Removing Online Information Update
Posted on April 21st, 2012
A few recent news articles announced a new service called DeleteMe that will remove most of someone’s online information for a $99 fee. These services will never find everything, but will locate and remove the bulk of personal information stored on websites. This includes sites that show your address, phone number, e-mail, etc. After poking around, I discovered the exact method that DeleteMe is using to remove your information. This can all be done by yourself, but it will take some time. The link below will take you to a detailed list of all of the steps.
http://computercrimeinfo.com/optout/optouts.html
Screen capture:
Filed under General, ID Theft, Law Enforcement, Parents | Comments Off
New Book Now Available
Posted on March 5th, 2012
My new book, Open Source Intelligence Techniques, has been released and is available for purchase. In this book, I share my methods for searching and analyzing online information in detail. Each step of the process is explained throughout fifteen chapters of specialized websites, application programming interfaces, and software solutions. Over 200 resources are identified with narrative tutorials and screen captures in this 265 page book. You can order securely online at this link and take advantage of free priority shipping.
This book will serve as a reference guide for anyone that is responsible for the collection of online content. It is written in a hands-on style that encourages the reader to execute the tutorials as they go. The search techniques offered will inspire analysts to “think outside the box” when scouring the internet for personal information. Parents can use the techniques to monitor a child’s online presence.
Much of the content of this book has never been discussed in any publication. Always thinking like a hacker, I have identified new ways to use various technologies for an unintended purpose. This book will improve anyone’s online investigative skills. Among many other techniques, you will learn how to:
Search the Twitter API for GPS data
Locate “hidden” Myspace content
Use search operators to increase results
Generate maps of video media by location
Search multiple networks for people
Monitor all network traffic for keywords
Create API calls to get instant information
Properly extract content from websites
Create replicas of an entire website
Locate deleted and previous versions of websites
Search past archives of online classifieds data
Locate all user profiles by searching user names
Obtain user created documents, photos, & videos
Analyze digital photograph metadata for information
Conduct reverse image searches to identify aliases
Use software applications to automate searching
Locate additional information about website owners
Create personal web forms for API searching
Filed under General, Hacking, Law Enforcement, Parents | Comments Off
Easy Computer Repair for Free
Posted on December 27th, 2011
Lately, I have noticed an unusual abundance of computer viruses attacking my MS Windows computers. These viruses seem impossible to get rid of, and often falsely appear to be programs designed to remove viruses. The non-stop pop-ups deactivate your real antivirus programs and will not allow you to do anything productive on the computer. Sometimes, you can not start any programs at all. Attempting to run any program to clean malicious software is usually denied. These sophisticated programs are designed to create panic and force you to pay for a license to make the program go away. It is NEVER worth it. They just steal your money and do not fix the problem. My post today is to convince you that YOU can fix your own computer for FREE. I will walk you through the entire process including direct links to find all of the software.
First, lets discuss backups. It is vital to routinely back up any important data such as documents, photos, music, video, etc. If you have all of this on a single hard drive, and the hard drive fails, you will lose it all. Eventually ALL hard drives will fail! Ideally, you have two backups of all of your data, and one of the backups is kept off-site in case of disaster at your home. Alternatively, you could choose an online backup option such as Carbonite. Before repairing your computer, back up all of your important data. If your computer wont boot up long enough to allow you to copy the data, use a USB-Hard Drive device to copy your data to another computer. For free data recovery, visit my other site HERE.
Now, we can attack the problem. I have created a checklist that summarizes the following HERE. You may want to print it before attempting on your own machine.
First, start the computer if it is not already on. If your computer will not boot, attempt a Safe Mode boot while holding the F8 key as it tries to boot up. If your issue is software based, you should be able to boot up long enough to start this process. Chances are that as soon as you boot up, the viruses are loading and taking control of your system. We are going to kill those processes and remove them. Note – If you receive a solid blue screen with white lettering on boot, you probably have a hardware related issue that needs addressed first.
Download RKill and start the program. This is the best program to stop the bad processes to allow you to work. It will give you a window of opportunity to repair the issues. It does NOT remove anything, only stops the chaos long enough to take action. It will also correct file associations that may be preventing programs from starting properly.
Download VundoFix and start the program. This utility will find many common rootkits and remove them. With few options, the program should be self explanatory. When complete, it will want to reboot. Do not click the reboot button, just leave the window open for now.
Download TDSS Killer and start the program, allowing to scan. This will also identify rootkits that prevent applications from starting. It will also want a reboot if it finds something. Do not allow the reboot, leave the window open if you have to.
Download CCLeaner and install the program. After installation, start the program and click “Run Cleaner”. This will remove the junk that is slowing down the computer. When it has completed, click on the “Registry” tab and click “Scan for Issues”. Once it has located the problems, click “Fix selected issues”, then “No”, then “Fix All”. When complete, click the “Tools” tab and then the “Startup” button. This will show all applications that are set to load when the computer starts. Most of these are unnecessary and causing delay. Disable any non-essential programs (Adobe, Updates, Flash, etc), especially any programs that seem suspicious or undesired. Don’t worry, if you make a mistake and disable something you need, you can always go back and enable it. When finished, click the “Uninstall” button. This will display all of the programs installed on the machine. remove any Anti-Virus, unused programs, and “Spyware” programs.
Download Malware Bytes and install the program. It should automatically allow you to install any updates and launch the program. It is vital that you download the updates every time you use the program. Click the “Scanner” tab and select “Perform Full Scan”. Click the “Scan” button, Select the “C” Drive and select “Scan”. When finished, close all windows. If prompted to reboot, select no.
Download and install MS Security Essentials. This is the antivirus program that I recommend. It is free and one of the fastest AV programs out there. When installing, allow it to update and scan. This will find any active viruses. This application will then stay active while you use your computer and automatically update the virus definition files daily. It is important to delete any other antivirus programs if you decide to use this one.
Download and install Super Anti Spyware. Start the program and click the “Check for Updates” button and allow it to update. Click the “Scan your Computer” button, select the “C” drive and perform a “Complete Scan”. This may also prompt for a reboot, but do not allow it yet.
Install Spybot and run the program. Select the “Update” button, select a US location, check all of the boxes for the updates, click the “Download” button, click “Exit” when finished, and then “Search for Problems”. This will scan your drive for any leftover malicious software.
Now, go back to any of the programs that insist on a reboot, and select the button that confirms a reboot. If the Vundo Fix program found a problem, go to that program and select the reboot option. Your machine will restart and hopefully be virus free. We are not done yet, but hopefully in a better place. Now, we need to clean up.
