Most investigations start with a name. If someone is going to surveil you, the most obvious and easiest place to start is with your name. In some cases, the surveiller may just start with an address, a phone number, an email address, or a screen name. In any case, starting with just one piece of data is not unusual and it is the job of the investigator/surveiller to build on that single piece of information. Let's start with your name. There are literally dozens of Internet sites in which to attain more information from than just your first and last names. For example, the following websites offer up information such as home address, home phone number, cell phone number, or email address by just putting in your name. In some cases, the sites, such as pipl.com and isearch.com will also provide lists of your potential relatives or associates:

For example, http://www.peoplelookup.com offers several types of look-ups via tabs on the same site, including reverse phone number search, background check, criminal check, social networking check, email look-up, property check, and civil record checks (i.e., court records, death records). Zabasearch.com is another interesting site. Anyone can enter your name and the state in which you live (which in many cases is a very educated guess if it is not readily known). The results of Zabasearch produce home addresses, home phone numbers, and in some cases the history of where you have lived. The useful thing about Zabasearch is that if your address is found, a “Find” on the page using your address can be conducted to see if others are also listed living in your home. This is a great way to find spouses' names or children's names.

Another good alternative is https://www.knowx.com (which is a Lexis-Nexis company). This site offers information and records pertaining to bankruptcy; judgments; lawsuits; liens; criminal records, certificates (i.e., death, divorce, marriage, birth); vehicle ownership, which may include aircraft, real estate, and watercraft; business profiles; and professional licenses. The number of sites that offer a variety of personal information are too voluminous to provide a comprehensive list. New sites keep coming out and the existing sites adapt to offer more options.

Using one or multiple PeopleFind sites can yield a great deal of information. It is not unusual to at least obtain some additional pieces of information such as a home address or email address. Then the surveiller may use open source search engines such as Google, Google Advanced, Google Groups, Google Blog, Ask.com, Yahoo, and Bing, to name a few, to enter your name, email address, screen name, address, or phone number to see if any other information or records surface.

Once information in addition to your name is collected (e.g., your address), there are additional state-by-state searches and databases that can be accessed to see if you or your activities have been catalogued. For example, if a Google search turns up some information that you were involved in a small claims case in New York, it simply takes a few more clicks of the mouse to find out what the case entailed. By going to http://www.nyscourtofclaims.state.ny.us/decisions.shtml, anyone can do a search on your name, the judge's name, the case dates, or some key words to bring up more details.

If you are in a certain profession (e.g., physician) or are former or current military, some searches can be conducted specifically for you. By just Googling “find military personnel,” a set of possible sources of information is presented. Some of these sources require a login or an account, but most of them are free. For example, Military.com requires the user to put in their service branch, status (which can be “other”), email address, and a zip code. Again, with a throwaway email address and entering a non descript status, anyone can surf this database. Just with this first step of searching and digging, a lot of information can be uncovered about you. To gather a better idea of your neighborhood, your property, and your job, let's move onto finding and viewing your property, job, and routes.

Extending the search about you, the next step is to do some virtual drive-bys of your home, find out where you work, and then theorize on some of the local routes you may take to work, the nearest grocery stores, the movies, and restaurants. In traditional surveillance, it is best to understand the environment—the target's neighborhood; what the homes look like; the routes in and out of the neighborhood, the year, make/model, and upkeep level (or lack thereof), of neighborhood cars; and what access to the target's home and/or garbage may be available. Attaining additional information about other properties, assets, and vehicles would also be highly useful in many circumstances.

Once your address is known and validated, it is very easy to attain additional information about that property, even before you have been the resident. By using some of the real estate and property-find search engines, anyone can gather more detailed information. Take these sites, for example:

Zillow.com provides maps, home values, photos, mortgage information, and links to local area information such as grocery stores, schools, parks, and gas stations. Gathering all of this information from one site is pretty good. But, if the surveiller then places the address information into Google Maps for a satellite view and for a street view, a real view of the home is provided. By using street view, anyone can walk around the home, the neighborhood, and assess the cars, property, roads, distance between homes, and other details. By closely assessing the details. on street view, an enormous amount of information can be attained about the environment. Granted, the virtual maps are not in real time, but an excellent cursory review of the home and environment can be ascertained without actually driving anywhere.

