It should go without saying that, in every situation where a crime is taking place, it is most desirable to catch the perpetrator. Doing anything else, including merely disrupting their operation, is simply a consolation. With this in mind, I find that best practices are not always laid out properly so that professionals going into this situation know how to meet the desired end. Even though I specialize in online investigations, I come from the old school and believe that those skills are sometimes a lost art in the new world of online investigations. We will always be investigating people, not their tools. If I hear another firm tell me they are “investigating a website” I’ll pull my hair out. You are investigating the crimes being committed by the operator(s) of a website. Just as a homicide investigator would not say he is investigating a bullet, or even a gun, you are not investigating a thing either. Things are tools people use to commit crimes. Although the tools are important, they are mere hurdles between you and the culprit.
This leads me to discuss the concept of investigation strategy on the Web. I’m not going to get into details on how to be anonymous on the Web because there are a lot of great articles on that. What I’m interested in talking about is the philosophy I’ve developed during my twenty-two years of investigating people online and working with hundreds of firms. This leads me to The Crack House Principle. I originally introduced this principle in a presentation to the International AntiCounterfeiting Coalition in 2005. The presentation itself was fairly broad and covered many aspects of the Web and investigations therein. Since then, I’ve incorporated these teaching into my IPCybercrime Boot Camp that toured North America a few years back. I realized the other day that I have never written a post on this topic. Shame on me!
Imagine, if you will, you are assigned to investigate a drug operation in Venice Beach. Drugs are rampant and you received a tip that the primary source for a number of the local dealers is operating out of a house on Mildred Avenue, just a couple blocks from the Venice Canals. You decide to go to the house wearing your office clothes, walk around the backyard and peek into all the windows. After enough peeping, you decide to knock on the door. Surprisingly, someone answers. He is musclebound and covered in tattoos. His name is probably Spider. He opens the door and says nothing. You politely say, “Hey fella. Got any crack?”. The door slams. You return to the office feeling somewhat accomplished. It’s time for someone else to visit and close the deal.
Ernie from your office putts over there in his 1990 Corolla and parks out front. He fixes his hair in the rear view mirror and takes a breath mint. After a couple minutes of repeating affirmations from a CD, he garners the courage to get out and beeline to the door. Ernie walks up the six steps, avoiding a deteriorating mattress and a couple stray cats. He adjusts his bow tie, clears his throat and knocks. No one answers. After a short bit, he knocks again. No one answers. Instead of leaving, Ernie walks around to the backyard and starts peering into windows. After a few peeps, he finally sees a a female in a bedroom fiddling with a laptop. Ernie clears his throat again and says, “Excuse me, ma’am?” She jerks her head to him as Ernie continues, “Umm… pardon me, but do you have any crack?” She turns her head back toward the Facebook game she is playing. Ernie tucks his tail between his legs and proceeds back to the office where he reports his findings to you.
Not a person to quickly give up, you decide to wait a few days and then send your secretary Agnes over to Mildred Avenue to do a third round of recon. You now know that this MUST work. Because, well, Mom always said, “If at first you don’t succeed, try, try again.” Why doubt Mom, right? So, Agnes, excited to get out of the office, grabs her purse, slathers on some lipstick, hops into her minivan and jets over to our target location in Venice Beach. When she arrives, she repeats Ernie’s moves. She knocks, peeks around yells, “Hey y’all! Got any crack?” into a few windows to no avail. Agnes reports back to the office and you put on your thinking cap. You say to yourself, “Our informant told us there was crack being sold there. It’s there. I know it! I guess it’s time to kick it up a notch and call my trusty private investigator.”
Good choice! So you get on the horn and call your trusty P.I. You fill her in on the address and what she should be looking for. The P.I. heads there and is surprised to find a “For Sale” sign out front with no signs of life. She decides to take a look inside since the door is wide open. Even inside, there are no signs of life. Your investigator then calls in her forensic team and scours for evidence. Everything has been cleaned out. Not a trace of drugs or fingerprints. So you celebrate. We stopped ’em! You even pop a cork and pour a few drinks for the staff. Two days later, you get a call that drugs are not only still rampant on Venice Beach, but an informant tells you that there is talk among the criminal underworld that a law firm has been snooping around and, hence, taught the dealers how to avoid them by revealing their methods so openly. These people have done this before. We’re dealing with professionals. Go figure!
You go back to your investigator and tell her the story. She flatly tells you there is nothing she can do at this time and mentions that, if you called her earlier, the dealers could have been caught. There are some things your investigator knows from so many years of training that you could not possibly have known. You hang up and sulk in the fact that the case is blown and it is everybody’s fault but your own. Does this sound realistic? No, not literally. In the physical world, any attorney would know that knocking on doors and peeking into windows randomly asking for crack would result in an empty crack house.
That is why I invented The Crack House Principle to help attorneys understand the concept of online investigations. On the Web, just like the physical world, crooks can see you coming. They can see where you’ve been, where you are poking around on their site and, worst yet, most times the can figure out exactly who you are. It may surprise you that most times when you pass a website investigation to your investigator, this is the exact scenario.
So, hopefully, this has been an interesting article for you to read. Please, no one think the purpose of this is to talk down to you. It is not. The purpose is to help you understand the intricacies of the investigator’s job so that you will know next time it is best to pass the case off as soon as it has been received. I know from my lifetime of doing this that, the sooner collaboration begins, the higher the likelihood the case is solved. And isn’t that what we’re all looking for?
Now, I’m going to finish my coffee.
With all of the discussion of hackers, advanced persistent threats (APT’s) and email scandals, I thought it was timely for me to discuss my philosophy on data consolidation. Before delving into the concept of data, you must be able to compare it to its physical equivalent. So many people, supposed professionals and hobbyists, pretend that data (or digital assets) are somehow not physical. This is because many folks in our space believe the digital realm to be a fairy-tale kingdom where they can set the rules. It isn’t. The digital world is subject to the same laws and limitations as the physical world. As ether-like as charlatans want you to believe it is, data always physically exists somewhere. What makes it appear omnipresent is its ability to be copied and distributed on a mass level with little effort.
Who are the Slytherin anyway? And why is Hogwarts teaching them the ancient and forbidden magic arts? My wife is going through the process of re-watching all of the Harry Potter films. She’s read all of the books ahead of the films, watched the films in the theater and now she has decided to see them all again. Perhaps this is in preparation of the grand opening of The Wizarding World of Harry Potter next year at Universal Studios Hollywood. Besides the first one that had Gary Oldman in it, I always encouraged Wifey to take a niece or nephew to see these movies. Mission accomplished. Somehow, though, I have a feeling I’m not going to be able to weasel out of attending the theme park. To quote a great song of the 1970s “The Things We Do for Love”. 10cc had it right. But this new homespun film festival has gotten me thinking.
Anyone who knows me or follows me online knows that I’m a pretty open person. I share almost everything I’m up to. Anyone I know (or any stranger for that matter) can experience with me my lunch, thoughts on a number of odd topics, and even what I’m doing with my dog, Chauncey. In fact, right now you can click any link on the right of this page and learn a plethora of details about my exploits, both past and present. You may say that this is bad for someone in the investigative profession. You are not alone. Overwhelmingly, security professionals of a certain level preach this concept as gospel. I’m here to tell you that, in the 21st century, “security by obscurity” is the most ludicrous method of keeping secrets.
I have recently been asked several times by clients and colleagues about the dark web. When I began writing this article I was still debating whether I should use capitals when addressing the dark web. After a few thoughts, I decided that it does not warrant its own title. The dark web is as much a proper place as a dark alley. Before I discuss my reasoning here, I should give you all a quick synopsis of what the dark web actually is, and it isn’t what you may think. The Internet, as we know it, is a network of millions of servers that connect to one another and, as a result, catalog one anothers’ contents. This enables search engines like 
When someone goes about buying a car, there is a 
Anybody watch the Season 2 Premiere of this cool show?! Well, if you didn’t this post may be a bit of a spoiler, but not much. For those of you who have not seen the show yet, here is a brief summary: Orphan Black is a Canadian science fiction television series starring Tatiana Maslany as several identical women who are revealed to be clones. The series focuses on Sarah Manning, a woman who assumes the identity of her clone, Elizabeth (Beth) Childs, after witnessing Beth’s suicide. The series raises issues about the moral and ethical implications of human cloning and its effect on issues of personal identity.
It’s an ironic thing that I’m located in the same town but, yes, I watch the TNT drama “Dallas” based on the 1980s phenomenon of the same name. To my defense, it’s located in my current city… but the soap opera aspects of the show are still quite appealing. Oil men, big business, politics, hot chicks… no problem putting in my time.
Welcome to ‘Fakes in Film’, the first in a new series of articles featuring counterfeit goods and trademark infringement featured in movies and television. More and more, this topic is being included in pop culture and we want to be there to show it to you. Some references will be old/retro and some will be completely new. So here goes…
Tom Seaver was voted into the Baseball Hall of Fame in 1992 with a 98.8% vote on the first ballot. Even 21 years afterward, this is the highest consensus of all time. I know you’re asking, “Why does Rob Holmes, a private eye, care about a pitcher from the 70s in regard to being a private eye?” He was voted by his critics to be more qualified than anyone that came before, or after him, to be in the Hall of Fame. Back in the 1970s, when he was at his peak performance, a reporter asked him when he decided to change pitches. His response was, “I throw the same pitch until it doesn’t work no more.” This is the best business advice I have ever received. Still, after many years in business:
