Facebook is a place for online predators to stalk, engage and eventually lure an innocent kid to meet up in person. We have heard these stories too many times. In this month’s newsletter, we want to cover some areas you may not be aware of, things that Facebook doesn’t really speak publicly about.
Facebook Groups Used To “Friend” Kids: When a person creates a Facebook Group, they have the choice of making it public or private. Facebook Groups can house all kinds of crime from fraud to drugs to sex trafficking. Kids who have a low self esteem or don’t have many friends are the ones who are the most targeted because of their vulnerability. They then get lured in by pimps offering them all kinds of fun and/or material things. Facebook has had numerous lawsuits filed against them over the years because of this. Newsweek published an article on one such case. A child of 12 years old was supposedly groomed online (in social media) for over a year. Facebook now has a very clear policy for this, with excellent resources in case anyone runs across a tip on a victim.
Photos Used For Extortion: A scammer can potentially sift through photos on Facebook, capture and download them and then conduct a reverse image scan to see if any married people are on any dating or swinger sites. They then can use it for blackmail.
Friend Requests: Romance scams are on the rise. Friend requests come in from a handsome man or pretty woman and many people will say yes to the request. Sometimes it may show that he or she is friends with some of the people they know, which makes it all seem more believable. Next comes the “online courting” stage and pretty soon they are asking for money. Catfishers set up elaborate fake profiles to make them appear to be real which hooks someone looking for love online.
Facebook Fraud: Targeting young women, a scammer once again took Facebook images of a victim and then created a post that said she was missing. Then 20 of her friends were duplicated and her “missing’ post was shared on all of their fake profile timelines. The scammers then blocked the real Facebook profiles so the victims couldn’t even see the fake profile of themselves.
Have you ever had
your identity stolen? If you haven’t, consider yourself lucky. On a daily basis
we hear reports of someone stealing a credit card, hijacking bank accounts, or
creating false online profiles. One thing is clear: Cyber criminals are
constantly trying to steal our personal information…and this information often
ends up on a place called the Dark Web.
So what exactly is the Dark Web?
The
dark web is a portion of the internet that can only be accessed by using
certain browsers and software.
NBC10 Boston
Investigators sat down with Andrei Barysevich, the director of advanced
collection for Recorded Future, a Somerville-based cyber intelligence
company. “You can pretty much find anything,” Barysevich said.
“Stolen identities, credit card numbers, compromised data or weapons and
drugs.”
In the past two
years, Barysevich has gone from a team of one to a team of several dozen cyber
intelligence analysts, combing through more than 2 million Dark Web sources per
week. His employees, typically fluent in several foreign languages, act like
“flies on the wall” in Dark Web online forums, Barysevich said,
attempting to gather information about what’s being bought and sold.
On one disturbing
site, Barysevich showed NBC10 Boston Investigator Ryan Kath how easy it is to
buy the Social Security number of almost anyone in the United States. Using one
of Recorded Future’s accounts to pay the $3 charge, Kath plugged in his name.
After a search that only took a few seconds, Kath’s personal information
appeared on the screen. Barysevich said everyone should assume their
information was at one point stolen and is available on the Dark Web.
Christopher Ahlberg,
CEO of Recorded Future said, “Cyber security has grown incredibly in the
past few years. It’s the idea of being able to catch cyber threats before they
hit you. To do that, you need to infiltrate the places that bad guys hang
out.” When valuable information is uncovered, Recorded Future shares the
details with the pertinent parties, whether it’s a government agency, financial
institution or law enforcement. One notable example was when the company
spotted a hacker selling sensitive documents about military drones.
Mark
Turnage is another investigator who is familiar with the dark web. Turnage’s
company, DarkOwl, helps law
enforcement and cyber security firms monitor the criminals who lurk in the dark
web. “The dark net is appealing to criminals because it completely
anonymizes their presence,” Turnage explained. There are no IP addresses.
There is no way to trace the person on a keyboard to a physical location. All
law enforcement can do is wait for criminals to slip up.
Luckily,
that happened in the case against
Danny McLaughlin. The Colorado man is accused of attempting to hold a
13-year-old girl captive for sex and trying to hire a hitman to kill his wife. The
criminal complaint filed against McLaughlin says his crimes started on the dark
web on a site for people who enjoy torture and killing.
McLaughlin
was only identified and caught when investigators say he agreed to meet at a
Centennial hotel with the person who had agreed to murder his wife. That person
was really an undercover detective.
“Thank
goodness he made that mistake and was arrested. Had he not gone to that hotel
room, it would have been near impossible for them to figure out who this person
was,” said Turnage.
Recently,
International police group Interpol arrested nine people in Thailand, Australia,
and the U.S. and 50 children had been rescued after investigators took down an
online pedophilia ring. Police in nearly 60 countries combined efforts in this
Interpol operation launched two years ago into a hidden “dark web”
site with 63,000 users worldwide. Fifty children were rescued following the
arrests.
Interpol
said its Operation Blackwrist began after it found material that was traced
back to a subscription-based site on the dark web, where people can use
encrypted software to hide behind layers of secrecy. Interpol enlisted help
from national agencies worldwide, with the US Homeland Security Investigations
(HSI) department eventually tracking the site’s IP address, where new photos
and videos were posted weekly.
