Windows Telemetry

In August 2015, Microsoft delivered some ‘optional’ updates to Windows 7 and Windows 8 users (KB3075249, KB3080149 and KB3068708) that would provide the same telemetry data.

To disable this in Win 7 & 8, go to Start and type in services in the search box. Then click on Services. Go down the list in the left-hand pane and select Diagnostics Tracking Service and right click Properties. In Properties change Startup type to Disabled.

Windows 10 comes with the telemetry feature enabled by default and this collects user activity and sends it to Microsoft. Once installed, it looks like there is no way to disable it completely using the Settings app for Home and Pro editions of Windows 10. Only Enterprise users can turn it off by editing the registry. The best practice is to install Win 10 using the Microsoft’s Media Creation tool (see Windows 10 as Spyware) and then confirm that the telemetry is shut-off in the registry.

Due to complaints about Microsoft’s practices, the updates that scrape data from your computer now appear as telemetary updates or as security updates to IE. As more people object, expect these updates to appear in a different guise.

Google-Free Wednesday–Alternatives to Google Services

Perhaps it is time to remind folks that there are alternatives to Google services that are more respectful to your privacy:

  • Startpage.com for searches
  • Duck Duck Go which does not record your search history
  • Disconnect Search is a specialized VPN that lets you search privately using Google, Bing, and Yahoo search engines. No logging of searches, IP addresses, or any other personal info.
  • mailbox.org for email (see The Great Google Escape)
  • Startmail.com for e-mail (a bit more expensive that mailbox.org)
  • Omnicloud from Germany’s Fraunhofer Institute, which allows you to encrypt all data locally before uploading it to the cloud.

Many Vloggers are now scrambling for alternatives because they find themselves at risk of having their YouTube account terminated on a whim. You could be next in this distrubing trend.

OPSEC & Social Network Sites

OPSEC

An investigator can use LinkedIn, Facebook, and other sites to build a profile of someone’s personal and work life, but like so many things in life, this is both good and bad. What might happen if it is done to your business’s employees? How might this hurt your company? Most businesses do not think about this and if they do, they usually consider key executives to be most at risk. This is entirely wrong!

Operational security (OPSEC) is the lens through which to view this risk. View each employee in terms of what he knows and to what he has access. This will change your entire outlook.

The janitor has keys and is in the building alone. Security guards possess sensitive information. The secretary to the VP of Marketing knows when you will launch a new product. Are you starting to get the picture? This leaves the problem of how to analyse the content of sites like LinkedIn and Facebook.

Facebook

For example, Facebook identifies your friends and family, and where they live. It knows your likes and dislikes. It knows your travel destinations. It knows posting habits and posts to which you will respond. All of this creates an OPSEC nightmare.

The Wolfram Alpha Facebook Report lets you see what information Facebook knows about you and your friends. It yields easy-to-understand charts, tables, and graphs in a personalized report.

This needs the account holder to log into Facebook before it will run, however, this will not stop an industrial spy, foreign agent, gangster, or terrorist. In certain dark corners of the Internet, hacking a social media account will cost about $350. Changing the privacy settings is a meagre deterrent. With the hacked account and the Wolfram Alpha Facebook Report, the crook or spy has everything he needs to plan the compromise of an employee.

LinkedIn & Spies

Using LinkedIn, researchers found the personal details of 27,000 intelligence officers that the researchers say are working on surveillance programs. They compiled the records into the ICWatch database, which is searchable by company, title, name, and location.

What might a skilled researcher find regarding your employees?

Solutions

The biggest part of dealing with this OPSEC risk is recognising that it exists. The rest of the solution involves a combination of strict social media policies, non-disclosure agreements, conditions of employment, and employment contracts coupled with employee indoctrination and training.

Damnable Hyperlinks

Eliminating Hyperlinks in Word

If you create reports that include material obtained from the Internet, then you must hate hyperlinks. If you don’t, then you’re not normal.

Think about it. You create a report in Word and send it to someone. They follow a link to one of the darkest, dankest parts of the Internet and come away with some hideous and unmentionable cyber disease. The disease spreads like wildfire. Everybody blames the outbreak of the hideous and unmentionable plague on you!

Now, think some more. Should you include a warning about following links in your reports? Should you remove the links? Should you include a warning about visiting URL’s in reports? My answer to these questions is, yes. I have first-hand experience. No, you may not ask about the details.

MS Word is obtuse. It hides the most needed features. Why did they make this thing so obtuse?

