Estimated Reading Time: 10 min

Newsletter – May 2023

Welcome Grasshopper! Here's what's new...

WOW, has it already been almost a month since the awesome 2023 FALI Conference?! We had such a great time and look forward to seeing everyone next year. For those who couldn't make it, here's our drone operations flyer, and tri-fold general PI Support brochure that we shared.

Now for your fun and exciting OSINT Ninja Training which you can complete in ~10min!!

  1. Cheat Sheet – we want your vote on the next one
  2. Google Dorks and Tips of the Month <1min
  3. Operational Security (part 2) ~6min read
  4. 3 Tips to Instantly Lower Your stress ~3min read

Cheat Sheet - We Want Your Vote!

We want your vote on what the next Cheat Sheet will be. Tell us here.

Google Dorks & Tips of the Month

This moth we have a Tip thanks to our observant friends over a Plessas who noticed the return of a very useful social media feature. It seems F@ceb00k (FB) has re-enabled the ability to “Import Contacts” to find friends on its mobile app. This means, you can find FB profiles using emails & phone numbers via the import feature. Here’s a couple things to remember:

  1. Use a burner phone
  2. Add your target’s information as a contact, and I recommend adding fake names with phone numbers for a couple businesses (local to your target’s area, not yours) so you “look normal”
  3. Have a burner email address ready
  4. Install the FB app
  5. Set up a sock puppet account on FB
  6. Import the contact

Operational Security (Part 2)

~6 min read

Improving Your Online OPSEC Game

OPSEC is about denying information to someone else opposed to your interests about your operations.

  1. Two primary issues when assessing your online investigation OPSEC are:
    What vulnerabilities may disclose information about your investigations, and what risk do they bring to you?
  2. What countermeasures or mitigations can be applied to reduce that risk?

If your client has hired you to conduct a confidential investigation, they will expect you to conduct yourself in a way that will not needlessly alert the subject to that investigation. The existence of the investigation itself, the target(s) of the investigation, and similar details could be considered critical information that ideally would be kept confidential while the investigation is ongoing.

Assessing Risks

Evaluate the risks –

Q: how likely is it that those you are working against will effectively collect critical information about your operations?
A: A lot. Especially when examining a website, blog, etc. controlled by the investigative subject (aka target).

There are many methods of fingerprinting an operating system and browser. Fingerprinting and tracking based on IP address, operating system, browser, and their configurations is relatively simple. But how does this work?

When connecting to the internet, one’s activities can (and are) regularly tracked by a multitude of entities, from search engines, advertising firms, social media platforms and more. Although a target is unlikely to have access to the information collected by these organizations, when directly connecting to a business website, blog, or other resource that is potentially controlled by a target they may also be able to collect a “fingerprint” of your device. This process can include collection of the IP address; the computer operating system including exact version; browser and other software settings including all browser plugins.

Added together, all this data can give a computer connecting elsewhere on the internet a distinctive signature or “fingerprint”. You can test your own computer system; one of the most comprehensive resources for testing potential data leaks including your IP address, browser fingerprint, and more can be found at the website browserleaks.com.

Most persons under investigation will not be aware of, or capable of, accessing this sort of information. But you should be aware of the traces they may leave when accessing websites and other resources on the internet.

When considering OPSEC, assessing risk depends upon determining the balance between the information you reveal, and the likelihood of others becoming aware of that information in someway.

It is better to “play it safe” than reveal information about yourself or your investigation unwittingly. But it is up to each investigator to assess their own risk, and then take appropriate countermeasures.

Apply Countermeasures

There are several measures one can easily make positive changes for their investigations, from an OPSEC perspective. Not all countermeasures are necessary, but should be taken based on the level of perceived risk. Investigating a criminal involved in alleged computer hacking, or a plumber as part of an insurance investigation, should be assessed at different levels of risk.

Email Addresses and Sock Puppets

One of the first actions we can do is to use new email addresses, ones that are set up specifically for investigations. The investigator can use these to register social media and other online accounts. These online accounts can be established with names and profiles unrelated to the investigator. Such fictitious accounts are known as “sock puppet” accounts, and they should have no visible, direct connection to the investigator or their employer. They provide no simple way for the subject of the investigation to recognize the investigator, even if the account profile the investigator is using becomes known to the subject.

