by Unknown
Social Media
Social media has become a great tool for investigative purposes, as well as a significant social force of great influence. Social media networks such as Facebook, MySpace, Twitter, and LinkedIn and video-sharing sites such
as YouTube are being used by millions of people daily.
YouTube is a video-sharing website created by three former PayPal employees. Created and launched in February 2005, YouTube lets you upload and view videos using Adobe Flash and HTMLS technology, which is common on all computers and portable electronic devices such as phones, iPods, and iPads. It is used to display a wide variety of user-generated video content, including movie clips, TV clips, music videos, and personal home videos.
Anyone can view these videos but only registered users can upload videos.
Facebook was launched in 2004 by the Harvard students Mark
Zuckerberg, Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and
Chris Hughes. By 2013, Facebook had reached its one billion user mark. That means that one billion people are sharing information back and forth and
putting videos, comments, and photos for their friends and families to see.
Registered users create profiles and they can add pictures, interests, place of work, contact information, and other personal information. You can then
ask friends and family to join the network and you can link them to your
profile. You can then share that information with friends and family that are in your network. Once you select those friends and family, they will be able to see those pictures, comments, videos, and anything else you post on your profile. You will also be able to view their information, video, pictures, and comments. Now that you are linked with someone, you can now see some of
the comments from your friends’ friends that you don’t even know.
Psychological Operations and Social Networks
125
MySpace is similar to Facebook, as it is another social media network site.
It was launched in 2003, before Facebook. It al ows registered users to post pictures, videos, and messages. Your selected friends and family can view the content on your page and they can communicate with you. There are differences between MySpace and Facebook. MySpace al ows you to link music to
your webpage and al ows you to customize your page to set you apart from
other users. One fundamental difference between the two is that MySpace does not require you to use your true personal information where Facebook does.
Twitter is a real-time information network that connects you to the latest stories, ideas, opinions, and news about what you find interesting. Simply find the accounts you find most compel ing and fol ow the conversations or create your own. Once you have an account, you will be able to fol ow or post your own comments. Every time you post something, it’s cal ed a tweet. If someone is following your account they can see what you posted and you can answer. Unlike Facebook and MySpace, anyone can see your tweets if they fol ow your account.
Tweets are publicly visible by default, but senders can restrict message
delivery to just their followers. Users can tweet via the Twitter website, compatible external applications (such as for smartphones) or by short message service (SMS) in certain countries. While the service is free, accessing it through SMS may result in phone service provider fees.
Users can group posts together by topic or type by use of hash marks—
words or phrases prefixed with a “#” sign. Similarly, the “@” sign followed by a user name is used for mentioning or replying to other users. To repost a message from another Twitter user and share it with one’s own followers, the retweet function is symbolized by RT in the message.
LinkedIn is a social network site for people in professional occupations for professional networking.
Instagram is a social network site for sharing pictures and videos. These can be shared via Facebook, MySpace, Twitter, and Tumblr.
Tumblr is a microblogging platform and social networking website that allows users to post multimedia and other content to a short-form blog. Users can follow other users’ blogs, as well as make their blogs private.
All of these sites have privacy settings that you can adjust to your preference, but the whole purpose of these sites is to share information with your friends and family. These companies also share your information with vendors and advertisers. That’s how they make their money so they can exist.
Privacy and Security
Twitter messages are public, but users can also send private messages. Twitter collects personal y identifiable information about users and shares it with third parties. The service reserves the right to sell this information as an
126
Advanced Criminal Investigations and Intelligence Operations
asset if the company changes hands. While Twitter displays no advertising, advertisers can target users based on their history of tweets and may quote tweets in ads directed specifically to the user.
In 2007, a security vulnerability was reported when Twitter used the
phone number of the sender of an SMS message as authentication. Malicious users could update someone else’s status page by using SMS spoofing. The
vulnerability could be used if the spoofer knew the phone number registered to their victim’s account. Within a few weeks of this discovery, Twitter introduced an optional personal identification number (PIN) that users could use to authenticate their SMS-originating messages.
In 2009, 33 high-profile Twitter accounts were compromised after a
Twitter administrator’s password was guessed by a dictionary attack. Falsified tweets were sent from these accounts.
Twitter launched the beta version of their Verified Accounts service on June 11, 2009, allowing famous or notable people to announce their Twitter account name. The home pages of these accounts display a badge indicating their status.
In May 2010, a bug was discovered that allowed Twitter users to force
others to follow them without the other users’ consent or knowledge and
often changed to receive nearly malicious subscriptions.
