Using Marketing Techniques to Catch Cyber Criminals

Cyber Criminals, more often than not, use tried and true online marketing techniques to reach their customers.

  • Using Marketing Techniques to Catch Cyber Criminals - IPCybercrimeDid you know that scammers create attractive websites just to add suckers to their mailing lists?
  • Have you thought of the fact that pirates use malicious software ware to make money off of viewers?
  • What about the fact that, no matter how Google enforces, black hat marketers will find their way around the rules?

These are the same techniques that legitimate marketers use to reach you.  Sometimes they sell you a pack of gum, sun tan lotion or the latest Hollywood blockbuster movie.  IPCybercrime’s investigators are experts in online marketing.  We have also been involved in some of the first and most important landmark cases involving the reverse engineering of the marketing techniques of cyber criminals.  Back before online marketing was a profession, IPCybercrime has been keeping tabs on the web development community and how they reach out to their customers, whether black hat white hat, or grey.  Many of those marketing techniques have evolved into what we now know as Search Engine Optimization (SEO), Affiliate networks, Sleeper Sites, Ad networks, Javascript injections, hacking, iFrame Cloaking, Malware and other Shenanigans.

The first-ever case to use covert online marketing techniques to win a federal case was Chanel v. Krispin (SDFL 2008).  In this particular case, investigators at IPCybercrime logged and analyzed the source code of thousands of websites, while linking and grouping many offenders based on specific java script code inserted into subject websites.  As a result, more often than not, we have been able to footprint the entire operation and bring the case to a successful outcome.

How We Can Help You

I can bet you that a major part of your casework now is based on offenders selling something online that is infringing on your rights or client’s rights.  What IPCybercrime offers is a 20/20 view of the universe that encapsulates the online fraud world.  We know everyone has their favorite investigator for particular projects.  IPCybercrime does not want to interfere with that relationship.  In fact, we work with those teams on many of our case and already have a great one-two-punch style relationship. What we want is to be a part of the team that helps you and your other team members get from A to Z successfully.

Drop us a line.  You’ll be happy you did.  No hard sell.  No bullshit. Just answers.

Things You Need to Know About Bitcoin

Virtual Coin Bitcoin.

In the last year or so, with the ever-increasing interest in investigating subjects on the Dark Web, our clients have been asking us more and more about bitcoin.  Bitcoin is an open source digital asset which utilizes a peer-to-peer system with which users can interact directly without an intermediary. Bitcoin is not the first cryptocurrency, but it is the first decentralized digital currency acknowledged by United States Treasury. It is the largest of its kind in terms of total market value. Although your local department store may not yet have adopted bitcoin as payment, major companies such as Dell, Overstock, and Expedia have.  In fact, IPCybercrime now accepts bitcoin as well.  Even more importantly from and investigation standpoint, it is the sole payment method on the Dark Web.  Here are a few bitcoin basics that we think you should know:


The Bitcoin market is a very volatile market. According to a study by Boston University, bitcoin has volatility seven times greater than gold, eight times greater than the S&P 500 and eighteen times greater than the U.S. Dollar. Here at IPCybercrime, we deal in bitcoin on a daily basis. During trades and purchases, it is not uncommon to see the price change $50 either way within minutes. While conducting our investigations, it does make bookkeeping somewhat difficult. In regard to our clients, we bill them at the price bitcoin was at the time we converted their currency to bitcoin. This is different each time but easily referenced.

Block Chain

The block chain is a public ledger maintained by a public network that records bitcoin transactions. All transactions are broadcast to this network using common software utilized by its users. The important thing to understand about the block chain is that all transactions are independently verified by a distributed database. Because the block chain is public, all transaction are public. This means anyone can research a bitcoin wallet ID to track their transactions, including whom they transact with.


