Tuesday, October 28, 2014

10 Ways to Protect Yourself Online


Know your enemy. There are two basic types of threatening individuals who are after your information. Most only have to worry about one but is equally important to prepare yourself in case the second strikes. The first type of threat is the hacker you hear about on the news. The kind of criminal who does not care who you are and targets businesses where they can steal massive amounts of information or phishes internet users to obtain their passwords.

The second is an individual who has specifically targeted you for one reason or another. This person may appear as a troll when they post random rude comments or pick arguments with you online. They are often trying to bait you into providing information. Sometimes this person never reveals themselves to you and only follows you on social networking sites gleaning information that you post until they have what they are looking for. This type of attacker has many of the same qualities as a stalker and will be as patient as necessary to obtain the information they seek. You can protect yourself from both of these individuals using a few techniques and remembering some of the stranger danger tips your mother gave you.

  1. Keep your virus, anti-malware and any other protective software you have on the computer up-to-date. There are very good free versions of each type of security software available online and though no software is perfect they will significantly reduce the number of threats you face. Set them up to scan at a time when you won't be using the computer and you will never need to feel like your performance suffers or that the software is in your way.
    Never give full trust to anyone when it comes to your computer or online accounts. This means that in addition to keeping your passwords protected, if a friend wants to use your computer then you should set up a guest account for them to login to. Do not give the account administrative privileges or the rights to install software. It's your computer, they do not need to download and store their information on it, nor do they need access to your account.
  2. Don't use pirated software. Pirated software is "cracked" and that means someone put in some information to make it work without the legal password. So the software has been altered. That means they could have put in any kind of other malware or spy software that they wanted to and could be using it as a backdoor to gain access to your information or your computer. Only purchase software from trusted vendors. If you really need it, it is worth paying for.
  3. Use separate accounts for your personal life and professional life. Each should have its own email address and different social networks. Your personal social networking has no place in your professional life. All of your coworkers should not be on your social networking sites with your family. This could cause problems for your work life as well as make it easy for an attacker to find people who are willing to share more information about you without you ever knowing about it.
  4. Always include some random character in your passwords. Numbers are good, but characters are used less often and make it even harder to figure out. It's best not to use any real words at all in your passwords but if you must use them, then try something like this: "cr!baby" instead of crybaby or "cr&zy" instead of crazy. Just that one character will throw off a random troll and make it more difficult for a password cracker program to figure out as well. For even more protection, don't use the same symbol in all of your passwords. If you have a secure location to store passwords, use a password generator website to create something completely unique.
  5. Use the privacy settings available to you in every account you have online. Professional institutions such as banks will likely have protection measures and extra security in place. When visiting these sites the address bar should always say "https" at the beginning. Never enter your banking, PayPal or bill passwords into a site that does not start with "https." On other sites, especially social sites, you will need to set up your privacy levels on your own. Use the settings to limit the information you share as much as possible. Set up limits so that your birthday, address, email or phone number is not shared publicly. If it's not necessary to put that information into the site, then don't add it to the account at all.
  6. Never click a random link from an email saying you need to login to your account. If your bank or other business needs you to fix something on your account (except for password resets that you requested) then the information will be inside of your account no matter how you login. Visit the site by typing it in yourself or from the bookmark you saved earlier, or you can call them if you prefer. This eliminates any doubt as to where you are logging in to. Just like mom always said - if you don't initiate the contact, don't give out the secure information.
  7. Don't add strangers to your social networking sites. Even though it seems innocent and harmless, you are going to give out information to these strangers about your personal life at some point in time without even realizing it. Even the smallest information, including "Yay! The Wildcat's won the playoff!" can be too much information to share with the wrong person. That statement lets others know what type of sport and what team you like but could lead them to your personal attachment to an education institution or the fact you are unavailable or occupied during games. Just like mom always said - Don't talk to strangers!
  8. Never feed a troll. A troll is an individual who makes rude comments to you repeatedly just for the purpose of upsetting you in some way. No good will ever come from it and you may wind up revealing seemingly harmless information that they, or someone else, could use against you. It is unlikely you will remember to go back and delete these conversations later if posted publicly and over email you are allowing them to have some level of control over you and your life which feeds into their addiction. If you don't interact, they will become bored and move on.
  9. Do not open unexpected attachments from strangers in your email account. Software can be installed on your computer without you ever knowing it was included with the attachment. This software can then be used to gain access to your computer, copy down every letter you type on the keyboard (which gives someone you usernames and passwords) and record other information. It has even been used to locate pictures on your computer that the attacker may want to use.