Once the neighborhood is reviewed, Google Maps (or any online mapping program or Smartphone app) can guide the surveiller to the local stops—the grocery stores, the post office, gas stations, and coffee shops—that you might frequent. While these techniques will not provide the level of detail of live activity in the neighborhood, the information can be coupled with additional online intelligence to indicate where and when you come and go.

One place you probably go is to work (or school) or some other location (i.e., a friend's home, a relative's home, volunteer work facility). If you are “easy,” meaning you attend and/or speak at conferences, have a website, have a web presence, participate in public relations activities, or do press conferences, you are probably very easy to find with a Google search. Your company, your organization, and your marketing personnel will have posted information about you on the company website (and in some cases which conferences you will be attending next or where your next press conference will be). If you are not that public in terms of your organization, let's revert back to some of the information already found through PeopleFinders and other techniques. Using a found email address or phone number, again, a very simple publicly available search engine can potentially detect where you may have posted your email address, phone number, or screen name. Do you use eBay or Craig's list or post information to forums, message boards, or news groups? Have you ever posted your phone number because you are selling an item, renting an apartment, or just reaching out to someone for assistance? While some people do use hotmail, gmail, or other nonwork-specific email addresses to post online, it is surprising how many people in a moment of convenience or through habit will provide their work email addresses, work phone numbers, or other information that discloses their employer. If you have a website or are responsible for your employer's website, doing a domain search for registration information may also provide contact information or validation of an employer.

OK, now that we know where you live and where you work with some rudimentary idea of places you may frequent, we still need to know your habits, your behavior, and your comings and goings. The first place to start collecting information on the patterns of your behavior is to target social media and social networking sites.

Social media and social networking sites (i.e., LinkedIn, Facebook, MySpace, Twitter, Flickr) are filled with information. The membership of these sites is growing and new ones are popping up every day. Some of the self-disclosure that occurs on Facebook, for example, is amazing. These sites are chock full of demographic information, photographs, names of others such as friends, family, and survey data. Yes, survey data. One very popular thing to do is to share and post surveys with the answers to very personal questions—Where do you work? Do you like your boss? Do you do drugs? When was the last time you got drunk? Do you suffer from mental illness, and if so, what are you diagnosed with? And, yes, even more remarkably, people answer these questions and post the whole survey on their social networking page.

Remember years ago when people had diaries. With the little lock and key? Younger brothers everywhere made it their mission to crack into their sisters’ diaries to find the secrets. No need now. People just put it right out there on Facebook for everyone to see. What about your Rolodex? Those used to be coveted compilations of information: your network, your confidential business contacts, your close and extended family members. The Rolodex was personal intellectual property. Jobs were given to salespeople who had the best personal contacts. Power, status, and success were perceived and guided by who you knew and who you personally had access to. No more. Enter LinkedIn. Like the diary, LinkedIn is just a huge disclosure of your Rolodex. LinkedIn is one of the prize collections of the surveiller and again, so easy to get access to even if the majority of your account is closed. That's right, even non members of LinkedIn or Facebook and those who are not in your friend network can have a peek into what you post and what is on your Facebook wall or who your network is on LinkedIn. A number of available search engines provide that “view through the fence,” so let's look at Whostalkin.com.