It is necessary for a person to first have a bitcoin wallet before trading in bitcoin. There are a number of software wallets that are readily available online.  There are also hardware wallets that enable an extra layer of security by requiring the equipment to be present during a transaction. It is most common to use a software wallet. All software wallets that are created to be compliant to transfer in US currency by way of bank wire or credit card are regulated using US rules. This means they require ID verification. That’s not always good for undercover investigations. IPCybercrime has vast experience working with legal sources to maintain legitimate bitcoin wallets without giving away our identity to the general public, or worse, the bad guys.

IPCybercrime regularly conducts purchases and investigates perpetrators using bitcoin, the Dark Web, and the block chain and consider ourselves experts among our peers.   Contact us if you would like to know more how IPCybercrime can assist your company in legal or investigative matters that involve bitcoin.

Data Theft: Why It’s Better Lost Than Stolen

Data Theft - IPCybercrimeWith all of the discussion of hackers, advanced persistent threats (APT’s) and email scandals, I thought it was timely for me to discuss my philosophy on data consolidation.  Before delving into the concept of data, you must be able to compare it to its physical equivalent.  So many people, supposed professionals and hobbyists, pretend that data (or digital assets) are somehow not physical.  This is because many folks in our space believe the digital realm to be a fairy-tale kingdom where they can set the rules.  It isn’t.  The digital world is subject to the same laws and limitations as the physical world.  As ether-like as charlatans want you to believe it is, data always physically exists somewhere.  What makes it appear omnipresent is its ability to be copied and distributed on a mass level with little effort.

It is for this reason that I am a huge proponent of server consolidation. The most successful method in physical security is to put all of your ‘crown jewels’ in one place so that you may concentrate on its fortitude. Just as in the physical world, it is great to have multiple locations and redundancies for the less valuable data, but the most valuable must be in one spot. Two at most. Mind you, these are the data that make your company’s secret sauce. There is a reason there is a second, locked, kitchen at Crustacean in Beverly Hills. If their data gets out, they’d become like every other seafood joint in town. Some may say that redundancy is important to insure prevention of data loss. Again, that works for the data that will not ruin your company if stolen.  If it will not ruin your company if revealed, it isn’t the same valuable data of which we are speaking.  I belong to the world’s oldest fraternity.  Yes.  I’m a Freemason.  For more than three thousand years, the process of transferring data from mouth to ear has worked perfectly.  Did you know that the Central Intelligence Agency modeled their communications after that of the Freemasons?  Now you do.  Since the building of King Solomon’s temple, we’ve not written anything down.  I’m not kidding.  This is the truth.  In fact, I’ve probably told you too much.

The true major-leaguers in the infosec world know that sensitive data is better lost than stolen. I repeat. Better lost than stolen.  Don’t forget it.

Now, I’m going to finish my coffee.

Stain on blog from Rob's coffee cup


Hogwarts Should Conduct Background Checks

Evil - HolmesPIWho are the Slytherin anyway?  And why is Hogwarts teaching them the ancient and forbidden magic arts?  My wife is going through the process of re-watching all of the Harry Potter films.  She’s read all of the books ahead of the films, watched the films in the theater and now she has decided to see them all again.  Perhaps this is in preparation of the grand opening of The Wizarding World of Harry Potter next year at Universal Studios Hollywood.  Besides the first one that had Gary Oldman in it, I always encouraged Wifey to take a niece or nephew to see these movies.  Mission accomplished.  Somehow, though, I have a feeling I’m not going to be able to weasel out of attending the theme park.  To quote a great song of the 1970s “The Things We Do for Love”.  10cc had it right.  But this new homespun film festival has gotten me thinking.