The
first arrests came in early 2018, when the site’s main administrator, Montri
Salangam, was detained in Thailand, and another administrator, Ruecha Tokputza,
was captured in Australia. Salangam, whose victims included one of his nephews,
was sentenced in June last year to 146 years in prison by Thai courts. Interpol
said children were lured to Salangam’s home with the promise of food, internet
access and soccer games.
One
of his associates, a pre-school teacher, got 36 years. Tokputza was handed a
40-year prison term at his trial in Australia last Friday, the longest ever for
child sex offences in the country. The Australian Associated Press reported
that Tokputza, 31, pleaded guilty to 50 counts of abuse of 11 babies and
children — one just 15 months old — between 2011 and 2018. The HSI’s regional
attache in Bangkok, Eric McLoughlin, said in the statement that “numerous
arrests” had been made in the US. Some held “positions of public
trust,” he said, and one individual was abusing his two-year-old
stepbrother.
“Operation
Blackwrist sends a clear message to those abusing children, producing child
sexual exploitation material and sharing the images online: We see you, and you
will be brought to justice,” Interpol’s Secretary General Juergen Stock
said.
What Can You Do to Avoid the Dark
Web?
To reduce your risk
of being hacked or having information stolen, Barysevich offers these tips:
• Freeze your credit
report, something that can be done for free
• Activate text and
email alerts for activity on your bank accounts
• Question why you
need to provide a Social Security number or copy of your driver’s license when
you visit the doctor, dentist, or other professional office
• Don’t use the same
password for multiple online accounts
While some consumers
might want to throw up their hands in frustration, Ahlberg — the Recorded
Future CEO — said not to give up the fight. The goal is to decrease the odds
that you’ll be cyber thieves’ next target.
For those of you who never served as a juror, one of the first things that the judge instructs the jury on is not to look at any media. This includes Social Media. However, this is not always taken seriously, as was the events during the El Chapo case. It is serious enough where it could have cost prosecutors the case.
It was reported that five Jurors routinely went to Twitter for updates in the case from various journalists. According to Vice News , “The juror also shared details of the deliberations, the extraordinary security precautions that were in place, and the jury’s views on Chapo, his lawyers, the prosecution, and several key witnesses.”
USA Today reports, “The violations enabled jurors to get details about prejudicial material that was not submitted in evidence — including a former henchman’s claim that Guzmán drugged and raped young girls, plus news reports that one of the defense lawyers allegedly had an adulterous affair with a former client, the attorneys argued.”To make matters worse, Jurors lied to the court on a few occasions.
One way to overcome this kind of thing from happening in the future is by way of geofencing. A geofence is a virtual fence that is placed around a specific geographical area and “fences in” all publicly available posts in social media. This could have easily halted the situation before it got out of control.
Utilizing this service before, during and a few weeks after the case is more important than ever given world we now live in. Every single day people of all races, religions, ages use social media in one way or another and they share just about everything!
“Attorneys for Joaquin “El Chapo” Guzman said the convicted drug kingpin will seek a new trial in light of an interview in which one of the jurors who convicted the notorious Mexican cartel leader admitted ignoring the judge’s orders not to read media reports about the case.” (source: Washington Post)
DIY platforms and other data gathering programs are great, but before you consider them to be inaccurate or not helpful, keep in mind that they are only as good as the person using them for research.
For many professions, including private investigators, law
firms, and insurance companies, social media and online research on individuals
has opened a new venue for assisting with investigations into court cases,
insurance fraud, and other situations.
While it can be done, it can also be time consuming and
frustrating. The more common the name, and the less information that is being
used to search for a person’s online activity, the longer it can take. One
roadblock is information that does not actually belong to the person you’re
looking at – their information is getting mixed up with someone else with the
same name.
In talking with folks in the industry, this is a pain point
that not only makes it more difficult to search for people online, but it also
gives the impression that the quality of such searches is not great. This can
make investigators leery and question the benefit of conducting such research.
It’s important to remember a few key points when considering
options for conducting social and online research:
1. Software is good,
but will never be perfect. Whether it’s a DIY online search platform or
TLO/Tracers/IDI report, there is a chance that information will be provided
that does not in fact belong to the individual you’re interested in, whether
it’s a phone number, email address, or social site. The opportunity for false
positives is there no matter what platform is being used.
It’s important to utilize multiple software platforms – what
one will pick up, another will miss, and what one provides as a “false
positive” another will not pick up at all. Each platform works off its own
algorithm, or process for producing search results based on what information is
provided about an individual.
If an investigator is using such programs to conduct a
search, they can be very valuable. However, it is important to keep in mind
that not all information provided will be accurate; these are meant to be used
as a starting point in an online investigation – manual research &
identification will be needed to confirm whether a piece of information really
belongs to the person you’re looking at. Typically, if it’s not readily clear from
the initial search, a good rule of thumb is to find three pieces of
confirmation to ensure it’s the person’s social account or site.
