The only non-panel session of the 2014 ACFCS conference, this presentation by private investigator Sandra Stibbards of Camelot Investigations definitely stood out as one of the highlights of the week. Focusing solely on internet-based Open Source Intelligence (OSINT), Ms. Stibbards provided a flurry of web-based tools, tricks, and tips for financial crime professionals to use during their investigations. I thought that I was ahead of the game as far as using OSINT was concerned, but the presentation reminded me that there are always more ways to approach the daunting task of using the internet as a potential source for substantive discovery.

The tools, tricks, and tips were broken into two major themes: 1) finding the relevant information and 2) protecting the identity of the searcher. First, finding the information. We are constantly told by various news outlets and consumer groups to be wary of our online profiles, but most of us are not aware that our virtual presence extends well beyond sites like Facebook and LinkedIn and often include details that even the most open of people would chose to hold private. A great way to hone your investigation skills is to start by focusing on your own “footprint.” You will be alerted to personal information that you may want to control, while gaining the practical experience that can only be earned by putting in the time online. Another advantage that this introverted approach has to offer is the chance to see how information gained on the internet should be taken with a healthy dose of skepticism. Nothing like seeing your own name pop up on an obscure French dating site to get you to start double checking everything that is uncovered when investigating someone else! Here are some tools for digging up information, with preference given to those tools that can be used free of charge:

pipl.com   Using an email or name, you can uncover everything from social media profiles, YouTube videos or tags, usernames, and even Amazon.com wish lists.

blackbookonline.info   This public-records search site provides access to a huge number of otherwise hard-to-find info dumps.

archivedbook.com   Allows a Facebook user to view an historical record of all their Facebook-related activity (place check-ins, deleted posts, picture tags, status updates, etc.). The best part? You can view the same for all of your “friends” as well!

As far as protecting the identity of the searcher, Ms. Stibbards gave a few great tips. Using an IP masker like the one found at ixquick.com will go a long way towards preventing the investigator from being back-traced and identified by the owners/managers/users of the sites that are being browsed. You simply type your query into the space on ixquick’s homepage, and the will reroute the Google-powered search through their own site and produce a list of results without tagging your computer as the source of the request. In order to remain anonymous when visiting the resulting sites, avoid clicking on the highlighted titles. Instead, click on the small word “proxy” that appears below each of the main titles. This will take you to the target site under the cover of a false ixquick IP address. While these website-based masking features are a good tool and adequate for basic investigations,  I personally feel they would not hold up against a source/site with enhanced security measures in place. Investigators seeking the next level of protection should consider using the Tor browser found at torproject.org. Check back in to the MIIS Financial Crime Blog for an upcoming step-by-step guide to using the Tor browser.