To copy all that stuff into Word without the hyperlinks is a chore if you use the obvious means of pasting as text only without any formatting. Unfortunately, this usually creates an unreadable mess. There are several different ways to eliminate hyperlinks in text pasted into Word. The scut work of removing hyperlinks individually takes forever, and you are certain to miss some.

Here is my ‘keyboard komando’ solution to this problem. Select the entire document using Ctrl+A. Careful now; this is a good way to erase the document if you press the wrong keys. If that happens use the undo command.

Next, press Ctrl+Shift+F9 and presto chango you are now a ‘keyboard komando’. You have eliminated all the hyperlinks in the document. Now save the document using Ctrl+S.

A far as I can tell, this works in Word 2003 through 2010.

Online Resume Searches

If you are doing a background investigation, then the subject’s employment history is important data. Here are a few sites where a subject may post a resume.

Of course, the first stop is LinkedIn to start getting a handle on the subject’s employment history. Next, go to indeed.com for the US and ca.indeed.com for Canadians. Use the advanced search and enter the subject’s name in the phrase search. Then do the same for all of the words of his name.

Odesk.com is for hiring freelance professionals. Use the search box with ‘freelancers’ selected and search the subject’s name.

Resumebucket.com is an interesting site. I often get better results using the Google site: command and the person’s name than using the site’s search facility.

Beyond.com requires an account to search or you may use the Google site: command with the subject’s name.

You can also search the relevant local craigslist site and use the search facility to search the subjec’t name in quotations. Sometimes you will find brief resumes for people seeking work.

The monster.com job sites have a lot of resumes but you have to pay to search them. If you do enough searching then this is worth the cost.

The Strange Case of Juicejacking

Have you ever seen people recharging their mobile phones at a public recharging station in an airport or shopping mall? They no doubt do this to avoid the severe symptoms of Twitter and texting withdrawal.

Don’t they realize that their mobile phone adaptor USB cable is a combination power-and-data connection? Plugging your phone into an untrusted USB cable is just plain stupid. Letting a stranger plug their phone into one of your USB ports is just plain stupid too.

Take a minute to think about the treasure trove of data on that smart phone. Your smart phone has more computing power and memory than my first three computers combined. Your digital and communications life history is on that thing.

When charging your phone from an unknown USB port, use a power-only USB cable. USB plugs have four or five connecting wires. The outermost two are for power. If your cable has two or three of the inner wires missing, then it can’t carry data, only power. This will slow the charging as the data wires allow the phone to control the charging amperage to get it above the minimum 100mA. Never trust a USB cable given to you by a helpful stranger, as a visual inspection will not reveal if it is power-only or power and data (I’ve tested this with a lot of people and over 90% got it wrong). To speed charging in a secure manner, use the charging adapter that came with the phone, not the data connection.

You can increase your security by configuring your device to require a password for all data-transfer features of the charging port. This stops synchronizing your data with another device unless you authorize it. This is good practice, but don’t rely on it if you are hooked-up to a hostile device. Don’t rely on shutting-off the phone as a protection either. It is hard to determine how much of the phone is truly powered-down. Even if the phone is powered-down, a USB connection may provide the hostile device an avenue to the memory card.

If you are in a foreign hotel and don’t have an adapter, please don’t get one from the concierge as you never know where it has been—like maybe to that country’s intelligence agency. I recently encountered a case where the helpful concierge provided an extremely effective and hostile power adapter probably engineered by either a moneyed industrial spy or the host county’s intelligence agency. Most national intelligence agencies conduct economic and industrial espionage— don’t be offended by this, be cautious, don’t take your entire life history with you on that smart phone, and don’t get juicejacked.

Sources & Methods for Investigative Internet Research

You might have noticed fewer posts lately. This is due to the time it takes to edit my forthcoming book, Sources & Methods for Investigative Internet Research, which will be published in the coming months.

A sub-title for the book might be (if I believed in sub-titles):

What They Don’t Teach in Private Investigator School

For the last 20 years the author has been a leading provider of Investigative Internet Research to Private Investigators. This book presents what the author has learned and applied, but perhaps of more importance, based upon the author’s extensive experience, it addresses what Private Investigators don’t know about Investigative Internet Research and its reporting.

However, the reader doesn’t need to be a Private Investigator to benefit from this book. The investigative process does not belong solely to the Private Investigator. Investigation is at the heart of every human activity. Scholars investigate. Antique dealers and appraisers investigate. Investors investigate. Medical Doctors investigate. In one way or another, we all investigate something or other using the Internet.

