The Confidential Resource

Crowd-sourced Violence

Richard McEachin — Wed, 09 May 2012 18:01:58 +0000

I recently assisted a family that suffered from the actions of a small group of misguided, radical, and dangerously fanatical persecutors who use the Internet as a force multiplier. This campaign degenerated into a violent attack on the children. Fortunately, the family has the support of the employer. The provided security driver got the children to safety before the attackers caused any serious injuries or death.

The family can’t sell their city home because of the risk this would pose to the new owners. Their country property was located by the radicals and the onslaught of harassment, vandalism, and arson started again. After vacating the country property, it must now be guarded around the clock like the vacant city home.

This type of crowd-sourced attack is something that executives and security professionals must deal with before it occurs. People who might be exposed to this risk will have to go through their lives to find the leads that motivated persecutors will use to find them. These leads will have to be removed, made irrelevant, or altered. This is not a small task and it is very difficult to do when things are peaceful. Doing it while under attack might be impossible because the attackers probably possess the data you would seek to remove or obscure.

Online Persecutors Must Be Taken Seriously

Richard McEachin — Mon, 07 May 2012 18:22:11 +0000

Fanatical persecutors who use the Internet are a real danger. Not just a danger to one’s reputation, but to life itself. Korean Canadian hip hop artist Daniel Lee had his career severely damaged by an orchestrated campaign to cast doubt on his academic career at Stanford.

As a Wired article outlines, one disgruntled person can easily start a dangerous campaign to destroy a person’s reputation and that could lead to violence or dramatically alter the victim’s life as he tries to avoid the virtual lynch-mob that might materialize in real-life.

Stealth Search

Richard McEachin — Mon, 23 Apr 2012 12:00:46 +0000

Stealth Search Engine

When I first looked at this search engine in November 2011, I wasn’t impressed at all — it didn’t even find me!

In April 2012 this is actually looking like a useful search engine. It now uses “Alpha SSL, a secure encryption, which helps prevent sending your search terms to sites you visit. The encryption protects your search from being leaked” and it doesn’t save your search history. The search results have improved because Stealth now uses Bing’s search API, Google’s Ajax API, Yahoo Boss, and does its own crawling. They even found me, at last!

Note:

The version without Java Script does not seem to work properly. A search for my name yields no results while the normal version yields results that I would expect.

Surveillance Detection & Bluetooth

Richard McEachin — Wed, 04 Apr 2012 12:00:03 +0000

I don’t do much surveillance work anymore, but recently I was pressed into service to assist a friend who was injured on the job. I took a file from his caseload at random and this led to a couple of interesting days.

This subject was very ‘surveillance-aware’. He must have been coached or read a book or two. He did all the right things, but in a very obvious and clumsy manner. This was obviously his first rodeo.

On several occasions, I observed him look at his phone then at the surrounding people. I realised that he was doing this with a purpose; I just couldn’t put it into context. It was like his practice of looking at the people in the area when he left a building and then watching the people exiting the door he used to leave the building. Then I realised my problem was that I am a mobile telephone Luddite and I needed to talk to the younger folks — you know the type, the ones always fiddling with their gadget phone thingy.

My conclusion was that the subject was using his mobile phone to scan the area for Bluetooth devices. To do this, he selected relatively confined areas, or choke-points, where he could see people in the area that he might have seen before. If he saw the same Bluetooth device at more than one of these choke-points, he knew he was being followed, and that he stood a good chance of identifying the person following him.

This was a clever use of Bluetooth technology, but it was wasted on me. I don’t carry a Bluetooth-enabled mobile.

Video Meta-Search

Richard McEachin — Fri, 30 Mar 2012 12:00:33 +0000

en.fooooo.com is a video search engine which aggregates results from all the major video platforms. Unfortunately, it doesn’t work well with my Firefox or Chrome. With Firefox, it scrambles text. With Chrome, it just crashes the browser. With both, it only displays one page of results and when you try to get more it kicks you back to the opening search screen. Not a very good thing to use. However, it does work with MS Internet Explorer.

I don’t think it is anything special when compared to other video search engines, but I is a resource that I will use within its limitations.

Why You Can’t Dictate an Investigative Internet Research Report

Richard McEachin — Fri, 23 Mar 2012 12:00:54 +0000

A picture, screenshot or video is worth a thousand words. The person transcribing the dictation won’t place pics & video clip properly.
There would be no efficiency at all in dictating a URL and there would be plenty of mistakes.
Some website names are hard to pronounce and would lead to misspelling (although you might spell them out there is still a risk)
One must have all the collected material at hand to create footnotes and appendices.

Disabling Cookies

Richard McEachin — Wed, 21 Mar 2012 12:00:50 +0000

A good investigation can be derailed by tracking cookies. Disable cookies when doing an investigation. Here are some detailed instructions on how disable cookies in the most common web browsers:

Rule Three — Secure Instant Messaging

Richard McEachin — Wed, 14 Mar 2012 12:00:02 +0000

Both Yahoo and Google offer an encryption option in their IM clients, but they have full access to the original content as they handle the encryption.

Your best bet for secure IM communication is to use Pidgin for Windows or Adium for the Mac OSX. Both programs have an encryption that uses 256-bit AES that is applied before the message is sent through the IM service. They work with all major IM servers and offer other useful features:

Rule Three – Privacy & Security for Email

Richard McEachin — Mon, 12 Mar 2012 12:00:25 +0000

For low-risk communications using web-based “secure” e-mail services that encrypt your messages before sending might be reasonable. However, when a third-party service or server is used the email isn’t really secure. If the email represents a low risk to the sender, then some security is better than no security. Some “secure” email services to check out:

Hushmail.com
S-mail.com
PrivacyHarbor.com
BurnNote.com

The best solution is to encrypt messages yourself before sending them. This can easily be done using MEO Encryption which can be used with your existing e-mail provider. The message can be sent as a self-extracting executable file so that the recipient doesn’t need any software to open the message. The sender will need to communicate the password to the recipient.

Another encryption option is an public-key system like PGP. This is much more secure. However, Symantic now owns this and that means it will become difficult to use and expensive. Managing the keys is the problem with any public key encryption, but it is the most secure if used properly. If a public-key system is used, everybody needs to learn how to use it and how to find and control the public keys.

Getting to Know the Neighbourhood — Twitter Via RSS

Richard McEachin — Fri, 09 Mar 2012 12:00:26 +0000

To monitor someone’s Tweets, but not actually publicly follow the Twitter account, use Twitter to RSS. This service allows you to enter the name of a public Twitter account and create an RSS feed for popular RSS readers like Google Reader.

This won’t work if the account owner selected the Protect my tweets box in the account settings.