How powerful can electronic investigations be?

Methods of observation allow investigative experts to gather much deeper information about ordinary subjects, and make it possible to detect subjects who take steps to conceal their identity or whereabouts.

An insignificant action such as entering a post on Twitter can open the door to mining of deeper data on a subject. An investigator with polished analysis skills and the right tools can use this breach as a leverage point to pry open access to more comprehensive information on the subject. The single Tweet can reveal a profile which might reveal the subjects given name, or if not a screen name which is used elsewhere. Online venues where this screen name is used may contain individual minor details which can be placed in context or combined to create a profile of the persons identity.

The identity can be expanded to include family, colleagues, business associates and other activity. One journalist provides a step-by-step example of this process. In this example the investigator locates an active member of the military stationed overseas using the process. “I’ve gone from one tweet to knowing an entire family’s names, location, address, contact details, what they look like, how they are connected to the military and, potentially, where a part of the US army is coming under fire.”

Even if the subject does not provide revealing information online, they may be vulnerable through their cellular activity. Most phones retain login information used for websites, email, and online banking in clear text format within apps and memory locations. Physical access to the phone can allow this information to be extracted, and some methods can be used to download the information remotely. Viruses or other malicious code can be inserted on mobile devices to extract data. Ipads are increasingly used as personal computing devices. As these are connected using the cell network they are equally vulnerable. According to the Associated Press hackers are quickly setting their sights on mobile devices using Apple applications and Android apps. “Wrong-doers have infected PCs with malicious software, or malware, for decades. Now, they are fast moving to smartphones as the devices become a vital part of everyday life.” Malicious applications often masquerade as legitimate ones, such as games, calculators or pornographic photos and videos. Mobile devices are particularly vulnerable because pop-up warnings do not exist as they do on PC’s, and the smaller screens make it more difficult to verify website addresses or SSL status. The University of California found that “attackers can spoof legitimate applications with high accuracy, suggesting that the risk of phishing attacks on mobile platforms is greater than has previously been appreciated.”

So what if you decide to stay off the internet, and even throw away your cell phone? Not good enough.  Just walking around in public can disclose private information. A new study from Carnegie Mellon University’s Alessandro Acquisti, Ralph Gross and Fred Stutzman showed that current technology can actually cross reference a person’s face with currently available photos on the Web and find out information about that person, including their interests — and in some cases their social security numbers. The facial recognition technology required to do this already exists, although it is not widely available to the public. As the programming is replicated and becomes ubiquitous, this powerful tool will be in the hands of ordinary people. Combined with data research, records analysis, and cross-referencing a person could scan crowds to locate individuals or mine for subjects which meet a certain profile.

Already there are projects which attempt to tag faces in crowd photos. A group photo is posted and visitors tag themselves or others they know using Facebook. Someone present in the crowd does not need to consent to this or even be aware of it. I predict this will become more common and be performed automatically when facial recognition becomes more common.

Obviously the answer is not to stay locked in the house, but being aware of these emerging technologies is valuable for investigators and those interested in managing the information available about them.

– David Pelligrinelli

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s