By entering search terms into Whostalkin.com, you can see a host of findings from a variety of sites. For example, if you enter “America” in the search box, a lot of results will popup and some will be from Facebook. A few lines of text from that Facebook account will appear in the search results. However, if you click on the link to that specific Facebook page, you will be sent to the Facebook login page. So without actually logging into Facebook or being a friend of that poster, you have that peek into his or her commentary. Other useful and available searches into social networks include:

Each of these search engines is a bit different and can provide distinct results. Tweetscan is interesting and can be more fruitful than going directly to Twitter.com for a search of your Tweets and Twitter names. For example, if you are the Tweeter and you Tweet, “I hate my boss Bob. I think I will slash his tires on my way out” (Note: Yes, these types of Tweets do exist and are posted every day), as the Twitter account owner, you can retract your Tweet. What this means is that if a search is done on Twitter.com for “+hate +Bob” your Tweet will no longer be available to view and will not be in your page of Tweets. However, if Tweetscan.com is used and “+hate +Bob” is placed in the search bar, results will reveal your retracted Tweet. This phenomenon occurs because Twitter.com keeps up with changes made by their users. Tweetscan archives and indexes Tweets and once they are indexed, they live and thrive and can be searched. Always remember, nothing really disappears or can be deleted from the Internet. Likewise, if there are some older Tweets that need to be uncovered to develop that target profile, there are several archive engines available, two of which include BackTweets and Snapbird.

The beauty of these social networking sites is that they are meant to network people. So, in many cases people present a link to their Twitter account on their Facebook page or links to their Facebook and Twitter pages on their LinkedIn profile. This makes the job of information assemblage so easy. The key to really gathering insight into a person is not to evaluate the person by an isolated Tweet, one blog, or a comment on Facebook, but to compile these postings over time. The surveiller wants all of your Tweets over time, months and months of your blog postings and a collection of all of your friends and associates. Thus, the amassment of all of this information over time is what provides a very nice picture and profile of the target. Supplementing all of this text-based information with images, video, and photos from Flickr, Photobucket, and YouTube can also add to the overall profile.

It is difficult to exhaust the potential information that is available on social network and social media sites. The process of surfing, searching, and digging does take time. There is an art and a science to knowing which search terms to enter, how to use Boolean strings and search punctuation, and tricks within Google Advanced to narrow down searches. However, as much time and energy as surfing may take, it can still be done by anyone, anywhere. Implementing the right Boolean strings using “OR” “ADD,” or “-” between terms is experimental until you find the right combination. And then applying those strings in Google Advanced, for example, to narrow the date fields or the domain fields and determining what “exact terms to use (or request be removed from the search) make up another layer to the overall search and decision-making process. For the surveiller who now may have more than just cursory information about you, digging deeper is still necessary. Finding out about your finances, purchase habits, and maybe more about your job and salary is next on the agenda.

Financial data may be very critical and useful information for a surveiller to attain on you. There are a myriad of ways to collect this information online and a number of ways people unwittingly disclose this information. In other instances, it is someone else or another entity or organization that is revealing this data. Many people may be interested in your finances, everyone from a curious neighbor, to a new employer, to an investigator who is trying to determine if you are hiding funds. Let's look at just a few ways this type of information is made public.

First, some of the PeopleFind sites do offer financial checks and background checks but they are provided for a fee. Some sites provide worthwhile information and some don't. It is a bit of the luck of the draw whether or not you end up receiving valuable information. The fees are not high—ranging between $29.99 and $99.99, but the bigger risk to the vendor may be providing a credit card number to purchase the financial report. As mentioned earlier, some unscrupulous surveillers will provide a stolen credit card's number to purchase the needed information. The assets that are registered for tax or license purposes, such as houses, property, vehicles, boats, and aircraft may be the most straightforward to search for and identify. For a free search, there are hundreds of free sites dedicated to boat owners, airplane enthusiasts, and real estate entrepreneurs. If the surveiller has your email address, screen name, or other information, these sites are worth checking as asset owners typically love to discuss the make/model/purchase date of their cherished item, and with that data, the estimated value of the asset is easily determined.

There are other ways to gather salary information online without paying for services or worrying about credit card numbers. One starting point may be the government databases that offer salary information for government (city, state, and local) employees. If the target is employed by the government, it is easy to find their salary. For example, if you are the target and you are employed by the Kansas City government, a search of the state database for salary is available. Searches can be done by first and last name or by the target's position. In this example, the database link is provided by the Kansas City Star online news source at http://www.kansascity.com/2008/04/09/568285/search-the-kansas-city-salary.html.

