Open Source Intelligence (OSINT) Updates

Posted on October 24th, 2014

In the past two months, we conducted several Three-day OSINT Training Sessions in the United States, and enrolled many new members into the Online Training Course. Attendees of both receive the brand new Software Pack that now contains 40 applications to help automate the collection of online information. We will be at Black Hat in DC for a Two Day Boot Camp for OSINT in December, early discounted registration is now open.

Updated OSINT resources for October 2014

Custom Docs Search – Conducts several searches at once
Email Assumptions
– Generate possible email addresses
PDF Geni
– PDF Search is back
Keyword Too
l – Identify related searches
Google Map Alerts
– Be alerted when a satellite image is updated
Historic Aerials
– Old aerial views
Mention Alerts
– Google Alerts alternative
Website Doubler
– View two sites at once for screengrabs
NowTweets
– Beta only, but promising
Instagrin
– Instagram filtering
Username Search
– New service for user name search
Harmari Search
– Craigslist search option
10digits
– Telephone lookup
Domain History
– Domain registration history
Whoisology
– Domain tool
Domain Dossier
- Domain Tool
You Got the News
– Google News Search
Websdr
- Live controllable RF scanners
Video Meta Data
– Video reverse image searching
Boat, Yacht, Ship Owners List
- Boat details
Live Ships Map
 – Boat locations

We are currently running a promotion for new members to the Online Training Course. Until the end of the year, you can take 25% off either the monthly or yearly training option here:

http://inteltechniques.com/25

Thank you for the interest!

MB

 

 

Filed under Uncategorized | Comments Off

Open Source Intelligence (OSINT) Updates

Posted on May 6th, 2014

The past month has been busy. We conducted several Two-day OSINT Training Sessions in Canada and the United States, and enrolled many new members into the Online Training Course. Attendees of both receive the brand new Software Pack that now contains 42 applications to help automate the collection of online information. The latest apps allow you to play practically any acquired video (even those with weird codecs), extract every image frame, and convert the video to a standard format for future use. The custom browsers have been updated and the overall pack has been simplified for easier use.

Updated OSINT resources for May 2014

Google Discussions (Returns discussion search functionality)
Google Scholar (Great for case law and citations)
Google Advanced Patents (Advanced search of patent info)
Bing Images (Now supports reverse image search)
Cached Pages (Additional cached page options)
Archive Today (Archive snapshots of popular pages)
Izitru (Identifies manipulated photos)
FollerMe (Twitter Analytics – Start Date/Location/Archive)
FollowerWonk Bios (Locate profiles by interest/location/etc)
BuiltWith (Identify tech behind a website)
StatsCrop (Details about a website / Time up)
Amazon Wishlist (Locate people’s Amazon items by name)
Android SnapChat (Emulator to interact with SnapChat/Search by Phone

We are currently running a promotion for new members to the Online Training Course. Until the end of the month, you can take 25% off either the monthly or yearly training option here:

http://inteltechniques.com/25

Thank you for the interest!

MB

Filed under Uncategorized | Comments Off

Huge “Hiding from the Internet” Updates

Posted on July 12th, 2013

Exactly one year ago, Hiding from the Internet was published. It discussed the ways that you can remove publicly available information about yourself from the internet and private companies. Since then, a lot has changed. Some of the links in the book are no longer accurate, many companies have merged, and new services have arrived that expose your details. Over the past two weeks, my assistant and I worked through the entire book and updated every link. We also added a few new services. Instead of a new edition, I decided to revise the current version. Any books ordered from today forward will receive the newest revision. However, if you already own the book, you do not need to buy another copy! We also updated every link on my website to reflect the changes in the book. All of these links can be found HERE.

Many of you have asked about an electronic version. This is also ready to go, and you can download the book to your Kindle or iPad HERE. The link to both the print and electronic version is HERE. Amazon is offering a discount on the print version with free shipping, and the electronic version is $9.99.

