CusterAgency

The Online Disinhibition Effect, and What It Means for Online Reputation Management

Posted by | Articles | No Comments

by Dylan Evans (ACE, CEH, CHFI, A+, Network+), Digital Forensic Investigator for Custer Agency Inc.


When was the last time somebody a total stranger walked up to your face and spat in your eye while simultaneously insulting your life choices? Maybe they punched you in the stomach afterward, and then spraypainted an angry caricature of your face on your car window for good measure?

If you’re like most people, this situation isn’t something that happens very often (if it’s a common occurrence, my heart goes out to you and I suggest taking up martial arts lessons), but on the internet that is a different picture altogether. We live in a world where “cyberbullying” leads to teenage suicides, poor Google and Yelp ratings can lead to total business shutdown, and as in the case of Justine Sacco, a single tweet can end a career and completely ruin a person’s reputation for the rest of their life. As innocent and pointless as social media may seem, the fact remains that our modern society is chained to it by the throat. It’s a near-impossibility to walk a block down the road and not see “Like Us on Facebook” or the Twitter icon on everything from park benches to milk cartons.

Online Reputation Management

Online Reputation Management

Spend two minutes reading the comments section of any given YouTube video, and one thing becomes clear: the internet is not a nice place. The seemingly endless wellspring of vitriol and negativity that pours out of the web like a backed up toilet seems to be at odds with the behavior expected from a civilized society. Why, then, is there such a harsh juxtaposition between people’s public behavior and how they act online? To quote Oscar Wilde, “Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth.”

Dr. John Suler, Professor of Psychology at Rider University, is one of the world’s foremost experts in this phenomenon, which he has dubbed the “Online Disinhibition Effect.” As he identifies in his 2004 titular paper, people’s behavior online is the result of lowered inhibitions due to a high degree of perceived anonymity that is not present in real face-to-face interactions. [1]

“There’s a large crowd and you can act out in front of it without paying any personal price to your reputation,” says Clay Shirky, an adjunct professor at New York University who studies social and economic effects of Internet technologies, and this “creates conditions most likely to draw out the typical Internet user’s worst impulses.” [2] Clearly, this type of environment can lead to discussions and outward expressions of a person’s most deeply-buried rage that would not manifest in real face-to-face interactions.

Dr. Suler identifies six key components to the “online disinhibition effect:” dissociative anonymity, invisibility, asynchronicity, solipsistic introjection, dissociative imagination, and minimization of authority. More simply, a person in the throes of online disinhibition feels that their audience doesn’t know them and can’t see them. They feel that, given the post-and-respond nature of internet discussions, they can leave the conversation whenever they want, and because of the impersonal nature of the situation they tend to feel like it’s more “in their head” and game-like than a real human interaction. The behavior is finally cemented by the internet being largely unregulated, with a lack of central authority and overall consequences for a user’s actions.

In a nutshell, the particular nuances of internet communication – specifically the combination of perceived anonymity and the removal of the perception that the other people in the conversation are real human beings – leads to a perfect storm of conditions that tends to bring out the worst in people. Internet trolls see it like a video game; they pop in, spray some offensive virtual graffiti, and disappear back into the real world and their real lives, almost like they’re controlling a game character instead of representing themselves as a person. Likewise, the people they offend are perceived as mere background elements of an artificial world, not as living breathing people.

If the internet existed like it 1990s – in a space almost entirely separate from the real world, occupied by a fringe minority of the population– this wouldn’t be so bad, but unfortunately, that is far from our modern reality. Nearly every person, business, and object is connected to the internet, and as we have explored, lives can be permanently ruined in 140 characters or less. Like a terrifying cybernetic elephant, the internet never forgets.

So what does all of this mean for businesses, especially regarding online reputation management? Simple: be aware of the threat, and be cautious. We live in an interesting time where online content can have serious, long-reaching real world effects – good and bad – for individuals and business entities while simultaneously dealing with the fact that the very users creating that content express themselves as if they’re merely playing a game.

There is nothing stopping an angry customer, disgruntled employee, or scorned ex from starting a false rumor campaign and getting their social media followers behind it. If you think this doesn’t happen on a daily basis, think again. Businesses have been ruined by simple misunderstandings that turned into Facebook rants, and with the advent of “sharing”, those rants are given the opportunity to live forever online. Social media users just click “like,” “share,” and move on with their day, but with every click the false rumors replicates, spreading like cancer across the internet.

Consider the following case, which happened right here in Boise: A local small business was hiring for a position, and rejected a particular applicant’s resume. That applicant was so offended that he started a Facebook page for a fictitious class-action lawsuit against the business, claiming that their services caused damage to their customers’ property. The angry applicant took things further and created several fake Facebook pages for the business employees, and proceeded to send angry and threatening messages to the business’s real customers. One of those customers was so offended that he took a screenshot of the message, posted it on his Facebook timeline, and called for a boycott of the business.