Here’s an example: if you find a Facebook page that you
think belongs to the individual, but perhaps it’s not really clear just from
looking at the user name or “About” section, take a look at their friends list,
places they’ve checked in, “About section” to see if birthdays or employers are
listed, etc. If you can identify the location of the individual whose Facebook
page you’re looking at, or maybe confirm that some of their Facebook friends
are relatives that correspond with findings from a TLO report, then you can be
more certain that it’s the right account.
2. What may seem to
be inaccurate information can actually be a key to what you’re looking for.
Sometimes people will see social reports and say something like, “That phone
number for Joe is so old and hasn’t been used in years. This report isn’t
accurate at all. I want his current phone number.” Valid point, but here’s
something to keep in mind: Joe may have accounts, comments, or forum membership
tied to these old numbers. While he’s not currently using the phone number, the
accounts still live online and are easier to tie to Joe. Sometimes these old
accounts are long forgotten, which means they’re not being scrubbed if they are
involved in a situation where a lawyer tells them to “clean up their online
presence.” This means that there could be valuable information to find based on
what seems to be inaccurate information.
3. DIY programs are
great, but they are called DIY for a reason. There are many companies who
will allow you to purchase a subscription to an online search product to find
content posted by or about an individual. As this type of research has evolved,
the services have greatly improved. There is definitely a place for do it
yourself search programs – but you have to do it yourself. No matter what the
company claims, it will not be as simple as entering some information about an
individual and being presented with all of the person’s online activity without
any false positives or inaccurate information. It’s going to take you (the
“yourself” part in DIY) to validate, investigate, and determine the validity of
the results. Before deeming a DIY program as not useful, remember its actual
purpose and that it is not meant as a be all end all service. And, if the
company is promising that it is, you may want to reconsider using it.
4. There is no magic
bullet – online research takes a lot of time. There’s no way around it.
While we all wish a software platform would be created to give us instant and
completely accurate results, this will likely never happen. Why? Things are
changing all the time, whether it’s social media privacy laws, Google algorithm
updates, or any number of things that can change in an instant. This is where
online and social media research gets tricky and frustrating, leaving people to
give up easily. Software can not be relied on as a standalone product – manual
research is needed to confirm the validity of the information provided, and
then take that information as a starting point and fleshing out what can be
found through manual searching. When multiple platforms and other similar
products are used simultaneously, the time spent can be greatly reduced. This
is why it can be useful to turn to a full-service social media and online
research service – they often have efficiencies in place to search quicker and
provide more accurate results, which saves a lot of time for those needing to
conduct investigations.
DIY platforms and other data gathering programs are great,
but before you consider them to be inaccurate or not helpful, keep in mind that
they are only as good as the person using them for research. Take them for what
they are and realize that they will not be the magic bullet to quickly
investigate an individual’s online activity.
Open Source Intelligence (OSINT) is
defined as data and information that is collected legally from open and
publicly available resources. Obtaining the information doesn’t require any
type of secretive method and is retrieved in a manner that is legal and meets
copyright requirements.
The Internet has all the information readily available
for anyone to access. Collection of information using these
tools are referred to as open source intelligence. Information can be in
various forms like audio, video, image, text, file etc. A few of the data
categories available on the internet include:
Social media websites like Twitter, Facebook, Instagram,
etc.
Public facing web servers: Websites that hold information
about various users and organizations.
Mass media (e.g. newspapers, TV, radio, magazines and websites)
Code repositories: Software and code repositories like
Codechef, Github hold a lot of information but we only see what we are
searching for.
Who Engages in
Open Source Intelligence gathering and analysis?
Anyone who knows how to use the tools and
techniques to access the information is said to have used the process. However,
the majority is used formally by the United States intelligence community,
the military, law enforcement,
IT security professionals, private businesses and private investigators.
Gathering the information manually
can eat up a lot of time, but now there are tools that can help collect the
data from hundreds of sites in minutes, easing this
phase. Let’s say, for example, you want to identify whether a username is
present and if so, on which/all social media websites. One way is to log in to
all the social media websites (and there are more than you know!) and test the
username. Another way is to use an open source tool that is connected to
various websites and check the usernames presence on all the websites at once.
This is done just in seconds using OSINT.
List of Open Source
Intelligence Tools
The tools and techniques used in Open
Source Intelligence searching go much further than a simple Google search. Following
is a list of helpful, time-saving open source intelligence tools. Note: most
are free, although some have advanced features available for a fee.
Email Breach Lookup – Have I Been Pawned
This site allows
you to find out if a particular email address was affected by one of the many
data breaches that have occurred over the years
Sites like Zillow,
Trulia, Realtor.com, etc. are always useful and should be a part of your
investigative toolbox. But the two mentioned above provide various twists on
property records searching and are definitely worth checking out.
The main benefit of OSINT is how the technology can help
us in our day to day tasks. With all that information freely available multiple
actors can accomplish various tasks. A security professional can use the
information for data protection, security testing, incident handling, threat
detection, etc. A threat actor, on the other hand, can gain information to
perform phishing attacks, targeted information gathering, DDOS attacks and much
more. The key is to select the right tools and techniques. Since this is all
free, users can make their decision regarding how best to access the
information they need.
