Chapter 13. Cyber Detective

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

  • Find contact information on the Web

  • Locate court records on the Web

  • Locate criminal records on the Web

  • Use Usenet newsgroups to gather information

Introduction

In the preceding chapters we have examined many facets of computer security. Three of those issues led us to the content of this chapter. The first is identity theft, the second is hacking, and the third is investigating potential employees for sensitive positions.

In order for a criminal to perpetrate identity theft, she has to take a small amount of information she finds on her target and use that to garner even more information. Perhaps a discarded credit card receipt or utility bill becomes the starting point from which the perpetrator finds enough information to assume the victim’s identity. This chapter will show you some techniques that use the Internet to find additional information about a person. You need to be aware of how this is done in order to be better prepared to defend against it and so that you are aware of what information about you personally is available. There is even a term for searching trash for valuable information: Dumpster diving.

Hackers, at least skilled hackers, will want information about a target person, organization, and system in order to assist in compromising security. Whether the perpetrator is attempting to use social engineering or simply trying to guess a password, having information about the target will facilitate the task. Once you realize how easy it is to gain personal information about someone, you will realize why security experts are so adamant that you must not use passwords that are in any way associated with you, your profession, your hobbies, or anything that might be traced back to you.

Finally, when you are hiring employees that might have access to sensitive data, simply calling the references they provide is not an adequate method of checking into their background. And hiring a private investigator may be impractical. The information in this chapter might be of use to you in conducting some level of investigation on your own.

This may surprise some readers, but network administrators are of particular significance to be investigated before hiring. Most companies perform the same cursory check of network administrators as they do of any other person. That usually consists of verifying degrees/certifications and calling references. With some companies it might include a credit check and a local criminal check. However, a network administrator should be more thoroughly investigated. The reason is quite simple: Regardless of how tight your security is, it cannot keep out the person who sets it up and maintains it. If you are considering hiring a network administrator for your company, knowing that he has been affiliated with hacking groups might be of interest to you. Or simply knowing that he has had lapses in judgment might indicate a stronger possibility that he will have similar lapses in the future. This may seem a bit paranoid, but by this point in this book you should have developed a little healthy paranoia.

The Internet can be a valuable investigation tool. It can be used to find out about potential employees, babysitters, and more. Much of the information on the Internet is also free. Many states have court records online, and there are many other resources you can use to find information. In this chapter, we will examine some of the various resources you can use on the Internet to locate critical information.

Before beginning this discussion, a few points need to be made clear, the first being that this information is a double-edged sword. Yes, you can use it to find out if a potential business partner has previously been sued or declared bankruptcy or if your child’s little league coach has a criminal record. However, as we briefly mentioned, a less scrupulous person can also use these techniques to gather detailed information about you, either for the purpose of identity theft or perhaps stalking. Some people have suggested to me that perhaps I should not put this information (and some other items that appear in various chapters) in this book. However, my opinion is that the hackers, crackers, and perpetrators of identity theft already know about these resources. My hope is to level the playing field. I would also warn all readers that invading other people’s privacy is fraught with ethical, moral, and in many cases, legal ramifications. It would be advisable to obtain written permission before running a background check on any person—or, better yet, play it safe and only perform searches on your own name. It must also be stressed that I am neither an attorney nor a law enforcement officer. I am simply providing you with techniques and resources. If you have questions about legality, you should refer those questions to an attorney.

General Searches

Sometimes you simply want to find an address, phone number, or email address for a person. Or perhaps that is the starting point for a more thorough investigation. There are a number of absolutely free services on the Web that will allow you to perform this sort of search. Some are better than others, and obviously the more common the name you are searching for the harder it will be to find the right one. If you do a search for John Smith in California, you might have a tough time dealing with all the results you get. No matter what search mechanism you utilize (LinkedIn, Facebook, and so on), the problem is the same.

A fairly easy-to-use service is the Yahoo! People Search. When you go to www.yahoo.com, you see a number of options on the page. One option is the People Search shown in Figure 13.1. Or you can simply go directly to http://itools.com/tool/yahoo-people-search.