Recommended Reading:
Schneier on Security: Advanced Persistent Threat (APT)

Your Anonymity and Information Sharing


The one thing that ruins our anonymity is our need and desire to be able to find things again. Think about the last time you needed to get something off your chest. Where did you release this tension? If you wrote (using your hand and a pen) in a personal journal then you placed this information into a written form where you would be able to look back at it later. If you wrote a status message on a social networking account you shared it with friends who could look back and laugh about your outburst. Maybe you emailed a friend who you knew could give you emotional support. Perhaps you typed it up in a journal you keep on your computer.

All of these things have now destroyed your anonymity. As highlighted in many movies around the world a personal journal can be found or even sought after by prying eyes. Brought to light by recent news reports we now know that every status message you place on Facebook is kept indefinitely and could be shared with law enforcement without your knowledge.

If you took the email method then you have lost all hope of anonymity. Even if your friend is the only one with access to her email you have still unknowingly shared the contents of the email with several email servers (which store information) and legally you have no right to the expectation of privacy for the document. The email was tagged with uniquely identifying information from your computer and again tagged with information from each server it crossed and once it arrived at your friends email it was tagged again. That is a lot of information you never intended to share with entire companies - right?

If you saved the journal entry on your computer it is tagged with information as well. Some of the information includes the time and date of the document. If you investigate further into your computer directory, you can see that it also gets tagged with the user who was logged onto the computer and information from the program to identify you. So if you logged into a program it will have your username for the program stored in the file. Word processing programs may include your "author" name and any other information you have in the program that is meant to identify you professionally.

Once you enter the online world (other than email), your anonymity is further compromised. The moment you click "sign in" or you open up your web browser, you are sharing your personal information with your internet service provider (ISP) and possibly the site that you are visiting.
Your ISP records information from your computer to identify you and recognize you as a paying customer. Many websites also track where customers are coming from (city, state, and more) for marketing and advertising purposes. Though most of this is not malicious, you are still unknowingly sharing information with the company hosting the website. If they have analytic programs installed you could also be sharing it with a third party company.

The amount of information you share online is endless. Most of it you won't ever realize you are sharing or even think about. Companies frequently record chat sessions, status updates, tweets, internet account information and location information. Your information is constantly being harvested. So while the person you sent the email to may not look to see who your internet service provider is when they read the email, you better believe that someone out there somewhere is checking. They use this information to customize ads to you and so they get as specific as the law will allow - or as specific as they believe they can get away with.

If you made a phone call or sent a text message, you are not anonymous either. Both are recorded and tagged as coming from your specific phone -- often logged by data and unique numbers inside the individual telephonic device -- as well as identifying information from the cell tower it was picked up by which includes location information. The list of electronic gadgets that give you an illusion of being anonymous yet actually reveal more information about you than you would ever give a stranger keeps on growing.

Tuesday, October 21, 2014

Tips for Conducting Surveillance in Rural West Virginia

Rural West Virginians are generally distrusting of strangers. This comes in part from the parental lessons teaching them to avoid strangers, the level of economic distress in remote and no longer industrialized mining towns and from the staunch beliefs in the 2nd Amendment right to bear arms. People generally have a heightened sense of awareness for their neighborhood and city and are ready to protect it against any and all threats.


Everybody Knows Everybody: This mentality is prevalent in small towns. The smaller the town, the more close the community is. Everyone is either related or friends and they smile, waive and make small talk whenever they see each other. It only takes seconds for them to realize you and your vehicle are not from there. While you cannot completely overcome this particular problem, you can at least pretend to be related to someone in the community if you absolutely must speak to locals. Select a generic name and point vaguely in the direction of their home. In all likelihood, there will be someone over that direction with that name and no one will question you much further.

Do not select a name like "John Boy," "Billy Bob," or anything else remotely reminiscent of the Hicksploitation seen on television. Real rural Appalachian people do not use these names and could be significantly offended by what they may feel is your reference to them being stupid or less than the rest of American society. Likewise, it is unlikely you will find a rural West Virginian named Mikayla or Chantelle. Stick with classic names like Julie, John, Heather or Bill.

Never Underestimate a Good Ol' Boy: Since you know all of his friends and family live close by, it is safe to assume that if he wants to play a game with you he can. He and his friends can lead you on a game of cat and mouse, changing vehicles and randomly parking one from time to time to try and throw you off. They could even gang up on you as a scare tactic and all come and box you in somewhere. They may find these kind of games fun and get a good laugh at your expense. Granted, you are getting paid to be there, so you do not want to wind up in any kind of real trouble when they take you down a side road and get you lost -- or worse.

Dressing the Part: Rural West Virginians only dress up in business wear or formal wear if they are on their way somewhere that requires it. Going to the office rarely does and there's not a lot of shindigs during typical surveillance hours. So jeans and a worn but not tattered T-shirt are your safest bet on clothing. Even collared T-shirts are not that common and should be avoided. While you will see the occasional button up shirt and tie, most of the workers are laborers or service personnel who will not wear their good clothes to work.

Equally as important, avoid torn, ripped or clothing that is heavily soiled. While they may not be wearing the latest designer duds, you will not find a rural West Virginian walking around town, shopping or even visiting friends while looking like a beggar.

Your Vehicle: Do not wash your car right before you do a job in rural West Virginia. Road dirt is a factor of life and many of the towns do not own/employ daily street sweepers. Most of the vehicles are taken off road or routinely travel down dirt or gravel driveways, especially in mountainous areas. This means a street sweeper would be a waste of money and taxpayers often do not even consider footing the bill for it. So leave your well-traveled vehicle just as it is, no matter how bad the dust looks or how many trails you have on the window from water running down them.

Driving: Never travel on roads beyond "End State Maintenance" signs. Even if you have an SUV and think you know how bad some rural mountain roads can be, your safety could be at serious risk on these roads. It is common to find boulders blocking the road, washed out patches, and deep drop-offs with no guardrails of any kind. Your GPS and cell phone are unlikely to work and you can easily become lost. If anything happens to you on these roads there will be no one around to know to look for you and if you may have difficulty walking back out to civilization.

Parking: Never allow yourself to be boxed in or trapped. Always survey your parking location and know the exits to and from the roads around you. If you must park in a position that only allows your vehicle to move one direction (like a parking space), back in. Do not park in a lot where there is only one narrow entrance, regardless of how many trees would conceal you from view. Always leave yourself a vantage point for a quick escape.

Parking in your suspects neighborhood may also be a bad idea in most cases. In the most rural areas of West Virginia, it will not even be possible and finding a place to set up within 1 mile of the suspect might prove impossible as well. For the small cities and mining towns, even if a direct position is available, it is best to avoid it completely. Sitting too close to the friends and family of your suspect is the easiest way to get noticed. Remember, they will know you are not from there and you will not see them call your suspect and let them know you are there. People talk in every society and a strange car outside could quickly become hot gossip. Look for a parking spot away from all houses. Then most people will not bother with you as they may think you are some random person hunting or fishing off the side of the road.

Bring a Book: Odds are there will be many places where your cell phone, laptop, and internet connections will not work. The metal inside of mountains makes keeping a fair signal complicated. It is important not to rely on your cell phone for entertainment during surveillance. Many times cranking your car to recharge your portable electronic devices alerts others to your presence and thus a book is the safest option. While you may be in the mountains and not parked near anyone, it is inevitable that sooner or later you will forget to turn off your headlights or bump the switch and turn something on that gives away your place inside the vehicle.

Tuesday, October 14, 2014

The Face of a Terrorist

Could You Pick a Terrorist Out of the Crowd?

It has been over 10 years since 9/11 in the U.S. and 26/11 in India. These are two of the most noted terrorist attacks of my time and after each one I saw the same thing happening. After 9/11, Americans jumped at the chance to spot and punish those they felt looked like a terrorist. Unfortunately, this caused a significant amount of unwarranted attacks on law-abiding citizens and immigrants. After 26/11, the same occurred in India. To me, this indicates that people somehow think they know what a terrorist looks like. It's unfortunate, because though we would think those who look similar to Osama Bin Laden are terrorist, this is often not the case.

Last year while traveling in Delhi, a major Indian city, I encountered a terrorist without even realizing it. It happened while I was in a major shopping and tourist district. There were individuals from many countries in the district, some carrying backpacks, some wearing turbans, others wearing sari's or jeans. It was no different than any other day in just about any other Indian city. I met a woman from New Zealand on the road that night, I got ran over by a man on a scooter and I watched as a drunk man walked down the street talking to every foreigner he met.

