keywords

In most of the cases, what customers expect from the private investigation agencies is to find out who is behind a fraud or bullying, or who is penetrating their information systems. Companies usually contact us because their systems have been attacked, or they understand that their personnel are under some kind of pressure from external people. The methodologies to investigate what is going on are different, depending on the circumstances. Which are the main situations we are consulted on? 1. Company’s employee and social networks 2. System information attack 3. Bullying on employees 4. WiFi penetration 5. Information theft 6. Online fraud 7. Identity theft 8. Bullying on children.

Company’s Employee and Social Networks

Due to the recent economic crisis in Spain and the explosion of social networks and devices, anyone can generate a profile in a social network and use it to talk about anything, be it real or false statements. Companies are investing more and more money on social networks and social responsibility image in order to grow, but all the money they invest could be wasted if they receive negative messages on these social networks. The consequences may be economic damage, loss of customers and a false image sent to the market. Because of these tremendous losses, companies require a full investigation regarding what messages are damaging their image, where are they coming from and acquiring real evidence to start a trial.

At this point is where private investigation starts looking into the social networks and matching the messages of each profile with possible employees. Experience, methodology and tools for the analysis are very important. IP addresses, profiles, contacts, friends, followers, pictures, etc. and the use of graphical tools let us know and understand the relationship between messages and people

Although it is quite complex and requires time, sooner or later the results arrive and once the matches appear, the next step is talking with the employee and solving the situation. Nonetheless, cyber comments or the use of social networks are more and more extended because people can hide behind a false identity, and employees can spread comments against a company. This is one of the most common attacks coming from inside the company. It requires time, methodology, tools and knowledge about technical and social networks.

The OSINT (Open Source Intelligence) methodology is critical for getting the evidence required for sorting results and especially relevant for linking contacts, messages, and registers in different social platforms. With the proof of harm at hand, the forensic track of the investigation is evidence as well and, if it goes to trial, the methodology will be another asset for the investigation. In summary, when investigating cases of social networks, methodology, technical knowledge, tracking and forensically probed steps are required to catch the offender and then clean the image of the companies and improve their reputation.

System Information Attack

Another kind of cybercrime is the one related with system information, including networks and storage. In Spain, it is identified as a crime, even in the cases involving probing a system for their own knowledge and capabilities. The other typified reasons are for damaging the availability of the web, for information robbery and for acquiring information and selling it the black market.

What is clear is that no one attacks an information system for nothing. There are different interests for accessing information systems, networks and information stored on systems. Not all of the attacks start with a police investigation. Companies often want to contract with a specific private investigation agency, track the attack, and get a forensic analysis and evidence of the crime. Then, once the attack has been valued, security and justice officials are contacted, or simply, the attack is hidden. In fact, not all the attacks need to be shown to the public because talking about them can create alarms and harm the image of the company, but that doesn’t mean that they didn’t exist.

Zero-day vulnerabilities are not often used, but when they do appear they need to be known in order to solve them as soon as possible. Attacks show vulnerabilities, flaws on the architecture design, lack of updates and more often than expected, flaws in the management process without a proper backup, without a properly probed procedure and lack of knowledge of the technicians. And of course, relating directly to the company, a lack of investment in securing systems, networks, procedures and training of their technicians. In some cases, the investigation shows just an intrusion and beefing up, updating systems and eliminating vulnerabilities can stop more attacks.

In summary, all the different motivations for cyber offenders are related to information system vulnerabilities, architecture design and investment in security. Companies need to understand that investment is security is part of their corporate image, credibility, and profit.

It is not possible to grow without paying attention to the security design and technical issues that appear while the company’s web and information systems are 24 7 online; meanwhile the sales, information, products, services, documentation, provider’s access, and so on depend on the availability of the systems and networks, the secure infrastructure and the investment on updating knowledge and best practices. Given that private investigations start once the intrusion has been committed, we recommend using a preventive approach to the cybersecurity risks and investing in security.

Bullying on Employees

Another situation we fight and investigate is the bullying that some employees suffer from Internet users and from other companies using their network facilities and social links.

We are usually contacted by the company or by the besieged people in order to find the stalker, and the reasons and goals behind him. From our experience, stalkers investigate the company and look for the most interesting people to get access to information. Sometimes they focus on executives as they manage information and money; also the financial director or the sales director are usually interesting people. Stalkers get in contact with them by using social engineering to access their e-mails or phones. The secretary’s phone is not always a barrier, and they can get the contact. Once they have contacted the executives, they start off with photos of them (their families or with ones gathered from private parties). Information is available for the stalkers. They manage the data and the time.

