• Categories

  • Pages

  • Archives

Protect Your Privacy: Block Your Phone Number or Display A Fake Phone Number

At some point or other, we’ve all had the desire or need to make a phone call yet did not wish to reveal our phone number.  Below are three methods of phone number blocking that work and can be enacted immediately.

1. Use a caller ID blocking prefix. In many countries, you can enter a code before you dial a number and your phone number will be blocked from appearing on the recipient’s caller ID. The code varies depending on your country and your service provider, and it is not possible to block in all countries. Enter the prefix, followed immediately by the number you are dialing. For example, if you are in the US and want to call (555)123-4567, you would enter *675551234567.

  • North America – *67 or #31#
  • Albania, Australia, Denmark, Greece, Israel, Italy, Netherlands, Sweden, Norway: #31#
  • Argentina, Iceland, Switzerland, South Africa: *31*
  • Germany: *31# or #31#
  • Hong Kong: 133
  • Japan: 184
  • UK and Ireland: 141
  • New Zealand: 0197 (Telecom) or *67 (Vodafone)
  • Australia: 1831 or #31#
  • India: *31# – Must be enabled by network.
  • If your country is not listed, chances are you can use either *67 or #31#. Most GSM mobile networks work with #31#.

2. Contact your carrier. If you want all of your phone calls to always be blocked, you can contact your carrier and set up permanent Caller ID blocking. There is typically a charge for this, and the fees and terms will vary from carrier to carrier.

  • Most pre-paid plans cannot enable permanent Caller ID blocking.
  • Some people have Anonymous Call Rejection enabled, which means your call will not be able to be completed unless you call from an unblocked number.

3. Hide your number through your device’s settings. Many phones allow you to block your Caller ID information by changing the phone’s settings. If your phone does not have the option to do this, then it is not allowed by your carrier, and you will have to try one of the previous steps.

  • iPhone – Open the Settings app, tap Phone, tap Show My Caller ID, and then toggle the slider to ON.
  • Android 4.0 and earlier – Open the Settings app, tap Call, tap “Additional settings”, tap Caller ID, and then tap “Hide number”.
  • Android 4.1 and later – Open the Phone app, tap the Menu button, tap “Call settings”, tap Caller ID, tap “Hide number”.
  • Windows Phone 8 – Open the Phone app, tap the More button (…), tap “settings”, tap the box under “Show my caller ID to”, tap “no one” or “my contacts”.
  • BlackBerry – Press the Menu key, click Options, click General Options, find the Restrict My Identity field, set it to Always.

Fake Phone Number: If however you wish to display a fake phone number, try one of the many apps available that do just that – pop up a fake phone number on your target’s phone.  A new app on the market also allows you to change your voice to sound like a man or a woman: FakeCallerID.  Let’s bear in mind that ultimately, all fake phone numbers are logged somewhere and if necessary, law enforcement can certainly obtain these records.

BNI Operatives: Situationally aware.

As always, stay safe.

Lifesaver: Use A Penny Or A Quarter To Determine Adequate Tire Tread

(In our new block, we pass on useful tips each Friday.  since travel season has begun with Spring, first things first, let’s make sure your vehicle should even be spinning along the road.  From PepBoys: tread life and how to check your tires with the change in your pocket. )

The Truth About Tread Life

Tires are designed with treads that provide your vehicle with traction. This traction keeps your car driving along the road – even in inclement weather. Without tread, the elements would literally lift your tires off the road. When you drive through snow or a puddle, the grooves in between the tread blocks of the tires become channels that divert the water or snow away from the tires, allowing the tires to maintain traction in these slick conditions.

When the tread gets worn down, the water, snow, and other slippery substances don’t have anywhere to go except directly under your tires severely decreasing your vehicle’s traction. If your tires are nearly bald, traction will be eliminated completely. Decreased traction will negatively affect your control over the car, making the vehicle unsafe for you and your passengers. Tread depth will determine whether or not you require new tires. You can easily tell if your tires’ tread is too worn by using a penny or a quarter.

Penny Test

Tire Penny Test

The penny test is the gold standard for measuring tire tread-depth because it is easy and it works. Just take a penny and, with Lincoln’s head upside down, put it between the tread blocks of the tire. If you are not able to see the top of Lincoln’s head – if his head is “buried” between the tread blocks – then you still have more than 2/32 of an inch of tread remaining. If you can see the top of Lincoln’s head, it’s time to go tire shopping because the tread is worn down to or beyond 2/32 of an inch.

Flip the penny over so that the Lincoln Memorial (pennies from 2010 and earlier will have the memorial on the back) is facing you and put the penny between the tread blocks with the memorial upside down. If the Lincoln Memorial is completely hidden, you have more than 3/32 of an inch of tread left.

Did You Know – Most state laws require tires to have a tread depth of at least 2/32″ to remain in service?

The Quarter Test

Tire Quarter Test

Some automotive experts believe that using a quarter to test tire depth provides a better read than using a penny. Some independent tests have concluded that cars were able to stop faster with tires that had a little more than 4/32 of an inch of tread depth, which is the measurement the quarter test indicates. To perform the quarter test, put a quarter between the tread blocks of a tire (just like the penny test) with Washington’s head upside down, If you cannot see the top of Washington’s head, you have 4/32 of an inch of tread or more.