That post was subsequently shared over one thousand times. The rumors spread so far, one of the local news stations volunteered to do a story on all the alleged damages caused by the business and the owner’s “offensive outbursts,” without ever bothering to validate the source of that information.

The real business owner had no idea this whole situation was happening until a news crew showed up outside his office.

What I have described is, unfortunately, a growing problem, and a prime example of the real world consequences that can result from online disinhibition. When a person feels they are safely anonymous and they have an audience, the smallest bit of anger can be amplified to a terrifying magnitude.

Again, as far as online reputation management goes, the biggest takeaway is to be aware and to be cautious. A little-misplaced anger can go a long way, so don’t take the threat of trolls lightly. At the same time, the worst thing that a business could do is purposely avoid the internet altogether in an attempt to hide from the vitriolic fringe. No matter what, if you upset somebody they will take it online. Instead of just letting rumors and rage freely poison your reputation, why not be present to provide a counterargument?

How do you do that? Stay engaged with your online audience. Whatever business you’re in, be transparent, be open, and make your dedication to integrity obvious. Having a community of positive supporters behind you can easily drown out the screaming of an online troll, but if you aren’t engaging with your audience, the only voice that will be heard is the offended one.

To quote Napoleon Bonaparte, “Ten people who speak make more noise than ten thousand who are silent.” By regularly engaging with your online audience and truly listening to them as individuals, a business creates a community of supporters that can drown out even the most fervent of trolls.

And if you’re responding to someone online, try to remember they’re a real person. Don’t virtually punch them in the face, because you might give them a serious headache in the real world.

[1] – Suler, John (2004). “The Online Disinhibition Effect”. CyberPsychology & Behavior 7 (3): 321–326. doi:10.1089/1094931041291295. Retrieved 10 March 2013.

[2] – Doig, Will (February 26, 2008). “Homophobosphere”. The Advocate (1002). Retrieved January 24, 2010.

Protect more than data — protect your firm’s identity

Posted by | Articles | No Comments

Data Protection

In this column, we often discuss various means for businesses to protect their own assets. For small businesses especially, it might be easy to imagine assets only as tangible entities: money, employees, equipment and so forth.

But what about protecting the intangible? Even the smallest businesses are storing data digitally. In a greater sense, they are participating in a digital marketplace with websites and social media. And let’s look beyond data. What about protecting a business’s identity itself?

To answer this question, we met with Brad Frazer, a Boise attorney, a partner at Hawley Troxell Attorneys and Counselors, and an expert in all matters related to intellectual property and Internet law. He identified four categories of intellectual property: copyrights, patents, trademarks and trade secrets.

These categories are often confused and misunderstood by business owners, but they are really quite simple to understand.

  • Copyrights give the owner the legal right to exclusive use and distribution.
  • A patent is a set of exclusive rights legally granted in exchange for public disclosure of an invention.
  • Trademarks include logos, brands, labels, signatures, packaging and any other graphical representation of goods or services that can be legally protected.
  • Finally, trade secrets refer to methods, formulas, and procedures that are not available to the general public.

Each of these categories constitutes a business’s identity, yet when most small business owners think of protecting the intangible assets, they think only as far as the data stored on their computers. It’s easy to conceptualize an Excel file containing customer data, or a set of emails stored on an external server. But protecting intellectual property is essential for businesses of every size. Remember, if your business is using the Internet, it is really competing in a global marketplace, and that makes it essential to legally protect your intellectual property.

This protection goes far beyond merely filing trademark and copyright applications. Social media and websites have changed the game when it comes to protecting your brand or business. Anybody with an Internet connection and a handful of change can log on to GoDaddy or Register.com and register a domain name that isn’t in use. (A domain is simply an Internet identifier, such as “custeragency.com,” “nasa.gov,” or “idahostatesman.com.”)

So what happens when somebody decides to take the name of your third-generation family business, register it as a domain and start hosting porn on it? Would that be good for your business identity? What if your biggest competitor grabs it instead?

During our interview, Mr. Frazer gave us some solid advice about registering domain names and social media accounts: “If you don’t, somebody else will.” To extrapolate, he recommends securing at least 20 domains around each trademark held by your business and creating an account on the top 10 social media sites for each trademark.

Creating such a large online presence for each trademark allows legal recourse in the event of intellectual property theft. There really is no excuse for a business to ignore these steps. It might seem like a lot of work, but in reality, it is about an afternoon’s worth of creating free accounts.

Domains are exceptionally cheap, so registering 20 domains might cost a business from $40 to $400 depending on whether the business took advantage of online coupons. Either way, it’s a microscopic investment in preventing someone else from appropriating your company’s identity.

In our next article, we will continue the discussion of intellectual property as it applies to small and medium-sized businesses. In the meantime, take a look at your business’s own online presence. If it’s underwhelming, the least you can do is spend an hour registering social media accounts. Remember: “If you don’t, somebody else will.”

This article originally appeared on the IdahoStatesman website.