Click Start > Programs > Accessories > System Tools > Disk Cleanup. Click OK. Click “More Options”, and then the “Clean up…” button near bottom. Under “System Restore”, Click “OK” and verify to begin. This will clean any files that are not necessary that CCleaner may not get.
Perform a Windows Update by clicking Start > Control Panel > Windows Update (Or through Internet Explorer Tools). Check for any updates, install the default updates and allow to reboot if requested.
Check to be sure the Windows Firewall is on by navigating to Start > Control Panel > Windows Firewall.
Download and install Mozilla Firefox Browser. This browser can help keep out some malicious software that is targeted toward Internet Explorer.
Defragment your hard drive by clicking Start > Programs > Accessories > System Tools > Disk Defragmenter. Choose “Defragment” for the C Drive and allow it to complete. This may take a while.
Create a backup solution. Even if your computer is running great, you should have a backup of all of your data. Personally, I like to backup my entire hard drive once a month. With this solution, I can restore my entire hard drive if anything happens to any part of my computer. Just remember to keep your copy somewhere safe. For software, I like Acronis Backup ($25), and for hardware, I like the USB Hard Drive Dock. If you have both of these, your backups and system images will be a piece of cake.
I hope this helps you fix your own systems or those belonging to friends and family. Beware: Once you have identified yourself as a computer repair expert, you will be busy! If you have any recommendations or success stories, please contact me. I also offer a two hour training session that covers all of these details. I provide actual demonstrations that help digest the information. All of my sessions can be viewed HERE.
Facebook Investigation Update
Posted on December 3rd, 2011
The following applies to Law Enforcement only, but is public information.
Some time ago, I discussed the ways to investigate content on Facebook including using subpoenas to get hidden information. The full post can still be read here. Today, I want to provide a quick update on the legal process.
Facebook now has an online preservation request form. You no longer need to send the request on letterhead. Go to:
https://www.facebook.com/security/preservation/
Complete the form including your information and the account that you are interested in. This will ensure that Facebook will retain the information even if the target of interest deletes the content or account. You will still need to follow through with a subpoena to get the information. This new online request appears to preserve the information immediately.
Facebook has simplified things a little when it comes to emergency circumstances. Now, you only need to send an email with the subject of “EMERGENCY MATTER” to records@facebook.com. Here is a section of their new LE guidelines (LINK):
“Emergency Requests: In responding to a matter involving imminent harm to a child or risk of death or serious physical injury to any person and requiring disclosure of information without delay, a law enforcement officer may obtain an emergency form by contacting us at records@facebook.com. Important note: we will not review or respond to messages sent to this email address by non-law enforcement officials. Users aware of an emergency situation should immediately and directly contact local law enforcement officials.”
“Child Safety Matters: We report all apparent instances of child exploitation appearing on our site from anywhere in the world to the National Center for Missing and Exploited Children (NCMEC), including content drawn to our attention by government requests. NCMEC coordinates with the International Center for Missing and Exploited Children and law enforcement authorities from around the world. If a request relates to a child exploitation or safety matter, please specify those circumstances (and include relevant NCMEC report identifiers) in the request to ensure that we are able to address these matters expeditiously and effectively.”
You will receive a form to complete and return. This should help the process when there is immediate danger to a victim. Be sure to use your official government email address to expedite the authorization. Please let me know of your experiences with these new protocols.
Filed under Law Enforcement | Comments Off
Data Recovery
Posted on November 21st, 2011
Many people think that recovering deleted files is something that only an expert with a lot of geeky equipment can handle. This is not true. Getting back those deleted files is not that difficult!
Follow the steps below to recover any deleted data including deleted photos, formatted hard drives, previous file versions, and missing documents.
|
Step One:
Media Type |
If you are trying to recover files from a computer, you will be searching the computer’s hard drive. You will need a device to connect the hard drive to so that you can search the device. The USB > SATA / IDE Connector from Amazon is recommended. It is around $20 and will connect any IDE (older) or SATA (newer) hard drive to any computer or laptop. It will even connect SATA laptop hard drives. If you are trying to recover files from a memory card or camera card, you will need a device to connect the card to so that you can search the device. The USB > Flash Media Connector from Amazon is recommended. If you already have a card reader, it should work. I keep one like this one because it will connect any type of card. |
|
Step Two: Media Removal |
If you are searching a USB device or memory card, you have already removed the device and are ready for Step Three. If you are searching the hard drive, you need to remove the hard drive from the computer or laptop. If you need assistance with that, search Google with something like “how to remove hard drive from a Dell Optiplex 240″. Of course, replace Dell Optiplex 240 with your make and model of computer. |
|
Step Three:
Connect Media |
Now that you have your hard drive removed, connect it to the computer using any hard drive to USB connector . For memory cards, insert them into any flash card reader |
|
Step Four:
Download Software |
Your first attempt at data recovery should be with a program called Recuva. You can download it here. This version is “portable” and does not need to be installed. Unzip the contents of this file to a working computer and execute the program. |
|
Step Five:
Run Software & Search |
The program will have a drop-down list that lets you choose the item to be scanned. Select the hard drive or device to search and click “Scan”. The deleted files will appear below with an indication of whether they can be recovered. Highlight the files you want to recover and click the “recover” button in the lower right portion. You can look at screen shots of this HERE. |
|
Step Six:
Extract |
The software will prompt you to identify where you want to recover the files. Do NOT choose the same media as where they came from. This could cause you to lose the data. Instead, choose another hard drive or memory card. I recommend pluging in a USB device, or a flash drive, and extract all of the files there. |
|
Step Seven:
Other Options |
If Recuva did not work for you, try PhotoRec, which you can download here. Step by step instructions are here. |
This should get you started. I run another website at YourComputerNerds which provided most of this information. This technique could also be used to monitor items your children are deleting. If you have any tips, please email me.
Filed under General, Hacking, Law Enforcement, Parents | Comments Off
Online Store Open
Posted on November 16th, 2011
For the last two years, I have hesitated in creating an online “store” to sell various items. I found myself getting asked the same questions about products on many occasions. The most popular have been “Are there any books that I can learn more about this topic?” and “What computers do you recommend?”. I have never wanted to profit off of the books and devices that I suggest during my sessions. Instead of selling items directly, I have decided to use links to Amazon.com. I have created a few pages that contain links to the items that I think are valuable, and all link to a trusted source (Amazon). This helps make sure that you are purchasing the exact items I talk about during my lectures and Q&A. Here are the links:
Books: http://computercrimeinfo.com/amazon.html
Security Related: http://computercrimeinfo.com/amazon.security.html
Privacy Related: http://computercrimeinfo.com/amazon.privacy.html
Computer Related: http://computercrimeinfo.com/amazon.computer.html
These pages will continue to grow with new items. Please email me if you have any questions.