Did You Know – In snowy and slushy conditions, 4/32 of an inch of tread or more is necessary for good traction

For your Consideration

Pep Boys Point B

Whether you go with Lincoln or Washington, both coin tests are also good ways to check to see if your tires are wearing evenly. Simply do the test between other tread blocks and if the measurements aren’t the same on all the tire treads, the tires may need to be rotated or your vehicle may require an alignment. Different types of treadwearwill indicate how your tires are wearing. If you don’t have any coins handy, check to see if the tires’ wear bars are showing. Wear bars run across your tires tread pattern from the outside edge to the inside edge. If the wear bar is visible you are in need of new tires as you have hit 2/32” of an inch of tread depth. Most states consider a tire’s service life over if any point of the tread is at 2/32” or less. If you are still unsure, your local Pep Boys can evaluate the depth of your tires.

NYC Bosses Can’t Ask Prospective New Hires This Sensitive Question

(Washington Post, with permission from Jena McGregor)

In a vote Wednesday, April 5, 2017, NYC approved legislation that will ban employers from asking job applicants about what they make in their current or past job and could have far-reaching consequences beyond the city as employers try to standardize their practices. It’s an idea that’s starting to spread: In passing the measure, New York City joins Massachusetts, Puerto Rico and the city of Philadelphia — where the local Chamber of Commerce filed a lawsuit against that measure Thursday — in banning the question from job interviews. More than 20 other city and state legislatures have introduced similar provisions.

The measure, aimed at tackling pay inequity, prohibits employers from asking the candidate’s current or former employers about salary, as well as querying public records for it, although applicants can volunteer the information if they choose. The city’s Public Advocate, Letitia James, said it would affect about 3.8 million workers when it takes effect in six months and extends the prohibition to private employers. New York City Mayor Bill de Blasio (D) and Gov. Andrew M. Cuomo (D) had earlier passed orders that would ban salary history details from public-sector jobs.

The thinking behind the new law is that when employers ask about an applicant’s salary history, they can end up perpetuating any discrimination that women or people of color may have faced in the past. When employers ask about current or previous salary, they can hear a number that “anchors” them, and then offer to pay some percentage more on a figure that could already be too low. “Being underpaid once should not condemn one to a lifetime of inequity,” James said in a statement.

Although the measure is for New York-based employees, employees well beyond New York could feel the effects, say equal pay advocates and employment lawyers. Fatima Goss Graves, president-elect of the National Women’s Law Center, said in an email that the measure “stands to transform the way that companies operate around the country,” she said. “So many companies operate in multiple jurisdictions. If a company changes its practices in New York, it is likely to also make changes around the country.”

Melissa Osipoff, a labor and employment attorney with Fisher & Phillips, agreed that companies like to homogenize things as standard as a job application. With so many companies doing business in New York, “I think what we’ll see is companies that do business in New York City just eliminate that from their applications entirely,” she said. “This will have wide-ranging influence.”

Meanwhile, nearly 20 states, the District of Columbia and two cities (San Francisco and Pittsburgh) have introduced legislation that includes a provision against salary history information, according to data from the NWLC. At the federal level, the newly reintroduced Paycheck Fairness Act also calls to ban the question, and Rep. Eleanor Holmes Norton (D-D.C.) plans to reintroduce a bill from 2016 that did, too.

Some business groups have opposed the measure. Kathryn Wylde, president and chief executive of the Partnership for New York City, said in a statement that “closing the gender pay gap is important” and most major employers are already taking steps to correct the problem. “Inserting the city government into the relationship between employer and potential employee is potentially disadvantageous to both,” she said. “Politicians are eager to demonstrate their contribution to popular causes, which is about all this legislation accomplishes.”

It’s also possible the measure in New York could face legal challenges. On Thursday, the Greater Philadelphia Chamber of Commerce filed litigation against the law in that city. “The ordinance is a broad impediment to businesses seeking to grow their workforce in the city of Philadelphia,” the chamber said in a statement, citing a violation of employers’ First Amendment rights.

But other companies have begun privately ending the practice of asking the question on their own. James’s office said that several New York-based companies, including Kickstarter, Peeled Snacks and BBMG were among those who had already prohibited the question.

Others are weighing the concept. Cindy Robbins, who leads human resources for the cloud computing giant Salesforce, said in an interview this week that it’s a shift her staff has discussed training their recruiters to make. “For example, instead of asking what current compensation is, ask what is the expectation they have around compensation,” she said. “That changes the tone around negotiation.”

================================================================================

As a boss, I’d definitely like to know a potential employment candidate’s previous salaries as it provides me with insight into employee performance.  Forcing employers to operate in the dark can only be bad for business as many small to medium sized businesses can not afford a high employee turnover rate and the less we know about a new hire, the more difficult it is to employ that person to his/her maximum capability.

BNI Operatives: Situationally aware.

As always, stay safe.

Privacy Interrupted: Time to Go VPN.

What Is A Virtual Private Network (VPN)

(from HowToGeek.com)

Overview: A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPNs essentially forward all your network traffic to the network, which is where the benefits – like accessing local network resources remotely and bypassing Internet censorship – all come from. Most operating systems have integrated VPN support.

Definition:  When you connect your computer (or another device, such as a smartphone or tablet) to a VPN, the computer acts as if it’s on the same local network as the VPN. All your network traffic is sent over a secure connection to the VPN. Because your computer behaves as if it’s on the network, this allows you to securely access local network resources even when you’re on the other side of the world. You’ll also be able to use the Internet as if you were present at the VPN’s location, which has some benefits if you’re using pubic Wi-Fi or want to access geo-blocked websites.