A screenshot depicts the "Yahoo People Search" option of Yahoo. It contains 3 text fields: First name, Last name, and City or town along with a drop-down for selecting the state.
Figure 13.1 Yahoo! People Search.

When you select this option, you will see a screen similar to the one shown in Figure 13.2. In this screen, you enter a first and last name, as well as a city or state. You can then search for either a phone number/address or an email.

A screenshot depicts the "Yahoo People Search" option of Yahoo. It contains 3 text fields: First name, Last name, and City or town along with a drop down for selecting the state.
Figure 13.2 Search options.

To illustrate how this works, I did a search on my own name, in Texas (where I live). The data shown in Figure 13.3 is an old address, not the new one—so these searches are not perfect. This isn’t demonstrated in the figure, but an inaccurate phone number also appears. You may also note that in some cases (as with mine) the search with options is the same as the search without. The issue is that I have a less common last name. If you are searching for someone with a common name, then the options can be very useful in refining your search.

A screenshot depicts the People search results displayed on Yahoo. It displays the result in the order of Photo, Name, Age, and Cities.
Figure 13.3 People Search results.

Another useful site for addresses and phone numbers around the world is www.infobel.com. This site has the advantage of being international, allowing you to seek out phone numbers and addresses in a variety of countries. As you can see from Figure 13.4, the first step is to select a country to search in.

A screenshot depicts the homepage of Infobel website. It contains a drop-down option for selecting the country.
Figure 13.4 Infobel home page.

Once you have selected your country, you can then narrow your search further by providing as much information as you can on the person you are trying to locate. A first and last name, however, is a minimum.

These are just two of the many sites that allow you to investigate and discover a person’s home address or telephone number. Several other good sites you should consider are listed here:

It is important to remember that the more information you can provide, and the more you narrow down your search, the greater the likelihood of finding what you are looking for. All of these websites can assist you in finding phone numbers and addresses, both current and past. For a background check on an employee, this can be useful in verifying previous addresses.

There are also sites for searching images and for doing reverse searches on images. Some of those sites are as follows:

The last site listed here is especially interesting because you can upload any image, and the site will attempt to identify that image.

FYI: Respecting Privacy

You might wonder why I would be willing to put my home address and phone number in a published book. To begin with, the phone number and address displayed are not accurate. They are old and no longer valid. And, in order to illustrate the process, I needed a name to use. For the liability reasons mentioned earlier, I could not have used someone else’s name. Anyone who wishes to find my current information would not have much trouble. I have an uncommon last name and am a semi-public figure. However, should readers wish to contact me, they are strongly encouraged to do so via my website (www.chuckeasttom.com) and email address ([email protected]) rather than via phone. I try to answer all my email but frequently avoid my phone. And I am certainly not encouraging anyone to make a surprise visit to my home!

Facebook

Facebook is arguably one of the most widely used social media sites. It also has built-in search capabilities that are very extensive. Press Ctrl+F (in Internet Explorer, Firefox, Chrome, or Opera) to search within the HTML source code. Enter profile_id as the search criteria. The number beside it is the target Facebook unique profile ID (see Figure 13.5).

A screenshot depicting the Facebook profile ID shows an HTML code wherein the profile ID displayed is 1024688239.
Figure 13.5 Facebook profile ID.

You can then use that profile ID to search for a variety of items:

There are many other Facebook searches, but these are very commonly used searches.

Court Records and Criminal Checks

A number of states are now putting a variety of court records online—everything from general court documents to specific records of criminal history and even lists of sex offenders. This sort of information can be critical before you hire an employee, use a babysitter, or send your child to little league. In the following sections, we discuss a variety of resources for this sort of information.

Sex Offender Registries

You should become familiar with the online sex offender registries. The FBI maintains a rather exhaustive list of individual state registries. You can access this information at https://www.fbi.gov/scams-safety/registry. Every state that has an online registry is listed on this website, as shown in Figure 13.6.

A screenshot depicts the homepage of "The Federal Bureau of Investigation" website, displaying a list of sex offender registry websites.
Figure 13.6 FBI state registry of sex offenders.

