Damnable Hyperlinks–Part II

In my last article on this topic, I asked the following questions:

  • Should you include a warning about following links in your reports?
  • Should you include a warning about visiting URLs in reports?
  • Should you remove the links?

My answer is yes to all these questions. The content at the linked sites may not only change–it might plant malicious code on any computers used to visit it. This is more common than most private investigators recognise or admit. My research computers are almost immune to this but most other people do not go to the extremes that I do to avoid malicious code.

I do not like sending Word documents to clients. I much prefer sending PDF files. Unfortunately, much of my work is part of larger projects and the Word file allows a client to incorporate my work into other documents.

Sending Word documents has many risks but doing so is unavoidable in many cases. This leaves the investigator in a tight spot if he does not warn the recipient about the risks associated with visiting the links in the report. In addition to written warnings at the start of all reports, I now remove all links using Ctrl+Shift+F9. After being duly warned, to go to his doom, the reader must do more than just click a link.

I now include the following warning under the heading of Security Warning.

Warning about visiting reported links and URLs

All Universal Resource Locators (URL) or hyperlinks (links) cited in this report only report where we found data. We do not attest to the safety or security of any internet site or URL. Nor do we evaluate the security implications of visiting any URL.

Do not visit any cited URL or link without understanding the security risk of doing so. We only report the content associated with links, URLs, and Internet sites. You may compromise the security of your computer system and network by visiting URLs or links in this report.

If I recognise a site as an attack site or one that includes dubious code, I do report it, however, I have never had a request from a client that we evaluate the security risks of the sites from which I collect data. If I received such a request, I would turn away the job, as I do not have the expert staff to perform such complicated work.

Self-Destructing Cookies

Maintaining privacy during online research is as important as avoiding malicious code. Privacy begins with properly configuring the browser and installing the best oddons (for Firefox) such as HTTPS Everywhere and Self-Destructing Cookies (SDC).

SDC establishes a new cookie policy within your browser. It automatically removes cookies when an open browser tab no longer uses them. With this installed, cookies only identify you while you actually use them and they cannot stalk you across the entire web. It detects tracking cookies by their behaviour and removes them immediately—it doesn’t use a blacklist. SDC complements blacklist-based solutions such as Adblock and Ghostery. It also allows you to whitelist cookies from sites that you trust. Just remember, SDC’s whitelist is stored in site preferences. If you want to keep the whitelist from session to session, you must adjust your settings if you selected Clear History when Firefox closes. SDC does not work at all in private browsing mode.

This is a moderately complicated addon that requires the user to understand browser settings and how the browser handles cookies. Reading the addon documentation is required.

Damnable Hyperlinks

Eliminating Hyperlinks in Word

If you create reports that include material obtained from the Internet, then you must hate hyperlinks. If you don’t, then you’re not normal.

Think about it. You create a report in Word and send it to someone. They follow a link to one of the darkest, dankest parts of the Internet and come away with some hideous and unmentionable cyber disease. The disease spreads like wildfire. Everybody blames the outbreak of the hideous and unmentionable plague on you!

Now, think some more. Should you include a warning about following links in your reports? Should you remove the links? Should you include a warning about visiting URL’s in reports? My answer to these questions is, yes. I have first-hand experience. No, you may not ask about the details.

MS Word is obtuse. It hides the most needed features. Why did they make this thing so obtuse?

To copy all that stuff into Word without the hyperlinks is a chore if you use the obvious means of pasting as text only without any formatting. Unfortunately, this usually creates an unreadable mess. There are several different ways to eliminate hyperlinks in text pasted into Word. The scut work of removing hyperlinks individually takes forever, and you are certain to miss some.

Here is my ‘keyboard komando’ solution to this problem. Select the entire document using Ctrl+A. Careful now; this is a good way to erase the document if you press the wrong keys. If that happens use the undo command.

Next, press Ctrl+Shift+F9 and presto chango you are now a ‘keyboard komando’. You have eliminated all the hyperlinks in the document. Now save the document using Ctrl+S.

A far as I can tell, this works in Word 2003 through 2010.


Normally, I don’t use different browser profiles because I might confuse profiles and make a mistake. ProfileSwitcher might change that.

This extension makes it easier to use different profiles in Firefox and Thunderbird. I have installed it successfully in Firefox and Comodo IceDragon, which is based on Firefox.

It adds two items to the File menu to start another profile or the profile manager. From the extension’s preferences, you can choose what to do when you launch another profile. It allows you to choose to close the profile in use or not and if you choose to run the profile manager in safe-mode, the current profile will be always closed. In the options, I set it to display the current profile in the status bar. This allows easier control over the profiles than using the clumsy process offered in Firefox.

On my dedicated research computers, this seems to work quite well. It works in a Virtual Machine (VM) and closing the profile running Hola seems to stop Hola in its tracks.

Accessing Geo-blocked Content with Hola

Many websites confine access permission to specific countries. If you live outside the US, you may get this a lot.

There are three ways around this. The first is using a VPN. The second is using a third-party DNS server. The final method is Hola.