When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your connection as coming from within the USA.

Reasons To Use A VPN:

1. Access Full Netflix and Streaming Content from Outside the USA

Because of copyright agreements, Netflix and Hulu and Pandora and other streaming media providerscannot broadcast all content outside of the USA. This means: many movies and shows are blocked to users in the UK, Canada, South America, Australia, Asia, and Europe. This geographical enforcement is managed by reading your user login IP address and tracing it to its country of origin. By using a VPN service, you can manipulate your machine’s IP address to be from within the USA, therein unlocking access to more Netflix and Pandora streams. You will need to configure your television movie player or mobile device to use the VPN connection, but if you are a streaming fan, then the effort and cost of a VPN are worth it.

2. Download and Upload P2P Files in Privacy

MPAA and other cinema and music associations absolutely detest P2P file sharing. For reasons of both profit and legality, the MPAA and other authorities want to forbid users from sharing movies and music online. A VPN can be a P2P user’s best friend. While a VPN connection will slow your bandwidth by 25% – 50%, it will cipher your file downloads, uploads, and actual IP address so that you are unidentifiable by authorities. If you are a file sharer and do not wish to risk copyright prosecution or civil lawsuits, definitely consider spending 15 dollars a month on a good VPN. The privacy and protection from surveillance are definitely worth it.

3. Use Public or Hotel Wi-Fi in Confidence

Most people are unaware of this, but that Starbucks hotspot and that 10-dollar-a-day hotel wi-fi are not safe for confidential email and browsing. Public wi-fi offers no encryption security to its users, and your signals are broadcast for anyone savvy enough to eavesdrop. It’s very easy for even a junior hacker to intercept your unencrypted wi-fi signal using an Evil Twin phony hotspot or a Firefox Tamper Data plugin. Public wi-fi is terribly insecure and is perhaps the biggest reason why mobile users should consider spending the 5 to 15 dollars per month for the safety of a VPN connection.

If you log into a public wi-fi network and then connect to a personal VPN, all of your hotspot web use will then be encrypted and hidden from prying eyes. If you are a traveler or a user who is regularly using public wireless, then a VPN is a very wise investment in privacy.

4. Break Out of a Restrictive Network at Work/School

As an employee of a company, or a student at a school/university, you will be subject to an ‘Acceptable Use’ policy for browsing the Web. ‘Acceptable Use’ is often debatable, and many organizations will impose draconian restrictions, like blocking you from checking your Facebook page, visiting YouTube, reading Twitter, surfing Flickr, performing instant messaging, or even accessing your Gmail or Yahoo mail.
A VPN connection will allow you to ‘tunnel out‘ of a restrictive network and connect to otherwise-restricted websites and webmail services. More importantly: your VPN browsing content is scrambled and indecipherable to the network administrator, so he cannot collect any recorded evidence about your specific web activities. About.com does not recommend violating Acceptable Use policies as a rule, but if you feel you have justifiable reasons for bypassing your specific network restrictions, then a VPN connection will help you.

5.  Bypass the Country’s Web Censorship and Content Surveillance

In the same way ‘Acceptable Use’ policies are enforced at workplaces and schools, some nations choose to impose oppressive internet censoring on their entire countries. Egypt, Afghanistan, China, Cuba, Saudi Arabia, Syria, and Belarus are some examples of nations who surveil and limit access to the World Wide Web.

If you live in one of these restrictive countries, connecting to a VPN server will enable you to ‘tunnel out‘ of the censorship restrictions and access the full World Wide Web. Simultaneously a VPN conceals your page-by-page activity from any government eavesdropping. As with all VPN connections, your bandwidth will be slower than the uncloaked internet, but the freedom is absolutely worth it.

6. Cloak Your VOIP Phone Calls

Voice-over-IP (internet telephoning) is relatively easy to eavesdrop on. Even intermediate-level hackers can listen in to your VOIP calls. If you regularly use VOIP services like Skype, Lync, or online voice chatting, definitely consider implementing a VPN connection. The monthly cost will be higher, and the VOIP speed will be slower with a VPN, but personal privacy is invaluable.

7. Use Search Engines Without Having Your Searches Logged

Like it or not, Google, Bing, and other search engines will catalog every web search you perform. Your online search choices are then attached to your computer’s IP address and are subsequently used to customize the advertising and future searches for your machine. This cataloging might seem unobtrusive and perhaps even useful, but it is also a risk for future public embarrassment and social faux pas.

8. Watch Home-Specific Broadcasts While You Are Traveling

Local network news can be rather dodgy in some countries, and access to your favorite streaming television, sports games, and video feeds can be locked out while you are away from your home country.

By employing a VPN tunnel connection, you can force your borrowed connection to access your home country as if you were physically there, therein enabling your favorite football feeds and TV and newscasts.

9. Avoid Reprisals and Traceback Because of Your Researching

Perhaps you are a celebrity, or you are an employee doing market research of your competition. Perhaps you are a reporter or writer who covers sensitive topics like war atrocities, violence against women, or human trafficking. Perhaps you are a law enforcement officer investigating cybercriminals. In any of these cases, it is in your best interests to make your computer untraceable to prevent reprisals.