What to know if you want to use spyware on employees

Posted by | Articles | No Comments

With the presence of computers and smartphones reaching an all-time high in our society, it has never been easier to discreetly monitor a person’s activities without their knowledge. The question has evolved from “Is it possible to compromise a phone or computer with spyware?” to “Which brand of spyware do I feel like using today?”

The manufacturers of these tools are often quite heavy-handed about the descriptions of their products. Three of the most popular spy apps are MSpy, Mobispy and Spyera. Notice a trend?

Even more interesting is the following disclaimer, found at the bottom of MSpy’s website: “INTENDED FOR LEGAL USES ONLY.”

A savvy reader might be asking how this invasive level of monitoring — GPS positioning, keylogging, text message interception, picture interception and so forth — can possibly be legal in any context. The answer, as with many of these situations involving rapidly evolving technology and privacy rights, is “it depends”.

I am not an attorney, so none of the following should be considered as legal advice or guidance. I am merely an expert witness who has worked on innumerable digital forensic cases involving computer and smartphone spyware.

The generally accepted legal uses for installing hidden spyware on a phone are twofold: monitoring minor children you have legal guardianship of and monitoring employees who are using company-owned phones.

The latter is likely the more interesting of the two to business owners and admittedly could offer a lot of interesting data about employees.

To quote John Wooden, “The true test of a man’s character is what he does when no one is watching.” Almost all businesses occasionally face the problems of goldbrickers — employees who maintain the appearance of working but secretly spend more time slacking off than they would like to admit to their bosses, like gold bricks that look valuable from a distance but are actually just painted mud.

That most employees are chained to a desk is bad enough, but throwing the global smartphone addiction into the mix means that most employees are connected to the Internet throughout their business days. Maybe they slip away for a few minutes at a time to watch a funny cat video. Maybe they actually spend five hours a day on Facebook. Even worse, maybe they’re stealing important company files by embedding them inside funny photos and forwarding them to all their “friends.”

Each of these situations happens every day in the workplace. To the outside observer, an employee is either typing away behind a monitor or hunched over a smartphone like a caveman over a flame. Their actual actions are rarely apparent, and this can make spyware appealing to business owners.

An important legal consideration is a concept of “reasonable expectation of privacy.” Would employees have any reason to believe they are being monitored on their computers or their phones?

In almost all cases involving the legal use of spyware, businesses have been required to inform their employees that they cannot expect privacy while using company devices. This should be explicitly spelled out in employment contracts: “All digital device use may be monitored at any time and privacy should not be expected.” Users also need a regular reminder that privacy should not be assumed. This could be a popup, with the same language as the contract, that appears whenever they turn on their computers.

While I neither condone nor condemn the practice, I recognize that various businesses are employing spyware. So the least I can do is offer a little advice: Always make sure you have an attorney involved before you start using spyware. Failing to do so could quickly land a business owner in prison.

This article originally appeared on the IdahoStatesman website.

Smart TV product for seniors worth a look

Posted by | Articles | No Comments

For Part 2 of our “human assets” series last month, we examined a few computers specifically designed for the elderly: specialized Linux machines that offered a few simple web apps with large print and a simplified user interface. While these machines can be useful for certain users, the biggest challenge in introducing technology to a population that does not rely on it much — by no means a bad thing — is making integration seamless. Teaching someone how to operate something completely new can be met with resistance, especially when the new device seems forced upon the person in the first place.

Furthermore, the priorities of integrating technology into a senior’s life often differ between caregivers and the elderly. To a caregiver, it might make sense to monitor a person remotely through a combination of sensors: wireless blood pressure monitors, fall sensors, bed pressure sensors, scales, cameras. All of that can be monitored, but is it really worth turning Grandma into a cyborg to track that information? Maybe she’s more interested in keeping in touch with her family and receiving pictures. Accomplishing correspondence and medical goals means walking a fine line.

In my research for this column, Part 3 of our series, I found a new type of product that is a variant of smart TV designed precisely for that purpose, sold under the brand name Independa. Its description reads similarly to the Linux computers we examined last month: The TV allows an elderly person to Skype with family, share pictures, browse the web and more.

However, the product is presented in a package the user is already familiar with and likely spends many hours in front of each day: a television. The TV can also be programmed to give the user calendar reminders, such as when to take medication, and can be integrated with a number of wireless medical sensors throughout the home.

I spoke with Lynne Giacobbe, executive director of Kendal at Home, who has used Independa for a few years with her members. Kendal at Home is a nonprofit focused on providing “aging-in-place” care for seniors, allowing them to stay independent and in their own homes instead of nursing homes.

“Televisions are typically something that everybody’s pretty much familiar with,” she says. “The only thing they need to know how to do is to use a television and a remote control.”

Giacobbe notes that the learning curve for teaching an elderly person to use a computer is much greater than for learning to use a TV. She says the most difficult thing in the whole process of learning to use Independa is teaching a person to switch the input when they want to use a DVD player.

She says her elderly clients are constantly seeking and stimulated by “connectivity to their loved ones in a fun way, in a way that provides meaningful connections.” Integrating smart TVs into her program provides that.