I left the shopping district around 10 p.m. and stopped at one of the local restaurants just outside of it then returned to my hotel room. There I turned on the TV to see live news reports coming in from the shopping district I was just at. At around 9:30 p.m., police had thwarted terrorist who were there to create some kind of event. They never got to complete their task thankfully, but I was startled by this. I had been there, I had walked in the place the terrorists were arrested, literally less than 20 feet away from the spot, and what struck me the most was that no one seemed out of place.

There were no men dressed in combat gear. There were no men dressed up like the terrorist we see on the news. No one had a hardened or mean looking face. They were all just people. Sure, some stood out as being foreign or being backpackers, but this is the only discernment anyone could make. Even the backpackers were not carrying packs that were the typical type seen on the news that were used by bombers. Yet somehow, there was a rather large group of terrorists there, walking alongside the crowd.

If you Google the question "What does a terrorist look like?" you may be surprised at just how many people are asking. Major news agencies have devoted precious printing space to answer reader questions, but is it enough? Of course, in some situations there will be noticeably strange behavior by some individuals that we can relate to terrorism, but in many others there will be none. There will be cases where the terrorist simply doesn't interact or makes his move while an area is vacant so as to avoid detection when the event takes place.

The two events I mentioned earlier have caused an unfortunate amount of skepticism to be placed on Muslim looking individuals (I say Muslim looking because that same attention is also given to other religions and cultures in many cases because not everyone can tell the difference between them.) Some skepticism is also placed on brown-skinned individuals as well when there are countries with near white, yellowish, and black skin colors who have a sizable Muslim population as well. Very little attention seems to be given to non-Muslim extremist groups, either by the media or the general public.

There are hundreds of legally recognized terrorist organizations that haven't shown to be as active threats at this time. You should consider that many people didn't know or care what a Muslim was until 9/11 and by then it was too late for thousands of people.

Tuesday, October 7, 2014

Taking Private Investigations Too Far

As an avid investigator, I often get suspicious looks from friends, and occasionally they ask if I'm investigating them. I think sometimes it's easy for friends and family to get a little concerned you may be paying too much attention to what they are doing and we all have things we don't want the world to know about. From a personal standpoint, I must say that I do notice most things but not because I'm investigating. I notice them simply because that is how I am trained to be and how my mind works. I never purposely investigate any of my friends or family members for many reasons. It's too personal. I don't want to know their secrets, because it puts you in a position of secrecy with other family members which can ultimately destroy relationships.

That being said, there are private investigators who take their work too far. While I can somewhat understand their reasoning, I still believe their moral values should hold them back at least occasionally.

As an example, I read several private investigation blogs, and this morning I stumbled upon one that recommended retailers investigate their employees, the employee's spouse and children "if warranted." Now I can't image a situation that would warrant investigating or doing background checks on children. Yes, kids steal, especially before they are old enough to know better. However, I feel like investigations of an employees' family members is a complete violation of privacy rights. The family members are not under contract with the company, they have no reason to expect that they will have their personal lives penetrated by the company. Therefore they do have a reasonable right to the expectation of privacy (under U.S. laws) in this situation, and an investigation would be a violation of their rights.

Not only that but it would be immoral for a store to investigate a potential employees family members and then deny employment because their teenage son had made the mistake of shoplifting or had ever taken something from a friend or neighbor and been charged. Kids make stupid mistakes, but this doesn't mean their parents should be punished and income potential taken from them. Not only that, but what if the employees spouse had a history that they hadn't told them about. I personally don't keep secrets from my spouse, but there are couples out there who live by the standard that what happened in the past is the past and they don't discuss it. Does this mean they should be denied a job because their spouse made a stupid mistake as a kid and stole something from the mall? I don't believe it does.

Now before you bring up the argument that juvenile records are sealed in the U.S., you should know that private investigators and certain other law enforcement personnel can still access the records. It's a privilege granted under the law to enable them to do their jobs more effectively. In many situations they do need to know about juvenile records and those records are quite relevant to other cases, so sealed or not, they can be viewed -- just not by the general public.

What are your thoughts on this? Do companies have the right to investigate (or run background checks) on an employee or potential employees' family members? What about children? Should private investigations be done on children who have no ties to the retail organization?