• Like
  • Save
Conducting Anonymous Online Investigations - Webinar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Conducting Anonymous Online Investigations - Webinar

  • 1,289 views
Published

Online investigation expert Cynthia Hetherington shares tips for remaining anonymous when conducting online investigations.

Online investigation expert Cynthia Hetherington shares tips for remaining anonymous when conducting online investigations.

Published in Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,289
On SlideShare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. © 2014 The Hetherington Group Conducting Anonymous Online Investigations Cynthia Hetherington, Hetherington Group
  • 2. © 2014 The Hetherington Group Cynthia Hetherington Cynthia is one of the most respected authorities on the topics of online investigations and online security. •Librarian •Analyst •Security Practitioner •Investigator •Author of:  Business Background Investigations  The Manual to Online Public Records  Web of Deceit  Data2Know.com: Internet & Online Intelligence Newsletter
  • 3. © 2014 The Hetherington Group In Short… Anywhere you find convenience I will find you.
  • 4. © 2014 The Hetherington Group Acxiom’s - Aboutthedata.com • Thousands of databases • Millions of websites • Dozens of possible experts • Hundreds of listservs, mailing lists, e-mail groups
  • 5. © 2014 The Hetherington Group Surfing Anonymously • www.torproject.org
  • 6. © 2014 The Hetherington Group Please Read the Small Print Want to Really Work? •...then please don't just install it and go on. You need to change some of your habits and reconfigure your software! Tor, by itself, is NOT all you need to maintain your anonymity. There are several major pitfalls to watch closely. •Tor only protects Internet applications that are configured to send their traffic through Tor—it doesn't magically make all your traffic anonymous just because you install it. We recommend you use Firefox with the Torbutton extension.
  • 7. © 2014 The Hetherington Group Create a New E-mail Account
  • 8. © 2014 The Hetherington Group E-mail Rules • Check with the boss first • Do not use your real identity or anything that appears to be your real identity – No Nascar drivers, sports teams, badge numbers, geographic indicators, or kids names in the User ID section • Do not put in a proper e-mail address • Do not answer the security questions properly
  • 9. © 2014 The Hetherington Group Social Network Participation • Facebook does not reveal the viewer to the person they are checking out • Linkedin does reveal the viewer unless they make their profile anonymous • MySpace has an application that can be added to reveal IP addresses as well as User IDs (if you’re logged in) • Twitter does not reveal who is looking at your profile
  • 10. © 2014 The Hetherington Group Undercover Accounts
  • 11. © 2014 The Hetherington Group Facebook • Facebook has a strict Terms of Service stating you are not to create a false profile in order to deceive their users into revealing themselves • Most Facebook participants are now sensitive to strangers trying to “friend” them • If you are being friended, have a challenge question ready for the supposed friend to vet them
  • 12. © 2014 The Hetherington Group Would You Friend Danny?
  • 13. © 2014 The Hetherington Group Would Rawan Friend You?
  • 14. © 2014 The Hetherington Group Facebook You are better off creating an account of something local or inanimate
  • 15. © 2014 The Hetherington Group Beware Facebook Facial recognition is now at 80% – http://www.bbc.co.uk/news/magazine-15069858 Your cell phone directory is now public information – http://www.facebook.com/group.php? gid=2392434374
  • 16. © 2014 The Hetherington Group LinkedIn • Make yourself anonymous • Log into your account • Select Settings • In the middle of the screen you’ll see Privacy Controls • Choose Select what others see when you’ve viewed their profile
  • 17. © 2014 The Hetherington Group Choose Anonymous The only caveat is that you can not see who is viewing your profile if you select anonymous, unless you pay for the $25 per month subscription. Choose anonymous
  • 18. © 2014 The Hetherington Group LinkedIn Hazards While you are making your profile anonymous, check out the following items to lock down your account: PRIVACY CONTROLS – Turn on/off your activity broadcasts – Select who can see your activity feed – Select who can see your connections – Change your profile photo & visibility
  • 19. © 2014 The Hetherington Group Twitter • Twitter is accessible without having an account • There are some reasonably intelligent individuals to follow on Twitter that cover the security markets • Do not discount Twitter as a waste of time — most suspects are live tweeting constantly
  • 20. © 2014 The Hetherington Group Twitter Do Nots • Don’t be too specific! There is a big difference between “Just bought a gazillion carat ring on XX Avenue, leaving store now” and “Just bought and engagement ring, wish me luck!” • On that note, say it, don’t spray it: Don’t spit excessive personal information—this is about as dangerous on Twitter as it is on any other social network. • Call the police, don’t tweet about it! • Don’t tweet about moving servers, changing passwords, or any other type of situation where your security could be compromised more easily. – Source: http://www.twitip.com/twitter-security-dos-and-donts/
  • 21. © 2014 The Hetherington Group Twitter Dos • There are hundreds of Twitter tools everywhere. In your Twitter settings, you can manage which applications have access to your data and which don’t in the Connection tab • Choose a strong password—Twitter’s famous attacks have been known to start with a hacker guessing someone’s password • Do use direct messages when appropriate, not everything is meant to be said in the wild • Consider having a private, separate account for work or project- related purposes
  • 22. © 2014 The Hetherington Group Other Social Networks • So far, there is no industry standard for social networks • Read through the FAQs and information sheets on each service • Try a friend’s account to view your own personal accounts to see what you are exposing • Software designers and hackers are both in a race to monetize your profile!
  • 23. © 2014 The Hetherington Group Thank-you for participating If you have any questions, please feel free to email them to: Cynthia Hetherington CH@hetheringtongroup.com Joe Gerard, Vice President Marketing and Sales, i-Sight j.gerard@i-sight.com