“I don’t think there’s a lot else out there in terms of social integration that we’ve come across,” Giacobbe says.

Asked if there is any resistance to the technology, especially considering the medical monitoring portion, Giacobbe says the devices are almost universally positively received by her clients. One can’t help but be reminded of the “Telescreens” in George Orwell’s “1984,” but Giacobbe insists that the familiar platform is not “seen like big brother” compared with similar types of integrated medical monitoring systems.

Giacobbe sees possibilities for this technology to get elderly people involved in communities they would otherwise not be a part of. She cites examples of book-club members unable to participate in group discussions because they cannot drive across town or group fitness activities that could be performed over webcam. She anticipates that this sort of usage will become commonplace as these types of devices grow in popularity.

Putting aside the fact that the lines between TVs and computers are fuzzy today, it makes sense to integrate new technology into a person’s life in a form the person is comfortable with. Instead of taking the time to stand up and walk over to a computer, a person can receive Skype notifications and medication reminders right in the middle of a favorite show. With the integrated medical monitoring feature, you can feel comfortable that when Mom or Dad ignores your status update, it’s not because she or he is in danger, but because the show is more interesting.

Written in collaboration with Dylan Evans, Reveal’s vice president of operations.

This article originally appeared on the IdahoStatesman website.

Protecting human assets (Pt. 2): Be wary of computers marketed to seniors

Posted by | Articles, Series | No Comments

Part 2 of a 2 Part Series

It’s hard enough for the average user to stay safe online.

For those who don’t fall into the tech-savvy demographic, it can become nightmarish.

In this column, Part 2 of our series on protecting human assets in a technological world, we focus on the elderly. While there are plenty of seniors who are passionate about the newest technology, many are content to minimize or eliminate their use of the Internet. A 2014 survey found that while close to 90 percent of millennials own smartphones, the number drops to under 40 percent for those over age 65.

If you try to persuade an elderly relative into getting more connected with technology, understand that your efforts may be a double-edged sword. While you might feel frustrated that your parents can’t see your latest tweet every 10 seconds, it can be dangerous to throw an inexperienced user into the depths of the technological wasteland without the right equipment. Someone just learning to navigate the Internet is a minnow swimming with sharks. The elderly are high-value targets by scammers for this very reason.

The key to getting seniors connected while keeping them safe is to find a happy medium, a device that allows the new user to experience what technology has to offer without creating frustration or danger.

One option is a type of computer designed for the elderly. Companies such as Telikin and The Wow Computer have popped up recently, selling computers with ultrasimplified user interfaces to get seniors performing basic tasks such as sending emails and browsing the web. Telikin claims it’s “the world’s easiest computer.” The Wow Computer advertises that its product is “so easy to use, you won’t have to ask your children or grandchildren for help.”

But do these products do the job? Are they worth the price?

These computers often come in the form of all-in-one touchscreen units with large-print icons designed to make navigation easy. If you want to send an email, you just push the big button that says “E-Mail.” Press “Search” and the user can open a web browser. It’s all reminiscent of a late-’90s AOL interface. It makes basic tasks effortless while preventing the user from feeling that he or she may break something.

What’s under the hood? As it turns out, these machines are similar and share similar prices. The Telikin Elite II holds an MSRP of $1,249. That’s almost as much as a new i7 iMac. If you’re expecting similar components to the iMac, however, think again. The Telikin Elite II comes equipped with an Intel Celeron processor, a 500GB SATA hard drive and a mere 2GB of RAM.

These are extremely low-budget parts for a 2015 computer. A traditional desktop with these same components sells for around $200 at Wal-Mart.

Perhaps the custom operating system justifies the other $1,049? As it turns out, all these machines run versions of Linux, the free open-source operating system used on everything from desktops to DVRs. The manufacturer has simply added a user interface to an existing framework.

On the plus side, Linux is generally extremely secure and has a lower malware risk than Windows or Mac computers. Even so, while these systems may indeed make using the Internet easier for seniors, it’s hard to justify needless spending on old hardware and free operating systems. Everything offered by these machines can be replicated at home for a fraction of the cost.

Because Linux is free, you can legally download your flavor (known as a “distribution”) of choice, burn it onto a CD or DVD, and install it on almost any PC — even one with relatively poor specs. There are even Linux distributions preconfigured for the elderly, such as “Eldy Linux,” which has the very same kind of simplified, large button interface. With a $100 Craigslist, computer and a free copy of Eldy Linux, the same experience of a Telikin can be re-created for next to nothing. Even paying a technology consultant to do the installation is far cheaper than buying a specialized computer for seniors.

Want to try it yourself? The official documentation for Ubuntu, the most common Linux distribution, offers a straightforward tutorial on how to turn a downloaded distribution into a Linux installation disc. Check it out at https://help.ubuntu.com/community/BurningIsoHowto.

