My Guide To Understanding What Constitutes A Solid Source Of Information

Well, I think we can all agree this election needs to be over yesterday. The deluge of crazy we've witnessed has been extraordinary. It seems like everywhere you look there's a post or an article containing what should be valuable information and have very little to any. The endless cycle of crazy reactions and hysteria that happens with every new "update" has eroded what little credibility many of us in security who depend on this information have in sources. There are good sources, though, still out there.

I have created the following guidelines to sort through the chaff. This list is not just for political news, even though seemingly everything has become political.

1. If it hasn't been reported in the news yet but some insert-the-name-of-a-group-you-identify-with's page has the "scoop", Google the keywords in the story. Also, for goodness sake, check Snopes.com. Most of the time, most of the "stories" I see on social media are debunked first by Snopes. Some have been debunked for years.
2. Not every site with the words "news" or "breaking" is actually a news site. Treat these sources as GARBAGE.
3. Any site that is run by people who share your exact worldview is also GARBAGE and so are its "sources".
4. Any stats in a meme are also GARBAGE if they don't give a source.
5. Most people on social media have ZERO clue how to sort and analyze stats. If your buddy is giving his arguments on stats with mostly his opinions, he's probably full of sh*t.
6. Life is full of gray. Not everyone is evil who shares ideas that are different than our own. Be careful of sources who want to inject their own morality in what's supposed to be an objective account of a story.
7. Be careful of "triggers". These include images or words used in connection with an often poorly sourced and highly-opinionated piece that are often irrelevant to the piece but there to gain your reaction.
8. It's often full of "damning evidence" discovered in just days to tell a story of a conspiracy that's been happening for decades.
9. The site or publisher have a SIGNIFICANT interest in the story being told the way it is by them. Often, for their own profit and gain. Treat these as garbage too.
10. Treat any source that can't be named or won't name other sources to corroborate its information as potentially garbage too.

I use something a bit different for shootings, bombings, and other "breaking" security-related news.

1. Never trust first reports. Trust me when I tell you that eyewitnesses sometimes have terrible memories. I have seen shootings which witnesses report what they believe to be multiple gunshots resembling machine guns to be resolved to a single to a few shots from one shooter. Eyewitnesses can and do distort shooter identifications. Active shooters often have multiple first responders on-scene and some are in plain clothes carrying guns. Imagine being frightened and knowing a shooter is out there and you come across from the distance an armed man scanning for targets. You can't see a badge or uniform so you naturally assume that person is a probable shooter.
2. Scanners are great but most civilians have little to any clue what they're listening for. 10-codes are department-dependent. Suspect descriptions are often given with little verification (they need to be transmitted quickly so the bad guy can be neutralized). Scenes described by first responders can also be subject to perception - a description heard over the radio of "blood everywhere" means something different for new rookies versus veteran officers.
3. ANY loud noise will surely be described as on-going gunfire.
4. EVERYONE has a political agenda except for responding cops and victims. Seriously, refer back to previous guidelines about sources and who you can trust. Hint: no one you like.
5. If your source touts an immediate conspiracy afoot that would benefit them politically, you should ALWAYS ignore them.
6. Anyone trying to be "first"to report will almost always give you bad information. Real pros take their time and vet their sources.
7. Video is great but it doesn't always tell the complete story. Most video of an event will often be edited and cropped to show what the publisher believes is relevant for his/her audience. In other words, they may have little clue what they're looking at but are deciding for you what you should see. That's crap. I want all of the video or none of it.
8. With bombings, "experts" will often claim sophistication in order to claim an actor they believe did the act without actually having evidence they did do it. "Sophistication" is a term used to describe an assortment of things about a device. If an "expert" won't describe what that constitutes in comparison to other bombings of similar ilk, I tend not to trust that analysis. In my limited experience, "sophistication" is often attributed to big name groups to events that have high casualties. I find that the likelier explanation is much better. A simpler device placed at the right time and place with enough targets does as much damage if not more than one "experts" claim is "sophisticated".
9. Don't trust "experts" who have commentary than actual facts. I'll happily take analysis from a guy with bad facts than from a guy who has no facts but thinks he's right all the time.
10. Bad acts are not exclusive to any one group. There are a lot of bad things that happen in our small world to a lot of people. Just because a cop gets shot by someone doesn't mean that someone is of a certain race or belongs to a certain group. Watch out for the agendas of your sources here.
11. Terrorism is a fairly simple thing with a very simple description. Use it before you belittle or demean an entire group for acts that aren't terrorism. Simply saying things we don't like or even disgust us doesn't make them terrorists. Sure, it makes them jerks but it doesn't make them the ultimate jerk.
    