Surveillance, and counter surveillance, of the executive and his family, college and life style is part of the process. If the executive is single, party photos are relevant as they are used to have some interaction with the other sex and some pictures are taken, they are then exposed out of context, including alcohol consumption and Photoshop manipulation.

Social engineering is also important when a stalker wants to approach the executive. Money is on the table and stolen pictures inside the office or private parties are part of the game. So, there are many situations where stalkers use social engineering and technology to approach the victim and get access to information

What stalkers are looking for? Their goal is getting business information on sales margins, providers, etc. from the corporate database, in order to have access to customer’s profiles or paying money for specific information, mobile phones, addresses, pictures, etc. In other situations they want to destroy the corporate image as well as to destroy the reputation of the executive because of some internal affairs or external situations involving certain habits and lifestyles. This is not the only way of acting. Another one is based on a technical people approach or administrative people approach. Stalkers pay people or extort them in order to access information. Our goal is to discover the stalker, get the evidence and stop any bullying by being part of the legal process. Behind the bullying, there is money, industrial espionage, channel information, sales margins, access to providers and reputation destruction. Sometimes the blackmail is due to personal affairs, infidelities or gamblers that discover the dark side of people and expose it to society or their colleagues.

Wi-Fi Penetration

Given the technology evolution, we all are dependent on WiFi. Companies’ networks usually use cable connection, but in some specific areas, as an assett for visitors, Wi-Fi connection and accessibility to the internet are permitted

Normally the network administration understands that Wi-Fi is a hole where information tracking can occur. Therefore they try to protect it. But sometimes, due to the requirements of a meeting, a conference or a presentation, the administrator can install Wi-Fi access without all the care it requires, and here is where problems come. The coverage of the Wi-Fi, the repeaters, the password and so on are part of the network’s administrator’s work.

But there is another situation where risks occur, and that is personal Wi-Fi at home where you are very exposed to Wi-Fi penetration and information theft. Our investigations start once the information has been taken and alerts are high. The Wi-Fi penetration at home and in companies is investigated and a forensic analysis is made in order to determine the stolen asset and the impact of the penetration. This forensic analysis determines the impact of the vulnerability, establishing the best way of working and getting the proof of the possible illegal information theft.

Families usually share tablets and laptops at home, and they do not secure each profile, using the same one to get access the internet and hard disk. The consequences are that children can access to specific and confidential information in the files of the whole members of the family and, if the network security is weak, it can also be accessed by the intruder. This lack of security is a risk as parents get their work files at home.

The entire family needs to know that accessing the internet from public sites has not only advantages but also risks. The best practice you can start at home Children, along with their ambition and expectation for “always being connected” are the first step we need to be worried. They have to be educated on security awareness, on

being cautious about their own visibility, images and personal information as same as their family information.

Wi-Fi penetration is part of the forensic analysis and investigation to discover theft of information and not just a penetration in order for access the internet. We have to worry about the security of our wireless connection in public spaces and the information we store in our devices. Private investigation helps finding the intruder and submitting them in a legal process, but remember this is done once the illegal penetration has been made and perhaps the theft of private information and data.

Interesting risk when the technology evolves. The use of devices like the “Pineapple” which captures the information of mobile devices that are in its scope and have their Wi-Fi or Bluetooth activated.

But this is not the only way for gathering information. As we have seen before, Wi-Fi penetration and bullying are other ways of capturing or getting specific data. The use of their laptop, tablet or mobile phone for online shopping, is part of a new trend of acquiring clothes, devices, etc.

Since not all the webpages are using secure technology for their online payments through credit cards, buyers need to be sure about the different methods of payment, and that webpages do not always offer the buyer a secure connection, and this is where intruders and hackers go to acquire the data. There are some specific procedures using Western Union, PayPal, specific Credit Cards, bitcoins, or another ones that allow the payment and of course the fraud.

Private investigators’ experience is based on the knowledge of the technologies and the procedures that organized crime use for acquiring stolen credit card numbers. For instance, the forensic analysis of the system along with the web profile is where the private investigation goes for getting the evidence. This starts once the crime has been committed, and gathering proof is the first step for the complaint.

Online fraud involves theft of data, and the subsequent use of it along with payment through the stolen credit card information of another person. Criminals and organized crime also know what Spanish law says about these crimes, specially the 400 euros barrier: if the purchase is below this amount, then the crime carries less punishment. We recommend the use of a specific credit card for online shopping, issued to a specific bank account with limited funds and once purchases are made, to verify that the payment method is a secure connection, and there is a secure method of payment.

Private investigations usually track the transaction and then prepare a report, collaborating with him the customer on getting the evidence and moving the legal procedure. But unfortunately we do not have the capability of getting the money back. Our experience is based on the knowledge of the technologies and the procedures that organized crime use for acquiring stolen credit card numbers.