How To Be Invisible – Part Three
Posted on November 13th, 2011
This is the third post of a three part series about how to take control of your privacy. So far, you have the basics of how to clean up your online presence, purchase an “invisible” LLC, and open a bank account receiving a business debit card and checks. You know to use a commercial or post office box for all business mail, and you never associate your real name with the name of your business. Now what?
To me, the most important reason to do all of this is in order to purchase a home under the name of your LLC. This is the only way to protect your home address from being public information. Even data mining companies will never know of your assets when this is done correctly. As stated in the last post, I do not recommend changing the name of your current home to the name of your LLC, it is simply too late. Your personal information is already attached to the home in too many places. This will only apply to new purchases.
Let’s assume that you have found the perfect home. It is now time to start the process of purchasing the home. The first step will depend on the way that you will be paying. If you are fortunate enough to have cash, this is very simple. You can skip ahead to the closing. To be more realistic, we need to discuss getting a loan.
You will not find a bank that will give a loan to your new business without attaching it to a person’s name and SSN. There is no way around this. For married couples, I recommend that the partner that is less of a target complete this process. For example, if one of you are a police officer, have the other complete the paperwork. Hopefully, you have established a personal account and rapport with a local credit union, as they seem to be the most willing to work with their customers. Big banks are usually not the best option for this. When requesting the loan, advise them that the loan is for a home that you will be purchasing in the name of a LLC or trust for privacy reasons. They will understand the “trust” portion more than the LLC. They will need all of your info, and this will seem like an extreme invasion of your privacy, but this is the only option if you need a loan. This will absolutely attach your personal information to your LLC, and you will lose a layer of protection, but it is not a deal-breaker. The financial records are somewhat private, and it should take a court order to obtain the complete records. The loan will go on your credit report which can be obtained by others. You must be diligent about telling the bank that the business name goes on all forms, and your personal information is only used to secure the loan. Let’s assume you are approved for a loan and you have a closing date set.
Have the financial institution issue a check that does not have your personal name on it anywhere. If anything, it should have the name of your LLC. Closing can be very simple, do not go! When choosing a real estate agent, choose one that respects your privacy. I recommend meeting with a few at first. The one that has a million questions about you and your life should be avoided. The one that is focused on finding the right house instead of wanting to know everywhere you have ever lived and worked should be hired. Your agent can complete the closing process for you. While you, or a nominee, will have to sign a deed at some point, this can be done ahead of time and submitted by the agent. Not being present at the closing eliminates the awkward situation of why your are not disclosing your name. I know a few people who never even told their agent their real name. All closing paperwork will be in the name of the LLC. For more details than this, you really need to read the book How To Be Invisible. As long as the paperwork is focused on the LLC name, the property taxes will also be in the LLC name. This huge step prohibits many of the data mining companies from tying you to your home. Also, never use your new address for personal mail. Anything that is in your name should go to a PO Box (not the address of your business).
Once you are in your home, you need utilities. You should call them up and tell them that the company that you work for just purchased a property that needs power (water, cable, etc). Advise them of the name of the LLC and the address for the service. They will probably ask for a name and SSN. Advise them that it is owned by a business, and you can provide the FEIN number for that business. Since they will not be able to complete a credit check, they will probably want a credit card on file and one month deposit. Supply them with the LLC debit card number, the LLC name on the card, and authorize the deposit to be taken from that. Stand your ground and you should have no problems. Also have the service send your bills to the PO Box that you set up for the LLC. This is just one more layer of privacy protection. Do not give your real name to any of these services, it will appear in public databases and announce your new residence location. Use the checks from your LLC account to pay the bills, or the debit card that you leave in their file. Be sure to keep enough money in the account!
Vehicles are even easier. Again, cash is always preferred. Pay at the dealer or to the private owner with a cashier’s check. Sign the title to the LLC, and you are done. Instead of registering it at the DMV, take it to a private titling company. It will cost an extra $20, but it will be smoother and easier to hold back a personal name. If you must get a loan, I would use the same institution as the home loan. No need to put your name out there any more. Make sure that you keep the title and the registration in the LLC name. Nothing should reflect your personal name anywhere with the vehicle. Use the PO Box for the address. Most states will not allow a personal vehicle to be registered at a PO Box, but businesses can often slide by this when using a private title company.
I want to stress something one last time. If you are at all serious about any of this, start doing your homework now. Buy the books “How To Be Invisible” by JJ Luna, How To Disappear by Frank Ahearn, and How To Use Limited Liability Companies by Garrett Sutton. I have links on my page here. These books MUST be on your bookshelf for reference. All of them can be purchased for less than $50. 
I hope that these posts have given you some sort of guide as to enhanced protection of your privacy. Maybe this sparked an interest in a few of you. As the questions keep coming in, I may post some Q&A in a separate post. JJ Luna maintains an online forum here that could be very useful to you as well.
If you represent a company, group, or police training unit, please contact me about the sessions that I offer for privacy consultation.
Filed under General, Hacking, ID Theft, Law Enforcement, Parents | Comments Off
How To Be Invisible – Part Two
Posted on October 31st, 2011
In the last post, I discussed some steps to take that will “clean up” some of your private information. Now, I want to take it to the next level. Properly using the following techniques can guarantee that your private information, such as where you live, can remain private forever.
First, I offer a warning. This information may seem like overkill to you. You may read this and think “What type of paranoid person goes through that much trouble to hide where they live?”. I accept that these steps are extreme. Who do I recommend this for? I only present this seminar to Law Enforcement. Specifically, I encourage covert Officers, drug unit employees, task force Officers, and anyone else that may become a target of attack to consider this proposal. Others could benefit as well including politicians, attorneys, celebrities, judges, stalking victims, abused subjects and anyone else that prefers control of their privacy.
Again, I highly recommend the book “How To Be Invisible” by JJ Luna. If any of this interests you, this book MUST be on your bookshelf. I reference this guide constantly. There is a link to order through Amazon HERE. This book will explain much more detail than I can in a blog post.