    Here's how the FBI defines it:
    
    "the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”
12. Trust anyone who thinks "we should wait this out and see where this leads". These guys are probably pros and make a living being right a lot about these things.

That's it for now. I hope this helps you out.

INFOGRAPH: What Happens to A Social Media When The User Dies

Source: http://kupeesh.com/social/even-friends-wont-miss-facebook-plans-eulogize-die/

In my current occupation, as an investigator, most of my day is spent on social media. Much of that time is used figuring out who the account belongs to in order to make contact with the user for a case I'm working on. In security, we're often monitoring social media to gain some insight on kinetic events in our areas of operation. In either case, we run the risk of finding out the users of theses accounts being dead with little information given as to who may be using the account in their stead. I found this infograph here and sharing it on this space to help other practitioners.

Social Media Investigations 101 - Are You Sure You Want To Post That?

Soooo.... You've been on Facebook a while and you've set your privacy settings to whatever new super-secret stealthy hidden mode setting Facebook has.  You probably also feel like none of your 400+ friends would ever tell anyone what you post. You look at articles about people posting things they shouldn't going viral and you think "I'm so glad that's not me. I would never do something like that." I destroy that myth everyday at my job. In real life, I investigate leads in criminal cases which can aid my clients. A favorite place I go for these leads is social media.

When I tell people I go to Facebook for leads, the first thing they like to say is "Well, you're not going to find anything on me like that." I'm polite so I smile and tell them "Probably not." Of course, I'm lying. If I've told you that, this is where you're probably feeling a little uneasy. Let's be clear, if I don't have an interest in finding something, I probably won't find it. That's not to say I can't because I assure you I can.

So, let's breakdown how I might do a social media query. I won't bore you with site specifics but I will address some things that are common throughout the social media investigations landscape. This is not to scare you. I am merely trying to inform you so you understand exactly what information you voluntarily give away.

Disclaimer: For the experts: This in not all-inclusive and I'm aware of the many advances in social media investigations. This is mainly informative for those who may not know and to spark some discussion.  All others: Please check whatever jurisdiction for whatever legalities may exist for you.

The best way to illustrate this topic is to assume you'll be doing a search yourself. If you don't mind being spooked, try this on yourself assuming you're a complete stranger who's only been given the task of obtaining whatever information exists on you in social media. I recommend creating your own "blank" account that you have no affiliation with to get started. When we get to associates, feel free to pretend and assume the worse about people on your friends list you haven't seen or spoken to in some time.

1. Start with a subject. Having a name (preferably a first and last name is good). I've done this with neither. More on that later.
2. Put the name in the search box of the social media site you're searching. This fruitful if you're seeing if someone is on the site or if the profile is possibly "hidden" from searches. The latter requires for you to know the subject is actually on the site. While doing this, play around with nicknames or aliases. A personal favorite of mine are email addresses. I also use their most used username if I know it. I have also looked up last names only just to see if someone posts things to a relative's profile.
   
   When searching Google, try to place quotations marks at the beginning and end of your subject's name. Also, type in site:whatever-the-social-media-site-you-think-they-are-on.com/net/org/edu/gov. Novice searchers give up because the results are too many. This narrows it down quite a bit.
   
   Despite what you think, no name is too common for a determined investigator. There are other things than our names that differentiate us. For example, your name is "John Smith". That's too common of a name for some investigators. But what happens when I search for "John Smith" in Dayton, OH who is a police officer married to a woman named Ebony? If you're the target, you're not as anonymous as you thought.
3. Search them by username and old phone numbers. Sometimes, this is all you have to go on. Do it. That username may be their most commonly used one for everything. This could lead to old social media profiles (a time machine treasure trove of forgotten pics, lifetime issues and events, contacts, etc.), photo-sharing sites they frequent, articles they bookmark (Pinterest), comments they've made on other sites (Youtube can be great for this stuff), and sites they don't want anyone to know they frequent. Getting the username can be tricky. If I have a confirmed profile for them, I'll take the username that is in the profile's URL and then perform an "exact phrase" search on Google.
   