Obviously, some states have done a better job of making accurate information public than have others. For example, Texas has a rather comprehensive site. You can find it at https://records.txdps.state.tx.us/DpsWebsite/index.aspx. This site allows you to either look up an individual person or to put in a ZIP code (or city name) and find out any registered sex offenders in that area. Figure 13.7 shows the search screen for the Texas site mentioned.

A screenshot shows the Texas sex offender search page, from the Texas Department of Public Safety, crime records service. The page shows content relating to Texas sex offender registration program.
Figure 13.7 Texas sex offender search page.

One of the most compelling things about the Texas sex offender registry is that it lists the offense for which the person was convicted and provides a photo of the offender. This is important since the term sex offender covers a wide variety of crimes. Some of these may not, for example, impact whether you should hire this person. It is important to know what a person was convicted of before you decide he is unsuitable to be interacting with your children or working in your organization.

It should also be noted that there in an app for the iPhone/iPad called Offender Locator that will take your GPS location and list registered sex offenders nearby.

Some sex offenders have committed heinous crimes, and many parents will want to use this information to find out about potential babysitters and coaches. This information may also be applicable to employment screenings. However, anytime any information is used for employment screening, it is advisable to check the laws in your area. You may not legally be able to base employment decisions on certain information. As with all legal questions, your best course of action is to consult a reputable attorney.

Caution

Mistaken Identity

There have been cases of mistaken identity with sex offender lists. Any time you find negative information on a person you are investigating—whatever the source—you have an ethical responsibility to verify that information before you take any action on it.

Civil Court Records

There are a variety of crimes, as well as civil issues, a person might be involved in that would make her unsuitable for a particular job. If you are hiring a person to work in your human resources department and oversee equal opportunity issues, knowing if she had been involved in domestic violence, racially motivated graffiti, or other similar issues might affect your employment decision. Or, if you are considering a business partnership, it would be prudent to discover if your prospective partner has ever been sued by other business partners or has ever filed for bankruptcy. Unfortunately, in any of these cases, you cannot simply rely on the other party’s honesty. You need to check these things out for yourself.

Unfortunately, this area of legal issues has not been transferred to a web format as well as sex crimes. However, many states and federal courts do offer online records. One of the best organized and most complete on this issue is the state of Oklahoma. You can find Oklahoma’s website at www.oscn.net/applications/oscn/casesearch.asp, and its home search page is shown in Figure 13.8.

A screenshot depicts the search options available on the homepage of "The Oklahoma State Courts Network" for searching through Oklahoma online court records.
Figure 13.8 Oklahoma online court records.

This site allows you to search by last name, last and first name, case number, and more. You will get a complete record of any case you find, including current disposition and any filings. This includes both civil and criminal proceedings. Oddly enough, there are at least five different websites offering information on Oklahoma court cases for a fee—when all of that information is online and free. This illustrates a key point to keep in mind. There are a number of sites/companies that offer to do searches for you, for fees ranging from $9.95 to $79.95. It is true that they can probably do it faster than you. But it is also true that you can find the same information these people do, for free. And hopefully this chapter will equip you with the information you need to do that successfully.

Other Resources

There are many other websites that can be quite helpful for your searches. There are a few that deserve particular attention. The National Center for State Courts has a website at http://www.ncsc.org that lists links to state courts all over the United States. It also lists several international courts in countries like Australia, Brazil, Canada, and the United Kingdom. This website is an excellent starting point if you are seeking court records. There is a government access site that helps you find all federal courts. That website is www.uscourts.gov/court_locator.aspx.

The following list is designed to give you a starting point for online searches across the United States. These websites should help you start your search for court records:

As you search the Internet, you will find other sites that appeal to you. This may be due to their ease of use, content, or other factors. When you do find such sites, bookmark them. In a short time, you will have an arsenal of online search engines. Also, your proficiency with using them will increase and you will learn which to use for which kind of information. This will allow you to become adept at quickly finding information that you need online.