It just takes a quick Google or Bing search with +“target city” OR +“state name” + “government salary data” as the search terms and lots of resources will be presented. It may take a few tries to get to the correct database, but each state/city has one and they are all online.

If you are not a government employee, there are other techniques to collect your data. One search that can be conducted is to use Peer-to-Peer (P2P) network searches for disclosed documents, specifically for tax records. If at any time you have saved your tax filings and records on your home computer and then allowed that computer to access a P2P network (either with or without your knowledge—teens are notorious for downloading free movies and music), it is possible that without the correct settings the contents of your hard drive were also exposed to the P2P network. Basically this means that all of your files are now on the loose on P2P for anyone to see. Using any of the popular P2P networks, search for “1040,” “1099,” “W2,” or “tax form” and the name of the target—even if the target's tax file does not pop up, you will be surprised how many others do. Of course, this piece of information discloses not only annual earnings and taxes owed or refunded but also social security numbers, a treasure trove of information. Likewise, searching for other documents related to insurance claims (using the standard claim numbers) can also be done on P2P.

If the target is an investor or dabbler in the stock market, they may post to a variety of financial newsgroups, chats, or forums. Sites like YahooFinance are the places to check. Some people even have their own blogs dedicated to the stocks they own and follow, and they provide their own advice about investing. Typically, these bloggers divulge their own investments and all of the smart investments they have made. Followers or commenters to these forums or blogs may also present information about the target. These followers may be fellow investors, former or current business partners, relatives, or old college chums. At any rate, sometimes it is not the target who discloses their own network but a close friend, family member, or colleague. In fact, the disclosure could accidentally come from the target's company, benefits organization, or human resources department. While it is rare (thankfully), at times new company databases or web pages are not secured and are left open. Or spreadsheets are left visible on the open Internet or placed on fileshare sites such as DocStoc.com or Slideshare.com. All of these vectors are worth checking.

Blippy.com is of the most lucrative sources of financial data because it is combined with shopping habits and expenditures (time, date, and location included). People sign up for Blippy and then allow a copy of their credit card records be sent to Blippy so they can be posted. Yes, this is real. The credit card numbers and true names on the credit cards are removed, but all of the expenditures remain, revealing what was purchased, where it was purchased, time/date of the purchase, and the prices of the items purchased. While the true names on the credit cards are removed, most people set up their Blippy accounts as they do their LinkedIn or Facebook accounts—with their real names. An account that is set up on Blippy.com, an alias or screen name can also be linked to the user's real-named social media sites, thus giving away the identity anyway. Why, you ask, would anyone sign up for such a thing? The philosophy behind Blippy is to help others get the best price available for any given item. So, if you are looking for the best Sony 42" HD TV, you could scan Blippy to see who has purchased one, where, and what the best price was for that TV. Users of Blippy have used the records of others, presented at their stores, to get the lowest price possible. Obviously, there is a high degree of disclosure by any Blippy user. First, your spending habits are revealed. Second, your shopping habits—time, date, place, etc.—are exposed. In combination with other data picked up from Twitter, Facebook, blogs, LinkedIn, potential routes to work, school, grocery stores, etc., the surveiller is now getting a much better picture of your overall habits and behavioral patterns. Over time, it may become obvious that every Saturday you are charging tickets to a baseball game or buying something from the home improvement store. At any rate, during those times, you are not home and it can be estimated with mapping apps, GPS, and online driving directions how long your commutes are and when you will be away from home.

Acquiring financial data, and if you're so lucky as to acquire spending patterns and behavioral shopping patterns, is just the start of actually starting to track and tail a target. By now the surveiller may have your basic background data, insight into your social and familial networks, work location, basic travel routes, some financial data, and some idea of how you come and go from various locations. But now it's time to drill down on locations and travel patterns.