The trick to permanently protecting your privacy is to purchase any assets, especially your home, in the name of an LLC. Every state offers the ability to register a business as an LLC, however I only recommend New Mexico. New Mexico offers a truly anonymous LLC. Most states, such as Illinois, require your name, home address, and identification to register an LLC. This information then becomes public data that anyone can view. Using an Illinois LLC for privacy simply makes no sense, it does not offer any protection and allows anyone to still identify your home and vehicles.
The New Mexico LLC is not tied to your name at all. You use an LLC Agent which will register the LLC with the state and remain on record as a contact. If for some reason that LLC was served official paper, such as a subpoena, the Agent would contact you through email. New Mexico does not require a yearly report or a list of members. New Mexico is the only state that offers this type of privacy. This is extremely affordable, about $100 per year.
Once you purchase your LLC, you will receive some official paperwork from your agent. The Articles of Organization will identify the name of your LLC and possess an official stamp from the New Mexico Corporation Bureau. It will be signed by your Agent. The Certification of Organization is a state document with your LLC name, business number, and date signed by the chairman of the Office of Public Regulation Commission. Possession of these documents is the ownership of this LLC. The state of New Mexico does not even know who actually owns them, they only know the name of the Agent.
It is vital to pick an Agent that will protect your privacy and complete everything legally. I only recommend one Agent for this task. Her name is Rosie Enriquez Sanchez, and she is heavily affiliated with JJ Luna, the man that wrote the book on this. Her job is to obtain the LLC’s legally and maintain them as long as you want them on the record. You can read more about her services HERE. I personally own an LLC that she maintains for me. You will not find an agent that is more responsive or more affordable than her.
When you choose to buy an LLC, you have two options. You can pick the name that you want or order a “shelf” LLC. This shelf LLC has already been set up and is ready to go. It is sent to you right away, and you do not have to wait to have your new custom name approved and registered. If you email Rosie, she will send you a list of all of the shelf LLC business names that she currently has available. I prefer this option for two reasons. First, it is much quicker (and cheaper). Second, this prevents you from picking a business name that may be identified as belonging to you. In my case, I don’t want a business name such as “Mike Bazzell LLC” or even “Computer Crime Info LLC” as these would allow someone to figure out that my “invisible” LLC belongs to me. When you get a shelf LLC, you can pick one out that does not have anything to do with you.
By now you have purchased your shelf LLC and have your paperwork. You are now the owner of that New Mexico LLC. You will never use this for income, and you will not be operating an actual business within your state, so you do not have to register the LLC with your home state. You can now purchase a home, real estate, vehicle, or just about anything else using the name of the LLC. By doing this, you eliminate the possibility of someone figuring out where you (and your family) live.
The next step is something that I do that many privacy advocates disagree with. I register the LLC with the IRS under my own SSN. I prefer this for several reasons. First, this creates a Federal Employee Identification Number (FEIN) attached to my LLC. This number will make it much easier to get a free checking account in my business name. Second, this gives me another layer of protection in case there is ever any question about the owner of any assets that I purchase. When you purchase your home in the name of an LLC, and you attach the FEIN number to it, that number will always return to you through the IRS. The IRS does not share this info with anyone, but you could use it if you need to prove ownership. Finally, having the FEIN number makes it easier to have utilities billed to your business, which is vital to protecting the privacy of your home (more on that later). My goal in privacy protection is not to hide from the government, only to hide from any person or business that has an internet connection. Therefore, I recommend obtaining the FEIN number.
Now you have an LLC and a FEIN number. It is time to get a bank account. I prefer local credit unions, but you can create an account anywhere. Tell the institution that you want to open a business checking account and provide the paperwork mentioned above as well as the FEIN number. They will want to know the name associated with the account. You can either provide your own name or use a “nominee”. If you provide your name, you are now tying the LLC to you, and that could create a problem. I recommend having a nominee that you trust go with you and sign the form. In my case, I took a trusted relative with a different last name. This person had to provide an ID but did not have to give a SSN.
Before going to create the checking account, I created an operating agreement that designated this subject as a member of the LLC. This agreement is basically a contract identifying this relative as a legal member of the LLC. I recommend the last book in my list HERE. This book contains templates and instructions for this. After the account is created, you can choose to leave this agreement as-is, or make a new agreement identifying yourself as the member, nullifying the old agreement. Either way, you never have to change anything with the bank. Also, get your nominee’s signature as a rubber stamp so that when you receive your checks you are set to pay for anything you need from this account (that is not associated with you).
I think it may be time for a little housekeeping. I can imagine the questions you may be asking.
Will the bank share the account information with anyone?
-Only with a court order. If that happens, you have bigger problems than privacy.
How do I get free checking?
-Usually, you have to keep a $1000 deposit in the account to avoid any fees.
How do I put money in the LLC checking account?
-I deposit money from a personal check from my real account. This information is kept private unless a court order has been issued.
What address do I give the bank?
-Get either a PO Box or a commercial box at UPS or equivalent. You will have to provide your real name to the box holder, but that information is not viewable by the general public. Never use this address for anything with your name on it.
Can I change the owner of my current home to my LLC name to protect privacy?
-Yes and No. Yes, you can change the name on your property taxes and title. I do not recommend this. Once your house is in your name, there are several trails of this information that will always come back to you. Also, you have now just associated your new invisible LLC with your real name on a public record. I only recommend purchasing NEW assets with your LLC. I am not insinuating that we all go buy new houses. I am asking that when it is time to buy the next house or vehicle that you consider doing it anonymously.
I think this is enough for today. In the next post, I will tackle how to purchase your new home, ordering utilities, registering vehicles, and making sure that you use the appropriate addresses for various services.
Please realize that every piece of this method cannot be summarized here. Buy the book(s), it is worth the small investment.
Filed under General, Hacking, ID Theft, Law Enforcement, Parents | Comments Off
How To Be Invisible – Part One
Posted on October 28th, 2011
Recently in Champaign, IL, I was asked by “JW” to post some details about my talk on staying anonymous. During my 8 Hour Basic High Tech Investigation Techniques, I close the day by discussing how anyone can eliminate much of the private information about them, their family, their home, etc that is online. I also introduce them to the advanced methods of guaranteed privacy that I discuss at the end of the Advanced Course. I will now summarize the entire process through a series of blog posts. These are my experiences and should only be used as a guide to creating your own plan of protecting your privacy.
