• The Crack House Principle in Online Investigations

    The Crack House Principle in Online Investigations

    It should go without saying that, in every situation where a crime is taking place, it is most desirable to catch the perpetrator. Doing anything else, including merely disrupting their operation, is simply a consolation. With this in mind, I find that best practices are not always laid out properly so that professionals going into this situation know how to meet the desired end. Even though I specialize in online investigations, I come from the old school and believe that those skills are sometimes a lost art in the new world of online investigations. We will always be investigating people, not their tools. If I hear another firm tell me they are “investigating a website” I’ll pull my hair out. Continue reading

  • The Haystack Principle of Counterintelligence

    The Haystack Principle of Counterintelligence

    The Haystack Principle of Counterintelligence – Anyone who knows me or follows me online knows that I’m a pretty open person. I share almost everything I’m up to.  Anyone I know (or any stranger for that matter) can experience with me my lunch, thoughts on a number of odd topics, and even what I’m doing with my dog, Chauncey. In fact, right now you can click any link on the right of this page and learn a plethora of details about my exploits, both past and present.  You may say that this is bad for someone in the investigative profession. You are not alone. Overwhelmingly, security professionals of a certain level preach this concept as gospel. I’m here to tell you that, in the 21st century, “security by obscurity” is the most ludicrous method of keeping secrets. Continue reading

  • The Dark Web Ain’t As Dark As You Think

    The Dark Web Ain’t As Dark As You Think

    I have recently been asked several times by clients and colleagues about the dark web.  When I began writing this article I was still debating whether I should use capitals when addressing the dark web.  After a few thoughts, I decided that it does not warrant its own title.  The dark web is as much a proper place as a dark alley.  Before I discuss my reasoning here, I should give you all a quick synopsis of what the dark web actually is, and it isn’t what you may think.  The Internet, as we know it, is a network of millions of servers that connect to one another and, as a result, catalog one anothers’ contents.  This enables search engines like Google and Bing to index the information for free and resell it to their consumers for a profit, financed by advertisers. Continue reading

  • Rob’s Jobs Series: “The Seaver Method”

    The Seaver MethodTom Seaver was voted into the Baseball Hall of Fame in 1992 with a 98.8% vote on the first ballot. Even 21 years afterward, this is the highest consensus of all time. I know you’re asking, “Why does Rob Holmes, a private eye, care about a pitcher from the 70s in regard to being a private eye?” He was voted by his critics to be more qualified than anyone that came before, or after him, to be in the Hall of Fame.  Back in the 1970s, when he was at his peak performance, a reporter asked him when he decided to change pitches. His response was, “I throw the same pitch until it doesn’t work no more.”  This is the best business advice I have ever received.  Still, after many years in business:

    1. I develop an arsenal of weapons.
    2. I decide which one is the best, then prioritize.
    3. I strike the first bastard out.
    4. I keep throwing the same pitch until it doesn’t work no more.
    5. I throw another great pitch until it doesn’t work no more either.
    6. Repeat until the opponent is defeated.

    In investigations, or even business, this is always the case. I’ve read books written by great businessmen like Trump, Welch, Collins and the like.  But the only thing that resonates with me is the “Seaver Method” that says sticking with what works is always the best thing to do.  No matter what the theory is… what works is all you know.  Keep at it until it don’t work no more.  Then move on to the next idea.  And so forth.

    Here endeth the lesson.

  • Replica Handbags and Black Hat SEO

    Google Gives Update on How It’s Combating PiracyAs I do in a normal day, I was patrolling the mean streets of the web looking for websites selling fakes.  On this particular day, one site came to my attention.  How does a church website with no e-commerce component show up as a top search engine result for replica handbags?  When I examined the website’s source code, I observed that there was a javascript injection placing links into their website unbeknownst to them.

    Below is an example of what I observed:

         
         elementId = Math.floor(Math.random() * 10001);
         document.writeln('
    ‘); document.getElementById(‘block’ + elementId) .style.display=’none’; <a href=”http://xxxxxx.com/db-gestion/pmd/styles/default/images/ icons/brandname/brand-name-products.php”>brand name products</a>

    Search engines rank websites based on inbound links from legitimate websites.  A javascript injection like this created invisible links to the bad guys’ website the search engines can see but the viewer cannot.  The way this is done is by finding an open doorway into a legitimate website that does not have the latest security updates.  This is an example of a black hat technique that helps increase search engine results for their illegal site.  The lesson to be learned (besides keeping your software updated) is that there are many hidden efforts behind marketing contraband products and, in turn, many clues left behind if you know where to find them.

    Now I’m going to finish my coffee.

  • Branch Offices for Counterfeit Luxury Goods

    During one of my strolls through the dark alleys of the web I came across another interesting black hat search engine optimization technique: branch offices for counterfeit luxury goods installed within legitimate sites.  At first observation, the website I saw selling counterfeits looked like any other.  But, after a closer look, the URL appeared to be much longer than the typical domain-based URL like fakestuffseller.com.  Instead it looked like this: http://legitimatesite.com/includes/ice/ _vti_cnf/lib/ brand/boots/brand-boots.php.  I noticed an extra directory ‘/includes/‘ that looked out of place and perhaps would not be in the normal structure of this particular legitimate website.  My next step was to test my theory and delete the extra crap (/includes/ice/ _vti_cnf/lib/brand/boots/brand-boots.php) from the URL, leaving it to be simply legitimatesite.com.  As I has suspected this led me to a perfectly legitimate university website.

    The two questions you are asking right now are “how?” and “why?”.  Allow me to enlighten you.  The “how” is similar to what I explained in another recent article I wrote regarding black hat search engine optimization techniques where hackers find weaknesses (like unlocked doors) in websites whose security software is not up to date.  Once that vulnerability is detected, the hacker can install thousands of his own websites within your website without your knowledge and, perhaps, for years before you even notice anything is strange.  The reason they do it is so that they can create tens of thousands of websites selling counterfeits.  Since this is done on a mass scale, the criminal is only minimally affected when your lawyer takes down poor old legitimatesite.com.  He has an unlimited supply.  Now I’m going to finish my coffee.

  • Brand Protection and Social Media

    In the era of telecommuting and coffee shop branch offices, Facebook has replaced the watercooler, LinkedIn is the new resume and Skype is the new boardroom. Let’s face it. Your online ‘brand’ has become your most public persona. Along with the vast benefits that social media bring a new world has opened up for fraud, misinformation and brand abuse. Holmes is not only a top brand protection investigator. He is also the one-man marketing department for his firm. Combining his two passions of trademark investigations and social media, he will take you on his journey from creating his first blog, designing his firm’s website, and planning a social media strategy and then arm you with brand protection tactics that he employs for his clients.  Rob gave this talk, entitled Brand Protection and Social Media in June 2012 in Dallas, Texas.

  • How the Megaupload Case Has Hurt Brand Protection

    How the Megaupload Case Has Hurt Brand ProtectionThe reason the case against Megaupload founder Kim DotCom has hurt brand protection is because it has nothing to do with trademark enforcement and no one knows it.  With all of the news this case is getting, the public-at-large does not know the difference between counterfeiting and piracy.  There are many different kinds of Intellectual Property but only trademark was set up to protect the consumers before the content owner.  The purpose of a trademark is to identify the origin of a good or service.  The way this works is that, if you see my name or logo on my product, you can trust that it was made by me.  Trademarks are set up as a seal of trust and quality between a manufacturer and a consumer.  People who slap your favorite company’s logo on an inferior product deserve to be made to stop.  By placing a company’s logo on a commercial work without permission helps dilute the brand.  Even if your use is apparently harmless, they must enforce all unauthorized uses in order to be allowed to enforce the baddies.  It’s the basic rule that your school teacher had when you were a child, “If I make an exception for you, I’d have to do it for all the other kids.”  Copyright protection is quite different.  It protects the creator or the owner.  While that is still a noble cause, the difference needs to be made clearer to the public.  The Copyright Act of 1790 granted an author up to 28 years of exclusive rights to his work as long as he was alive.  In 1948 the United Nations passed The Universal Declaration of Human Rights which states ‘Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.’  I am citing this to make it clear that I vehemently support the protection of content.  I do not, however, support the combining of these interests.  Our founding fathers were careful to place copyright in the hands of the legislature (Library of Congress) and trademarks in the hands of the Executive Branch (US Patent and Trademark Office).  This was no mistake.

    In 1946 the United States passed the Lanham Act which prohibited trademark infringement, trademark dilution and false advertising.  In 1984 the Trademark Counterfeiting Act established specific criminal penalties for the commercial use of a counterfeit trademark.  Later, in 1999, the AntiCybersquatting Act was passed to prohibit the unauthorized commercial use of a trademark in a domain name.  President George W. Bush made trademarks a priority when he appointed the first-ever Intellectual Property Czar, which was an undersecretary position within the Commerce Department.  Of course trademark protection should be important.  Our brands are exported all over the world and we rely on the reputation of those brands for more than a third of our economy.  When President Obama was elected, he promoted the IPEC (Intellectual Property Enforcement Coordinator) position from undersecretary to full cabinet status.  Somewhere between then and now this person with executive power has been dubbed the Copyright Czar.  If the Executive Branch is granted to be in charge of trademarks and patents, why are they in the copyright business?  Perhaps American corporations and our own government have been blurring the distinction between the two to make sloppy cases less noticeable.  Or perhaps this is happening so that the specificity of Intellectual Property Rights becomes so unrecognizable that anyone can be prosecuted for almost anything.  Or perhaps this is all just a completely innocent mix-up.  Once we start to see copyright enforcement activity at the USPTO, we will know that our constitution is being ignored.  Protection of all property needs to be respected, but the trademark community needs to stand alone in this fight if we want to bring trust back to the consumer.

    Now I’m going to finish my coffee.

Living by Accident

Sometimes Risk is the Reward

Hi-Tech P.I.

Helping people see the forest for the trees, online.

Holmes, P.I.™

Can you dig it?