As indicated earlier, sites such as Blippy provide some data regarding frequented locations and the times/dates they are visited. To add to this information, there are other ways to attain more detailed behavioral and travel patterns. Let's take a look at Foursquare.com and GoWalla.com. Both of these sites allow you to sync and link with Twitter and Facebook, but the real purpose is to announce your location. With a simple sign-in for membership and an app download, you can Foursquare your location to friends, family,…and the public. These sites were developed to provide social networking for their users but also to allow restaurants, coffee shops, and bars to be part of the Foursquare or GoWalla network. Therefore, if you are a frequent visitor to a coffee shop and that coffee shop is part of the network, the vendor may offer free coffee or snacks to the “Mayor” of the coffee shop. The Mayor is the person who frequents the shop the most and announces their presence in the store via the app. There are also other points, prizes, etc. that you can attain. While this is great advertising and marketing for the vendors, and maybe a good way to get a free beer or cup of coffee, exposing this type of data is announcing to the world that “I am not home right now. I am at the coffee shop.” In addition, when a Foursquare user's profile is visited, it has a list (much like a user's Twitter page with all of his or her Tweets) of all of the locations that have been visited. This data also comes readily equipped with time and date information. Looking at a user's profile over time, it is fairly easy to put together a behavioral pattern. We used to be told, years ago, that when the family went on vacation, “don't tell anyone.” Only one set of neighbors would know so they could water the plants and check the house. It is curious that in the current age of Amber Alerts, triple locked doors, and home security systems, people are publicly releasing such private data. But to the surveiller, this is golden.

Even if GoWalla or Foursquare are not used, a less obvious site to look into is Yelp.com. While Yelp is typically and innocently used to read and post restaurant reviews, this too can be used as additional intelligence. Yelp also posts directly to Facebook and Twitter and it can tell you when the target visits a particular restaurant. Moreover, the posted reviews by the target might reveal which restaurants he or she frequents.

While this type of data collection and surveillance may impact personal safety and security, there are cases where trolling and surveilling online can produce a target. Some of you may have clearances, classified jobs, or careers where you come in contact with very sensitive information in the form of trade secrets. Those who are interested in competitive intelligence, corporate espionage and state-sponsored intelligence gathering could employ some of these techniques—if for no other reason than to identify a good target.

Those of you who do not use GoWalla, Foursquare, or Twitter. to announce your locations, there are a few inadvertent ways your locations may be disclosed. Most of the apps available on Smartphones that take photos include in the meta data of the photo a GPS location and a time/date stamp. One technique of also collecting information about the travel and behavioral patterns of a target includes the analysis of posted pics. Anywhere you can find photos and images online, whether those images are on photo sites such as Flickr or Photobucket or are found through social networking sites or simply through an image search on any publicly available search engine, there is a high probability that they contain GPS and time/date stamp meta data. So even if you do not meta tag your photos with a name or label your photos on these sites, you still may be disclosing location-related data that can then be assessed for patterns. With the speed of taking the photo and uploading, for example, to Flickr or Facebook, the disclosure of additional location data could be happening in near real time. Doing an assessment of all posted photos could again line up a timeline of activities, habits, patterns, and travel that you may not want disclosed.

While photo, image, and location apps can provide some good surveillance data, you cannot forget about YouTube and the other sites that allow users to post videos. It is possible that someone has already “cased” your target environment. YouTube is filled with all sorts of crazy, silly, ridiculous,…and useful videos. Much like the virtual tour a real estate agent may have posted on the home you live in now, people are easily taking video of anything and everything they see. Similar to Google street view, sometimes neighborhoods video their block parties or their drive to the dry cleaners, or kids are running around on their scooters with Smartphone video camera rolling in hand.

If you have read this far and don't use social media, social networking sites, or even log in to the Internet, you are still at risk for some surveillance techniques and data gathering. Information about you is still out there to be collected by anyone.

Remember the old Kevin Bacon Game, six degrees of separation? The goal being that if you knew one person, who knew another person, you could actually social network your way to Kevin Bacon. If the surveiller wanted to get to you, and find someone who was one or two degrees removed in order to collect additional information on you, it would take some legwork. But now with the Internet, there aren't six degrees of separation between you and anyone else but six hundred degrees of inclusion. For those of you who do not use the Internet, you don't Facebook, you don't Tweet, you don't post, you're not on LinkedIn, and you certainly don't blog, the others—the other 600 people removed from you just might.

