colour combinations.

Next, try to identify the person who first posted it. Sometimes, discovering the creator of the item is easy because it was posted on a Facebook page or on YouTube, but usually it was just duplicated there and originates elsewhere. Search all text associated with the item—tags, descriptions, user names. Use everything as search terms. Search all the user names to identify the people. Use sites to LinkedIn, Facebook, etc., to get a feel for the background of the people you may later contact.

Once you have found the likely source of the item, examine and question the source to establish his reliability. You need to engage this person to establish that he created the video or image and that it isn’t a hoax or an altered version of something he still possesses.

Social Media Early Warning System

Today, Social Media (SM) informs about emergencies, scandals, and controversial events before the traditional media. The news media has become a second source that tries to improve the signal to noise ratio.

Using SM as an early warning system isn’t a new idea, but few organisations actually do it because they never get around to creating an organised process for this function.

How to Create a SM Early Warning System

I start the process by first identifying the subject matter that I need in my early warning system and what informational role it will play. This includes identifying who will receive its output and who must act upon its output.

Carefully plan how you will communicate with the rest of your organisation. This needs to include an emergency distribution list with alternative distribution methods if normal communication methods start to break down.

The people who must act upon your information must trust that you will give them timely and accurate information. They must also know what you won’t provide. Gaining ths trust and understanding will take time and good old-fashioned salesmanship.

Next, I start identifying sources that provide reliable information that I then store, aggregate, and evaluate. As these sources become more trusted, I begin grouping them by topic, special knowledge, geography, and other factors. I then start asking them for more contacts that are equally reliable. To manage my contacts or sources, I build Twitter Lists, Facebook Interest Lists, Google Plus Circles, and use other similar list tools.

I contact my sources by email, Skype, and other means to build a relationship based upon trust and common interests. I note their strengths, weaknesses, skills, contacts, biases, and other relevant characteristics. It is important for me to treat all my contacts with respect and to view them as colleagues, rather than people to order about. I also act as a source to all my contacts as this isn`t a one-way street. I make it clear that I am looking for help rather than someone circulating rumors and misinformation. I do this by letting my contacts know what I do and do not know while steering clear of all inflammatory aspects of the topic as SM tends to amplify these without adding factual data.

I have seen many attempts to use SM for this fail once they realise that for this to work, it must be a collaborative effort. They don`t want to give as much as they receive as that requires too much effort, trust, and organisation.

To organise a SM early warning system you need to start a decision tree that allows you to go through the research, evaluation, and verification process in a logical and orderly manner without missing any steps. Design the process to identify the original content source or creator, verify that it represents events truthfully, and that the context of the content is not intended to mislead the viewer.

Use your favourite flow-chart software to make a decision tree suitable for the type of content and SM that you typically handle. Keep it simple. Start with only yes/no decisions. Each person on the team should add to the decision tree for their tasks as they learn new sources and methods.

Divide the decision tree into three components. First, identify the original poster or creator of the content. Second, investigate the source or creator of the content to help determine his reliability, biases, and online history. Third, investigate the content itself for defects that indicate that it is a fake, an intentional hoax, or some form of propaganda.

Over time, the decision tree and its supporting documentation will make your team seem super-human in its ability to wade through large volumes of complex material to expose fakers and reveal the true story.

WebMii

I have written about pipl.com before and often find it useful when I am trying to track-down people. Unfortunately, its usefulness is limited if the subject person lives outside the U.S.A..

When searching people outside the US, I turn to WebMii. This has data sets for specific countries which you can select or you can select all by selecting ‘International’  as the region.

You may also search by keywords to get a list of people associated with the keywords. However, this has never worked for anything I have searched. Searching by company or brand name often returns useful results, but selecting a region failed to change the results in any search that I have done.

Trolling RSS Feeds

RSS (Rich Site Summary) is a format for delivering regularly changing web content. Many news-related sites, blogs and other online publishers syndicate their content as an RSS Feed to whoever wants it.

I have written quite a lot about RSS in the past. The following are my choices for both installation on a PC and for a web-based reader.

