Friday, August 19, 2011

Five lessons learned from the Paul Peters/ Madeline Pulver case in Sydney, Australia

As you’ve heard in the news, after Peters attached a fake bomb, he left a ransom note on a USB drive looped around Madeline’s neck. The note included instructions to e-mail him at

Here are five lessons learned from this case.

Lesson 1:
Never send a secret message with a USB drive that has ever been used before. (Peters used such a USB drive, thinking that he'd wiped it clean.)

Lesson 2:
Never write a secret message using Microsoft Word. The USB drive revealed a version of the ransom note written in Word. It contained metadata about the document's author, including the name "Paul P."

Lesson 3:
Never use e-mail for a secret message. Each time Peters accessed his account, his location became known.

Lesson 4:

Never use a library or a video store to check your e-mail. When Peters did just that, video cameras caught both him and his Range Rover.

Lesson 5:
Never use a vehicle registered in your own name. Video cameras picked up the license on Peter's Range Rover, which was traced back to him.

(There are secure ways to send a secret message but this public blog is not the place to reveal them.)

Sunday, August 14, 2011

How to spy on cheaters

The information that follows, in quotes, is taken from a business in Kenya but the cell phones he describes may also be available in Canada, Europe, and the USA:

“Are you suspicious your lover, spouse, children, employees or business partner could be hiding something? Relax. A solution is finally here. All you need is a high-end WAP-enabled mobile phone, which you will present as a gift to your partner, whom you want to investigate. Dubbed Mobispy, the software will send information to a preset email address managed by the buyer.

“‘Let’s say your husband tells you he is working late within the central business district but you doubt that. All you will need to do is log in to the email and trace the location of the phone. Unless he left it in the office, you can know his location because it gives a radius of 10 meters,’ said Chepkonga. The IT expert says the technology can also be used to keep track on the location of students who lie they are in libraries or by managers who suspects their employees could be sabotaging the company by giving out classified information.

"The most popular reasons for using this application are finding out if your partner is cheating on you, keeping an eye on your children or teens, protecting your old parents, and using it to ensure your employees are doing what they are expected," said Chepkonga.”

For the complete article, see

Friday, August 12, 2011

Does facial recognition technology really work?

The officials at London’s Metropolitan Police certain hope so. They are using sophisticated software to track down those suspected of being involved in the recent riots in the UK. An anonymous source says, “The issue is that you have to have a good picture of a suspect and it is only useful if you have something to match it against. In other words, the suspect already has to have a previous criminal record.”

In the United States, however, this is not necessarily the case. Someone has been spotted that looks like Casey Anthony and great efforts are being made to compare photos. (For details, see “Casey Anthony Photos in Facial Recognition Software” at

The short answer to “Does facial recognition technology really work?” is “not always,” but it’s getting better. Does the target in a picture wear a baseball cap and sunglasses? If so, that may block the software, but much depends of the clarity of the picture.

In an extreme case, wear one of those face masks you see in Japan.

Tuesday, August 9, 2011

How to keep your cell phone from being traced, without removing the battery

Although I seldom turn my cell phone on unless I am about to make a call, I realize that it can nevertheless be pinged. One solution would be to remove the battery but that's a bit of a hassle.

This morning I put the phone in my aluminum briefcase and called the number. It rang.

Next, I put it in my fireproof file cabinet and then called it. It rang again.

I drove into town and bought a 25-foot box of aluminum foil at the Grizzly Grocery for $1.40. Back home, I cut out a 6 by 6-inch square, wrapped it around the phone, and called it. NO ANSWER.

Hmmm ...

Let's see: The box of foil will yield 100 6-inch-square pieces, at a cost of $0.014 each to protect 100 cell phones. If I buy the boxes by the case, at a discount, and sell each cell phone protector for 99 cents, that will be a profit margin of, uh ...

Friday, August 5, 2011

Information you must never list in an obituary

This tip comes from The Kim Komando Show. Kim points out that deaths are a big temptation for identity thieves. “It's simple for them to grab the deceased's information,” she says. “They can often make lots of fraudulent transactions before anyone notices.”

True, funeral homes are supposed to notify the Social Security Administration but thieves often act before the SSA gets the information. Remember, a key bit of information they seek is the date of birth. Therefore, in an obituary, either do not give the month and day of birth, or else list a false date.

Burglars, too, watch the obituaries, searching for addresses in order plan a robbery when relatives are at the funeral. Do not, therefore, list exact addresses for the survivors. Either that, or arrange for a house sitter during the funeral.

Tuesday, August 2, 2011

Can Nook e-book readers be traced?

I was in Bellevue, Washington last Saturday to meet a consulting client who (due to a plane malfunction at his end) was unable to attend. Since I had some free time I headed for Barnes and Noble, where I ended up buying (among other things!) a Nook. I chose the Nook Color because I wanted to load my e-books on it, including the pictures in color.

As usual, I got to wondering, “Can a Nook Color be traced back to its owner, if a private investigator has unlimited funds behind him?” I e-mailed that question to a friend who is not only a PI but is one of the instructors in a PI school. His response:

“The Nook is traceable by way of the SIM card - used for 3G service - via triangulation. Barnes and Noble can identify which account a given device is signed into. An electronic handshake occurs which may or may not contain anonymized data by way of one-way encoding/encryption. ‘John Luna’ becomes ‘A654_fgrgOIN098’.

“Every device has a serial number that is associated with the other registration and service account identifiers in order to ‘blacklist’ them if the Nook is reported stolen. Blacklisted devices cannot be re-registered and access to ‘Store’ and ‘My Library’ features are deactivated to prevent further intrusion/fraud. The Digital Support Division would use identification information from the original account registration to verify the identity of the Client attempting to access a blacklisted device.

“The email function may also leak useful information in the headers of individual messages. So with unlimited funds we would be able to find a crack in Barnes & Noble or the device and track it.”


It is extremely rare that a PI has access to unlimited funds. Further, if the user (i.e., your humble servant) failed to submit valid information when setting up the account and when registering the device, then the trail will end there.