Usenet

Many readers who are new to the Internet (in the past 5 years) may not be familiar with Usenet. Usenet is a global group of bulletin boards that exist on any subject you can imagine. There are specific software packages used to view these newsgroups, but for some time now they have been accessible via web portals. The search engine Google has an option on its main page called Groups. When you click on that option, you are taken to Google’s portal to Usenet newsgroups, as shown in Figure 13.9.

A screenshot depicts Google's portal to Usenet newsgroups.
Figure 13.9 Google access to Usenet groups.

Caution

Usenet Information

Anyone can post anything on Usenet. There are no restrictions. If you find a negative comment about a person on Usenet, it is not wise to automatically assume that the comment is true. These postings can only be viewed as part of an investigation and are only credible if other facets of the investigation also support the postings you find.

As you can see, newsgroups are divided into broad categories. For example, newsgroups devoted to science topics would be found under the heading sci. This includes groups like sci.anthropology, sci.logic, sci.math.stat, and more. The heading alt is a catchall for anything and everything. This category includes things ranging from alt.hacking to alt.adoption.

You may be thinking that, while all this is fascinating, it does not have anything to do with tracking down information. But actually it does. If, for example, you were hiring a network administrator, you could see if she had posted in various network administration groups and if those postings revealed key information about her network. This tool may be the single most important investigative tool you have if you are willing to take the time to ferret out the information you need.

Summary

We have seen in this chapter that the Internet can be a valuable resource for any sort of investigation. It is often one of the tools that hackers and identity thieves use to gain information about their target. However, it can also be a valuable tool for you in researching a prospective employee or business partner. In addition, it can be invaluable for you to routinely find out what information is on the Internet about you. Seeing strange data that is not accurate can be an indication that you have already been the victim of identity theft.

Test Your Skills

Multiple Choice Questions

1. How might an identity thief use the Internet to exploit his victim?

A. He might find even more information about the target and use this information to conduct his crime.

B. He could find out how much the target has in her savings account.

C. An identity thief usually does not use the Internet to accomplish his task.

D. He could use the Internet to intercept the target’s email and thus get access to the target’s personal life.

2. Which of the following is not an ideal place to seek out phone numbers and addresses?

A. Yahoo! People Find

B. People Search

C. The international phone registry

D. Infobel

3. Why do you not want too much personal data about you on the Internet?

A. It might reveal embarrassing facts about you.

B. It might be used by an identity thief to impersonate you.

C. It might be used by a potential employer to find out more about you.

D. There is no reason to worry about personal information on the Internet.

4. How could a hacker use information about you found through Internet searches?

A. It could be used to guess passwords if your passwords are linked to personal information such as your birth date, address, or phone number.

B. It could be used to guess passwords if your passwords are linked to your interests or hobbies.

C. It could be used in social engineering to ascertain more information about you or your computer system.

D. All of the above.

5. If you are hiring a new employee, which of the following should you do?

A. Verify degrees and certifications.

B. Call references.

C. Perform an Internet search to verify contact information and to check for a criminal record.

D. All of the above.

6. Which of the following would be least important to know about a potential business partner?

A. Past bankruptcies

B. A 15-year-old marijuana possession arrest

C. A lawsuit from a former business partner

D. A recent DUI

7. What information would provide the most accurate results for locating a person?

A. First name and state

B. First name, last name, and state

C. Last name and state

D. First name and last name

8. Of the websites listed in this chapter, which would be the most useful in obtaining the address and phone number of someone who does not live in the United States?