A personal VPN connection is the best choice for manipulating your IP address and rendering you untraceable.

10. Because You Believe Privacy Is a Basic Right

All the above reasons notwithstanding, you are a firm believer in personal privacy and the right to broadcast and receive without being surveilled and cataloged by authorities. And that is perhaps the biggest philosophical reason you want to spend a nominal amount a month on a good VPN connection service.

PC Magazine’s Best VPNs For 2017. 

In last week’s Bulletin, we covered the repeal of many online privacy laws that, in essence, allow ISPs to now openly track our every move online and compile and distribute our online private search history.  It’s probably well past time for people and businesses to move to VPN use.

BNI Operatives: Situationally aware.

As always, stay safe.

Your Browsing History – SOLD! To the Highest Bidder; No Longer Private.

Soon,  every search you’ve ever made online will not only be available to your internet service provider (ISP)-  it will be available to any corporation or foreign government who wants to see your interests, peculiar as they may be.

Yesterday (March 28, 2017) via the House’s decision, ISPs can sell your entire web browsing history to literally anyone or any entity without your permission: The CRA resolution.  Literally, it would take an act of Congress to enact legislation now to prevent this massive governmental overreach.   The House basically repealed all prior legislation that would have prevented ISPs from marketing your private browsing history.

Why did the House make this move?  You don’t benefit, the government doesn’t either, so why?  So that a few Too-Big-To-Fail corporations can make a few more rubles and so that politicians – who have received millions in campaign contributions from the ISPs for decades – can continue to sell us out.

How did this happen?

The Congressional Review Act (CRA) was passed in 1996 to allow Congress to overrule regulations created by government agencies.

Prior to 2017, Congress had only successfully used the CRA once. But since the new administration took over in January, it’s been successfully used 3 times — for things like overturning environmental regulations.

“Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” — John Perry Barlow

All that’s left is for the President to sign the resolution, which he most certainly will do.

So what kind of shady things can ISPs now legally do with our data?

According to the Electronic Frontier Foundation, there are at least five creepy things the FCC regulations would have made illegal. But thanks to the Senate, ISPs can now continue doing these things as much as they want, and it will probably be years before we can do anything to stop them.

  1. Sell your browsing history to basically any corporation or government that wants to buy it
  2. Hijack your searches and share them with third parties
  3. Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
  4. Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
  5. Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

We will be updating this article as our research on wrap-around solutions is completed.  In the meantime, contact your Senator and Congressional representative and tell them, “Hell, no – they have no need to know!”

BNI Operatives: Situationally aware.

As always, stay safe.

Update On An Old Scam – eGreeting Cards.

Virtually every scam out there is one that has existed since the beginning of social use of the Internet; it’s simply been re-purposed in an updated digital format. In this Bulletin, we will focus on the greeting card scam – a perversion of the e-greeting card that you receive in your email inbox and seems to be coming from a friend.

If you open this email and click on the card, you will probably wind up with malicious software that will be downloaded and installed on your operating system.

The malware may be just an annoying program that will launch pop-ups with ads, resulting in unexpected windows all over the screen. However, it can also be ransomware or one of the worst financial malware that’s been around, part of the infamous Zeus family.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. In this unfortunate event, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.

To keep yourself safe from identity theft and data breach, we recommend that you treat unexpected email greetings with caution and ensure that your computer is using a security program against this type of danger.

BNI Operatives: Situationally aware.

As always, stay safe.

 

Is It Possible To Create A Person Online?

Very often. those who professionally investigate human beings have to determine if she is dealing with a real person or an invented identity.

In social discussion, countless times I’ve heard people refer to “the fake me” – a conjured identity that the user employs for his own reasons, which can range from the benign (isolating marketers) to the dangerous (a criminal seeking new prey).  More often than not, the braggart is not an IT person – or a detective – and believes that by cobbling together a few “borrowed” digital photos and planting them as profile pics on social media, he can tweet away under his fake identity with no one the wiser.  Professional investigators look for this rather lazy pattern (same pics across various platforms) as one of the first clues that they are dealing with a manufactured identity rather than an actual person.

Few people really know how to create an alternative identity and one of those rare people is Aaron Brown.  His story, in his own words, is as fascinating as it is correct.

(Reprinted with permission.)

HOW TO INVENT A PERSON ONLINE

by Curtis Wallen, (07/23/2014), The Atlantic

It’s not an exaggeration to say everything you do online is being followed. And the more precisely a company can tailor your online experience, the more money it can make from advertisers. As a result, the Internet you see is different from the Internet anyone else might see. It’s seamlessly assembled each millisecond, designed specifically to influence you. I began to wonder what it would be like to evade this constant digital surveillance—to disappear online.

From that question, Aaron Brown was born.

My project started at a small coffee shop in Bed-Stuy, Brooklyn. With the help of Tor—a software program that uses layers of encryption to anonymize online activity—I searched Craigslist and tracked down a handful of affordable laptop computers for sale in New York City. I registered a new email address with the (now-defunct) Tormail anonymous email provider and arranged to buy a used Chromebook.

xxxxxxxxxxxxxx@xxxxxxx.com (1/27/13 – 11:23):

I’m punctual, I will be there on time at 1. Theres an atrium at citi center, will let you know when I’m there.

clcrb@tormail.org (1/27/13 – 11:25):

Perfect. See you there.

xxxxxxxxxxxxxx@xxxxxxx.com (1/27/13 – 12:59):

Im here in the atrium at 53rd and lex… Gray jacket, blonde hair. Sitting at a table

The meeting was quick. I wore a hat. I kept my head down. The man at the table in a gray jacket was a real person—in a busy public place full of cameras—who could later potentially connect me to the computer. These face-to-face moments left me the most vulnerable. If I was going to evade online surveillance, I had to avoid any ties between my digital footprint and the physical world.