Let’s start with a discussion about why any of us would care to take the steps to remove ourselves from public view. Every day, several large databases that contain your personal information are sold and traded. These include your home address, phone number (even if unlisted), family members, vehicles, shopping habits, date of birth, SSN, court history, social networks, etc. I suspect that most of the people that read this blog would rather not have all of that information in the hands of anyone that has $6. I believe there are two specific levels of action that can be taken to help with this. The first level involves an attempt to remove as much as you can from the databases as well as remaining conscious of what new information you provide from now on. The second level takes advantage of “invisible” LLC’s that allow 100% TRUE anonymity when done correctly.
Before we go any further, I highly recommend the book “How To Be Invisible” by JJ Luna. If any of this interests you, this book MUST be on your bookshelf. I reference this guide constantly. There is a link to order through Amazon HERE. This book will explain much more detail than I can in a blog post.
For this first post, let’s concentrate on the first level of action. I keep an updated list of links to eliminate your personal information HERE. These will take you to the proper source for removing your personal information from each specific database or service. This can be time consuming, but is a mandatory step if you don’t want your private information traded and sold. This will NOT protect your home address and phone number from everyone, but will get you out of a lot of lists.
If you want to know what information is out there about you, I recommend my Self Background Check Links available HERE. These will give you a small glimpse of the personal info that is floating around about your life. There is not much you can do about most of it, unless it is incorrect. For example, if you find out that there are inaccurate insurance claims about you, you can request a correction. This can have a huge impact on insurance rates and credit reporting.
Next, it is time to re-visit the social networks that you and your family use. Those MySpace, Facebook, Twitter, and Google pages that have been fun to play with may tell more about you and your family than you care to share. Recently, a class attendee challenged me about what could possibly be gained by someone with bad intentions from her social networks. I quickly located her Facebook and Twitter pages, which linked me through an API to her Flickr account, which displayed photos of her children playing on a trampoline in her back yard. The EXIF data of these photos, taken with the daughter’s iPhone, displayed the GPS coordinates of her home, which was “unlisted”. Additionally, her Tweets all contained her GPS location each time she sent a message.
I recommend looking through all of the profiles of you and your family. If there is something inappropriate, delete it. If you are ready to quite the networks all together, check out seppukoo.com and suicidemachine.org.
Next, use the links on my site to get out of Google’s services and Data Mining public records. I also recommend a call to your tax accessor’s office and request to have your name removed from the online database of property tax info. They are not required to make your information private in the books, but they will at least make an internet search impossible. If the subject you contact is unhelpful, try again in a few hours or contact the IT department. Often, it will be a computer support person that will actually remove the data any way. After removal, test it out on your county’s website.
This will NOT make you impossible to find. The only true way to do that is to use an LLC the next time you move. If you have been in your current home for more than a year or so, there will always be data out there about you at that location. The next blog post will walk you through the LLC process.
Now comes the most important part of today’s post. Stop providing info to these services! Each time we fill out a survey or list our home address to win a prize, that info is added to a new database. If you are going to take the time to complete the steps above, don’t ruin all of your work by giving new info out.
Consider this the introduction to being invisible. Next post, I will explain the benefits of an “invisible” LLC.
Filed under General, Hacking, ID Theft, Law Enforcement, Parents | Comments Off
New Advanced Investigation Course
Posted on October 21st, 2011
For the past year, I have been teaching an eight hour class titled “New High Tech Investigation Techniques” for Mobile Training Units (MTU’s) nationwide. I have now created another eight hour class that adds to those techniques. This new advanced course contains all new content that expands on the basic online investigation techniques that are vital to any Officer’s arsenal of tools. This is a very full day of instruction intended on teaching a unique response to crime with unconventional free resources. Additionally, a session demonstrating how hackers are creating havoc will help deliver an educated response from an Officer to the victims of internet crime. Participants receive lifetime access to the Basic Investigations Resources and Advanced Investigations Portal areas of the site which include updated links, content, software, guides, and templates.
The entire course contents can be found HERE.
Filed under General, Law Enforcement | Comments Off
New OSINT Portal
Posted on September 11th, 2011
The most requested training course that I provide is the 8 hour New High Tech Investigation Techniques. This class is for Law Enforcement / Government only, and provides over 270 online resources that help in any type of investigation. This weekend, I redesigned the portal that allows access to all of the resources. This new design is easier to navigate and includes more resources than ever. Additionally, it allows for immediate updates when I find new resources and add them to my own arsenal. If you had access to this before, the links should forward automatically. If you do not have access, and are LE / Government, click for access here.
Lately, I have been overwhelmed with requests for a similar course and portal for the private sector. The course, Online Investigations for the Private Sector is complete. This course can range from three to eight hours, depending on your needs. All attendees will be granted access to a customized area of my site, only visible to them, with links to all of the resources discussed in the training session. Several companies have offered this session to their security and investigations staff and have reported much success with the techniques. If you are interested in this training and access to the portal, please contact me.
Filed under General, Law Enforcement | Comments Off
Credit Freeze Q & A
Posted on August 21st, 2011
I received a lot of email after my previous post on how to use a credit freeze. I thought I would post the most common questions here so that I could elaborate to everyone.
Q: How long did it take each of the credit bureaus to respond to your request?
A: After sending my requests via certified mail, and receiving the confirmation of delivery, I received a response from Transunion within three days, Equifax within four days, and Experian within eight days.
Q: I placed a credit freeze on my account, but I want to open a new loan for a vehicle. Should I temporarily remove the freeze or use the one-time PIN number?
A: I recommend you contact the handler of the loan and request which service they use for credit history information. I would then contact that credit bureau and issue a single-use password that can be used by the loan company to retrieve your information.
Q: Will this stop the credit card offers I get in the mail?
A: Yes (and no). This should drastically reduce the amount of credit card offers you receive. It may not stop offers from companies that you currently have cards through, as they still have access to your information. If your only motive is to stop the unwanted credit card offers, I recommend that you opt out of these offers at optoutprescreen.com. This will add you to a “do not call” style of database that will prevent companies from sending the offers. In my experience, this takes about five weeks to take effect.
Q: After applying my credit freeze, I received a notification that a fraud alert had also been placed on my account, what does this mean?
A: For some reason, Experian adds an additional fraud alert after it adds the credit freeze. This is overkill, and will not affect you in any way. The fraud alert will only be seen by a creditor if you lift the freeze, and will cause the creditor to take additional steps to verify your identity. This is not a bad thing, but not essential. These alerts expire in seven years.
