Conducting Anonymous Online Investigations - Webinar


Published on

Online investigation expert Cynthia Hetherington shares tips for remaining anonymous when conducting online investigations.

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Conducting Anonymous Online Investigations - Webinar

  1. 1. © 2014 The Hetherington Group Conducting Anonymous Online Investigations Cynthia Hetherington, Hetherington Group
  2. 2. © 2014 The Hetherington Group Cynthia Hetherington Cynthia is one of the most respected authorities on the topics of online investigations and online security. •Librarian •Analyst •Security Practitioner •Investigator •Author of:  Business Background Investigations  The Manual to Online Public Records  Web of Deceit  Internet & Online Intelligence Newsletter
  3. 3. © 2014 The Hetherington Group In Short… Anywhere you find convenience I will find you.
  4. 4. © 2014 The Hetherington Group Acxiom’s - • Thousands of databases • Millions of websites • Dozens of possible experts • Hundreds of listservs, mailing lists, e-mail groups
  5. 5. © 2014 The Hetherington Group Surfing Anonymously •
  6. 6. © 2014 The Hetherington Group Please Read the Small Print Want to Really Work? •...then please don't just install it and go on. You need to change some of your habits and reconfigure your software! Tor, by itself, is NOT all you need to maintain your anonymity. There are several major pitfalls to watch closely. •Tor only protects Internet applications that are configured to send their traffic through Tor—it doesn't magically make all your traffic anonymous just because you install it. We recommend you use Firefox with the Torbutton extension.
  7. 7. © 2014 The Hetherington Group Create a New E-mail Account
  8. 8. © 2014 The Hetherington Group E-mail Rules • Check with the boss first • Do not use your real identity or anything that appears to be your real identity – No Nascar drivers, sports teams, badge numbers, geographic indicators, or kids names in the User ID section • Do not put in a proper e-mail address • Do not answer the security questions properly
  9. 9. © 2014 The Hetherington Group Social Network Participation • Facebook does not reveal the viewer to the person they are checking out • Linkedin does reveal the viewer unless they make their profile anonymous • MySpace has an application that can be added to reveal IP addresses as well as User IDs (if you’re logged in) • Twitter does not reveal who is looking at your profile
  10. 10. © 2014 The Hetherington Group Undercover Accounts
  11. 11. © 2014 The Hetherington Group Facebook • Facebook has a strict Terms of Service stating you are not to create a false profile in order to deceive their users into revealing themselves • Most Facebook participants are now sensitive to strangers trying to “friend” them • If you are being friended, have a challenge question ready for the supposed friend to vet them
  12. 12. © 2014 The Hetherington Group Would You Friend Danny?
  13. 13. © 2014 The Hetherington Group Would Rawan Friend You?
  14. 14. © 2014 The Hetherington Group Facebook You are better off creating an account of something local or inanimate
  15. 15. © 2014 The Hetherington Group Beware Facebook Facial recognition is now at 80% – Your cell phone directory is now public information – gid=2392434374
  16. 16. © 2014 The Hetherington Group LinkedIn • Make yourself anonymous • Log into your account • Select Settings • In the middle of the screen you’ll see Privacy Controls • Choose Select what others see when you’ve viewed their profile
  17. 17. © 2014 The Hetherington Group Choose Anonymous The only caveat is that you can not see who is viewing your profile if you select anonymous, unless you pay for the $25 per month subscription. Choose anonymous
  18. 18. © 2014 The Hetherington Group LinkedIn Hazards While you are making your profile anonymous, check out the following items to lock down your account: PRIVACY CONTROLS – Turn on/off your activity broadcasts – Select who can see your activity feed – Select who can see your connections – Change your profile photo & visibility
  19. 19. © 2014 The Hetherington Group Twitter • Twitter is accessible without having an account • There are some reasonably intelligent individuals to follow on Twitter that cover the security markets • Do not discount Twitter as a waste of time — most suspects are live tweeting constantly
  20. 20. © 2014 The Hetherington Group Twitter Do Nots • Don’t be too specific! There is a big difference between “Just bought a gazillion carat ring on XX Avenue, leaving store now” and “Just bought and engagement ring, wish me luck!” • On that note, say it, don’t spray it: Don’t spit excessive personal information—this is about as dangerous on Twitter as it is on any other social network. • Call the police, don’t tweet about it! • Don’t tweet about moving servers, changing passwords, or any other type of situation where your security could be compromised more easily. – Source:
  21. 21. © 2014 The Hetherington Group Twitter Dos • There are hundreds of Twitter tools everywhere. In your Twitter settings, you can manage which applications have access to your data and which don’t in the Connection tab • Choose a strong password—Twitter’s famous attacks have been known to start with a hacker guessing someone’s password • Do use direct messages when appropriate, not everything is meant to be said in the wild • Consider having a private, separate account for work or project- related purposes
  22. 22. © 2014 The Hetherington Group Other Social Networks • So far, there is no industry standard for social networks • Read through the FAQs and information sheets on each service • Try a friend’s account to view your own personal accounts to see what you are exposing • Software designers and hackers are both in a race to monetize your profile!
  23. 23. © 2014 The Hetherington Group Thank-you for participating If you have any questions, please feel free to email them to: Cynthia Hetherington Joe Gerard, Vice President Marketing and Sales, i-Sight