Why would the world’s foremost school in witchcraft and wizardry accept students prone to evil?  It’s not like Harvard, where some of their alumni somehow end up managing hedge funds and bilk the poor.  Hogwarts actually has a major in Evil.  No kidding!  It’s called Slytherin.  The folks who major in this topic learn cunning, ambition and — no I’m not kidding — blood purity.  Yes, blood purity.  Voldemort, the Devil figure of the Harry Potter series, attended Hogwarts years prior and majored in Slytherin.  Throughout the entire series, Voldemart is the Grand Dragon of the purists and demands for “muggles” (non-wizards and mixed-breeds) to be eliminated.  You’d think that, after Voldemort became a problem, the (apparently) prestigious Hogwarts school would phase the Slytherin track out of its curriculum.  But no, they do not.  They continue to teach the most evil of their applicants the secrets of their power and actually sponsor games where they watch them all battle it out.  Did I forget to tell you this is a school for children?  Yeesh yiminy!  This makes me think that the ‘Lord of the Flies’ version of the New Jersey public schools in which I grew up was child’s play.

Let’s turn this around to non-fiction.  I remember reading many years ago after 9/11 that it was revealed that a number of the folks involved had originally met at a martial arts studio in Brooklyn.  This includes one of the alleged ringleaders, Mohamed Atta.  The hijackers, dubbed in intelligence training the ‘Hamburg Cell’, also attended flight schools here in the United States.  After a book was written making these connections, a number of martial arts and flight schools began conducting background checks on their students.  Nothing is absolute, but it does make sense to be sure you’ve done your due diligence to make sure your students do not have an apparent propensity for evil already dripping from their pores.

Now let’s elevate this thought to a more modern and hi-tech level.  Anyone with a credit card and a couple thousand dollars can attend classes to teach them how to hack innocent individuals.  Yes, the classes are presented with the disclaimer that all students must only use their new-found powers for the forces of good.  But it is ludicrous to believe that is the case.  I’ve attended numerous hacking courses, from online to real-life.  There is a general consensus that bad folks need not apply.  But this isn’t enforced.  Some of the best hackers on the planet I know personally.  And (for the most part) they are great folks with impeccable values that want nothing more than to find security flaws in their clients’ infrastructure and report directly to them with a plan to remedy said flaws.  I’m not saying this because they can all hack me right now.  I really mean it.  Seriously.  But it still needs to be noted that creeps and felons attend these courses.  Currently there is no good/evil benchmark for the hacking community.  But perhaps soon there will be.  Whether it’s magic, hacking or karate-chopping, it’s nice to know your student.

Now, I’m going to finish my coffee.

Stain on blog from Rob's coffee cup

The Haystack Principle of Counterintelligence

Hay PileAnyone who knows me or follows me online knows that I’m a pretty open person. I share almost everything I’m up to.  Anyone I know (or any stranger for that matter) can experience with me my lunch, thoughts on a number of odd topics, and even what I’m doing with my dog, Chauncey. In fact, right now you can click any link on the right of this page and learn a plethora of details about my exploits, both past and present.  You may say that this is bad for someone in the investigative profession. You are not alone. Overwhelmingly, security professionals of a certain level preach this concept as gospel. I’m here to tell you that, in the 21st century, “security by obscurity” is the most ludicrous method of keeping secrets.

My father was a private investigator unlike myself.  For the most part, I investigate white collar businessmen.  He took organized crime head on in the tri-state area of New Jersey, Pennsylvania and New York.  When I was an adult, he shared some of those stories with me, including one of a story of a mob enforcer parked in front of our house while we were leaving for school.  His account of how he made the man leave is a story for another day.  It’s worthy of its own post.  My point is that I’ve lived cautiously my entire life more than most.

If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.” ~ McGeorge Bundy, US National Security Advisor under John F. Kennedy.

I have always subscribed to this concept, even before I was aware of Bundy’s statement.  Before the age of Web 2.0, this was not a major issue for most of us.  We now live in a time when anyone with a computer and a credit card can compile a dossier on anyone as thick as a telephone book in a matter of hours.  Some say that, in twenty years, there will be no more secrets.  If organizations like Wikileaks and Anonymous have their way, it may be the scenario.