Q: My debit card was recently “hacked”. What else should I be doing to stay safe.
A: Very loaded question. Future blog posts will identify how most debit card numbers are stolen and how to stop the cycle. Stay tuned!
Use a Credit Freeze to stop ID Theft
Posted on August 4th, 2011
People often ask me about paid services such as Lifelock and Identity Guard, and how effective they are at protecting your identity. These services can be very effective, but you pay quite a premium for that protection. Personally, I simply freeze my credit. It’s easy, usually free, and reversible. What is all this frozen credit nonsense? Wikipedia says it best:
“A credit freeze, also known as a credit report freeze, a credit report lock down, a credit lock down, a credit lock or a security freeze, allows an individual to control how a U.S. consumer reporting agency (also known as credit bureau: Equifax, Experian, TransUnion) is able to sell his or her data. The credit freeze locks the data at the consumer reporting agency until an individual gives permission for the release of the data.”
Basically, if your information stored by the three credit reporting bureaus is not available, no institution will allow the creation of a new account to your identity. No credit cards, bank accounts, etc. If someone decides to use your identity, but cannot open any new services, they will find someone else to exploit. I can think of no better motivation to freeze your credit than knowing that no one, even yourself, can open new lines of credit in your name. This does NOT effect your current accounts or credit score.
Credit freezes are extremely easy today thanks to State laws that mandate the credit bureaus cooperation. I will walk you through the process.
The first step will determine whether your credit freeze will cost you any money. The fee for the freeze is $10 for each of the three bureaus ($30). While this is well worth the protection, most states have a law that entitles identity theft victims a waiver of this fee. There is a great comparison of state laws on this at THIS LINK. Currently, each of the three credit bureaus voluntarily waive this fee for victims of identity theft. A large portion of my readers have had some type of fraudulent financial activity. This may be an unlawful charge to a debit or credit card, or something more serious such as someone opening an account in your name. If you have had any fraudulent charges or activity, contact your local police to obtain a police report. Many departments, such as mine, have a form that the victim completes which becomes the report. Request a copy when complete including a case number.
Complete three packets that will be mailed certified mail. One will go to each of the three credit bureaus. Each packet will include the following.
A letter requesting the credit freeze. This letter should include the following information.
Official Request
Full Name
Full Address
Social Security Number
Date of Birth
A sample letter appears below.
Include a copy of your police report if you have one. If you do not have a police report, and do not want the $30 fee waived, you can complete the entire process online at the EACH following three sites.
https://www.experian.com/consumer/cac/InvalidateSession.do?code=FREEZE
https://annualcreditreport.transunion.com/fa/securityFreeze/landing
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
Enclose a copy of your valid driver’s license or State ID, and a copy of pay stub, utility bill, insurance statement, or another official document that proves your identity. I made a copy of my license and a pay stub, and included this copy to each of the three requests.
These three packets will be addressed to:
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
Experian Security Freeze
PO Box 9554
Allen, TX 75013
TransUnion
Fraud Victim Assistance Department
PO Box 6790
Fullerton, CA 92834
Next, I recommend obtaining a copy of your current credit report, before it is frozen, at http://annualcreditreport.com. Look over this closely, and make sure everything is accurate.
Within a few weeks, sometimes sooner, you will receive a package from each of these bureaus confirming your credit freeze. They will also include a PIN number that you need to keep. This number will be required if you ever want to temporarily or permanently reverse the credit freeze.
If you want to reverse the credit freeze, you can do this online at the above websites. There will be a $10 fee per agency to do this. If you want this fee waived, you need to submit the request via mail again and include another copy of the police report. A temporary freeze would be done in the case that you want to establish new credit such as a credit card or loan. Be sure to generate this temporary reversal prior to the loan request, otherwise your loan may be denied. A permanent reversal will completely stop the freeze,and your account will be back to normal. Again, there is that $10 fee each time, which can be waived with a police report.
Unless you are constantly opening new lines of credit or use your credit to purchase real estate often, I highly recommend a credit freeze. It is simply the most effective way of stopping people from using your identity for financial gain. Lately, people are reporting that their under-age children are becoming ID theft victims. This freeze could apply to them as well. This will NOT stop someone from stealing your current credit card numbers. I have tips for that coming soon.
Searching Google Plus
Posted on July 30th, 2011
Google Plus is Google’s latest effort at social networking. Their previous attempts with Google Profiles and Google Buzz never quite gained the attention that was desired. Google Plus is well on its way to achieving that attention. While it is still in beta, and one must have a private invite from another member to join, it is climbing steadily at 25 million users. The reviews are favorable and many experts believe it will join Twitter and Facebook as one of the premium social networks. The exploitation of the search is fairly easy.
Navigating to plus.google.com will only present a notification about the service and announce it as invite only. There are no ways to search from this page. Typing “site:plus.google.com john williams” into a Google search will get you several results, but not all of them. They are also presented in a standard view without photos to identify the target.
Google public profiles allowed a custom search of all public profiles with the following string:
http://www.google.com/search?hl=en-US&tbs=prfl:0&q=john+williams&authuser=0
By changing the “prfl:0″ to “prfl:e”, this will force Google to only load Google Plus profiles, including the profile photo next to each entry:
http://www.google.com/search?hl=en-US&tbs=prfl:e&q=john+williams&authuser=0
You can now use this search bar to search further Google Plus profiles. Clicking a profile will display all of the content, defaulting to the Posts page.
The About section will usually reveal employment information, historical living regions, and education.
Aside from entering this URL manually, there are a few sites that attempt a similar search:
http://www.findpeopleonplus.com/
http://searchgooglepl.us/
http://www.gpeep.com/
http://gplussearch.com/
http://googleplussearch.chromefans.org/
I have found that none of these provide results as complete as the URL trick, but they are all worth a look.
Filed under General, Hacking, Law Enforcement, Parents | Comments Off
Online Investigations for the Private Sector
Posted on July 24th, 2011
I have a new full day training session called “Online Investigations for the Private Sector”. This is similar to my Law Enforcement course, but is designed to fit the needs of private organizations that use the internet to conduct various corporate investigations. This may include large corporations that investigate employee issues, product information leaks, threats, or the “chatter” of a competitor. Small organizations can use this as well to recruit and hire employees, identify risks with current staff, or as a tool to monitor their business on the internet. Preferably a full day, this training explains over 200 web sites that can be used to find all publicly available information on a target name or business. Techniques for finding information that is assumed “private” will be demonstrated on many social networks. Additionally, free software applications are presented to automate the process of gathering data.