On December 14, 2010, the U.S. Justice Department issued a subpoena to
Twitter to provide information for accounts registered to or associated with WikiLeaks. Twitter decided to notify its users and said in a statement, “…it’s our policy to notify users about law enforcement and governmental requests for their information, unless we are prevented by law from doing so.”
A MouseOver exploit occurred in 2010 when an XSS worm became active on Twitter. When an account user held the mouse cursor over blacked-out
parts of a tweet, the worm within the script automatically opened links and reposted itself on the reader’s account. The exploit was then reused to post pop-up ads and links to pornographic sites.
Electronic Intelligence
and Signals Intelligence
8
Bugs and Taps
Bugs and Electronic Surveillance
Two similar devices for the electronic surveillance of open areas (areas outside of structures, vehicles, etc.) are the parabolic reflector microphone ( mic) or big ear and the shotgun mic (Figures 8.1 and 8.2). A parabolic mic is a mic that uses a parabolic to collect and focus sound waves onto a receiver, in much the same way that a parabolic (like those used for a satellite dish) does with radio waves. The purpose of the parabolic reflector is to reflect sound to a centralized point, which is where the mic element is located. A parabolic reflector is used to collect and focus sound waves to a mic receiver (Figures 8.3 and 8.4).
Shotgun directional mics reduce the receiving range in which the mic is pointed rather than increase the gain (Figure 8.5). One can be built from 3/8-inch (some recipes say 1) OD aluminum tubing (like old TV antennas) and cut from 1 to 36 inches (a total of 36 tubes). They are bundled together, held with epoxy, and then connected to a small aluminum funnel and a mic
elemen
t (Figures 8.6 through 8.8).
A spike mic is similar to a contact mic but has a metal spike or probe that is driven into a wall to pick up voice or sound vibrations on an attached mic.
If these vibrations are caused by room conversations, the electrical signal will correspond to those conversations (Figures 8.9 through 8.11).
Bugging involves concealing mics to pick up sound. A related, but not
synonymous, technique is tapping. Wiretapping is the interception of telephone communications, usually wired telephone service, and other wired
intercepts.
DTMF and ANI Decoders
DTMF and ANI decoders are used to decode dual-tone multifrequency touch-tone beeps and automatic number identifiers (received over phones, radios, and scanners).
127
128
Advanced Criminal Investigations and Intelligence Operations
Figure 8.1 Examples of parabolic reflector mic or big ear mics.
Figure 8.2 More examples of parabolic reflector mic or big ears.
PVC end cap
Foam or rubber
reinforced with
plastic or steel
Microphone
secured with
PVC
foam
pipe
PVC end cap
PVC pipe
cutaway
PVC threaded
adapter
Foam
handle
Parabolic dish
Threaded
PVC “T”
Figure 8.3 A diagram of a parabolic dish.
Electronic Intelligence and Signals Intelligence
129
3/4 inch female threaded to
3/4 inch PVC “T” adaptor
Parabolic dish
3/4 inch
4.5 inches FL
cap
Rubber washers
Rubber
band
Microphone
3/4 inch
element
PVC
3/4 inch
male
10/24 threaded road
threaded to
3/4 inch
PVC adapter
Figure 8.4 Another diagram of a parabolic dish.
Figure 8.5 Example of a commercially available shotgun mic.
Pirate and Underground Radio
Just a quick word on pirate or underground radio stations is worth mentioning. These stations are often propaganda stations and may be used in psychological operations or for other similar purposes. These stations are commonly found at 6950–6960 kHz (6955 kHz is common and MI6 uses 6959 kHz) and
7425–7415 kHz.
130
Advanced Criminal Investigations and Intelligence Operations
Tube
bundle
Thirty-six tubes 1 to 36 inches
bundled together
Figure 8.6 Example of a homemade shotgun mic.
Shotgun microphone
tube array
Figure 8.7 Shotgun mic tube array (side view).
Laser Surveillance Laser Listening
Laser surveillance listeners consist of a highly focused light transmitted at a distance and beamed onto the surface of a window of a building,
structure, etc. This highly focused laser light or IR light receives a series of microvibrations on the window’s surface. These vibrations of windows
from conversations and other sounds inside the targeted room enable
Electronic Intelligence and Signals Intelligence
131
Shotgun microphone
tube array (end view)
15
16
14
17
28
13
1
29
27
12
18
35
26
1
30
34
11
19
36
25
2
31
33
10
20
32
24
3
21
23
9
4
22
8
5
7
6
Figure 8.8 Shotgun mic tube array (end view).