There can be some work involved in keeping these fictitious entities alive. This can include filling out profile information to an extent necessary to seem “real”, and regularly logging in and using them. Generally, when creating these sock puppet accounts on social media, you will find there can be a relatively high rate of attrition on a social network that actively roots out bots (automated profiles) and other fake accounts. Other platforms are less concerned and you may have no difficulty at all with any fake accounts. You should expect to lose fictitious accounts periodically. A little effort to keep them alive, however, may go a long way.

It is dependent on the investigation of course, but in some situations, you may wish to keep a fictitious account active and use it for the single investigation for a long period of time. Keeping such an account alive is often easier than a dormant account.

Proxies and VPNs

For anyone connecting to websites or other internet resources controlled by the subject of an investigation, information from the investigator’s IP address may be revealing. Although not a perfect science, IP addresses can be geo-located with some degree of accuracy.*

A simple solution to this is to utilize a Virtual Private Network (VPN) service or some other form of proxy IP address as a gateway to the internet. These services hide the actual IP address of the investigator, while still allowing two-way communication.

There are many VPN services available to subscribe to, but care should be taken to select are liable and secure one; some of those generally considered reliable and secure include ProtonVPN, NordVPN, Mullvad, and ExpressVPN. There is a downside to these in that you are sharing the same IP address with many others, and access to certain web resources may be blocked because of it.

There are also companies such as Cloudflare offering proxy servers that function similarly to a VPN that is in your own control. To those more technically capable, setting up your own proxy server is an option.

There are some free VPN and proxy services available, but as you might expect, you often you“get what you pay for” with these. For the sake of improved functionality and privacy, paid services are recommended.**

Yet another option for anonymity is the Tor browser.*** This browser uses anonymous connections via the Tor network to access sites on the open internet, or within the Tor network itself.

Burner Phones and Dedicated Computers

A “burner” phone – a mobile phone not registered or otherwise directly linked to the investigator – is a useful tool for maintaining anonymity. In the age of smartphones, the burner phone is also great for accessing information on the internet including social media platforms. Several social media platforms such as Telegram are only accessible from a mobile device, and in some cases where there is a browser interface, some platforms may provide more functionality when using the app installed on a mobile device. Conducting investigations using a personal or business mobile device is risky, we strongly recommend getting using and keeping a few burner phones on hand.

Another recommendation to reduce risk is establishing a computer solely for investigations, or using a virtual machine**** for the same purpose. This prevents any spillover or mixing of information between cases, or other disrelated business or personal information. VMware and Oracle’s VirtualBox are popular and easy-to-use virtualization software that can be used on Windows, macOS and Linux operating systems.

Summary

There are many ways to leak information about yourself online. Being aware of them,understanding the risks, and knowing how to counter them are incumbent to any professional investigator conducting online research.

Health & Wellness - 3 Tips to Instantly Lower Your Stress Levels

~3min read

What is stress and why does it always affect every part of our life? Stress comes from all areas of our lives, it can be work, home, or extended family. If we don’t learn to manage our stress, several things can occur as far as our mental health as well as our physical health. If high stress is part of your daily life it can lead to anxiety or depression and can make you moody and disconnected from family and friends. So, there are several things we can do to lessen the stresses in our lives.One of the first and most important things is to understand where stress is comes from and if there is something we can do to lessen it.

Sometimes in life we try to control things and people that we have no control over. This is usually a major part of the stress within our lives. If this is the case, it might be time to reexamine the situation and see if the stress of the situation is worth attempting to control. When we let things in our lives like a bill, relationship, job, or something we now regret saying, it can take up rent in our brains and increase the stress within our lives. Let things you cannot control go! Let’s go over several techniques that you can do to lower your stress level.

The first technique is simple:

The second technique is:

The third and last technique:

Whatever is stressing you and making you uncomfortable, dealing with the issue is the best way to lessen the stress. Many times, we make up stories in our heads about how a conversation will go and we assume how the other person will react when the conversation occurs.

The more you use these techniques, the easier they will come. You will find that your stress level lowers overtime. Also, don’t be so hard on yourself, and remember that you are human and stress is just part of that world.

Kimberly Grate BS MS LPC

COPYRIGHT AND TRADEMARK NOTICE. This document contains copyrighted material, trademarks and other proprietary information. You may not modify, publish, transmit, distribute, participate in the transfer or sale, create derivative works, reproduce, or in any way exploit, any of the content, code, or software, in whole or in part without the express written permission from DivineIntel. Contact legal@divineintel.ninja or legal@divineintel.com.