   I like to try the phone numbers search quite a bit. I'm not looking for an address neccessarily if it's a social media investigation. Some profiles are only searchable with a phone number. Also people post their numbers on sites that don't value privacy. For example, you run a shop that sells auto parts. As such, you belonged to a parts forum online. There you posted your number to get orders under a username I never knew existed. Not only do I have historical data on you possibly but I may also get a look at your posts there as well whatever I can dig up on this old username.
4. If none of this proves fruitful, try a Google Image search. You may not be aware of this but Google now allows you to search by image. That means, I don't need your name to find you on the Internet. Sometimes, I find people use the same photo for most sites they frequent. Perhaps, you'll find a site with a picture you have and can dig up useful information such as other pictures, other usernames, and most importantly, associates.
5. Associates are where the money is. Seriously, most people assume, wrongly, their Facebook friends feel the same way they do about things or they feel some impunity with what they post to their audience. In some cases, this may be true. However, I can guarantee it probably is not. Finding associates can be tricky if you don't know much about your subject. Hopefully, Google will help you out here. If not, I recommend spending the $19.95 to use people-search sites like Intelius or Spokeo. This should give you a list of names of people who either know your subject or lived in the same area as him. Also, try Classmates.com. Someone went to high school with your subject and I bet you they're still on their Facebook friend's list. Another feature of some site's search engines is the suggest friend's list. If you're friends with their friends, social media sites like to let you know and ask if you want to be your subject's friend. Of course, you don't. But this provides with that profile you've been looking for or at least one of them.
   
   Old friendships are tricky. We think the people who have known us the longest have our best interests at heart. Let me assure, some of them don't. Most people trust these folks with lots of personal information, when they go on a tirade or a rant. The simple truth is if someone has it in for you, they can voluntarily give anyone access to whatever you share with them online.
   
   

   

   This young lady thought she was being "funny" outside of Arlington. Several of her "friends" didn't think so.

    
6. Be careful what you "like". People wrongly assume the pages they like or the comments they reply to on someone else's page is somehow protected. Yeah, that is totally wrong. It is protected ONLY if they have set themselves up with the strictest privacy settings. Many times, a person's "likes" can reveal about themselves even if an investigator can't see anything else. A great example are Facebook Groups which advocate violence or are sexually explicit. Unfortunately, people forget to hide what pages they "like" and it suddenly has some bearing on something they never imagined it would.
7. Search for a name in a foreign language. I see you laughing but I once had someone hide their profile by using another language to hide their name. It's a great idea but as I ran out of options, I went to Google Translate and entered the subject's name from English to Korean. Suddenly, her profile appeared.
8. Search their friends' friends list. Some people hide in plain sight. You may be searching for the right subject but entered the wrong letter. A friend's friends list will probably have the name as something else.
9. Search EVERY PHOTO, LOCATION TAG, EVENT SIGN-IN, etc. Sometimes, the information we seek is in places we dismiss as being "dry". Look through EVERYTHING. Trust me. This alone can give you more associates, state of mind of your subject, places they've been or frequent, events they've been or locations they can be expected to be at, and all the drama that comes with social media picture posting.
10. When you've found what you're looking for, archive it. This sounds easier than you think. Grab your smartphone and take a picture of your screen where the information is. People trust screenshots more than they do a link they can click.
11. Do this exercise on yourself and assume your current or future employer, spouse, child custody judge, friends, family, and others are doing the same. Those who get their 15 minutes of fame from poor Facebook posts never seem to think they'd get turned in by their "friends". Also, here's a tidbit - if you're posting information you shouldn't, never exclaim "I don't care who sees this." I GUARANTEE you will.

*Some places I like to go to search for social media investigation queries

• www.spokeo.com
• www.pipl.com
• www.linkedin.com
• www.facebook.com
• www.twitter.com
• www.google.com
• images.google.com
• www.whitepages.com
• www.intelius.com
• www.blackbookonline.info
• www.topsy.com

*You're not getting all of my trade secrets

INFOGRAPHIC: Pew Institute Poll - Sharing, Connections, & Privacy In The World Of Teen Social Media

This infographic from the Pew Institute provides some amazing insight into how teens view their social media privacy. As an investigator, I can share with you the value that social media has in gathering information on a person. Teens have historically been the most active users of social media and therefore their online "lives" traditionally have been insightful to say the least.

                      (click to enlarge)