Take, for example, an initial list of people with whom you do come in contact and who are probably Tweeting and blogging and Facebooking and Foursquaring:

These are the people that come in contact with you and may be posting information about you—your contact information, your life, your travels, your problems, your successes, your home, and your family—without your knowledge. Even innocent disclosures, conversations, and comments you make may end up on someone else's wall or blog. In a previous example, you saw how the executive's daughter ended up posting a lot of family and personal information on her MySpace page. So you need to consider, what is the nanny posting? Does the babysitter Tweet that she is sitting for the Jones family because the parents are out for the weekend? Does the housekeeper have access to the mail? The bills or any financial records around the house? Any of this information can end up on the Internet in the open and it does.

If someone you know isn't posting about you, maybe someone you don't know is posting. There are a number of sites that dedicate themselves to eavesdropping. Loud talkers in airports, on trains, and in restaurants are all susceptible to others listening in. Take notice next time you are on a plane, train, or even at a shopping center. People are just talking out loud on their cell phones as if they are in the privacy of their own home. They are giving out their phone numbers and credit card numbers for reservations, talking about their jobs and their accounts, and in some cases even spelling out their first and last names to operators or whoever is on the other side of the line. There are also listeners out there who take all this in and post it. Some of the interesting sites that post conversations and other comments include:

In addition to those above, there are similar sites for London, Dublin, Washington, DC, Chicago, Indianapolis, and other cities around the world.

Be careful to whom you text message and what you write in those texts. If people are interested in your conversations, they are also potentially interested in your text messages. Those who post your texts may just find them amusing or because it is easier to disperse a piece of information (like the address of the party that is hosted at your home) to a group of people who are followers of Twitter or Friends on Facebook. The site http://www.textsfromlastnight.com, for example, lists funny, embarrassing, or otherwise potentially sensitive texts. On this site, the texts can be sorted by user, area code, or keyword.

Some intelligence collection jobs and surveillance jobs are more difficult than others. When the target is not readily identified, it is hard to even get a starting point. For example, you receive a threatening email but it is pretty obvious that the email address was spoofed and the headers indicated that the IP address is coming from a server that also could have been compromised. In this case, the language used in the threatening email is most useful. We are all creatures of habit and even our emails contain bits and pieces that could lead to an identification. Think about how you open your email messages. Do you say “Hi Joe” or just “Joe” or nothing at all as a greeting? How do you sign off on your emails? Do you type “Regards” or “Sincerely” or “Thanks” or “Thx”? To different people you may use different pattern. To a spouse, you may always sign off “Love” or “Love ya” or whatever your personal pattern happens to be. Likewise, we choose our words and phases and write in grammatical and syntactical styles that differ ever so slightly. It is those distinctions that are important.

Once a distinction is found, an unusual colloquialism, an odd acronym, or maybe the email contains one of those sayings people put on the signature line like “A wise man doesn't need advice and a fool won't take it.” These peculiarities are what can be identified. An investigator can put these terms and phrases into search engines and see what happens. With some luck, other instances of these phrases will appear, and with a lot of luck and persistence, the target may be found. It is not unusual that people will reuse their vernacular. They will post the same language with the same linguistic constructions in email as well as on blogs. Even professional and organized criminals have a hard time altering their natural language patterns.

If you do have a signature phrase (e.g., Emeril has “Bam,” Ryan Seacrest has “Seacrest Out,” and Arnold Schwarzenegger has “I'll be back), be judicious about using it online. Even if you don't post your real name, your real profile, or other identifying information, your language may identify you. It is from that initial point of identification that all of the other discussed techniques to gather information and intelligence and to conduct online surveillance can be implemented.