When I got home I immediately reformatted the computer’s hard drive and installed a Linux partition. This meant I could encrypt and cosmetically “hide” the part of my computer that was using Linux. My new laptop would boot up Chrome OS like any other Chromebook, unless I gave it the command to boot up Linux instead. I never connected to anything using  Chrome OS. And on the Linux side, I never accessed the Internet without Tor, and I never logged into anything that had any connection to Curtis Wallen.

Up to that point, I had been largely operating on instinct and common sense. Now that my project was expanding, I figured it’d probably be a good time to reach out to someone who actually knew what she or he was doing.

I created a new Tormail account, the first evidence of my new person—aaronbrown@tormail.org––and sent an encrypted email to the enigmatic researcher Gwern Branwen, asking what advice he’d give to someone “new to this whole anonymity thing.” Branwen replied with a simple but crucial piece of advice:

“Don’t get too attached to any one identity. Once a pseudonym has been linked to others or to your real identity, it’s always linked.”

Taking Branwen’s advice to heart, I put a sticky note next to my keyboard.

When most people think of Internet surveillance, they imagine government bureaucrats monitoring their emails and Google searches. In a March 2014 study, MIT professor Catherine Tucker and privacy advocate Alex Marthews analyzed data from Google Trends across 282 search terms rated for their “privacy-sensitivity.” The terms included “Islam”, “national security”, “Occupy”, “police brutality”, “protest”, and “revolution.” After Edward Snowden’s leaks about NSA surveillance, Tucker and Marthews found, the frequency of these sensitive search terms declined—suggesting that Internet users have become less likely to explore “search terms that they [believe] might get them in trouble with the U.S. government.” The study also found that people have become less likely to search “embarrassing” topics such as “AIDS”, “alcoholics anonymous,” “coming out,” “depression,” “feminism,” “gender reassignment,” “herpes,” and “suicide”—while concerns over these more personal terms could have as much to do with startling Google ads, the notable decrease observed in the study suggests the increased awareness of surveillance led to a degree of self-censorship.

In other words, people are doing their best to blend in with the crowd.

The challenge of achieving true anonymity, though, is that evading surveillance makes your behavior anomalous—and anomalies stick out. As the Japanese proverb says, “A nail that sticks out gets hammered down.” Glenn Greenwald explained recently that simply using encryption can make you a target. For me, this was all the more motivation to disappear.

Aaron had a face, but lacked “pocket litter”—an espionage term that refers to physical items that add authenticity to a spy’s cover. In order to produce this pocket litter, I needed money—the kind of currency that the counterfeit professionals of the darkweb would accept as payment. I needed bitcoin, a virtual currency that allows users to exchange goods and services without involving banks. At that time, one of the few services that exchanged cash for bitcoin was a company called Bitinstant. I made my way to a small computer shop in the Chinatown neighborhood of Manhattan to make the transfer.

At a small, teller-like window, I filled out the paperwork using fake information. Unwisely, I wrote down my name as Aaron Brown— thus creating one of the links to my real identity I should have been avoiding. As a result, my receipt had “Aarow Brown” printed on it. It seemed fitting that the first physical evidence of Aaron’s existence was a misspelled name on a receipt from a computer shop.

When I got home, 10 bitcoin were there waiting for me in my virtual wallet, stored on an encrypted flash drive. I made the necessary contacts and ordered a counterfeit driver’s license, a student ID, a boating license, car insurance, an American Indian tribal citizenship card, a social security card scan (real social security cards were a bit out of my budget), and a cable bill for proof of residency. The final bill came out to just over 7 bitcoin, roughly $400 at the time.

As I waited for my pile of documents, I began crafting Aaron’s online presence. While exploring message boards on the darknet, I came across the contact information for a self-proclaimed hacker called v1ct0r who was accepting applications to host hidden services on a server he managed. I messaged him with a request to host Aaron’s website. He was happy to offer a little space, under two conditions: “no child porn nor racism; Respects the rules or i could block/delete your account.”

I also set up a simple web proxy so that anyone could contribute to Aaron’s online presence. The proxy serves as a middleman for browsing the Internet, meaning any website you visit is first routed through the proxy server. Anyone who browses using the proxy is funneling traffic through that one node—which means those web pages look like they’re being visited by Aaron Brown.

Aaron’s Twitter account worked much the same way. There was a pre-authenticated form on the project website, allowing anyone to post a tweet to Aaron’s feed. As Aaron’s creator, it was fascinating to see what happened once strangers started interacting with it regularly. People would tweet at their friends, and then Aaron would received confused replies. Under the guise of Aaron, people tweeted out, jokes, love messages, political messages, and meta-commentaries on existence. I even saw a few advertisements. Ultimately, the account was suspended after Spanish political activists used it to spam news outlets and politicians.

In a sense, I was doing the opposite of astroturfing, a practice that uses fake social media profiles to spread the illusion of grassroots support or dissent. In 2011, the Daily Kos reported on a leaked document from defense contractor HBGary which explained how one person could pretend to be many different people:

Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. … In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise … There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.