A decade ago, today’s world of Internet-connected refrigerators, wireless battery charging, and the ubiquitous social encouragement to publicly share every thought would have felt like the setting of a science-fiction novel. At the turn of the millennium, the worst trap a user could expect to fall into was replying to an email from a foreign prince wanting to share bank accounts. Today malware can automatically install itself onto a computer, silently conduct a wire transfer, and then use that device to hack somebody else — no prince required.

For seniors, a simplified Linux system might be a viable alternative to a traditional computer both in security and user-friendliness. Read beyond the advertising and examine exactly what you’re buying, or you might waste money on a Pinto advertised as a Porsche. Install Linux yourself or hire a competent tech person to do so, and you’ll end up with a better product at a fraction of the cost.

Written in collaboration with Dylan Evans, Reveal’s vice president of operations.

This article originally appeared on the IdahoStatesman website.

 

Protecting human assets (Pt. 1): Phones for Kids

Posted by | Articles, Series | No Comments

Part 1 of a 2 Part Series

Safeguarding Kids

Each month in this column, we explore ways to safeguard things that are important to you: your assets. Usually, we focus on intangible assets like your credit card number, your identity and company trade secrets. But when you ask people what is most important to them, their families are usually at the top of the list. Having your credit card number stolen makes for a stressful experience, but it pales in comparison to the feeling of having a child or elderly parent’s safety compromised.

While the digital advancements we see daily can sometimes make life easier, they can also make it more complicated and make the act of maintaining a safe environment far more difficult, especially for parents. As of 2011, one in five elementary school students owned a cell phone. Instead of playing pretend and building sand castles, they are spending recess on Snapchat and Facebook. Many young children are exposed to smartphones as infants; instead of handing their little babies rattles, overstressed mothers are reaching more and more for their phones and tablets.

Arming your 9-year-old with a bright shiny new iPhone might make him the coolest kid on the playground, but it also paints a target on his head for both schoolyard and adult thieves. The expression “taking candy from a baby” becomes far more tempting to a thief when that candy is a $400 toy.

If you’re buying a phone for a child, at least consider what you actually want. Do you just want a reliable means of communication in case of emergency? Non-smart “feature phones” are still widely available from every major carrier, especially for their no-contract plans. These phones come in a variety of sizes and user interfaces: flip phones, Blackberry lookalikes with full keyboards, touchscreens and more. They cost somewhere around $10 for the phone and $25 per month for unlimited minutes. There are no malicious apps to download and no time wasted in class on Facebook.

If you really feel your child needs a smartphone, take precautions. Certain apps have user interfaces more suited to children. A parent sets up the main administrative account, locked with a password, and determines which apps and features the child can use. The phone is then put into a simple mode that allows only those. The appropriately titled “Kid Mode” by Zoodles (a default on newer HTC phones) is the most commonly seen app of this kind for Android devices.

For iPhones and iPads, consider the options in the “Settings” panel. The “Guided Access” option (Settings > General > Accessibility > Guided Access) allows someone to lock a device to allow the use of only a single app. All other features are locked until the user enters the correct PIN. This is useful if you load a game on your own device and hand it to your child.

An even more important collection of settings is found in the “Restrictions” panel (Settings > General > Restrictions). This allows an administrator (such as a parent) to control exactly what the device is and isn’t allowed to do. Parents can disable in-app purchases, control the types of websites that are available through Safari (or disable it altogether), and limit or remove a child’s ability to play games or add friends in the Apple Game Center.

There is one distinct advantage to giving your offspring a smartphone: You now have a GPS tracker on your child, and he or she will never want to leave it behind. Apps like Cerberus, PhoneSheriff, NetNanny and My Mobile Watchdog allow parents to precisely pinpoint a child’s GPS location, listen in on her conversations and intercept her communications.

Having access to this information may seem intrusive, but consider: If your child was communicating with a dangerous individual online, you’d be the first to know. In the horrifying possibility of a child abduction, having access to the phone’s GPS location could mean the difference between life and death.

As with any scientific advancements, smartphone technology can be applied positively or negatively. Parents need to be aware of these options to make educated decisions about how to approach the smartphone issue with their kids.

Notably, many of these same concepts can also be used to help the elderly, including a parent with dementia or failing health. Keeping track of a parent’s location and helping to block bad web content can prevent your parent from getting scammed or being physically injured. A number of technological advancements are marketed directly at the elderly, such as emergency cellphone wristbands, remote monitoring systems for nursing homes, and most interestingly a special type of desktop computer that provides a simplified user interface for the elderly.

These kinds of computers come with a specific set of advantages and disadvantages, and as with all new technology there are many consumer questions that need answered. Are they really useful? Are they worth the money over a standard computer? What are the alternatives? Next month, we will continue our “Human Asset” series by looking at these elderly targeted computers in depth, as well as a handful of alternative solutions.

Written in collaboration with information security expert Dylan Evans, Reveal’s vice president of operations.

This article originally appeared on the IdahoStatesman website.

A laptop with company data is stolen. Now what?

Posted by | Articles | No Comments

My client was in a panic.

It was a Friday and I had just wrapped up a case when the phone rang.

