The final part of Lance Hawk’s InfoSec World presentation encompasses details on visualizers, IP address tracking, geolocation; and contains a brief summary of the subject matter.
Other investigative sites (see image) – I talked about the concept of visualizers, which is something new. It’s actually out now for some, but not for the YouTube.
SearchTempest – does CraigsList and eBay, and Amazon. It has Amazon, fantastic website. And it is one of the few that do it worldwide. You can actually restrict it to the region. When I talked about the one investigation when I plugged it in eBay before, I was misleading a bit – I plugged it into this first, and then it actually gave me an eBay lead.
If you have access to your places, you wanna check for any activity on backpage.com. That seems to be the wild site right now that people are dumping all kinds of crap. It used to be CraigsList that people said was going downhill; well, the downhill one right now is actually backpage.com, so you wanna watch that too.
We’re gonna over pacer.gov – that’s slick, I’ll show you how you can get free stuff from the government; prbpub.com, which is more state, links to PeopleSmart; and ssnvalidator.com
Okay, Lococitato is a Facebook visualizer, LEO (Law Enforcement Officer) only (see image to the left). At any time it is supposed to be out for public. Myspace and YouTube visualizers. I’m only bringing that up just for people to see new technologies coming out, new capability. It’s a visual type capability, different than what we have.
Now, everybody wants to know about tracing IP addresses. The biggest change here in the last year or two, has been geolocation, and the capability to actually track by IP addresses. Use the first two depending on whether you are searching the U.S. or overseas. Here is the collection of tools, they are great sites to look at. But probably one of the newer ones is whatismyipaddress.com/ip-lookup. When you get home and you are identifying your IP address, plug it in there – and it’s amazing, and it’s free. You plug in your IP address at home, and you can see the map coming up – fantastic to track back.
What’s considered the forensics god is dnsstuff.com. That actually does quadruple geolocation, where you have four satellites coming in, just so that you are sure if you have to go to court.
Now, pacer.gov – you always want to know, a lot of times when you do an investigation, in regards to litigation, if there has been any prior litigation from a federal or state perspective. What Pacer does is it includes federal information. Not only does it include federal information, but it gets it out there, there are government standards that dictate how fast it gets it out there. The bad part for an investigator is that there is some information that is redacted. Obviously, Social Security Numbers are among that, of course. There is other information like addresses and stuff like that.
But if we go to it, and this what the website looks like (see image), I put in my query – if I am investigating, like, Surfynol 104 that I mentioned before, and there is somebody who is basically misappropriating some of our information. And I knew that was, say, ACME Tech. So I looked up on this ACME Tech and I saw some litigation they were involved with, and it was 60 pages or something like that. Access to the court documents is 8 cents per page. You are capped at $2.40, but the best thing is this one here: the billing gets quarterly, but if you don’t go over 10 bucks – it’s for free. So if you are only doing it once or twice, you can get some nice court related information there.
Another slick one is SSN Validator (see image). We all come across Social Security Numbers. The big thing I like about this is that there is at least a check: number one – it will say whether it’s been issued, number two – it will say whether the person is deceased or not. But what I don’t like is a lot of things, like if you do credit reports it will redact your Social Security Number. So if you ever go and put it to any output or something like that, you really have to be cognizant of the information you are working with and know that it can get out there.
Determining risk to reputation – I never thought I would be spending time on finance message boards, but I am now. It is amazing, I don’t know if people are aware but if you are a publicly traded company (‘Air Products’ is a publicly traded company, our stock symbol is APD), I go out to finance message boards, and the stuff I see is unbelievable. And it is stuff you got to react to. One time for instance, there was something that appeared that said: “I stole 600,000 dollars from ‘Air Products’. I cracked into their recipe system”. Well, that’s gone out to the public, right? Yes, we have to pay attention to that, maybe address that, and do something like that. So that is something, like I said, where on a quarterly basis you wanna set up something to you look into stuff like that.
Let’s talk about two other places. There is one called jobvent.com. I can’t believe this website is up. I mean this is just, in my humble opinion, a bunch of ticked off people just job venting. But it’s amazing just from an intelligence perspective what you get. People say a lot of bad things when they are teed off. But Jobvent is one of the two.
The other one is glassdoor.com. At least, An opposing viewpoint can be presented here. So this is a little bit better.
Here is actually a newer one – trackle.com. And what I like about this is, remember I talked about brand monitoring and keeping an eye on your competitors and stuff like that, so this is making its reputation just on that.
Now, let’s assume all of those fail – I keep on going back to that sample product Surfynol 104. Say, I didn’t find anything in Cache, and somebody has brought the website down. This is oldie, but this is goodie – archive.org (see image). I am telling you, at least 30-50 times I’ve solved cases just using this one website, you know, what’s called the Wayback Machine. What you end up doing is, right there where it says “Take Me Back”, you put the URL: www.airproducts.com, and this goes all the way across. So you see the different times it’s been archived. So if somebody said: “You know what, I know that graphic was up there on June the 20th, 2004”, I can actually go back to June 19th backup, pull that out, and there it is. Then we can capture and preserve our evidence.
Now, if you forgot everything I said, there is an all-in-one that contains links to everything going in and out, all kind of stuff. That’s pandia.com. Actually Yahoo has one, and there is a government agency that has one, but Pandia seems to have a lot more. And this is just what is referred to as a Power Search Engine, which is totally different. This just refers you out to other search engines.