Aaron Brown turned that concept inside out. With a multitude of voices and interests filtering through one point, any endeavor to monitor his behavior or serve him targeted ads became a wash. None of the information was representative of any discrete interests. The surveillance had no value. I’d created a false human being, but instead of a carefully coordinated deception, the result was simply babble.

“The Internet is what we make it,” wrote security researcher Bruce Schneier in January 2013, “and is constantly being recreated by organizations, companies, and countries with specific interests and agendas. Either we fight for a seat at the table, or the future of the Internet becomes something that is done to us.”

For those of us who feel confident that we have nothing to hide, the future of Internet security might not seem like a major concern. But we underestimate the many ways in which our online identities can be manipulated. A recent study used Facebook as a testing ground to determine if the company could influence a user’s emotional disposition by altering the content of her or his News Feed. For a week in January 2012, reseachers subjected 689,003 unknowing users to this psychological experiment, showing happier-than-usual messages to some people and sadder-than-usual messages to others. They concluded that they had “experimental evidence for massive-scale contagion via social networks” because users responded by publishing more positive or negative posts of their own, depending on what they saw in their own feeds.

The U.S. Department of Defense has also figured out how influential Facebook and Twitter can be. In 2011, it announced a new “Social Media in Strategic Communication” (SMISC) program to detect and counter information the U.S. government deemed dangerous. “Since everyone is potentially an influencer on social media and is capable of spreading information,” one researcher involved in a SMISC study told The Guardian, “our work aims to identify and engage the right people at the right time on social media to help propagate information when needed.”

Private companies are also using personal information in hidden ways. They don’t simply learn our tastes and habits, offering us more of what want and less of what we don’t. As Michael Fertik wrote in a 2013 Scientific American article titled “The Rich See a Different Internet Than the Poor,” credit lenders have the ability to hide their offers from people who may need loans the most. And Google now has a patent to change its prices based on who’s buying.

Is it even possible to hide from corporate and government feelers online? While my attempt to do so was an intensely interesting challenge, it ultimately left me a bit disappointed. It is essentially impossible to achieve anonymity online. It requires a complete operational posture that extends from the digital to the physical. Downloading a secure messaging app and using Tor won’t all of a sudden make you “NSA-proof.” And doing it right is really, really hard.

Weighing these trade-offs in my day-to-day life led to a few behavioral changes, but I have a mostly normal relationship with the Internet—I deleted my Facebook account, I encrypt my emails whenever I can, and I use a handful of privacy minded browser extensions. But even those are steps many people are unwilling, or unable, to take. And therein lies the major disappointment for me: privacy shouldn’t require elaborate precautions.

No one likes being subliminally influenced, discriminated against, or taken advantage of, yet these are all legitimate concerns that come with surveillance. These concerns are heightened as we increasingly live online. Digital surveillance is pervasive and relatively cheap. It is fundamentally different than anything we’ve faced before, and we’re still figuring out what what the boundaries should be.

For now, Aaron’s IDs and documents are still sitting inside my desk. Aaron himself actually went missing a little while ago. I used Amazon’s Mechanical Turk marketplace to solicit descriptions from strangers, and then hired a forensic artist to draw a sketch. He resurfaced on Twitter. (You can go here to try tweeting as Aaron Brown.) But other than that, no word. I have a feeling he’ll probably pop up in Cleveland at some point.

Everyone always seems to get sucked back home.

******

One thing we seem to forget as we go through our daily online lives is to trust our gut instincts.  If something feels off, your primal brain is sensing it before the logical side can identify the issue.  Trust your instincts – after all, we are – literally and virtually – all strangers online.

BNI Operatives: Situationally aware.

As always, stay safe.

Bitten By A Stingray? You’ll Need A Criminal Defense Attorney.

stingray

 

(Did you really think this was going to be about a protected species along the seashore and that I’d gone all tree-huggy??)

In this week’s article, I am referring to the FBI’s new dance in getting around the now oft-litigated prohibitions against 4th Amendment warrantless searches vis-a-vis cell phones.  Their latest gig is called the “stingray”.

Obviously tracking cars is a strict no-no without a warrant for law enforcement professionals, but what about cell phone data? As it turns out the law is a bit murkier on how that applies when it comes to cell phone data and “stingrays,” as Ramsay C. McCullough notes in a post for The Corporate Compliance & White Collar Advisor:

The Federal Bureau of Investigation is taking the position that search warrants or other court orders are not required when deploying cell-site simulators, known as “stingrays,” in public places which imitate cell phone towers and capture the locations, identities, calls and texts of mobile phone users.  With the pervasive use of smart phones in business today and with those phones containing confidential personal and business information, this may present real concerns for employers.

McCullough continues by saying that nine states have passed laws banning practices by law enforcement.

The problem is, no one can get to the bottom of exactly how these things should be regulated or even how they’re working, since the FBI has multiple non-disclosure agreements with local law enforcement in regards to stingrays. It’s gotten so bad that prosecutors are dropping cases rather than disclose the details of the stingray operations. And despite how shadowy this whole thing may seem, these devices are largely unrestricted in the United States.

For a country making a big push behind the internet of things, we are shockingly unprepared for how this will change the scope of privacy in the state.   Let’s make sure that with all of this great responsibility in being a technology leader, we don’t forget such little things as oh say, the Constitution, the Bill of Rights and related court decisions.

