Online sources can yield great intelligence, but they can also be quite perilous. When visiting sketchy websites, you risk exposing your systems to malware infections, or making yourself and your org a target for attack. To protect sensitive data and networks, IT security teams often have a policy of blocking access to certain websites.
What happens when you need to visit those sites or go undercover to browse the dark web? There might be a process that allows for exceptions or dedicated infrastructure that’s reserved for such risky operations. But with online investigations, time is always of the essence, and you need to get access to all types of content.
At Authentic8, we deal with these types of questions daily. We’ve identified the top online investigation mistakes to address immediately.
With so much information available online, it’s very tempting to quickly access the sites that you need, including social media or online directories, using your regular computer and browser. You already have the tools, and it’s easy to locate people online with just a few clicks — find their phone numbers, addresses, known affiliates, figure out what they are doing, who they are hanging out with, which hobbies they are pursuing, etc. — the whole pattern of life analysis. The internet offers readily available sources — free and commercial — for background checks, criminal records, family trees, and just about everything else.
But while you are investigating your targets, they might (and likely are) looking back at you. Even if you have created a “burner” profile to disguise yourself, and use incognito mode or VPN to browse the web, your computer leaves behind a trail of breadcrumbs that can easily lead a criminal back to you. Any search, however small or quick, needs to be approached with care to ensure that you protect yourself and your organization.
READ: What is managed attribution, and how does it improve online investigation?
If you are not familiar with the term, OSINT stands for Open Source Intelligence — basically collecting evidence from publicly available sources. The term was initially coined by the military, but at this point, organizations in both private and public sectors have embraced the art of OSINT, with many having designated specialists, tools and techniques.
As an online investigator, you can help protect your mission, your organization and yourself by learning and implementing OSINT tools. There are many great resources, like www.osinttechniques.com (not affiliated with Authentic8), that can help you find the right investigative tools for any type of research.
It’s mind-boggling that in 2021, the world population is about 7.8 billion, and of that seven billion, there are 3.8 billion active social media users, with on average eight social media profiles each. And they spend about 144 minutes per day scrolling, posting, and watching all types of content on social media sites.
Take TikTok for example: the platform literally exploded in popularity among young people, and it didn’t go unnoticed among criminals. You can easily find ads for illicit merchandise specifically targeted at kids and young adults, and having tools that can help identify the people behind these ads can be extremely helpful to investigators.
READ: How to quickly investigate on TikTok
There are many specialized tools — third party and managed by social media companies themselves — that can help you conduct searches on social media.
When looking at images, certain browser plug-ins and extensions can make an investigator’s job easier and help get results faster: Exif data plug-in, for example, helps analyze images and collect specific information, including when, where and on which device the image was taken.
You know how Facebook and other sites can “suggest friends” to you? They use a sophisticated algorithm based on the information they already have about your location, sites you visit, places you shop, people you talk to, profiles you look into, and so on. Things like super cookies follow you around the internet and share information between companies to build a complete profile, which, of course, can also be used by your adversary to figure out who you are.
Say, you live in the Denver area, are an aviation and firearms enthusiast, a real estate investor, read local news, and shop at galls.com, a supplier serving public safety professionals. This is more than enough information to put together a profile, which is how Facebook links people together and suggests “friends”. It’s also enough to tip off a criminal that you might be investigating them.
If you haven’t yet, check the “privacy settings” on any website you visit — you will be astounded how much information is being collected and shared across platforms. That’s how social media and other internet platforms make money. But this is also something that investigators need to be very vigilant about — because once a criminal suspects that they are being watched, they can retaliate in an endless variety of ways, and/or move their operation underground, delaying the investigation and erasing valuable evidence.
Creating fake profiles is not a good alternative either. First, it doesn’t disguise your identity — your browser fingerprint can still give you away; and also, in light of recent political events, sites like Facebook have started to really crack down on fake and spoofed social media accounts, even when they are used by journalists or law enforcement agents.
To be good, effective investigators, you need to collect accurate information, while protecting your investigations, your agency and yourself.
Some organizations try to accomplish this by installing and maintaining a separate “dirty” network for browsing sketchy sites and downloading files. But separate infrastructures are not only costly to install and maintain, they also don’t provide complete anonymity, and make it difficult to share evidence with other researchers and maintain a chain of custody.
A better approach is to use managed attribution services — a technology that allows you to use the same computer that you use day-to-day, but through access to a web-based service, which customizes and cloaks how you appear to external parties. You can actually modify your location, your device type, your web browser, your time zone and any of that other information that websites and services use to fingerprint and identify you.
With a cloud-based browser, all your activity is completely isolated from your actual workstation, preventing any malware infections from spreading through your network. It looks and feels like a regular browser, but your organization is completely protected and evidence is securely stored.
READ: What VPNs and Incognito Mode still give away in your online identity
Learn how Authentic8's unique approach meets the needs of online investigations for financial fraud, AML, threat intelligence, OSINT and other fields
How can professional online investigators securely conduct research on social media without exposing their organizations? Let's look at tools and techniques to help facilitate effective, safe and anonymous social media research.
How to access and analyze suspicious or malicious content without exposing your resources or identity