In the interest of keeping up with the target, there are some quasi-automated tools available. A lot of techniques can be used to collect information about you, but the surveiller also has to practice good operational security—even in the cyber world. A sloppy surveiller can get snagged by a thorough webmaster. So, it is important to consider speed, disguise, and stealth while gathering intelligence and conducting online surveillance.

While the majority of the initial data gathering may be conducted manually, once the surveiller knows what to look for and where updates are possible, a more automated collection of ongoing or updated information may be in order. Available RSS feeds or Google Alerts can alert the surveiller to additional and new information. If you are being monitored and you are a Twitter user, the surveiller may become one of your followers. Therefore, every time you Tweet, the surveiller will be notified. Likewise for other social networking sites. RSS feed aggregators can also be used to push all of the potentially relevant information to one place, which can be web based, email based, or mobile phone/Smartphone based.

Some browsers have add-ons or plug-ins that can make the searching and ongoing collection easier and faster. For example, Firefox offers a number of add-ons that allows the user to customize searches and ongoing searches without re-entering the search terms. Safari and Google Chrome also offer different flavors of RSS capability and browsing and navigation tools. Browser add-ons may also offer some specialty items that could be of interest to a surveiller. For example, one add-on for IE7 is Videoronk. This allows the user to search on eight video-sharing sites simultaneously. All of these feeds and add-ons can save time for the surveiller and make the collection more targeted and hopefully robust.

An additional concern for the surveiller, much like in the traditional sense, is the use of disguise or stealth to conduct the online intelligence collection and surveillance activities. One consideration for the surveiller is how to conduct the information collection quietly and in alias. Many different products and services can be used. The very simplest method is to conduct the searches at a neutral location—a cybercafé, a coffee shop, or a library. Do note that some of these locations require a payment for Internet access and/or have cameras on site. So hiding in plain site may not be an option. Other considerations include the use of anonymizers, encrypted Internet connections, virtual private networks, proxy servers, and IP port proxies. Other browser add-ons may also assist with achieving some level of anonymity or disguise while surfing. An add-on called Ghostery (can be downloaded for IE, Safari, Chrome, and Firefox) detects trackers, web bugs, pixels, and other types of beacons placed on web pages from Facebook, Google Analytics, and hundreds of other web publishers.

An additional consideration for the surfing surveiller is to use some form of virtual machine software or VM ware. Because of the amount of clicking, opening, searching, viewing that a surveiller has to do to collect the needed information, inevitably a virus or piece of malware will be downloaded. If this does occur, it is easier to just end the VM session and start anew rather than scrub the machine.

So far this chapter has focused on passive intelligence collection and surveillance. But sometimes, additional information may have to be collected directly from the source—you. Just as in the physical world, certain intelligence or surveillance operations may necessitate actual contact with the target or someone who knows the target in order to gain or verify information. Because a passive intelligence collection has already been conducted, the surveiller has all the needed information to make a swift and believable approach on the target. If you are the target, you now may be a target of social engineering, spear phishing, whale phishing, Smishing, or Vishing.

Using some of the stealth and anonymizing techniques, along with email spoofing and the information that has been collected on you, it is not too difficult for a determined surveiller to target you specifically. Let's say the surveiller wants to watch what you are doing on your computer or get access to your banking logins. In order to get that type of access the surveiller may need to drop some malware on your computer, such as a Trojan. While this type of activity is not legal, it is not beyond the realm of possibility for a head strong and unethical surveiller. The goal of the spear phish maybe to get you to click on a link and open or download a document. By knowing your background, your activities, your family names, friends' names, and work affiliations, it is quite straightforward to construct a believable and very personal email or other correspondence. Imagine that the spear phisher has found information about your home, your daughter, and your alumni affiliation. By spoofing the correct or a facsimile of a sending email address, potentially believable emails could be sent from your homeowner's association presenting new rules and regulations for the neighborhood, your daughter's school district, or your university with information from the alumni association.

Other techniques that could be used to target you or your family may include more direct contact. A social engineering attempt could come via phone, fax, text, instant messaging, or a knock at the front door.