Hola is the easiest method. It comes in the form of a very intrusive browser extension that is free and easily installed. It is available for Chrome and Firefox. Just click the Hola icon in your browser’s toolbar and select a country. It will route your browsing activity through IP addresses in that country.

Remember, I said this thing was intrusive. If you are a professional investigator, you must always keep the rules of evidence (S. 30 & S. 31) in mind. Your computers must be free of malicious code or code that could change the content of the collected evidence. I always run Hola on a clean machine that is separate from other evidence collection. If you use Hola to collect evidence, then you will have to be a very good Internet Eyewitness.

My first objection to Hola for investigators is that it is only available for Windows, Mac OS X, and as an app for Android devices. It is easier and quicker to create a clean machine with Linux.

Secondly, Hola sends your web browsing through other servers. More importantly, it uses your computer’s idle bandwidth for other users. Sharing bandwidth with other users exposes your machine to outside threats other than the websites you visit. I have seen  DNS Spoofing when using Hola that does not happen when using other methods. Unfortunately, you have to prepare for this if you want to route your browsing activity through other locations and not pay anything.

Third, you must disable Hola when not using it. Install it in a separate browser. For example, if you use Firefox for most things, then install Hola in Chrome to access geo-blocked content. When you are finished using Hola, close the browser.

Finally, you must really spend some time rehearsing the visual, logical, and reproducible nature of your testimony. If you do not, then you will not be able to reproduce the process of collecting the evidence in court. Explaining how Hola works is not something I want to do in court if the other side is sharp and scrappy.

Even with all my reservations, I still use Hola, particularly for reconnaissance prior to using other collection methods.

Why I am Never Wrong

You might think the headline was written tongue-in-cheek. You might be right, but you lack relevant data upon which to draw that conclusion.

Nobody pays an investigator to collect data. You earn the big paycheck for interpreting and analysing data.

You must quickly collect data from a variety of sources knowing their content, date-range, and how this data relates to the matter at hand. Next, you must summarise what you find. Then, you must interpret how this data might add to the progress of your investigation. Finally, you must analyse the new data in view of how it either supports or refutes your mandate, objectives, or hypothesis.

If you start with a logical mandate, objective, or hypothesis, and collect relevant data upon which you apply a reasoned analytical process, then, based upon available data, you will never be wrong either.

Online Resume Searches

If you are doing a background investigation, then the subject’s employment history is important data. Here are a few sites where a subject may post a resume.

Of course, the first stop is LinkedIn to start getting a handle on the subject’s employment history. Next, go to indeed.com for the US and ca.indeed.com for Canadians. Use the advanced search and enter the subject’s name in the phrase search. Then do the same for all of the words of his name.

Odesk.com is for hiring freelance professionals. Use the search box with ‘freelancers’ selected and search the subject’s name.

Resumebucket.com is an interesting site. I often get better results using the Google site: command and the person’s name than using the site’s search facility.

Beyond.com requires an account to search or you may use the Google site: command with the subject’s name.

You can also search the relevant local craigslist site and use the search facility to search the subjec’t name in quotations. Sometimes you will find brief resumes for people seeking work.

The monster.com job sites have a lot of resumes but you have to pay to search them. If you do enough searching then this is worth the cost.

Preparedness, Business Continuity, and Risk

A recent study indicates that a two day interruption of key business functions could cost your business $3M.  As most businesses are in urban areas, you could face much worse. One of my clients is located in Ferguson, Missouri and they have had weeks of disruption.

If your company is to continue operations during an upheaval, then the people who do the work must have the skills and resources needed to get through each workday. This requires a common-sense approach to urban survival planning for your employees rather than trying to create urban survivalists who grow an acre of food, raise goats, and live in underground bunkers, or worse having an entirely unprepared workforce. As most of your workforce probably lives in an urban setting, this bears serious consideration.

After researching this topic for several years I have come to the conclusion that you can’t train all your employees. You must select key people and train them and then make every reasonable effort to retain them. This may require a change in the corporate culture. It will certainly require looking beyond the next quarterly results.

Unfortunately, most business owners are risk-takers. They will see a major urban upheaval as an unlikely event. They will take the risk that during their tenure the event will not occur. This characteristic also explains many business failures, data breaches and large scale fraud events.

Business leaders need to understand their risk-taking behaviour. Without this risk-taking the business wouldn’t exist. Unfortunately, this same risk-taking may also destroy the business. Does your business have a risk committee of the board and does it consider this risk? Many businesses have an audit committee and compensation committee, why did so many abandon the practice of  having a risk committee?

The full board has overall responsibility for risk oversight and this mirrors board responsibility for overseeing strategy. When an audit committee takes responsibility for risk management, the result is usually, in my experience, unfocused and inept. They do not have the skills and knowledge needed to evaluate all the business and operational risks faced by the enterprise. Audit committees often obscure the transparency needed for effective risk management and risk oversight by authorising such things as off-balance sheet transactions.

A separate risk committee of the board is not a one-size fits-all solution, but companies facing rapid changes in the business environment and emerging risks such as new technologies and security threats, should have a risk committee. Deteriorating urban infrastructure, poor city governments, inept policing, IT security, and other factors that affect business operations in our degenerating urban conditions certainly advocates the creation of a proper risk committee with business continuity on its agenda. The committee usually requires independent directors with specialised knowledge and experience with the critical risks facing the enterprise.

Quotes, Citations, & Markup

When collecting data for a report, I come across data in a multitude of markup formats. A markup language is a format for annotating a document in a way that is distinguishable from the text. Each markup language has its own syntax. The differing syntax between languages creates a problem when I need to extract quotations, create citations, and create appendices. What I need is a program that can understand and convert document text annotated with different markup languages.  It must handle footnotes, tables, definition lists, superscript and subscript, strikeout, enhanced ordered lists, and the render the text into a form usable by MS Word. It must also translate math equations into something useful.

If you have been struggling with this too, try a programme called panddoc. This programme will take a while to learn, but once you have experimented a little, you will learn how to solve most of your markup-to-report conversion problems.

Wearable Cameras

Wearable cameras have some utility for the investigator. Here are three that are at the leading edge of this trend.

Narrative Clip

This has been around for about one year and it is about the size of an iPod shuffle. the newest version has an eight megapixel sensor and a wider angle lens with Wi-Fi and Bluetooth that allows using your mobile phone as a remote to control or you can transfer photos over Wi-Fi. The camera battery lasts for 30 hours and when you charge the battery with your computer you also offload the photos.

It doesn’t take video, just still images, but you can expect that to come in the future.

Logitech Bemo

Logitech is better known for its keyboards, mice, and webcams. The Bemo is between wearable cameras and larger devices such as the HTC Re. It includes a clip, but its video must be activated by holding down the button. Part of this may be due to the product’s relatively slow Bluetooth connection back to the phone, a design that yields better battery life. The Bemo captures 8 megapixel photos and high-definition video.


This company is best known for smartphones.  The Re is larger than the Bemo and lacks an integrated clip, but HTC has some accessories that allow it to be worn. In addition to video, also captures the highest-resolution photos at 16 megapixels and it has a wide-angle lens. The Re is always on and ready to capture as soon it’s picked up. It has a time-lapse mode to create a video made up of a day’s worth of stills without one having to be there.

None of these devices have a screen or flash and  video shot in low-light may be blurry or grainy. They all connect to a smartphone which makes it easy to handle the captured images and video.

Drowning Quietly

I recently investigated the circumstances surrounding a drowning death in a commercial property. The most disturbing and contentious thing was that several people didn’t recognise that a person was in need of assistance and drowning.

The witness statements to that effect were the cause of a lot of avoidable unpleasantness. Most people don’t understand that drowning people rarely splash about, wave, or scream for help. This only happens on television and unfortunately, that is where most people get their impression of what drowning looks like.

The article, Drowning: A Deceptively Quiet Event, represents a good summary of my report on what a drowning really looks like.

Drones and the PI (UK Edition)

Back in November I wrote about the Drones and the PI and the Canadian Air Regulations.

In Britain, the Civil Aviation Authority has approved three companies to provide training for unmanned aerial vehicles (UAVs) operators who fly UAVs weighing less than 45 pounds.

Upon completion of the training, the pilot must provide the Civil Aviation Authority with an explanation of how the drone will be used and  provide proof of liability insurance. Then the pilot may receive flight permission, with a few stipulations. Generally, those stipulations are that they must fly in the line of sight and not within 50 meters of people or buildings. UAVs weighing over 15 pounds must get clearance from air traffic control and those under 15 pounds may operate freely in airspace that isn’t congested, such as near airports.

This seems to rule out their legal use for surveillance and security purposes.

How to be a Facebook Spy

If you need access to someone’s Facebook profile this is how to accomplish that task.

Set up an appealing Facebook account, then request to be friends of some people friended by the subject. Wait until some of them accept your friend request. With mutual friends in hand, request to be the subject’s Facebook friend. The subject will see that you have mutual friends and he should accept you as a friend. Then you have access to his profile, photos, postings, and perhaps you may find what you need. However, there are a few legal issues to consider.

If you are an Investigator, and your subject is represented, then asking permission to see his or her page is contact with a represented litigant. In Canada, if the opposing litigant is represented by council, then you may not contact him or her in person, by telephone, or electronically. In most cases you have to ask to be listed as a friend to view the subject’s Facebook page. Doing this will be considered improperly making contact with the litigant and whatever you find will be deemed inadmissible.

However, what you find in Google, other search engines, and unrelated Facebook pages may be used as the basis for a motion for the production of the subject’s entire Facebook page as happened in KOURTESIS V. JORIS (2007) O.J. No. 2677 (Sup. Ct.).

Free Corporate Searches

In Canada, 10 provinces, 3 territories, and the federal government allow the formation of corporations. Only four of ten provinces and the federal government make corporate filings available  online at no cost, these sites are as follows:

Only the federal corporation site allows searching by a director name (use site: command in Google). Only Alberta and Quebec report share holders.

The only free search for officer and directors are OpenCorporates and LandOfFree.com. Neither of these can be relied upon to have all Canadian corporations or up-to-date databases.