Online sources can yield great intelligence, but they can also be quite perilous. When visiting sketchy websites, law enforcement agents risk exposing their systems to malware infections, or making themselves a target for attack. To protect sensitive data and agencies’ networks, IT security teams often have a policy of blocking access to certain websites.
What happens when agents need to visit those sites, or go undercover to browse the dark web? There might be a process that allows for exceptions or dedicated infrastructure that’s reserved for such risky operations. But with online investigations, time is always of an essence, and agents need to get access to all types of content or risk having a perpetrator get away.
Another important consideration for law enforcement is the chain of custody. When you collect information online, how do you store it safely and securely? How do you collaborate and share that with your co-workers? And how do you make sure it’s correctly labeled and properly documented?
At Authentic8, we deal with these types of questions daily. We have collected a few important strategies that we believe would be helpful to all law enforcement investigators who use online sources, including open, deep and dark web (we will specially address the dark web in our next blog post).
1. Resist the lure of “just” looking it up online
With so much information available online, it’s very tempting to quickly access the sites that you need, including social media or online directories using your regular computer and browser. You already have the tools, and it’s easy to locate people online with just a few clicks – find their phone numbers, addresses, known affiliates, figure out what they are doing, who they are hanging out with, which hobbies they are pursuing, etc. – the whole pattern of life analysis. The internet offers readily available sources – free and commercial – for background checks, criminal records, family trees, and just about everything else.
But while you are investigating your suspects, they might (and likely are) looking back at you. Even if you have created a “burner” profile to disguise yourself, and use incognito mode or VPN to browse the web, your computer leaves behind a trail of breadcrumbs that can easily lead a criminal back to you. Any search, however small or quick, needs to be approached with care to ensure that you protect yourself and your organization.
2. Explore OSINT tools and techniques
If you are not familiar with the term, OSINT stands for Open Source Intelligence – basically collecting evidence from publicly available sources. The term was initially coined by the military, but at this point, organizations in both private and public sectors have embraced the art of OSINT, with many having designated specialists, tools and techniques.
As an online investigator, you can help protect your mission, your organization and yourself by learning and implementing OSINT tools and techniques. Authentic8 offers OSINT Academy, an online, self-paced training course for online investigators. Additionally, there are many great resources, like www.osinttechniques.com (not affiliated with Authentic8), that can help you find the right investigative tools for any type of research.
3. Don’t underestimate the bounty of social media
It’s mind boggling that in 2021, the world population is about 7.8 billion, and of that seven billion, there are 3.8 billion active social media users, with on average eight social media profiles each. And they spend about 144 minutes per day scrolling, posting, and watching all types of content on social media sites.
Take TikTok for example: the platform literally exploded in popularity among young people, and it didn’t go unnoticed among criminals. You can easily find ads for illicit merchandise specifically targeted at kids and young adults, and having tools that can help identify the people behind these ads can be extremely helpful to law enforcement agents.
There are many specialized tools – third party and managed by social media companies themselves – that can help you conduct searches on social media.
- social-searcher.com, an engine that allows you to monitor all mentions of a name, keyword, or phrase across 11 different social media platforms.
- socialbearing.com can give researchers a full profile and tweet analysis – what is someone looking at, which words do they use the most, are they sharing links in their profiles. You can even find out which OS someone is using when posting on Twitter, Instagram or TikTok, which, of course, can be really useful information.
When looking at images, certain browser plug-ins and extensions can make an investigator’s job easier and help get results faster: Exif data plug-in, for example, helps analyze images and collect specific information, including when, where and on which device the image was taken. So, when someone linked to drug ads is posting a picture of their fancy car, you can collect a lot of information on them, even if the license plate is not visible.
4. Be aware of your own online footprint
You know how Facebook and other sites can “suggest friends” to you? They use a sophisticated algorithm based on the information they already have about your location, sites you visit, places you shop, people you talk to, profiles you look into, and so on. Things like super cookies follow you around the internet and share information between companies to build a complete profile, which, of course, can also be used by your adversary to figure out who you are.
So, say, you live in a Denver area, are an aviation and firearms enthusiast, a real estate investor, read local news, and shop at galls.com, a supplier serving public safety professionals. This is more than enough information to put together a profile, which is how Facebook links people together and suggests “friends”. It’s also enough to tip off a criminal that you might be affiliated with law enforcement.
If you haven’t yet, check the “privacy settings” on any website you visit – you will be astounded how much information is being collected and shared across platforms. That’s how social media and other internet platforms make money. But this is also something that investigators need to be very vigilant about – because once a criminal suspects that they are being watched, they can retaliate in an endless variety of ways, and/or move their operation underground, delaying the investigation and erasing valuable evidence.
Creating fake profiles is not a good alternative either. First, it doesn’t disguise your identity – your browser fingerprint can still give you away; and also, in light of recent political events, sites like Facebook have started to really crack down on fake and spoofed social media accounts, even when they are used by journalists or law enforcement agents.
5. Mitigate the risk with complete isolation and managed attribution
To be good, effective investigators, law enforcement agents need to collect accurate information, while protecting their investigations, their agencies and themselves.
Some organizations try to accomplish this by installing and maintaining a separate “dirty” network for browsing sketchy sites and downloading files. But separate infrastructures are not only costly to install and maintain, they also don’t provide complete anonymity, and make it difficult to share evidence with other researchers and maintain a chain of custody.
A better approach is to use managed attribution services – a technology that allows you to use the same computer that you use day-to-day, but through access to a web-based service, which customizes and cloaks how you appear to external parties. You can actually modify your location, your device type, your web browser, your time zone and any of that other information that websites and services use to fingerprint and identify you.
With a cloud-based browser, all your activity is completely isolated from your actual workstation, preventing any malware infections from spreading through your network. It looks and feels like a regular browser, but your agency is completely protected, evidence is securely stored, and chain of custody is preserved.
To learn more about managed attribution, join our webinar on April 15, Naked and Exposed: Stop Investigating Online without Managed Attribution.
Those are the five strategies for effective online investigations for law enforcement. For a deeper dive, watch the on-demand, 1-hour webinar where we cover these five strategies in more detail, 5 Strategies for Effective Investigations for State and Local Law Enforcement.
- Webinar: https://silo.authentic8.com/LE-online-strategies.html
- Guide: https://silo.authentic8.com/law-enforcement-handbook.html
- Case Study: https://www.authentic8.com/static/media/uploads/resources/authentic8csleagencypublic.pdf
*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by A8 Team. Read the original post at: https://blog.authentic8.com/five-strategies-effective-law-enforcement-investigations/