Please contact me if you would like more information or to reserve a date for your event.
Filed under General | Comments Off
Twitter Search & Investigative Tips Part 2
Posted on March 25th, 2011
Last week, I posted my guide to the advanced search of Twitter. This can be read here. This week, I will wrap up the Twitter information and demonstrate a new tool for Geo data.
Before showing a couple of advanced tools, I want to discuss something basic that I forgot to mention in the last post. Yesterday, one of the attendees of a session asked “How do you locate someone’s Twitter name?”. Surprisingly, Twitter does not make this obvious. The official way is to use the Twitter “Who To Follow” search option. Unfortunately, you must be logged in to Twitter to access this. Create your fake (or real) account and navigate to:
http://twitter.com/#!/who_to_follow
Once there, enter a real name, screen name, or possible Twitter name and you should get results to choose from. Do you want something more simple? Head to Twellow or Tweepz. Both will allow you to search by real name, partial name, or screen name, and a login is not necessary.
The techniques discussed in the last post involved analysis of the meta data embedded into every tweet. A great summary of this data is available in Raffi Krikorian’s “Map of a Tweet“. Here is a quick view of a portion of this analysis.
This document displays all of the meta data including the user’s ID number, join date, location, user settings, geo location, and more. Most of this information can be seen on the user’s profile, but not all of it. This information is coming from Twitter’s Application Programming Interface (API). Using the following link, we can see this data:
http://api.twitter.com/1/statuses/user_timeline/compcrimeinfo.xml?include_entities=true&trim_user=false%22
This example is pointed to my Twitter feed. To look at someone’s feed, you would simply change “compcrimeinfo” to the exact user name of your target. This will display the API information of that person’s entire current Twitter feed within your browser.
If the user has the geo location enabled, you will see the GPS coordinates of each Tweet. This is useful, but I prefer to use a free program that will take care of this work for me. Please meet Creepy. Creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information. Here is a screen shot.
Basically, enter any user’s Twitter name, and Creepy fetches the Tweets, maps them out using a Google map, and displays not only each location, but matches it up to the actual message. This application will also work with a Flickr account. It will identify GPS information embedded into the EXIF data of the photographs shared through the site. I have an older post about EXIF data here. You can download Creepy here.
Anybody deleting their Twitter account now?
Filed under General, Hacking, Law Enforcement, Parents | Comments Off
Twitter Search & Investigative Tips
Posted on March 14th, 2011
Last week, I posted my Facebook Search & Investigative Tips. This week, I will tackle Twitter. Twitter is a micro-blogging service where people can send messages, or “Tweets”, of up to 140 characters. Twitter is predicted to have 200 million users in 2011. While most of the messages are unimportant babbling, there is a huge potential of evidence for the investigator.
The most common search area for Twitter is the Twitter home page or the Twitter search page. These pages offer a single search box which can search users and topics. Since this is too broad, I prefer the Twitter advanced search page.
This page allows for detailed search for specific content, people, places, dates, and other options. This is a great stop in order to identify a target’s Twitter user name. These user names are not typically a real name, and all must be unique without spaces. I will usually start by setting a 5 mile radius around the city the target resides in, and begin searching for key words that I believe this subject could be posting about. Once a user name is located, clicking the name will lead you to the recent history of posts from the user. These will all be date and time stamped.
For most users, this is sufficient. This can locate Tweets about specific content from a single user. The “places” option is helpful, but too broad. I can input a city or zip code, and it will search Tweets sent from within a radius of that city that can be set as low as one mile. This is great, but not good enough.
Before we jump into searching by GPS, let’s look at how Twitter knows where you are. Any time you send a Tweet, Twitter tries to identify where you are. If you are using a GPS enabled phone, Twitter will pull your GPS coordinates, or last known GPS, from the phone and attach it to the metadata of the Tweet. While some people choose to publicly share their GPS location on their messages, many do not display the information on their page. Even if you do not display the information publicly, the coordinates are still embedded onto each message in the Application Programming Interface (API). If it is there, we can still get access to it. If your GPS is disabled, Twitter can make estimates of your location based on IP address or cellular connection.
Knowing this, I wanted to get the most precise information I could about the location of the user when each message was sent. I tend to do things the hard way at first, and then discover an easier solution. I began playing with the URL of a search on Twitter to designate a GPS location.
First, I needed some GPS coordinates to play with. I went to Google Maps, typed in the address of the Alton Police Department, right clicked the pointer icon that identified the location, and choose “What’s Here” on the menu. This will populate the search area with the GPS coordinates of your location of interest. This is a simple way to find out the GPS coordinates of any address.
Now that I have the coordinates I want, here is my URL I will search:
http://search.twitter.com/search.atom?geocode=38.888349%2C-90.160571%2C1mi
You will notice that the GPS coordinates are seperated by “%2C”, as well as the last three characters which identify how many miles of a radius. This URL, which goes directly into the address bar of the browser, will search for any Tweets sent from within one mile of the GPS of the Police Station. The results were impressive.
These posts were from a hospital three blocks from the Police Station. This search string was limited to 15 posts, so I added “&rpp=100″ in order to pull the 100 most recent posts:
http://search.twitter.com/search.atom?geocode=38.888349%2C-90.160571%2C1mi&rpp=100
This provided all Twitter posts, over the past 10 days, which were made from devices that had known GPS coordinates within one mile of my location. Since the Twitter advanced search does not allow for this type of search, and I do not want to formulate a URL every time, I created my own Twitter Advanced Search page on my site. This has all of the features of the official search, but I added a GPS feature that will allow for detailed location searches.
Basically, you just copy and paste the exact GPS location that you retrieve from Google maps, add a comma, and add the number of miles that you want to search. Alternatively, you can add the number of kilometers by changing the “mi” to “km”. This will provide the exact same result as the URL based search.
These searches can lead to overwhelming evidence in a case. Location can be vital, but often the written content can be the most important part of the message. So far, all of these methods will only search the past 10 days worth of traffic. If we want older information, we need alternative sources.
Snapbird does not search the current 10 day time-line of Twitter, however, it will display older Tweets. Usually, I can find about 30 days worth of Twitter archive, and I can search by topic or user name. I rarely use Snapbird since I believe that Google’s service is superior. In Google, I can type a twitter user name or any topic followed by “site:twitter.com” (without the quotes). On the left side menu, there is a section below the main menu that can be expanded. In this section, is an option called “Latest”. This will provide a search for all posts, in the current and past time-line, that contain my topic. This will even refresh every second to provide a live stream of content relative to my interest. If you input a user name, you can watch live as that user submits and receives messages.