NEW NEWS: New bill would require husbands to get their wives permission for a Viagra Rx. in KY.

BNI Operatives: Situationally aware.

As always, stay safe.

 

Civil Asset Forfeiture – A Good Concept Gone Awry?

asset-forfeit

(This article in a point/counter point manner to quickly argue both sides of the issue of police seizing assets first, investigating later.)

Point: (from Syracuse.com)

SYRACUSE, N.Y. – Justin Lucas gathered up $50,000 in cash in 2011 to bail his brother out of jail on a drug charge.

But when Lucas brought the money to the Otsego County jail in a brown paper bag, sheriff’s deputies seized the cash without releasing his brother. They told him the money was the subject of a drug investigation.

How much did your police agency get? Check out our national database (below).

Lucas’ brother eventually pleaded guilty to a felony marijuana possession charge. But even with the case over, Lucas couldn’t get his money back. The sheriff’s office had already used a federal law to force him to forfeit the money to the government.

 Investigators cited the fact that their drug-sniffing dog picked up the scent of marijuana on the cash, and Lucas’ admission that $10,000 of it had come from his brother’s co-defendant.

The federal civil asset forfeiture law allows local police to get up to 80 percent of money or property seized, with the rest going to the federal government for their role in the investigations and for administering the program.

Lucas’ case was among 117 in the 32-county Northern District of New York over the past five years in which the federal government used the law to seize $43 million in assets without having to charge the owners with a crime.

Revenue from alleged criminal activity

This is the asset forfeiture revenue for the Department of Justice and the Department of the Treasury for the fiscal years 2001-2013. The money and goods are seized under the premise that they were obtained by illegal activities, and therefore, are subject to seizure by law-enforcement agencies. The revenue is split 80/20 with the larger portion going to the agency that seized the goods and money. The other 20 percent pays for the administration of the seizure programs.   Below is in billions of dollars.

Under the federal law, law enforcement agencies such as the FBI or DEA can seize someone’s property without charging him or her with a crime. The law allows the government to take the property, then requires the owners to prove their possessions were legally acquired.

For police to keep someone’s assets, they have to be able to prove only that it’s more likely than not that the money or property was used to commit a crime or was the proceeds of a crime. That’s lower than the standard for convicting someone of a crime – “beyond a reasonable doubt.”

If federal prosecutors agree with the law enforcement agency’s decision, they file a civil lawsuit against the property, not the owner. That’s why the lawsuits have odd captions, such as “United States of America vs. One 1999 Chevrolet Pickup Truck.”

 

Counterpoint: (from Heritage.org)

Criticisms of Civil Asset Forfeiture

One of the main criticisms of civil asset forfeiture is that the deck is stacked against any property owner who wishes to contest the forfeiture. Because the legal proceeding is against the property rather than the property owner, the owner does not enjoy many of the constitutional protections that are afforded to those who are accused of engaging in criminal activity. Such inequities prompted Brad Cates, director of the asset forfeiture program at the Justice Department from 1985 to 1989, to declare recently that “[a]ll of this is at odds with the rights that Americans have.”

First, the vast majority of cases never see the inside of a courtroom.  Any amount of currency can be administratively forfeited; the only time administrative forfeiture is not available is when the forfeiture involves any real estate or personal property worth more than $500,000 (except for so-called hauling conveyances: that is, vehicles, vessels, and aircraft allegedly used to transport illegal drugs, which, like cash or other monetary instruments, can be subjected to administrative forfeiture regardless of their value).

In an administrative proceeding, the agency that stands to gain directly from the forfeiture acts as investigator, prosecutor, judge, and jury. The rules and deadlines governing these proceedings are complicated and opaque, a minefield of technicalities full of traps for an unwary (and often unrepresented) property owner.

With the exception of the Customs Service, there is no effective judicial review from an administrative ruling, and the administrator does not even need to write an order justifying his or her decision. While there is within many agencies a process whereby someone can file a petition for mitigation or remission of the harsh effects of forfeiture, the rules do not allow someone to file such a petition while at the same time contesting the validity of the forfeiture itself.  Moreover, it is once more an agency official, not an impartial arbiter, who acts on the petition.

Second, unlike a criminal case, there is no entitlement either to representation by counsel or (except as to real property) to a pre-seizure hearing.  Forfeitures are often for an amount small enough that it would make little financial sense for a property owner to hire counsel to contest the forfeiture. Forfeiture cases can take months or years, effectively tying up somebody’s property and creating an extreme hardship for people of modest means or people who run small businesses.

Adding insult to injury, the Civil Asset Forfeiture Reform Act of 2000 (CAFRA) lays out specific filing deadlines that must be met by property owners challenging forfeitures. Failure to meet a filing deadline by even a day often results in immediate forfeiture, whereas agencies can allow property to languish in their custody for years.

Third, unlike a criminal case in which a prosecutor must prove a defendant’s guilt beyond a reasonable doubt, in a civil forfeiture case, the prosecutor only needs to establish the basis for the forfeiture by a preponderance of the evidence. Defenders of current civil asset forfeiture procedures note that preponderance of the evidence is the standard of proof that is traditionally used in civil cases. While a true statement, this does not mean that it is the appropriate standard to use in civil asset forfeiture cases given the clear connection between this type of action and a typical criminal case. Moreover, unlike a dispute between two private citizens, there are tremendous disparities in available resources and expertise between the property owner contesting the forfeiture and the governmental entity seeking the forfeiture.