If the surveiller was able to pick up information off of Foursquare or GoWalla, or if you are in the habit of Tweeting your locations, it would also be uncomplicated for the surveiller to target you at one of your frequented locations. Armed with additional background data and intelligence, striking up a conversation or finding a reason to interact would be pretty straightforward.

Certainly a great deal of information can be collected over the Internet and the surveiller can remain safe and secure in comfortable location. At some point, some surveillance operations might require the use of tools, equipment, and devices, and the surveiller may actually have to get out from behind the computer to resort to more traditional techniques. Years ago, surveillance equipment was highly specialized and fairly expensive. The equipment was sometimes heavy and obvious. Fortunate investigators and those conducting surveillance as law enforcement or intelligence officer may have had the privilege of using specialized scanners and miniature devices that were tailor made for their operations. However, the average household or citizen did not have spy equipment on their person or at home. Now nearly everyone with a Smartphone has some ability to record audio and video and take photos on the spot. Do you even give a second look to an iPhone or Droid sitting on a conference room table while everyone is having a meeting? People join the meeting, sit down, put down their phones (or iPads) and start the meeting, checking their phones periodically during the meeting. But do you ever wonder if someone is using that Smartphone to record? Is anyone running an iPad app to record or transmit the conversation? Does anyone seem overly alarmed if a Smartphone is left in that conference room? A typical reaction is to ask, “Hey, is this anyone's phone?” and if there are no takers, to just put it aside until after the meeting and give it to a receptionist or office manager who can try to find the rightful owner.

Beyond carrying the built-in phone capabilities, anyone can go to the mall, an electronics store, or surf the Internet for miniatures and spy gear. Even Toys-R-Us carries spy gear toys for children, and some of the police listening devices, “special agent” night vision recording gear, and CSI kits are pretty good. The toys today are better than what was readily available to the public 10 years ago. The jewelry is actually quite impressive. Even in locations that mandate X-ray security checks or are classified as a sensitive compartmented information facility (SCIF), how many brooches, earrings, or watches are checked or suspected as anything but jewelry?

Not only are the serious surveillers using the widely available miniature devices, but so are your neighbors, your children, your children's friends, etc. Remember the idea of 600 degrees of inclusion. If your neighbor is spying, your conversations may end up on the Internet. If your neighbors are very bold, you may be the star of your own YouTube video unbeknownst to you.

Wi-Fi scanners are another easily accessible tool for any wanna-be surveiller. These devices can be acquired as their own stand alone device that come in a variety of shapes and sizes including those that fit on your keychain. Otherwise, just download a scanner app on a Smartphone or iPad. What you need to be aware of is war-driving. In general, war-driving is the activity of driving around neighborhoods looking for an open Wi-Fi network. In the process of searching, the scanner does see all of the networks in the area and their names—even the ones that are secured. In some cases, open, unsecured homes are “war-chalked” meaning that their home is tagged as an available wireless hotspot. If you have never driven around a neighborhood with a scanner, it is an interesting exercise. Many people don't secure their wireless networks. Many people name their home networks with their last names, nick names, or with their address. If you are being targeted, this is another way in which a surveiller could gain information about you and your home network or take advantage of a home network if it is left unsecured.

One of the most important aspects of targeting and surveillance is to put all of the collected intelligence together. This is perhaps the more artful step in the process. Creating a working profile of the target based on open source information may lead the investigator to consider different avenues or strategies if traditional surveillance needs to be conducted next. It is very difficult not to find information on any given target. However, if the target is rich, the amount of open source intelligence can be rather astounding.

This chapter has focused on some of the techniques and methods used by online surveillers. While the information has just skimmed the surface on all of the ways to target, surveil, and compile intelligence from the Internet, it should give any online surveiller a good start. But what if you are the surveillance target? There are some precautions you can take to reduce your Internet footprint and decrease the amount of information someone could collect on you. Remember, just staying off the Internet doesn't work because your closest 600 friends, family, and strangers will continue to post information about you regardless of your participation on Twitter, Facebook, or any other social networking site.