If you have a specific time period that you want to view messages from, select the “Custom Range” option on the left. This will allow the entry of specific dates to display messages of your search topic. Here is the same search above, but limited to specific dates.
Google will allow you to play with the search terms and user names while adjusting the dates. In my Law Enforcement sessions, I discuss specific ways that this can be used to investigate many types of incidents.
In my next blog post, I will discuss two free programs to take all of a user’s Tweets, including the attached photos, and map them out geographically. One program allows you to see all Twitter posts coming from a specific area, while the other focuses on a user’s Tweet history to map out their past.
Filed under General, Law Enforcement, Parents | Comments Off
Newsletter Signup Fixed
Posted on March 10th, 2011
Apparently, my newsletter sign-up process was broken, but it is now working. If you signed up for the newsletter and did not receive an email confirmation, please sign-up again on my home page. Thanks, and my apologies.
Filed under Uncategorized | Comments Off
Facebook Search & Investigative Tips
Posted on March 4th, 2011
The most common investigative request I receive is for information about Facebook. With over 500 million active users, it seems that everyone now has an account. Let’s look at the options.
If you have a name, searching Facebook is quite easy. Unfortunately, you must be logged in to a Facebook account to search and view profiles. Creating a real or fake account is easy, and I maintain a tutorial video here. To search a name, simply begin typing the name into the top search box on the page. It should look like this:
If you see the desired subject, you can click on the name. I do not recommend this, as you may have the wrong subject. Instead, click the “See more results…” link at the bottom. This will display the profiles that match your name. You may need to scroll down and click “See more results” for common names. If you are overwhelmed with options, click the “People” link on the left menu. This will allow you to filter by Location, Education, or Workplace. The most common use here is to type in the location of your target. This will help narrow down the results.
Now you can browse through the profiles. If you do not want to create an account, you can use sites like Facebook-Search or Open Facebook Search to search without logging in. This has worked for me in the past, but there are other options.
Facebook Advanced Search will allow you to search with many options. This requires you to be logged into an account to work. Start by clicking on the “Find People” tab. This will allow a search using ANY of the following: Name, School, City, Gender, Age (Min & Max), Relationship, DOB, etc. You can even search for people within a specified radius of a zip code. This is beneficial when you are not sure which local city was listed.
Clicking on the “Posts” tab will allow you to search within “Wall” posts by keyword. This is similar to the site Your Open Book. An example here would be to search a phone number. If any user ever listed that number on a Wall post, you would get a result which would identify the person’s name and profile. I have been very successful in the past using this method to identify unknown cell numbers. I encourage you to play around with this feature. This only searches the posted content, not the name of the person posting. If your target was mentioned in a post, it would find that. I maintain a video showing full details of this app HERE. Alos try the Your Open Book, as it occasionally obtains different results. If searching phone numbers, don’t use dashes, just the last four and middle three.
Between Facebook, Advanced Search, Open Facebook Search, and Your Open Book, you should easily find the content if it is out there. If you find a profile that is blocked, and the “Post” search tools did not yield results, there are still options.
If you want to locate photos from a blocked profile, open the user’s “Friends” list. I usually filter by the last name of the target. This will identify relatives that the target communicates with. Click on their profiles and go to the Wall section. Keep scrolling and clicking the “older posts” until you see photos that the person was tagged in. These will be photo albums of other users, possibly your target. Once you see a tagged photo from your target’s photo album, click it. This will open Facebook’s new photo viewer, which we do not want. Once this is open, hit the F5 key on your keyboard. This will refresh the page, close the photo viewer, and you will now be in the original photo album of your target. You can browse all photos even though their profile is private.
Here is a poor and obviously staged example. I have a private Facebook page HERE. There are no photos shared to the public. If you click on my only friend “John”, you will go to his page. Since his Wall is public, you can click on it and see posts. One post announces that I tagged him in my (private) photo album. By clicking on the word “album” directly after my name, you will now have access to all of my photos, even though they are not on my public profile.
In summary, if your original target of interest has a photo album, and he or she has “tagged” a person that has a public “wall”, you will eventually receive a live link to the original target’s photo album. On several occasions, this has been an easy and legal way to browse photos of subjects that have blocked their profile. This may take some time, but persistence will pay off.
Finally, if all else fails, I use a subpoena. Obviously, this applies to Law Enforcement. Facebook can be tricky about the wording that is required. If you do not use the right language, you will probably receive nothing or a response without content. For a copy of the Facebook LE guide, click HERE. This will explain the detail, but here is a summary.
The first part of this is to get a subpoena to send to Facebook. This subpoena should have the following language (using your target’s profile number). “Any and all records identified in relation to Facebook profile ID of 123456789 to include a full Neoprint of user ID 123456789, Photoprint of user ID 123456789, User Contact Info of user ID 1123456789, and IP Log of user ID 123456789″ A full copy of a sample subpoena can be found HERE. After this is sent, Facebook requests an email be sent to them with your info and the profile number of the requested target. This will allow them to send you an email with the results, which is faster than Postal. Below is an example of how the email should look.
Usually, a response will arrive in 2-4 weeks. If you have an exigent circumstance, such as an abduction, you should send an email to subpoena@fb.com with the subject “EMERGENCY MATTER”. You can also call 650- 543-4938, but this will only allow you to leave a message. If you have an ABSOLUTE dire emergency, contact me and I can help.
I hope this helps. I will continue to post search tips for other sites.
Filed under General, Law Enforcement, Parents | Comments Off
Copy machines can be a huge security risk
Posted on February 28th, 2011
Lately, many of my audiences have asked about the potential of their copy machines storing and releasing private data. Well, the potential is HUGE. I believe that the awareness is present due to a piece by CBS News. Here is the video:
This video describes how easy it was for reporters to obtain digital scans of every document copied in several copy machines. Fortunately, most manufacturers provide exact instructions on how to clear this data, so check your machine’s manual before you get rid of it.
My recommendation to businesses that are getting ready to upgrade or replace the copy machine is simple. When the salesperson has you sign the contract for the new purchase or lease, demand language be added that mandates that the hard drive from the old copier is left in your possession. This eliminates the need for you to remove it yourself. Most sales people will not think twice about this minor detail, especially when they are close to having the sale.
Want more videos? Head to my video page.