Identity Theft

Due to the expansion of social networks and the current need for communication that people have, the profiles on the internet are actually one of the most interesting data that criminals want to get and want to use. Fraud, social conversations, and blackmail, are used as part of identity theft, allowing criminals to use another person’s identity for their fraud, blackmails, etc.

A person’s identity is protected by law, including the legal use of a pseudonym or an alias or coverage for the investigation. It is also protected by law the identity of the undercover agent, authorized by a judge and of course under monitoring and continuous report, but this legal creation, part of the Police’s investigation procedure, is not what we are talking about. Apart from the above cases, identity theft (a real identity) is a crime, and consequently it is punishable by the law. Identity theft or usurpation of identity is pursued by criminals in order to earn money and/or to chat in blogs or social networks. They use it as coverage for their political claims, hiding and writing what they want and, of course, they use it also for blackmails.

Recently, an article about blackmail was published in a digital newspaper (El Mundo 2016), showing how clear impact it has on the reputation of the victim. As in other other crimes, the main objective of the criminal is payment. Identity theft is also used for other crimes, such as getting e-mails, credit card numbers, and purchasing or grooming (behaviors and actions deliberately undertaken by an adult in order to gain the friendship of children, creating an emotional connection with them) for example. Another risk to be aware is how do they get it? Sometimes they send a spam e-mail to unwary people that still believe in prizes, bill imitation, PDFs files, etc.; other times they install key loggers (hardware or software) on public computers. Again and again, the best way for protecting yourself from these crimes is to be secure, to be aware and to be alerted in order to distrust about any easy methods of earning money. The private investigation carries out the forensic analysis of the systems, tracks the identity, the profiles and prepares the report for Police. The final step is the complaint. Since the Spanish Police resources are not enough for every single case of identity theft, they require the collaboration of private investigators, based on a demand of the person that suffered the robbery.

Sometimes it is easy to find the criminals because of the tracks they leave behind, but in most of the cases this is an expensive and complex investigative process because criminals hide their tracks and themselves. But remember that no crime is alone in the scope of organized crime. Most of them are part of a more complex strategy, which use different and interconnected ways for committing crimes.

The investigation starts in one way and usually turns to other ways, so the requirements of the investigation have to be focused on a proper methodology. Technical knowledge, methodology, focus and experience are the indicators for choosing a private investigation agency.

Cyberbullying and Grooming on Children

This crime is not only coming from organized groups but also from children, teenagers, and even adults. When involves only children or teenagers, it is known as cyberbullying; and when it involves adults approaching young people, it is known as grooming, Cyberbullying is more than a children’s game. It is a crime, and as such it should be pursued. Children should understand that recording and linking content to social networks has consequences for stalkers and consequences for the victims. And grooming is another serious crime. Children should be alerted of any kind of contacts in order them to be protected and secure.

Cyberbullying is focused specially on schools and parents, due to news reports that are constantly appearing in the press (we can search in Google for bullying news), the level of alert and awareness is high. The best tool for teenagers and children is their mobile cameras. They use it for everything, including holidays, selfies, parties and, of course, cyberbullying. Teenager’s problem is that they ignore what the law says about any civil or criminal offenses. They live thinking that there is no illegal action behind their actions. Therefore, we can get inside their world, characterized by their lack of legal knowledge and the use these technologies for everything.

Nonetheless, since the ignorance of the Law does not exempt one from compliance with it, the advance use of technology and the intensive use of its new characteristics should be accompanied by the education in terms of legal knowledge and the respect the legality of their actions, the proper use of technology, the awareness of cybercrimes, a secure cyber world of everyone and the rational use of the capabilities of the devices. Grooming is another big challenge. Here, adults are part of the problem, and the legality of the actions and their responsibilities. Grooming is growing, and young people hide it from their parents based on the fear of punishment. Young people have to learn to fight against them and acquire evidence of this crime, understanding that behind an unknown person could be a stalker.

From the private investigation perspective, parents come to us because they have detected alerts in the behavior of their children, and want us to investigate who is bullying their children, to do surveillance, to understand the behavior of the children, and to know with whom they are sharing their time and parties. One of the best things private investigation can do is educating schools and parents on detection, taking some actions to alert children, arriving before the crime, preventing it.

Yes, prevention is great because young people and teenagers are victims, and the consequences may be very serious and hard to forget. And education is an important part of the prevention system. The private investigation collective uses the education in schools and associations to raise awareness about cyberbullying and grooming; and, with the help and support of the Police, to build a preventive environment and culture of security. Public and private security must work together to defend children and protect their environment, letting them live securely, being aware of these situations in order to avoid them.