Over the years, I have developed what I call ‘The Haystack Principle of Counterintelligence’.  This is how it works in four easy points:

  • Decide what your needles are.  These are the very few things that you truly don’t want anyone to know.
  • Understand that hiding everything is unrealistic and get comfortable with sharing things that are not true secrets (hay).
  • Build your haystack.  Create social media profiles and share details about yourself publicly to your level of comfort.  The more you share, the larger the haystack.  The larger the haystack, the smaller the needles.
  • Keep your needles to yourself.

Now I’m going to finish my coffee.

The Dark Web Ain’t As Dark As You Think

Businessman searching virus in a laptopI have recently been asked several times by clients and colleagues about the dark web.  When I began writing this article I was still debating whether I should use capitals when addressing the dark web.  After a few thoughts, I decided that it does not warrant its own title.  The dark web is as much a proper place as a dark alley.  Before I discuss my reasoning here, I should give you all a quick synopsis of what the dark web actually is, and it isn’t what you may think.  The Internet, as we know it, is a network of millions of servers that connect to one another and, as a result, catalog one anothers’ contents.  This enables search engines like Google and Bing to index the information for free and resell it to their consumers for a profit, financed by advertisers.

The dark web, however, is a network of tens of thousands of servers that connect using a service called TOR.  TOR (or The Onion Router) is partially funded by the United Stated Department of Defense and guided by the Electronic Frontier Foundation.  Neither of these organizations have an inkling of how this network will make a profit.  Websites that reside in the dark web use a TLD (top level domain) different than most.  Here is the secret that the low-level professionals wish not for you to know.  The only difference between a regular website and a dark website is the TLD (or top level domain).  The Electronic Frontier Foundation created a specifically anonymous TLD at .onion.  After explaining you this simple issue, many of you may have already figured out the next step.  But here goes:

The only way for anyone to access a .onion website is to be logged in using the Electronic Frontier Foundation’s TOR browser.  Once you know the URL of a dark web website, you can access it by typing it into your browser after already being logged into the TOR network.  Look, your teacher here is a Freemason.  So I already understand the concept of a secret handshake.  It’s even possible that some of you have had a tree house at some point.  Everything of secrecy requires a secret handshake.  This is literally all the dark web requires.  A secret handshake that’s available to anyone.

So the only secrets behind accessing the dark web are two.  One is knowing the protocol mentioned above.  The second is knowing where to get around.  There is obviously no Google or Bing set up in the dark web at this juncture.  This is where the ability to develop an undercover identity is valuable.  No matter how dark the web, or how scary the neighborhood, you need to get to know the territory.  So don’t waste time.  Download TOR and start looking for .onion sites.

Now, I’m going to finish my coffee.

Stain on blog from Rob's coffee cup

Domain Valuation: There is No Kelley Blue Book

Red Classical Sports CarWhen someone goes about buying a car, there is a valuation model to follow.  If a car is brand new, the value is set by the manufacturer, which allows for their margin plus a margin for the dealer.  Once a vehicle is driven off of the lot the depreciation begins.  That is, unless the vehicle’s value appreciates.  Take, for example, the greatest car ever constructed, the Shelby Mustang GT500 of the late 1060s and early 1970s.  When the 1971 model starred in the film classic Gone in 60 Seconds, it changed the world of movie car chases.  The 2000 Nicholas Cage remake of Gone in 60 Seconds used a 1967 model of the same vehicle, and revitalized the world’s fascination with “Eleanor” (the code name given to the sumptuous steel vixen).  That particular model was recently sold at auction for over one million dollars.  If you’re lucky, you’ll find a fix-er-upper for $100,000.  That’s a far cry from the original sticker price of $8,000 when it was sold right off of the assembly line.

This same story can be told about domain valuation.  There are websites out there giving ‘valuations’ of domain names but, as well-meaning as they may be, only take into account simple factors such as keyword popularity, selling price of similar names and very little else.  Domain valuation is never that simple.  When we first receive a request from a client to inquire about the purchase of a domain we first investigate the owner.  This allows us to take into account factors such as their initial intention, other uses, their tech savvy and even their financial bracket.  Typically there are two kinds of domain owners out there.  The first is the ‘domainer’, who valuates the domain using a cold formula then awaits a reasonable price and moves on to the next domain.  No emotion is tied to the deal.  It’s just a number.  Then there’s the individual who purchased it with a vision in mind, went to the trouble to register the same name on other social networks and sees the name’s potential in a way that only a parent can with its own child.  With the latter person, it doesn’t matter if the project is dead or alive; whether they are in need of funds or not.  To them, the name is priceless.

This does not mean there isn’t a number that could greenlight this sale.  It just means that the owner of the name values it in such a way that ‘they’ can’t put a price on it.  There is always a price.  It is our job to begin a negotiation that welcomes a dialogue.  This means to get to know the individual and build rapport.  It also means we need to come up with a starting price that does not turn them away.  If I offered you $500 for Eleanor, you’d likely not return my call and, even more likely burn me for future contact.  Our approach has shaved millions off of domain name selling prices.  This doesn’t mean we’ll be able to buy you a domain for a fraction of its potential price.  What we guarantee at IPCybercrime will provide honest, respectful treatment of both sides and the best possible outcome for you, the buyer.

Social Discovery is Changing Everything

set of open glass jars isolated on white background

Whenever a legal incident that begins online comes to notice there is a very small window to manage the collection and preservation of the data. If you’ve ever watched the popular A&E documentary television series entitled “The First 48“, you have been exposed to the importance placed into the actions that take place within first couple of days after the discovery of the crime.  Just as in the physical world, a “CSI” team must be the first to step in to ‘freeze’ that moment in time for later analysis.  No one else involved should touch anything until it has been preserved by their trained evidence collection team. Popular culture has conditioned us to accept this process in the physical world. Over the last decade, we have been introduced to the concept of computer forensics where a computer or smartphone may contain important data and must be preserved. But what happens when that case begins online? Online cases far outnumber both physical crimes and also crimes that start with a device that is in your custody. In these cases, the collection of data must be handled with much more care and finesse.

This is where Social Discovery comes in. The most common methods of preserving a moment of time online are: 1) Taking a screenshot using software like TechSmith’s Snagit, 2) printing to PDF, or 3) downloading the entire website using an offline browsing tool such as HTTrack. All of these methods are good, but they do not present data in a forensic fashion that can be scrutinized later by an expert. A screenshot can be taken of a doctored web page. The same can be done with a PDF printout. Files can be manipulated in an offline browser after download. In all of these cases the case is relying only on the testimony and the credibility of the individual who collected the data. There is no benchmark with which to measure his/her accuracy by an outside expert.  Social Discovery, a very recent specialty introduced in the last couple of years, has made it possible for online acquisition of data to be held to the same standard as blood evidence and computer forensics. Let’s face it. More crimes are taking place in the cloud than known locations. This requires a tried process that has been tested in court. Social Discovery is a process that ensures all data is not only collected properly, but preserved with the proper forensic properties including a hash value that can be compared to the original. This will be the difference whether or not your online evidence stands the scrutiny of the opposing counsel’s expert.

At IPCybercrime, all of the common techniques are included in every service we provide. We also recommend that you request our additional Social Discovery service. For an additional fee, we can deliberately collect every tweet, Facebook post, Youtube video, or anything else that can be published online. Social Discovery also includes forensic collection of web-based emails such as GMail, Hotmail and Yahoo! (if credentials are provided by deponent).  Whatever you do, make sure you have your bases covered. Social Discovery is the way to go.

Fakes in Film: Orphan Black

Fakes-in-Film-Orphan-Black-300x300Anybody watch the Season 2 Premiere of this cool show?! Well, if you didn’t this post may be a bit of a spoiler, but not much.  For those of you who have not seen the show yet, here is a brief summary: Orphan Black is a Canadian science fiction television series starring Tatiana Maslany as several identical women who are revealed to be clones. The series focuses on Sarah Manning, a woman who assumes the identity of her clone, Elizabeth (Beth) Childs, after witnessing Beth’s suicide. The series raises issues about the moral and ethical implications of human cloning and its effect on issues of personal identity.

From an entertainment perspective my respect goes out to the lead actress, Tatiana Maslany, who plays multiple roles including a streetsmart grifter (Sarah), a manic suburban mom (Alison), a pot-smoking lesbian scientist (Cosima) and a feral Russian assassin (Helena) among others. For those of you who have not seen the show (yet), the main character is Sarah, who is partnered with Alison and Cosima, pooling their collective resources to figure out who made them and who is trying to kill them off.  Maslany’s award-worthy performances are often done playing opposite herself, whether in shootouts or comedic banter.  But the reason I’m writing about Orphan Black on Knockoff Report is the cloning issue. On the surface, cloning can be an interesting topic in the IP debate.

The thing that made me think hard about this wasn’t the epically cool first season.  It was this week’s Season 2 premiere that really brought out the IP geek in me.  The scientist, Cosima, is investigating the codes embedded in their DNA and cracks it. Turns out, embedded in her DNA, and the rest of her clone sisters is a patent notice. Her quote, “We’re property. They patented us.” was the topic of this episode which was entitled “Personal Property”. As interesting as this seems, this is still not why Rob Holmes, an anticounterfeiting expert and enthusiast, was drawn to write about this.  Here is the reason: I admit I do not know the outcome of the entire series and this is where speculation comes in. But, assuming one of the individuals is an original… are the patent owners actually counterfeiters? I say yes.  If I owned the patent for a duplication device, it would not give me rights over the items I copy.  Only rights overs the duplication process.  A patent is a grant of ownership over a specific process. Patents do not protect images, words or content.  This show is very good and I hope it goes on for many seasons.  If this is the case, we will not know some of those answers for years to come.  This means my actual argument may not even be valid until perhaps more seasons pass.  Is there an original?  Was the original created, or born?  But, as an IP geek, this is fun stuff and will keep us thinking for many years to come.

Now, I’m going to finish my coffee.

Fakes in Film: Dallas, Baby!

dallasIt’s an ironic thing that I’m located in the same town but, yes, I watch the TNT drama “Dallas” based on the 1980s phenomenon of the same name. To my defense, it’s located in my current city… but the soap opera aspects of the show are still quite appealing. Oil men, big business, politics, hot chicks… no problem putting in my time.

As y’all know the main character J.R. Ewing’s, his son John Ross Ewing, is caught between two (or more) women. One of the women, Elena Ramos (Jordana Brewster), is loyal to the Ewing family. Her brother Drew, on the other hand, is still trying to find his place in the world and to prove his worth to his sister. In addition to trying to prove his worth to his sister on the Ewing’s Southfork Ranch, he takes a job running goods across the Texas/Mexico border for Ewing rival Harris Ryland (Mitch Pileggi). A casualty of the rivalry, poor Drew gets caught transporting a truckload of counterfeit designer goods across the US/Mexican border.

Don’t blame the Ewings for this mess. Ryland was the mastermind of the counterfeiting operation from the beginning. But poor Drew is stuck in the middle. After the counterfeit goods incident, Ryland uses misguided Drew to pull off another operation against his own better judgment. But, sadly, there were casualties. If you’re up to date on the show may you know that Drew comes out from hiding this week.

No matter your angle on the show itself (I, personally, side with John Ross), the counterfeit goods arrest will certainly bite Drew, but not as badly as the demolitions operation that killed Christopher’s twins. If you’re not watching the show, IP interest aside, you’re missing out on some good old fashioned soap opera fun. Tune in baby!

%d bloggers like this: