You’ve probably heard of the General Data Protection Regulation (that is, unless you’ve been under a rock the last month). The GDPR is a law governing data privacy in the European Union that will be implemented on May 25th. If you’re online as often as I am, you’ve been bombarded with chatter declaring the end of the world not rivaled since the Y2K scare. Everyone who has something to gain from your fear is trying to capitalize on it. Charlatans, since the beginning of commerce, have been preying on the public’s fear of change. I’m here to tell you that there is nothing to worry about. Continue reading
I saw the classic Hollywood disaster film The Towering Inferno in my twenties, two decades after it was released. I watched it after I read Steve McQueen: Portrait of an American Rebel by author Marshall Terrill. In fact, after reading TerriIl’s book, I watched just about every Steve McQueen film that I had not yet seen. One tidbit from the book that I found interesting was that McQueen and Paul Newman were such fierce competitors that it led to McQueen counting the lines in the script and demanding to one-up his rival in order to flex his new-found star power by having one more line than Newman. Continue reading
Bitcoin – In the last year or so, with the ever-increasing interest in investigating subjects on the Dark Web, our clients have been asking us more and more about bitcoin. Bitcoin (BTC) is an open source digital asset which utilizes a peer-to-peer system with which users can interact directly without an intermediary. BTC is not the first cryptocurrency, but it is the first decentralized digital currency acknowledged by United States Treasury. It is the largest of its kind in terms of total market value. Although your local department store may not yet have adopted bitcoin as payment, major companies such as Dell, Overstock, and Expedia have. Continue reading
It should go without saying that, in every situation where a crime is taking place, it is most desirable to catch the perpetrator. Doing anything else, including merely disrupting their operation, is simply a consolation. With this in mind, I find that best practices are not always laid out properly so that professionals going into this situation know how to meet the desired end. Even though I specialize in online investigations, I come from the old school and believe that those skills are sometimes a lost art in the new world of online investigations. We will always be investigating people, not their tools. If I hear another firm tell me they are “investigating a website” I’ll pull my hair out. Continue reading
Background Checks – Who are the Slytherin anyway? And why is Hogwarts teaching them the ancient and forbidden magic arts? My wife is going through the process of re-watching all of the Harry Potter films. She’s read all of the books ahead of the films, watched the films in the theater and now she has decided to see them all again. Perhaps this is in preparation of the grand opening of The Wizarding World of Harry Potter next year at Universal Studios Hollywood. Besides the first one that had Gary Oldman in it, I always encouraged Wifey to take a niece or nephew to see these movies. Mission accomplished. Somehow, though, I have a feeling I’m not going to be able to weasel out of attending the theme park. To quote a great song of the 1970s “The Things We Do for Love”. 10cc had it right. Continue reading
The Haystack Principle of Counterintelligence – Anyone who knows me or follows me online knows that I’m a pretty open person. I share almost everything I’m up to. Anyone I know (or any stranger for that matter) can experience with me my lunch, thoughts on a number of odd topics, and even what I’m doing with my dog, Chauncey. In fact, right now you can click any link on the right of this page and learn a plethora of details about my exploits, both past and present. You may say that this is bad for someone in the investigative profession. You are not alone. Overwhelmingly, security professionals of a certain level preach this concept as gospel. I’m here to tell you that, in the 21st century, “security by obscurity” is the most ludicrous method of keeping secrets. Continue reading
I have recently been asked several times by clients and colleagues about the dark web. When I began writing this article I was still debating whether I should use capitals when addressing the dark web. After a few thoughts, I decided that it does not warrant its own title. The dark web is as much a proper place as a dark alley. Before I discuss my reasoning here, I should give you all a quick synopsis of what the dark web actually is, and it isn’t what you may think. The Internet, as we know it, is a network of millions of servers that connect to one another and, as a result, catalog one anothers’ contents. This enables search engines like Google and Bing to index the information for free and resell it to their consumers for a profit, financed by advertisers. Continue reading
Domain Valuation – When someone goes about buying a car, there is a valuation model to follow. If a car is brand new, the value is set by the manufacturer, which allows for their margin plus a margin for the dealer. Once a vehicle is driven off of the lot the depreciation begins. That is, unless the vehicle’s value appreciates. Take, for example, the greatest car ever constructed, the Shelby Mustang GT500 of the late 1060s and early 1970s. When the 1971 model starred in the film classic Gone in 60 Seconds, it changed the world of movie car chases. The 2000 Nicholas Cage remake of Gone in 60 Seconds used a 1967 model of the same vehicle, and revitalized the world’s fascination with “Eleanor” (the code name given to the sumptuous steel vixen). That particular model was recently sold at auction for over one million dollars. If you’re lucky, you’ll find a fix-er-upper for $100,000. That’s a far cry from the original sticker price of $8,000 when it was sold right off of the assembly line.
This same story can be told about domain valuation. There are websites out there giving ‘valuations’ of domain names but, as well-meaning as they may be, only take into account simple factors such as keyword popularity, selling price of similar names and very little else. Domain valuation is never that simple. When we first receive a request from a client to inquire about the purchase of a domain we first investigate the owner. This allows us to take into account factors such as their initial intention, other uses, their tech savvy and even their financial bracket. Typically there are two kinds of domain owners out there. The first is the ‘domainer’, who valuates the domain using a cold formula then awaits a reasonable price and moves on to the next domain. No emotion is tied to the deal. It’s just a number. Then there’s the individual who purchased it with a vision in mind, went to the trouble to register the same name on other social networks and sees the name’s potential in a way that only a parent can with its own child. With the latter person, it doesn’t matter if the project is dead or alive; whether they are in need of funds or not. To them, the name is priceless.
This does not mean there isn’t a number that could greenlight this sale. It just means that the owner of the name values it in such a way that ‘they’ can’t put a price on it. There is always a price. It is our job to begin a negotiation that welcomes a dialogue. This means to get to know the individual and build rapport. It also means we need to come up with a starting price that does not turn them away. If I offered you $500 for Eleanor, you’d likely not return my call and, even more likely burn me for future contact. Our approach has shaved millions off of domain name selling prices. This doesn’t mean we’ll be able to buy you a domain for a fraction of its potential price. What we guarantee at IPCybercrime will provide honest, respectful treatment of both sides and the best possible outcome for you, the buyer.