To investigate is to seek a solution. This book is about how to turn Investigative Internet Research into a solution. Let this book guide you to the following:

  • Techniques that focus and refine your search results
  • The best sources to use for searching
  • How to conduct anonymous Internet searching
  • How to conduct “safe searching” – being anonymous isn’t enough
  • How to document the search process for use as evidence
  • How to evaluate the quality of what you find
  • The best practices to preserve and organise your data for reporting.
  • How to use Microsoft Office in the most efficient manner to produce a superior report.
  • Sources, methods, tips and tricks learned over 20 years

Investigative Internet Research Workshop

On Thursday, March 15, 2012, we will be hosting an Investigative Internet Research workshop in Ottawa.

Working in collaboration with Keynorth Professional Services Group Inc., we designed this introductory course based on the feedback our respective firms have received from Private Investigators and and other professionals who must conduct investigative research. It is a compact, eight hour workshop that introduces students to what the Investigator must know to properly begin integrating Internet research into the investigative process.

We will offer more advanced courses in the future; however, as an introduction, this workshop will allow students to take away immediately usable skills and knowledge. While we’re offering this first intensive course in Ottawa, we will be taking it to Toronto in the near future.

For further details about the course, please click on this link: IIR Course Information. Please contact us if you have any questions.

 

A New Year & New Markets

This past year has been difficult due to the economic upheaval that has seen some of our largest clients suffer financial set-backs. This has meant we have had to make adjustments. We have had to find new markets and develop new products.

The first developing market that we have found is for training.  In the past two years we have attended many seminars by U.S. based presenters. While they all had something unique and valuable to offer, we noticed that they know very little about Canada and its laws. This  usually means critical details are wrong in their sources and methodology. This is not a small thing for the individual or company paying to learn something that turns out to be impossible in Canada.

The second developing market is Investigative Internet Research (IIR).  Investigators are now starting to understand that conducting research using the Internet is not just a matter of a simple Google or Facebook search.  Unfortunately, they don’t yet know how to best explain this to clients or how to price and sell this service. In the new year, we will be offering IIR reports that will help both our Private Investigator clients and their end-users with these problems.  These reports clearly identify the sources used, along with the significance of the reported data. Of course, we report our methods to illustrate that no impropriety occured in the collection of the data and to show the sophisticated effort and tools used to collect the data.

 

Changes to Canadian Pardons

Clarification on Bill C-23A

There is some confusion going around about Bill C-23. It was split into two parts, and because the second part, C-23B, has been the most debated, people associate C-23A, which received Royal Assent on 29 Jun 2010, with the changes proposed by C-23B, which has not yet been made law.

Bill C-23A only covers certain aspects of the full bill, while C-23B covers the bulk of the changes. Part A, which has been made law, covers the following:

1.    Lengthens pardon waiting periods from 3 years to 5 years and from 5 years to 10 years for certain crimes.

2.    Puts the onus on the applicant for proving that a pardon would bring them measurable benefit.

3.    Gives the Parole Board of Canada more discretion for granting pardon applications.

Bill C-23B will bring a few more changes, but for now, these are the basic changes that have already taken place. C-23B is scheduled for its third reading on March 24th and will undergo clause by clause consideration in April. For more information on these changes, please visit: http://www.canadianpardons.ca/. The Pardon & Waiver Wiki and Blog pages should be very  useful if you need to understand the Pardon and Waiver process in Canada.

We’ve Moved

Pitfalls of Shared Web Hosting

We are on a new web host. They are better than the last bunch. However I have some observations about shared hosting companies in general.

  • All such companies make promises they don’t keep. If a web host says they will move your site — it won’t happen or they will mess it up. You will have to do it yourself or hire a professional to complete the move.
  • Email will be a headache. Nobody tells you how to access your email unless you use Outlook or Thunderbird. They say you are incompetent if you don’t use one of these two email clients.
  • Small problems turn into big problems because of the interaction between ISP, web host, and client software.
  • Web hosting companies, ISP’s, etc., etc., all think they are alone in the world and rarely make any effort to understand how to interact in a productive way. If they do make the effort, they seem unable to communicate to their customers how to make thing work together.
  • Extensive investigation to find the causes of problems is your job, even if the web host caused the problem.
  • Answering a support request in an unhelpful manner is worse than not answering.
  • Web host operations think they are selling technology to geeks, when in reality, they are selling a service to ordinary people with some technical knowledge. They don’t understand that a service is something that takes away the customer’s pain rather than adding to it.