A. The FBI website

B. Yahoo!

C. Infobel

D. Google

9. Where would you go to find various state sex offender registries?

A. The FBI website

B. The national sex offender online database

C. The interstate online sex offender database

D. The special victims unit website

10. What is most important to learn about a person listed in a sex offender registry?

A. The extent of his punishment

B. How old she was when she committed her crime

C. How long he has been out of prison

D. The nature of her specific crime

11. Which web search approach is best when checking criminal backgrounds?

A. Check primarily the person’s state of residence.

B. Check primarily federal records.

C. Check the current and previous state of residence.

D. Check as many places as might have information.

12. What advantages are there to commercial web search services?

A. They can get information you cannot.

B. They can get the information faster than you can.

C. They can do a more thorough job than you can.

D. They are legally entitled to do searches; you are not.

13. Which would you use to begin a search for information on a United States court case?

A. The National Center for State Courts Website

B. Infobel

C. Yahoo! People Search

D. Google Groups

14. Which of the following is the most accurate description of Usenet?

A. A nationwide bulletin board

B. A repository of computer security information

C. A large-scale chat room

D. A global collection of bulletin boards

15. Which of the following is the most helpful data you might get from Usenet on a person you are investigating?

A. Postings by the individual you are investigating

B. Security tips to help you investigate

C. Criminal records posted

D. Negative comments made by others about your target

Exercises

For all exercises and projects in this chapter, you will concentrate your investigation on some person. It is best if you investigate yourself (which makes it easier to evaluate the accuracy of what you find) or someone in the class or the instructor who volunteers to be the target of the investigation. There are ethical issues with simply investigating random people without their knowledge or permission. It is also important to avoid embarrassing someone in the classroom. So the volunteer targets of the investigation should be certain they will not be embarrassed by whatever is found. Substitute the name of the person you are investigating for John Doe or Jane Doe in the projects and exercises.

Exercise 13.1: Finding Phone Numbers

  1. Beginning with Yahoo! People Search, seek out phone numbers and addresses for John Doe.

  2. Use at least two other sources to look up John’s phone number.

Did you get too little information or too much information? Were you able to determine the correct, current number?

Exercise 13.2: Criminal Records Checks

  1. Using sources listed in this chapter or other websites, look for criminal background information about John Doe. Start with the state John currently resides in, and then check other states, particularly those that might have shown up with John’s name in Exercise 13.1.

  2. Expand your search to check for federal crimes as well.

Exercise 13.3: Checking Court Cases

  1. Search court records for any court cases for Jane Doe’s business.

  2. Check state licensing agency websites, if applicable, for any history or complaints on John’s business.

Exercise 13.4: Finding Business Information on Usenet

  1. Access Usenet.

  2. Search bulletin boards and other groups that Jane Doe may have posted to in connection with her business.

Were you able to find out more about Jane’s business through her postings to a Usenet group?

Exercise 13.5: Blocking Information

This chapter illustrated the many ways you can access information about someone and pointed out the potential hazards of having too much personal information available on the Internet. So, what can you do to prevent unscrupulous individuals from finding out too much about you? Check the primary websites listed in this chapter (Yahoo! and Google) to see if they provide any means to block your information from being distributed. Are there any other means of blocking access to your personal information?

Projects

Project 13.1: Investigating a Person

Using all of the web resources in this chapter and any others you come across, do a complete investigation of Jane Doe. Try to determine her address, phone number, occupation, age, and any criminal history. You might even check Usenet postings and find out clues as to Jane’s hobbies and personal interests. Create a brief report on Jane based on your findings.

Project 13.2: Investigating a Company

Using all of the web resources in this chapter and any others you come across, do a complete investigation of John Doe’s business. How long has he been in business? Are there any complaints about the business with any regulatory agency? Any complaints on Usenet boards? Any business relationships? Any past court proceedings? Write a report discussing your analysis of this business based on your findings.

Project 13.3: The Ethics of Investigation

Write an essay discussing the ethics of online investigations. Do you feel these investigations are an invasion of privacy? Why or why not? If you do feel they are an invasion of privacy, what do you think can be done about it? Are there problems with getting inaccurate information?

Case Study

Henry Rice, the owner and CEO of a small company, has been conducting a search for a new human resource administrator. After many rounds of interviews, he has narrowed his search down to two individuals whom he feels are the best candidates. Each has very similar qualifications, so Henry’s decision may very well be based on the information he finds when he checks their references and performs a background check.

Henry has received written permission from each to conduct a background check. Consider the following questions:

  1. Where should Henry begin his search?

  2. What sites or sorts of information would be most critical for him to check?

  3. What type of information could weigh heavily for a person working in human resources?

Write a brief essay outlining the steps Henry should take in conducting his research.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.253.223