Whether you own the book, just downloaded your new version, or want to attempt the links without the book, please consider using these free resources to protect your privacy.

 

 

Filed under Uncategorized | Comments Off

Newsletter Signup Fixed

Posted on March 10th, 2011

Apparently, my newsletter sign-up process was broken, but it is now working. If you signed up for the newsletter and did not receive an email confirmation, please sign-up again on my home page. Thanks, and my apologies.

Filed under Uncategorized | Comments Off

Very relevant article

Posted on February 28th, 2011

A previous attendee of one of my sessions on how computer criminals steal your identity pointed out an article that described some familiar techniques. The full article can be read here:

LINK

Basically, this article discusses how Tobechi Onwuhara used computer crime, hacking, and social engineering to scam millions. Two excerpts from the article that described techniques that I have been discussing for years are below.

“Using ListSource, a direct-marketing company, he’d collect mortgage information on married couples with million-dollar homes. They qualified for high HELOCs. He’d find lease or loan papers through public databases and pay sites, then use Photoshop to grab homeowners’ signatures off documents. Next, he’d build a profile of the victim by paying for a background search through skip-tracing sites. That would give him birth dates, Social Security numbers, names of relatives, previous addresses, employment histories, and more. To get a mother’s maiden name he would use Ancestry.com.”

“Profile in hand, he would run a credit check on victims through annualcreditreport.com, a website set up by the big three credit-reporting agencies. Onwuhara had discovered a flaw in the Experian portion of the site, which screened users with a personalized security question and several multiple-choice answers. Users had to click on the correct answer to proceed. But when Onwuhara refreshed his browser, he found that the site replaced certain answers with new ones. Clearly, these were red herrings. Onwuhara knew the correct answer to the security question would appear persistently on screen as he refreshed. Enough refreshing would eventually reveal the true answer and allow Onwuhara to access reports. (A spokesman for Experian says that the company is cooperating with law enforcement authorities and that “since this case we have refined our security protocol.”) The reports provided Onwuhara with details about the victim’s HELOC. He preferred credit union HELOCs: They were soft targets.

At this point artistry came into play. Onwuhara used a phone service called SpoofCard to make any number he wanted appear in a caller ID. This was key to his scam. With SpoofCard, Onwuhara could fool financial institutions into thinking his call originated from the victim’s phone. Onwuhara knew the system. He knew the questions he’d get. Usually he had the answers, along with account numbers, balances, and passwords. Altering his gravelly voice like a professional actor, he could switch ethnicity, age, and accent on a whim. A customer service rep was easy prey.”

The entire article is fascinating, and worth the read.

Filed under Uncategorized | Comments Off

New Online Information Links

Posted on July 20th, 2010

I have updated the master list of online information resources. This is the list of over 145 websites that can be useful in finding personal information about individuals and businesses. The entire list can be found HERE.

One of the new entries that I am excited about is PicFog. PicFog is a site that monitors all of the photos being transmitted through Twitter. The home page is a constant stream of photos, and search options allow you to filter by location, user name, or keyword. Below is an excerpt of over 200 photos that were recently uploaded from St. Louis, MO.

Because I am always entertained by the amount of people that post their meals online, I conducted a search for “lunch” and found hundreds of photos of the meals that people were eating right now.

WARNING! Some of the photos may include nudity and inappropriate behavior. Search at your own risk.

Another great site that I added is The Ripoff Report. This site catalogs both the businesses and individuals that have been reported to conduct fraudulent activity. Reports may include scams, illegal businesses, and various individuals that have ripped off people using auction sites. A quick stop at this site could provide great intelligence on your target.

23 more links were added. Take a look and see if anything may be useful to you in identifying information about your children, potential employees, your business, your competitor, or maybe the new neighbor!

Contact me if you have any questions, or if you know of a site that I have not included.

Filed under Uncategorized | Comments Off

Locating items stolen from a burglary

Posted on July 11th, 2010

An audience member of a recent presentation in Chicago asked me how she could locate items that had been stolen from her during a recent burglary at her home. There are several techniques that could be applied here, and I will explain the most common. Possessing a list of detailed information about the item will be important, such as make, model, and any characteristics of the item.

Many thieves will no longer attempt to sell stolen items at a pawn shop. These businesses now provide electronic data of all transactions to law enforcement, making it easier than ever to identify a criminal. Now, they go to the internet. Bold thieves will list the item on an online auction site such as ebay and offer to ship the goods. Searching ebay is easy, and the advanced search is very valuable. For this entire post, let’s assume that a Canon 40D camera is the item stolen. A search on ebay reveals 11,267 current auctions for this camera:

 

 

 

This is way too many to sort through. Using the Advanced Search option allows us to only search for cameras in an immediate geographical area:

 

 

 

 

This now brings us to 44 results, which is much more manageable:

 

 

 

As an Investigator, I would now look through these posts and look for any physical characteristics in the photos, such as a scratch, that may identify the camera. I may also click on the person’s user name and browse the other items being sold, which may also be stolen goods. If I see a guy selling 22 car stereos with exposed wiring, I think I might be on the right track. Keep in mind, these are only CURRENT auctions, not past sales. In order to view previous auctions, look down on the left menu and check “Show only completed listings”. This can be combined with the geographical option to only view previous auctions for a specific item in your town.

Most thieves now avoid ebay because all transactions are documented forever, and valid banking information must be provided by the thief. This information can be given to law enforcement for a speedy arrest. Now, thieves have found Craigslist as an easy avenue to sell stolen goods. Navigating to craigslist.org and then checking your local area (mine is St. Louis), will present you with a search box ready for a search term. Searching for our camera yielded six results, which will also identify the town that the thief lives in:

Once an item sells, the seller usually quickly removes the ad. Searching on craigslist.org will ONLY search the current ads. This will not find recent sales. I prefer using Google to search Craigslist. The below term in Google will search all ads, current and past, listing Canon 40d within the post on the entire site:


2,300 results is too many, so now I will specify to only search the St. Louis portal:

This brought us to 106 results, which is much more manageable. At this point, i will look for sellers that are selling the item for a reduced cost, appear to be in a hurry to sell, or do not appear to know much about the item. A seller with a post title like the following appears to be legitimate:

While a posting like the following may be a little suspicious:

These techniques are not enough to make an arrest. If you believe that you have found your stolen items, DO NOT CONTACT THE SELLER! Contact your local Police Department and advise them of your findings. Allow them to build the case and make an arest. I have been successful on numerous occasions using these methods, and I encourage other agencies to scour the internet weekly for “hot” items.

If you are associated with a law enforcement agency, and would like training on various investigative techniques, I have recently update six new programs focused on police work. These programs run from one to two hours each, as well as an eight hour complete “boot camp” that covers everything. Information can be found here:

http://computercrimeinfo.com/le.training.html

 

Filed under Uncategorized | Comments Off

Site Updates and Announcements

Posted on July 10th, 2010

Ah. A fresh coat of paint. I have made many long overdue cosmetic changes to the site and blog. This should make navigation easier. I also repaired the broken video links and added new content. Much more will be coming soon!

NEW: I have added an entire new section titled “Law Enforcement”. In this menu you will find SIX new training session devoted to Law Enforcement and High Tech Investigations. Topics include:

Online Investigation Recources (2 Hours)
Identity Theft / Internet Fraud / Email Scams / Hacking (2 Hours)
Technical Investigation Techniques (2 Hours)
Child Safety on the Internet for Police Officers (2 Hours)
Introduction to Computer Forensics (2 Hours)
Protecting an Officer’s Personal Information (1 Hour)

Some of these topics are available to sworn law enforcement only. However, some could be applied to other areas including insurance companies, private investigations, and attorneys. Please pass this information along to any agencies that may benefit from the instruction.

Filed under Uncategorized | Comments Off