RSSOwl

RSSOwl is cross-platform as it’s Java-based. It handles RSS, Atom and RDF in terms of feed formats. You must have Java installed, no matter where you run it. It cooperates with Firefox to add feeds to RSSOwl from the browser. Just go to the feed and copy the URL then go to RSSOwl and click on add feed and it knows where to find the feed. You can also drag and drop Feeds from Firefox into RSSOwl. RSS Owl has an embedded web browser, so you don’t have to open up a separate browser window to view links or to view the full version of feed items that are shortened. You do have to set this up under “Browser” in the Preferences menu option. Choose to Default to the Embedded Browser. To get the RSSOwl embedded browser to work properly with OneNote so that it includes the URL in pasted items, you must enable Java Script. I do not recommend doing this except on an isolated machine otherwise, malicious Java Script code could cause serious problems.

RssBandit

When I need to collect video and podcasts from RSS feeds, I turn to RssBandit. The embedded browser is MS Internet Explorer, therefore, it includes the pertinent URL when you copy to OneNote as the embedded browser is the same.

This is my favorite RSS reader overall, though, I have experienced occasional problems with exporting feeds for another implementation of the reader. This problem seems to stem from differences in the underlying OS on the importing computer. It can be an irritation when starting a project with tight deadlines.

RSSOwl has an edge for a group of researching working in a collaborative environment as it is easier to set-up and distribute to the group.

Web-based RSS Reader

The two most popular seem to be Feedly and Inoreader readers that offers similar features and options.

Inoreader offers secure HTTPS access and over 40 different customization options. If I must use a web-based reader this is the one.

I refuse to use Feedly because extensions like NoScript, Adblock, HTTPS Everywhere, etc. prevent the site from loading. I never use sites infested with stuff that my normal suite of extensions prevents from loading. You only have to encounter one ad with malicious code to cost you many hours of work to purge the problem code from your machine.

Social Media Monitoring for Security Departments

A client that operates a security guard company called recently to ask a question spawned by a structure fire near one of the buildings his company guarded. He wanted to know if his guard posts could monitor the news and social media for events near the sites that they guard. All these sites have high-speed internet access. Continue reading ‘Social Media Monitoring for Security Departments’

Jotpix

jotpix.com is a search tool for finding geotagged Flickr, Panoramio, Picasa, & YouTube.Searching is done by entering a place name and a keyword. However, Panoramio does not support search by keyword or time and Picasa does not support search by time.

In practice, this is not a very useful tool.

Geo-locating Images

MyPicsMap.com allows viewing Flickr photos on a fullscreen Google map. To view photos of a  particular Flickr user just enter the username.

loc.alize.us provides the geo-location of photographs uploaded to Flickr. You can search by username, tags, and sort them by date. It uses satellite imagery is provided by Google.

Bizarre Social Networks

Hundreds of different social networks exist. Some social network sites are downright strange and some are really suspicious. There seems to one for every demographic from people with allergies to those interested in zen.

For example, DateMyPet.com is for people who want to date someone based upon the pet they own. You never know when someone might be allergic to Fluffy. FarmersOnly.com is an online dating network that pairs rural couple seeking mates. My favorite is MyFreeImplants.com which facilitates crowd-funding for women raising funds for breast implants.

As always, practice safe social networking.

AccountKiller

From Activision to NuddistConnect.com to Zattoo, the AccountKiller database of more than 500 sites has links to each one’s deletion page. It offers instructions to remove your account or public profile on most popular social media sites. If you want to create an account it has a Blacklist of sites that don’t let you remove your profile.

You can also use this site to find sites to search for information on your subject. Start in the blacklisted sites as the subject will have a very hard time to delete his profile on these sites.

If you are trying to erase yourself or a client from the Internet, then you will need more that this site to accomplish your goal. Beware, it may be better to edit the profile and leave it in place — this is particularly important with some sites like Twitter.

Map my flickr

mapmyflickr.com allows you to search flickr images by geotag, place, Flickr username, etc. and view the geotagged photos on Google Maps or Google Earth.