“I need to get my laptop back,” he said, conversational formalities left at a minimum. “It has everything. All my company files, all my passwords. Everything.” The man’s voice revealed a cocktail of frustration and anger with a generous twist of helplessness.

He explained the situation in succinct detail. My client had arrived in Boise the previous night on a business trip. After an exhausting day, he managed to drag his luggage up to the fifth floor of his hotel, and all that mattered was getting a few hours of sleep before his morning flight. He inadvertently left one important piece of luggage sitting out in the hallway: his briefcase, containing a company laptop and a notebook with a detailed list of every user account and password he had ever used. It was a security consultant’s nightmare.

Of course, the briefcase had vanished the next morning like smoke in a rainstorm. To make matters worse, the fifth-floor security camera was out of order that night. It seemed almost too convenient and led me first to suspect a member of the hotel staff.

But the briefcase could just as easily have been a target of opportunity. Staff, hotel guests, guests of guests, even a pizza guy could have been a suspect. With the camera out, there wasn’t anything to go on.

Fortunately, the same level of obsessive-compulsiveness that led my client to record his passwords also caused him to write down the serial number of his laptop. Before he called me, he filed a police report, detailing every crack and bump of his missing laptop. If it showed up in a pawn shop, the police would know, but short of that, there wasn’t anything else they could do.

The more I thought about it, the more it made sense that the thief wasn’t a pro. The thief had likely been in the hall, spied the briefcase late at night, and thought he or she could make a quick buck. It wasn’t likely the thief was experienced in fencing stolen goods. To put it simply, the culprit probably wasn’t very smart. Since I knew the laptop’s serial number and model, I turned to the most likely place a less-than-brilliant criminal would try to flip it: Craigslist.

Sure enough, a quick search of the manufacturer turned up an ad posted eight hours earlier. The price was a good $200 under the item’s market value, which told me the seller either had no idea what he or she was selling or wanted to move it quickly. Probably both. A quick phone call later and I had an appointment with the seller in an hour.

The laptop matched the description of my client’s, down to the slightly uneven touchpad and the sticky “3” key. A quick glance at the BIOS – which I explained to the seller was to check the processor speed – revealed the serial number. It was a match, of course. I handed the woman the cash (I had already recorded the serial number of each bill) and went on my way, discreetly recording her license plate number and address. The client had his laptop back. I was sure that once I passed that information along to the police, he’d have his book of passwords back as well – hopefully just in time to feed them into an industrial shredder.

This case is a prime example of why data security is important, especially when traveling. My client’s laptop was password-protected. That was a nice start, but without encryption, it doesn’t mean much to someone with even a modicum of computer skill. It means even less if you keep your laptop bundled with a book of passwords. It’s like taping your house key to your front door with a neon sign that says “OPEN ME.”

Password security is one of the most important concepts in digital security. Any password that needs to be written down might as well never be used at all. Memorization is key and cannot be emphasized enough. Anytime you write down a password, you are risking unauthorized access.

I recommend using a password system that combines, at least, three separate memorable elements, such as a four-digit PIN, an important phrase (possibly spelled backward), and another keyword. For example, if my anniversary is May 25, my dog’s name is Oberon, and my favorite color is green, I may have “05Norebogreen25” as my password. Or maybe I’ll have “GreeNorebo0525.” Come up with a system that works for you.

Had my client’s laptop been encrypted (and not bundled with the password book), he wouldn’t have needed to worry about important company data falling into the wrong hands. Sure, he’d have been out a few hundred dollars, but the larger risk would be mitigated because all data on the hard drive would be unreadable without the password. If his business instituted a companywide encryption policy, the risk would be far less severe.

I managed to recover my client’s laptop – and, more importantly, find the thief – only because he recorded the serial number. It wasn’t recorded because of a company policy, but due to an employee attentive to detail. If a company takes the time to log and categorize its technological devices, the record allows the potential for recovery in the case of theft. A little preventative effort goes a long way.

This article originally appeared on the IdahoStatesman website.

Arming your home with security cameras is easy today

Posted by | Articles | No Comments

Security is a difficult product to sell.

Like insurance, it never seems necessary on a good day. Until a driver gets t-boned in the middle of an intersection, the last thing on the driver’s mind is whether or not she has the right kind of coverage.

As a security consultant, I am often called in after a metaphorical crash – a break-in, a digital intrusion, an employee dipping into the till. The common thread among incidents like these is that they are all damage control. Adding cameras or installing a network intrusion detection system won’t prevent the original incident but allows the business to better defend against future threats.

Even when a business is adequately protected, my experience has taught me that the same business owners often neglect protecting their own homes. Thankfully, security does not have to be a luxury item. The security hardware available to the public is more affordable than ever, and the quality of the equipment is unprecedented. You don’t have to hire a security consultant to protect your home. Regardless of your budget, there is almost assuredly a solution at your price point.

A camera system is one of the essential pieces of physical security hardware available, and thankfully it’s easier than ever for a nontechnical person to work with one. To have a working camera system, you will need just two components: the cameras themselves and a digital video recorder (DVR) designed to work with them.

You may be familiar with television DVRs. These are similar. All the cameras tie into the DVR, which operates as a computer and manages to record. Sometimes users will set up certain cameras to record only motion, but the most common configuration is to just let the cameras run all the time.

After the DVR’s hard drive has filled up with video, it seamlessly “rolls over the tape” and starts overwriting the earliest entries. Ideally, the DVR should retain at least 15-30 days of video for residential use, in the case of a break-in or other incident. This allows enough time to back up any relevant footage for law enforcement.

In the past, one of the primary difficulties faced by do-it-yourself security installers was cabling. Each camera had to be hard-wired into the DVR, which meant that homeowners either had to get creative with potentially hundreds of feet of wire or leave their homes looking like a rat’s nest. Crawling around in attics was a bare minimum, and to some that didn’t justify the effort.

Thankfully, that excuse can now be retired. Wireless cameras and DVRs are now commonplace and make setting up a system a breeze. You don’t even need wireless Internet; the cameras and DVR communicate directly using radio, so there’s no need to put on your network engineer hat. In most cases it’s as simple as powering on the cameras and the DVR, and then clicking “add cameras” from within the DVR’s interface. Assuming the cameras are in range, they should start working immediately. (If you’re putting cameras in a 10-story mansion, you may wish to run cable instead because of the distance, but hopefully, you can afford to pay somebody for that.)

An important consideration for DIY security is that the location of your DVR is important. If a thief decides to break in and sees your DVR sitting on the shelf with your Blu-Ray player, you can kiss your footage – and any chance of catching the thief – goodbye. Ideally, the DVR should be in a locked room or cabinet and should not be apparent to the naked eye. Even if the cameras are in plain view, a thief won’t likely spend a lot of extra time hunting for a DVR, although if it’s in plain view you can bet he’ll take it. This is another advantage of wireless systems.

How many cameras do you need? Some homeowners can get by with two while others use 16 or more. This is often dictated by price. A decent-quality wireless DVR with two cameras will run around $500, and the price increases with the number of cameras. Modern DVRs make it easy to add new cameras – especially if you’re wireless – so it’s a perfectly valid approach to start small and work your way up. Homeowners need to ask themselves what needs to be protected, and what angles will allow a positive identification of a bad guy if the worst happens.

Entrances and exits like the front door, back door and garage are essential angles to cover. These might require trial and error to get right. Sometimes the shift in lighting from opening an outside door can cause a person to appear as a silhouette, obscuring any identifying details. Make sure you test your system thoroughly to make sure you can actually see your subjects when that door opens. Other key angles may be locations where valuables are kept, anywhere firearms are stored and children’s bedrooms. Each home has its own needs and challenges. Nobody knows those better than the homeowner.

The most important consideration with your camera system is testing it. It doesn’t matter if you bought ten $2,000 omnidirectional cameras if you forgot to turn the recording on. This sounds silly, but I have seen this time and again even in large corporate environments. Take the time to read the manual to whatever DVR you bought and learn exactly how to determine if you’re recording, and explicitly verify that regularly. Check on your DVR at least once a week to make sure everything is still running and recording.

You might need it someday.

This article originally appeared on the IdahoStatesman website.

Use these three tricks to search a name (like yours) online

Posted by | Articles | No Comments

“I Googled his name but I didn’t find anything.”

As a professional investigator, I’ve heard this phrase thousands of times. There are a number of reasons why a person will turn to a search engine with a name. Perhaps you want to know a little more about a new neighbor or a renting tenant. Maybe you’ve lost contact with a family member and want to reconnect. Maybe you’re searching your own name to see exactly how much of your personal information is available online, and what sites are using it.

When a person wants to find another person, the first place he or she usually turns to is the Internet. Sometimes it’s easy to just punch in a name and locate a person, especially if that person is involved in heavy-duty social networking or has a business of some kind. Other times it isn’t so easy, especially when the person in question has a common name. That is usually when somebody decides to hire a professional. Clients are often shocked when I bring up information about the subject that I learned using the same search engine that didn’t offer anything useful to them an hour prior.

There’s no secret investigator’s technique at work here. It’s simply a matter of knowing how to properly use a search engine, beyond just typing words into the search bar. There are countless techniques that can be used to provide more exact searches and to filter those results more accurately. Today I’d like to introduce you to a few simple ones to help you search like a professional.

To bring out the true potential of any search engine, you must master three techniques: exact queries, string variations and wildcards. While this may sound daunting, the concepts are far from difficult to learn. In a nutshell, it breaks down to using quotation marks, strategic placement of the words “and” and “or,” and the asterisk character.

Note that while almost every search engine can make use of these techniques, certain details (like the wildcard character) may vary among search providers. For this article, I’ll use Google.

The usefulness of exact queries when searching for a person’s name in Google cannot be understated. The usual way of searching for something is just to type it into the search bar and click search. But this often introduces far too much variation to provide any useful search results.

By putting a phrase in quotation marks, the search is restricted to finding exact matches to that phrase – and only exact matches. For example, “Julie Anne Doe” will not return any results related to “Julie Ann Doe”, “Julieanne Doe” or documents with “Julie” in one part and “Anne” and “Doe” in others.

This is also useful for identifying where a particular passage comes from and is often used to check documents for plagiarism. For example, let’s say we want to identify a document where the phrase “what sort of risky game” occurs. Searching for the phrase without quotes yields a number of useless results while searching for the same phrase in quotes reveals only entries that match exactly. From this latter search, we learn it is a segment of a letter written by Albert Einstein.

The next important concept is string variation. This can be combined with the quotation-mark technique. While exact queries are powerful, they rely on knowing the exact way a given phrase will appear. This is problematic when searching for a name, as a search for “Julie Anne Doe” will not find links for “Julie Doe” and vice versa.

You can solve this problem through the use of the words “and” and “or.” When searching for multiple exact phrases in Google, put one of these words between the phrases and put parentheses before and after the phrases. If you now search for (“Julie Anne Doe” OR “Julie Doe”), you will get results that match either phrase.

I recommend taking this concept to the logical extreme when searching for an individual: Use every name variation possible along with a lengthy string of ORs and finally the geographic area you want. This would read something like (“Julie Anne Doe” OR “Julie Doe” OR “Doe, Julie Anne” OR “Doe, Julie” OR “Julie A Doe” OR “Doe, Julie A” ) + Idaho.

That would provide the most comprehensive results in finding an individual online.

Leave out the area if you want to look for results outside a certain state or city. Try it with your own name.

Finally, the last important concept in advanced searching is the wildcard. A wildcard is simply a placeholder, usually represented by an asterisk (*), that tells the search engine to return results where any word is present wherever the asterisk is in the query.

For example, searching for “I * what I *” in direct quotes returns results for “I am what I am, “I know what I like,” and “I know what I’m here for.” This is extremely valuable when it comes to running a search with limited available data. For example, imagine that you’re searching for a particular individual, but you know only the first and last name. By typing “Julie * Doe,” results are returned with a variety of middle names. From here we can read the various web pages and documents to best determine which of those individuals is the one we’re looking for.

There are many more advanced search techniques out there. Even so, armed with these three tips, you should be able to uncover far more accurate and useful results.

Knowing how to run advanced searches is especially useful in protecting your own privacy. Give these techniques a try using your own name, and see just how many websites out there are broadcasting your private data. You may be surprised.

This article originally appeared on the IdahoStatesman website.

Private Detective, PI, or Private Eye?

Posted by | Uncategorized | No Comments

What is a Private Investigator, Private Detective, PI, or Private Eye?

The following is from Wikipedia:

A private investigator or private detective (often shortened to PI or private eye) is a person who can be hired by individuals or groups to undertake investigations. Private investigators often work for attorneys in civil cases. Many work for insurance companies to investigate suspicious claims. Before the advent of no-fault divorce, many private investigators were hired to search out evidence of adultery or other illegal conduct within marriage to establish grounds for a divorce. Despite the lack of legal necessity for such evidence in many jurisdictions, according to press reports collecting evidence of adultery or other “bad behavior” by spouses and partners is still one of the most profitable activities investigators undertake, as the stakes being fought over now are child custody, alimony, or marital property disputes.

Many jurisdictions require PIs to be licensed, and they may or may not carry firearms depending on local laws. Some are ex-police officers, some are former federal agents, some are ex-spies and some are ex-military, although many are not. Most of them do not arrest criminals or put them in custody. They are expected to keep detailed notes and to be prepared to testify in court regarding any of their observations on behalf of their clients. Great care is required to remain within the scope of the law; otherwise the investigator may face criminal charges. Irregular hours may also be required when performing surveillance work.

PIs also engage in a large variety of work that is not usually associated with the industry in the mind of the public. For example, many PIs are involved in process serving, the personal delivery of summons, subpoenas and other legal documents to parties in a legal case. The tracing of absconding debtors can also form a large part of a PI’s work load. Many agencies specialize in a particular field of expertise. For example, some PI agencies deal only in tracing. Others may specialize in technical surveillance countermeasures (TSCM), or Electronic Counter Measures (ECM), which is the locating and dealing with unwanted forms of electronic surveillance (for example, a bugged boardroom for industrial espionage purposes). Other PIs, also known as Corporate Investigators, specialize in corporate matters, including anti-fraud work, the protection of intellectual property and trade secrets, anti-piracy, copyright infringement investigations, due diligence investigations and computer forensics work.

Increasingly, modern PIs prefer to be known as “professional investigators” or Licensed Private Investigators (LPI’s) rather than “private investigators” or “private detectives”. This is a response to the image that is sometimes attributed to the profession and an effort to establish and demonstrate the industry to be a proper and respectable profession.

Call Custer Agency Private Investigators at (208) 562-0200 or contact us today for a no-cost consultation on how we can help you with a quality background check