Noise
generator
Acoustic noise generator
Disrupt hidden tape recorders
Jam laser interceptions
Block wall detection
through window glass
Figure 8.9 A spike mic kit and acoustic noise generator to counter spike mics.
laser listening to occur. The window vibrations are caused by oscillating frequencies from sound waves that emanate from speech and conversations of the people in the room.
Just like a diaphragm of a mic, the window vibrates and the laser surveillance system picks it up or receives the signal. The IR light of the laser listener
132
Advanced Criminal Investigations and Intelligence Operations
Spike mic
Figure 8.10 Spike mic insertion.
Spike mic with
microphone attached
Figure 8.11 Spike mic with mic attached.
reflects off of the surface of the window and back to an optical receiver.
The optical receiver is connected to an electronic demodulation system that converts the optical signals from the IR light into sound waves. These sound waves are filtered and made available for listening in real time or recorded.
Telephone Taps
While bugging, as mentioned, involves the interception of sound by mics, tapping involves interception of wired communications. Wiretaps are commonly associated with telephone taps of wired lines but can involve other taps of wired communications, including wired Internet and cable television, FIOS, and other wired data and communications lines. Primarily, we will discuss telephone taps here, but the same principles and techniques may apply to a certain extent.
It is a common misconception among laymen that clicks and odd sounds
on their telephones are wiretaps. A properly instal ed tap by a competent technician will be virtual y undetectable. A trap and trace device is an electronic
Electronic Intelligence and Signals Intelligence
133
device used to record and trace communication signals from a telecommu-
nication system. This functions very similarly to a common cal er ID feature.
A trap and trace device is similar to a pen register. A trap and trace device can show the incoming phone numbers that cal ed a specific telephone, while a pen register shows what outgoing numbers a phone had cal ed. The term has come to include any device or program that performs similar functions to an original pen register for telephones but now includes programs that monitor Internet communications. (Refer to 18 U.S.C. Chapter 206 for statutory purposes.)
Internet Phone Services
The Internet is a global system of interconnected computer networks that use the standard IP suite ( transmission control protocol and Internet protocol [TCP/IP]) to serve several billion users worldwide, with its origins in the 1960s from the military and academic communities. It is a network of
networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, which are linked by a
broad array of electronic, wireless, and optical networking technologies.
The Internet provides an extensive range of information resources and services, such as the interlinked hypertext documents of the World Wide Web
(WWW) and the infrastructure to support e-mail. The WWW is a system of interlinked hypertext documents accessed via the Internet. Using a web browser, one can view web pages containing text, images, videos, and other multimedia and navigate between them via hyperlinks. The web was developed be
tween March 1989 and December 1990.
There are ways to capture wireless signals. One way is to simply intercept cordless phone signals. It’s easy to record calls using a freeware application called Cain if a trespasser has access to your local area network (LAN) (through an insecure wireless network). Internet phone service is an alternative to wired or hardwire service (a plain old telephone service [POTS] line from the TelCo), but the network used must also be secured. MagicJack® is one of these service providers, but there are others. You can also get a free Google Voice number (go to voice.Google.com and use your Gmail account information to login) (Figures 8.12 and 8.13).
MagicJack is a device that plugs into a USB port on the user’s computer (or, in the case of MagicJack Plus®, plugs directly into a router) and that has a standard RJ-11 phone jack to plug in any standard phone, proving Voice over Internet Protocol (VOIP) service (Figure 8.14). MagicJack works exclusively with the company’s captive landline supplier and competitive local exchange carrier (CLEC), YMAX. Voice mail is stored on the MagicJack servers and
is delivered via direct telephone access and e-mail with WAV audio file
attachments.
134
Advanced Criminal Investigations and Intelligence Operations
(a)
(b)
Figure 8.12 Telephone terminal block (a) and a main terminal block (b).
(a)
(b)
Figure 8.13 The Telco’s terminal box (a) and lineman’s handset (b).
Free Google Voice number (www.voice.google.com) includes many services such as voice mail, free text messaging, call history, conference calling, call screening, call blocking, and voice transcription of voice-mail messages to text that are available to users in the United States. Transcribed and audio voice mails, missed call notifications, and text messages can optionally be forwarded to an e-mail account of the user’s choice. Text messages can be sent and received via the familiar e-mail or instant messaging (IM) interface by reading and writing text messages in Gmail or by adding contact’s phone
Electronic Intelligence and Signals Intelligence
135