Fourth, also unlike a criminal case in which the prosecutor must prove that the person who used or derived the property acted intentionally or at least was willfully blind to its misuse, in a civil case, the government does not have to prove any of that. Rather, the burden is placed on the “innocent owner” to prove a negative: that he did not know about its illegal use and that, if he did know about it, he did all that could reasonably be expected under the circumstances to terminate such use.

Defenders of current civil asset forfeiture procedures note that the Supreme Court of the United States has held that an innocent owner defense is not constitutionally required,  yet the law provides a claimant with the opportunity to present such a defense. Again, while true, that does not mean that the current procedure is fair or the most appropriate standard under the circumstances. The Constitution provides a floor, not a ceiling, when it comes to providing rights; it states what must be provided at a minimum, not what ought to be provided to ensure fairness and strengthen the integrity of the process.

=================================

With a new administration in power and a President and an AG who are allegedly on the side of law and order, we’ll keep an eye on any legislation going through Congress on this matter.

BNI Operatives: Situationally aware.

As always, stay safe.

Profiling A Perpetrator & Distinguishing an M.O. From Signature

profile

NEW NEWS: IRS releases 2017 Standard Mileage Rates for Business: 

  • 53.5 cents per mile for business miles driven, down from 54 cents for 2016

============================================================================

BEACON BULLETIN

Based on crime scene evidence, one basic method of characterizing  offenders divides them into three categories:

  • Organized offenders: These criminals are more sophisticated in their approach, and their crimes show evidence of planning. These types tend to be of average or better intelligence, employed, and in active social relationships such as with spouses and families. Even though they’re driven by their fantasies, they maintain enough control to avoid being impulsive. They prepare and even rehearse. They tend to target specific victims or types of victims and use control measures such as restraints to maintain victim compliance. They bring the tools they need to gain access to and control of the victim and avoid leaving behind evidence. As killers, they generally hide or dispose of the body and are likely to have a dumpsite already selected.
  • Disorganized offenders: These criminals usually live alone or with a relative, possess lower-than-average intelligence, are unemployed or work at menial jobs, and often have mental illnesses. They act impulsively, or as if they have little control over their fantasy-driven needs. They rarely use ruses to gain the victim’s confidence, but rather attack with sudden violence, overwhelming the victim. The crime scene often is messy and chaotic. This type of offender doesn’t plan ahead or bring tools along, but rather uses whatever is handy. As killers, they typically leave the body at the scene and exert little effort to avoid leaving behind evidence. Some have sexual contact with the victim after killing him or her.
  • Mixed offenders: Some offenders leave behind mixed messages at crime scenes. They show evidence of planning and a sophisticated MO, but the assault itself may be frenzied or messy, which may indicate some control over deep-seated and violent fantasies.

Profilers have developed categories of descriptors, describe the types of individuals who commit the crimes. Some of the descriptors used in serial killer profiling are as follows:

  • Age: Most serial killers are in their 20s or 30s.
  • Sex: Almost all are male.
  • Race: Most don’t cross racial lines. That means, in general, White offenders kill Whites, while Black offenders kill Blacks.
  • Residency: Organized offenders may be married, have a family, and be well liked by their friends. Disorganized offenders, because of their mental instability and immaturity, tend to live alone or with a family member.
  • Proximity: The location of the perpetrator’s home in relationship to the crime scene is important. Most kill close to home, a factor that is particularly true with the first few victims. The area close to home is a comfort zone. With experience, however, the killer may move his predatory boundaries farther and farther from home.
  • Social skills: Killers who use a ruse to ensnare their victims, like Ted Bundy did, typically possess good social skills, whereas those who use a blitz-style attack are less comfortable with conversation.
  • Work and military histories: Organized offenders more often have a stable work history and are more likely to have left any military service with an honorable discharge. Disorganized offenders often are quite simply too unstable to hold a job in the long term or to complete military service.
  • Educational level: Organized offenders tend to have more schooling than their disorganized counterparts.

Using these descriptors, profilers can create a pretty good picture, or profile, of the type of person who likely committed the crime.

  • Method of entry
  • Tools that were used during the crime
  • Types of objects taken from the crime scene
  • Time of day the crime was committed
  • The perpetrator’s alibi
  • The perpetrator’s accomplices
  • Method of transportation to and from the scene
  • Unusual features of the crime, such as killing the family dog or leaving behind a note or object to taunt the police

In contrast to an MO, a signature is an act that has nothing to do with completing the crime or getting away with it. Signatures are important to the offender in some personal way. Torturing the victim, overkill, postmortem mutilation or posing, and the taking of souvenirs or trophies are signatures. These actions are driven by the killer’s psychological needs and fantasies.

Unlike an MO, a signature never changes. It may be refined over time, but the basic signature remains the same. For example, if a serial killer poses victims in a religious manner, praying or as a crucifix, details such as candles, crucifixes, or other ceremonial objects may be added later. The signature has changed, but its basic form and theme remain the same.

Obviously, a professional profiler should be contacted if you believe there is a need for such; the above is simply a broad explanation of criminal profiling.

BNI Operatives: Situationally aware.

As always, stay safe.

 

%d bloggers like this: