Brett's Ramblings

Font size: +
6 minutes reading time (1270 words)

Yes, you can place the suspect behind the keyboard, even if Tor is used.

Earlier this year, I was asked to give a talk to a small group of investigators on putting together a case on anonymous criminals on the Internet.  Right out of the gate, from the back forty (ie..the back of the room), I was told that it can’t be done, that only the NSA can do it, and that this was going to be a waste of time.  No kidding.  I never met that guy before in my life, didn’t even start the talk yet, and he instantly reminded me of someone I worked with before, who was affectionately known, “the dinosaur” before he retired.  Within five minutes, I regretted doing this presentation.

Four hours later, the “dinosaur” apologized to me after I gave a dozen tips to try in his cases and gave a demonstration of how some of them can work in just a few minutes.

I bring this up because I know what this detective has gone through, having been given cases where there is no suspect information, or little-to-no evidence, and even uncooperative victims, yet, it’s your case to work.  After a few years, you either get burned out from failures or you learn to beat the technology by using your brain.

One of the demonstrations I did in the talk was to deanonymize a Tor user.  One person created a Tor account in class and sent me an email.  In 5 minutes, I had her IP address, which was verified as her agency’s IP address.

I didn’t use magic. I didn’t use a top-secret government hack.  And I didn’t disclose something that wasn’t already known how to do.  But what it showed was that it can be done on some occasions, and that it can disclose by physical location of where the suspect’s device was being used at a given time.  The recent FBI case of “booby-trapping” a video is an example of this method.

I am not the world’s best investigator, or a most famous hacker, or a super-forensic guru.  But I am someone that will chip away at a problem until I crack it open.  I search and experiment and search and experiment until I find something that works.  I quickly toss aside anything that slows me down or leads me in the wrong direction.  I want tools that work as I want them to work because I believe every case can be solved given the right circumstance.

When I wrote Placing the Suspect Behind the Keyboard, I truly meant every word in the book.  You can do it.   You can not only find criminals who are attempting to hide behind technology, but you can tie them to activity on a computing device.  It may take longer than you want, but you can do it, and when you do, the impact on the lives of others is immense.

For anyone thinking that I give away the ‘secrets’ for the world to see, I am not.  The secrets are already out there, except the problem is that only the bad guys know them.  On top of that, you can tell a criminal exactly how you are coming for him, step-by-step, and you will still be able to catch him just as you warned.  Investigative methods work regardless of the preparation to defeat them, as long as you do it right.  Sloppy work doesn’t work.

As the simplest example, I once did a knock-n-talk for a marijuana grow operation with my partner.  I knocked on the door and asked the owner for consent to search. I told the owner that he had the right to refuse consent, right to restrict the scope of a search, and the right to rescind the consent at any time.  He let the two of us in and of course, we found hundreds of marijuana plants.  My point….at the front door on a table was a book on cultivating marijuana, which was laid open to a chapter titled something to the effect of, “When the police ask for consent to search, just say no”.   Either the grower skipped that chapter or didn’t get to it yet, or politely asking for consent worked.  I’ve worked computer cases with the same story, where books on ‘how to get away with computer crime’ didn’t help the criminal.

The Internet is not evil.  Computers are not evil, (except many Artificial Intelligence robots, but that’s another story).  Even the Dark Web is not evil.  However, anything can be used for evil and criminals have exploited everything from a screwdriver to a smart phone for evil.  Your job, and I am sure your personal mission, is to find them.

With technology becoming easier to use every day, including using for bad intent, it is your duty to know how to use the same technology to defeat criminal use of technology.  Crimes will continue as they have for as long as humanity has existed, with the only difference being the tools used.  With the Dark Web, I foresee more cases of kidnappings, rapes, and murders being facilitated in the physical world because of it.

You can solve these hard to solve crimes.  Trust that you can, because you can.  Here are some of Brett’s Tips:

  1. Don’t quit.
  2. Don’t close a case that should never be closed.
  3. Try and try again.
  4. Learn how you can do something you didn’t know before.
  5. Know that if a device is connected to the Internet, it can be tracked.
  6. Know that if a device has been used to commit a crime, you can tie it to the criminal.
  7. Know that you don’t need superpowers or the Patriot Act to find criminals on the Internet.

I feel so strongly about the importance of this that I wrote two books about it.  I didn’t write the books to be famous, but to give some glimmer of hope for those investigators who only need to see how to do something to make their cases which they didn’t know before. 

For the investigators that would rather listen and watch how it can be done, I created an online course.  I taught the course for a year in rooms full of investigators and solved a few of their cases IN CLASS.  All it takes is a spark to get your brain on the right track at full speed and no brakes.  All it takes is that ‘one thing’.

The course I teach (Placing the Suspect Behind the Keyboard) is expensive when I give it in a classroom ($1895 a person).  It’s less expensive online ($799).  It’s even less expensive when you find and read blog posts like this ($95).  I feel that if you are reading these types of posts on the Internet, you must be looking for something to help close your cases.  That means you have the drive to do better and be better at your job.  And..I want to help.  Imagine spending a few hours to learn something that will affect the rest of your cases for the rest of your career.  

There really isn’t any reason to not learn how to work computer-facilitated cases when $95 can give you a whole box of “one things” to spark your investigations.  If you put forth the effort detailed in my books or courses, you can run circles around your peers and close the hell out of cases.  Who knows, you may even make the news.  More importantly, you may be saving someone's life.  What could be more important?

Use this link to register for Placing the Suspect Behind the Keyboard for $95 instead of the listed price of $799 (books not included in this promo).

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Bitcoin Forensics - The book
Placing the Suspect Behind the Camera