The World’s Most Dangerous Sit-Down Job

For about three decades I’ve been an Investigator. It’s a very dangerous job.

Sitting in a car watching what people do and what they shouldn’t do. Hour after hour slaving over a hot computer searching for data and producing reports. Sifting through papers, tabulating costs, and organising file material at a desk.

It’s dangerous work. Hear ye the Investigator’s lament!

Over one pound per year have I gained.
Flexibility have I lost.
Physical endurance I have no more.
Of cholesterol I have an abundance.

I can see this dangerous job taking its toll on the young guys who have less than a decade’s experience. Car accidents, whiplash, carpal tunnel syndrome, obesity, repetitive stress injuries, and back problems, but no shootings, stabbings, or similar misadventures.

Being a Private Investigator is the world’s most dangerous sit-down job.

In future articles I will outline my solutions to some of these perils.

Power User 111 – Windows Security Threat

Hack into a Windows PC – no password needed

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

“If you have a Firewire port, disable it when you aren’t using it,” Ducklin said.

“That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can’t interact with your PC, legitimately or otherwise.”

The moral of this story is: don’t let unauthorised people have physical access to your computer and shut off the Firewire port unless you are actually using it.

Cheque Washing and Pens

Handwritten documents are important to any Investigator or Researcher as they are either creating them, or reading them. Archives throughout the country are full of original handwritten documents of value to researchers.

The age of the ubiquitous ballpoint pen began in the 40’s and this has caused some problems for archivists as so many companies strove to create inexpensive ballpoint pens. The problem has become one of education. The pen may write, but the ink may fade over time, or be vulnerable to water and other solvents. UV light and poor quality paper also do a fine job of obliterating cheap ink from poor quality ballpoint pens. The forgers art of cheque-washing in the following examples illustrate what can happen to documents that encounter solvents.

Read more

The Beginners Guide to Competive Intelligence

If you are new to the concepts of Competitive Intelligence, then you may find Peek Inside Your Competitor’s Business, useful.

Other interesting Competitive Intelligence articles at BNET offer useful guidance:

  • How to Gather Competitive Research
  • Thou Shalt Not Steal Thy Competitor’s Secrets
  • Where to Find the Competitive Data You Need
  • Case Study: Bain Looks Inside a Japanese Automaker
  • And our short article, Ethics, or Not, about our 3 simple rules.

    Search Atheism and the Manipulation of Search Results

    I found this interesting article on Gwen Harris’s blog, Internet News.

    Manipulation of search results

    Is Search A Lie? Can You Really Believe Google? Bruce Nussbaum, Business Week (February 08)

    Can a PR firm manipulate results at Google (and other search engines) to the degree that this man claimed?

    “I sat next to a a guy I’ve know for years from a major public relations/media relations firm at the World Economic Forum in Davos two weeks ago and he told me how his company manipulated search to improve the image of its clients.”

    One commenter advised, “… growing need for people to understand the difference between legitimate search results and PR-fueled, or otherwise manipulated, search results.”

    Yes, but identifying these results usually takes a fair amount of subject knowledge and awareness of techniques to notice the signs of the gamed results. No wonder people trust search results less .

    The last link leads to an article about search atheism, a term I could learn to love.

    To quote Phil Bradley, “Of course companies and individuals try and game the search engine, and anyone who blindly accepts results without analyzing them deserves what they get.”

    Paperless Office?

    I don’t believe in the paperless office. I remember a client who tried to impose the “paperless office”. Employees kept paper files in their car trunks and they would sneak out to the parking lot to review critical paper files and notes throughout the day.

    However, we can streamline how we handle paper files. Here are some good articles on the subject.

  • Paperless office is pure fiction: report
  • Is Paperless Possible?
  • 6 tips for a ‘paperless’ office
  • 12 Tips for an Organized Desk
  • “Paperless Myth: Rumours of Paper’s Demise Have Been Greatly Exaggerated” By Ulla de Stricker
  • “Why I Prefer Hardcopy” By Katrina Hughes
  • Early Industrial Espionage

    Industrial espionage is not a new. Most industrial countries have been doing it, in one form or another, since before the Industrial Revolution.

    In the 14th century, the Italians devised a machine to make silk thread. This allowed them to dominate the silk thread market until about 1670 when first French, then Dutch spies, discovered the secret of the process and machinery.

    The industrial espionage of England’s Thomas Lombe paid-off in 1716. Eventually Lombe’s silk thread factory employed hundreds, preceding the Industrial Revolution by about 50 years. Silk was not a mass market good and therefore the silk thread factories did not spark the Industrial Revolution. It took the wool and cotton factories to do that.

    CI and Industrial Espionage

    In an article entitled, Cyberterrorism, Inc., we see the usual link between CI and industrial espionage as if the two are the same. Creating a link between the two is the work of feeble minds.

    To gain an advantage over competitors, many corporations are hiring ex-military and government agents trained in the art of intelligence gathering techniques, according to a report from the SANS Institute, a Washington-based cybersecurity training organization.

    These individuals are used to head new company divisions whose mission is to spy on competitors and obtain intelligence. Companies spend over US$2 billion annually to spy on each other, according to the Society of Competitive Intelligence Professionals.

    In 1999, North American companies lost more than US$45 billion to theft of trade secrets and other valuable corporate data, according to the SANS report. “Today’s total losses are anyone’s guess,” the report continued.

    CI is the act of creating Intelligence from open source data. Industrial espionage, on the other hand, usually involves the commission of criminal offences. I suspose the distinction is too complex for so-called journalists.

    Norwich Order as a Pre-Trial Remedy in Fraud Cases

    An article by John Polyzogopoulos, a partner of Blaney McMurty LLP, in the January 2008 edition of the Commercial Litigation Update explains a Norwich order can help victims of fraud determine what happened to the money.

    The recent decision of Justice James Spence in Isofoton S.A. v. The Toronto-Dominion Bank should be of interest to anyone who suspects they may have been the victim of fraud. In that case, Justice Spence granted a Norwich order to obtain the banking records of a party suspected of defrauding the applicant of over $3 million. The unique nature of the disclosure order was that it was directed not to the alleged fraudster, but to the fraudster’s bank. The disclosure order was made to assist the applicant in investigating the fraud and determining what happened to its funds.

    The article also illustrates the need for due diligence research prior to entering into an agreement with a previously unknown supplier. Once the victim realised that the supplier was not acting in good faith, they hired a PI who determined that the the supplier was a company without the assets necessary to deliver the contracted goods.

    The Most Useful SEC Filings

    The most useful forms to examine when researching US listed companies:

  • 10-K: A yearly report that provides a comprehensive financial overview of a firm’s business. Contains more detail than the Annual Report to Shareholders that firms are also required to prepare.
  • 10-Q: An unaudited quarterly financial update that must be filed within 45 days of the conclusion of the most recent quarter.
  • 8-K: Reports events such as a senior management change or major strategic shifts such as a mergers and acquisitions.
  • DEF-14A: This is the definitive proxy statement that provides the date and agenda items for the company’s next annual meeting. Proxy statements may also provide the names of major shareholders, executive and director pay, director biographies, and any shareholder matters that may be up for a vote.
  • S-1: This is the Registration Statement filed when a company raises funds for any reason, whether to repay debt or buy another firm. The S-1 details how much money was raised and for what purpose.
  • Forms 3 & 4: These filings are the means by which company insiders (usually officers and directors) report sales or purchases of the firm’s stock. These reports inform the investors of personal transactions that may reflect the insiders’ assessment of the company’s prospects. Form 3 is an initial filing and Form 4 reflects changes in the holding.
  • Dangers of Outsourced Software Development

    Nigel Stanley, at Bloor Research article entitled Ounce Labs weighs into rogue code about the dangers of outsourcing software development. The most interesting part of the article follows:

    Industrial espionage, or good old fashioned spying, is as alive and well today as it has ever been. In fact, a lot of time and effort from the security agencies is tied up in dealing with this issue, and contacts have assured me it is worse now than it has ever been as developing countries try to steal a march (maybe even literally) against the developed world. Spying between developed nations is also a problem, with some larger European countries having a dreadful reputation for trying to obtain industrial secrets from so called allies. Software development is an obvious target…

    The downside of this approach is that decision makers get seduced by green lights whilst their developers look for even more creative ways of inserting malicious code. No sensible person will ever declare that a product such as Ounce 5 will guarantee that your code is 100% secure…