News, Resources, and Useful Information for the Online Investigative and OSINT

Professional from Toddington International Inc.

Toddington International Inc.Online Research and Intelligence Newsletter

SEPTEMBER 2019 EDITION

In This Edition

Welcome to the NewsletterUpcoming Select Public CoursesFeatured Article: "How Do We Improve the Human Factor in Cybersecurity?"Tools and Resources for the OSINT Professional"Using the Internet as an Investigative Research Tool™"More Online TrainingHow-To's and Articles of Interest for the OSINT Professional

Welcome to the Newsletter

Welcome to the September 2019 edition of TII's Online Intelligence Newsletter.  As wewistfully approach the end of summer, we are gearing up for a busy fall season ahead,with our team facilitating OSINT training courses in the UK, Australia, Singapore, and theUS.  In addition to our international training, we will be in the Northwest Territories and  inManitoba  delivering  specialized courses, in Cambridge presenting at the OntarioAssociation of College & University Security Administrators (OACUSA) fall meeting, andfinally, in Vancouver and Toronto delivering our biannual "Advanced Internet Intelligence &Online Investigations" training. 

We now have dates scheduled for the first public instalment of our anticipated "CriticalThinking for Investigators"  training series.  A curriculum like no other, this sought-aftercourse will provide the essential skills required to deconstruct problems, ask the right

Subscribe Past Issues Translate

questions, challenge assumptions, and examine different viewpoints with greater clarity,with the aim of making better decisions more efficiently. 

Some of you may have already noticed that our marketing team worked hard over thesummer on a redesign of our website.  We are excited to unveil our brand new look atwww.toddington.com.  We are even more excited to announce that our former PremiumResources Knowledge Base is now freely available here, with thousands of resources foronline OSINT and research professionals.  Our popular  Cheat Sheets have also  beenupdated (including Facebook Search), along with some new additions. 

Finally, we are pleased to advise that we are running afall special on all of our e-learning courses.  A limited-time special price of $399 (CAD) is in effect September

18 - October 18, 2019.  To view our discounted e-learning courses, pleasevisit https://www.toddington.com/osint-training/online-training.  

E-Learning Graduates 

Congratulations to the following students who are among those who recentlysuccessfully completed the 40-hour Using the Internet as an Investigative ResearchTool™ e-learning program with TII:

Todd GillisDwayne SmithJames CowperAnna Radcliffe Elizabeth CharltonEsbjörn ForssHannah BentonShannon TatarynGrace AbrahamAshlee LynchJordan IlareguyLynn HowlettLuke ThurbonKarla MathiesenDaniel Mazzola Leah OwensZhu Yang

Important Note: As we respect the privacy of our students, we only publish the names of students who

have provided express permission to do so.  Many of our students are unable to share their completion

due to the nature of their employment, or due to online privacy concerns.  If your name did not appear in

the above list and you wish to announce your completion of the course with TII, please contact us.

Subscribe Past Issues Translate

Upcoming Select Public Courses

 Dates Oct 31 - Nov 1, 2019

 

 Nov 28 - Nov 29, 2019

 

 Jan 23 - Jan 24, 2020 

 Jan 30 - Jan 31, 2020 

 Mar 23 - Mar 24, 2020 

 Mar 30 - Mar 31, 2020 

LocationVancouver, BC 

 

Toronto, ON

 

Toronto, ON 

Vancouver, BC 

Vancouver, BC 

Toronto, ON 

CoursesAdvanced InternetIntelligence & OnlineInvestigations Training

Advanced InternetIntelligence & OnlineInvestigations Training

Social Media Intelligence &Investigation

Social Media Intelligence &Investigation

Critical Thinking forInvestigators

Critical Thinking forInvestigators

  

Don't see the course you're looking for?  TII is pleased to offer a number ofspecialized and customizable in-house training programs for both the public andprivate sectors.  To learn more about what we can do to empower your workforce,contact us.

How Do We Improve the Human Factor in Cybersecurity?

Subscribe Past Issues Translate

By Dr. Cynthia Baxter MD FRCPC DABPN, Senior Associate, Toddington International 

Every week we continue to hear about the latest business, academic institution, oragency victimized by a phishing event, data breach, or cybersecurity issue.  Often, thestrategy used in the data or security breach isn’t novel – and the involved employeeshave often received cybersecurity training – yet people continue to fall prey to thesescams and deceptions.

While most employees know about phishing email dangers, they still click on embeddedemail links, download malware (including ransomware), open unknown attachments, andinappropriately share passwords or financial details.  The so-called “human factor”remains a frustrating and major cause of security breaches.

The effectiveness of cybersecurity training to employees is an important consideration. How can we do better?  While employees diligently complete their cybersecurity trainingmodules, alongside the safety, occupational health, and workplace standards modules,how can we help them remember the cybersecurity material and actually apply it whenthey’re working at their desks or offsite?

Part of the problem is that many employees see security/IT training as boring, irrelevant,and a tedious task that is delaying them from getting on with their day and othernecessary work tasks.  There is also a tendency for employees, especially in largercompanies, to view IT and security departments as the responsible parties to prevent andmanage these issues.  A 2017 study by Lee Hadlington (see Reference 1) of 515employed people in the UK demonstrates that point clearly – 98% of the employeesdevolved the responsibility of company cybersecurity to management and 58% statedthey did not know how they could protect their company from cybercrime.

Subscribe Past Issues Translate

Fortunately, there are strategies to engage employees effectively.  Here are some keypoints:

1. Deliver the training in the form of educational/academic presentations and group-based discussions designed to engage the specific audience – and specificallyaddress their knowledge and attitudes.  Training via emails, newsletters, videogames, posters and computer-based training have had limited effectiveness ingetting people to change and engage in more effective security activities (Khan etal., 2011 - see Reference 2).

2. Trying to scare people doesn’t work.  Many well-intentional people have tried toinspire behaviour change through fear, but it is generally not effective.  Rememberthe anti-drug campaign with the egg and the slogan “this is your brain on drugs”? It had zero impact on drug use.

3. Don’t make the teaching boring.  While this seems self-evident, many trainingsessions are monotonous and feature our most knowledgeable security/IT staff(who might not be the most entertaining or engaging).  If your content experts arenot the best speakers, pair them with a co-presenter who carries the talk while theexpert is there to answer difficult content questions and ensure accuracy of thematerial.

4. Personalize the training as much as possible.

As a follow-up to point #4, a great way to make the material more engaging is to highlightthe role of personality styles (with a large group presumed to have different personalitystyles). There has been some research that shows how different personality types aresusceptible to different types of social engineering threats (i.e., the use of manipulation,persuasion, and influence by an attacker to obtain sensitive information or access torestricted areas).

The first step is to ask the employees to take the “Big Five Personality Test” – this isavailable for free on many sites, such as https://openpsychometrics.org/tests/IPIP-BFFM,and only takes 10-15 minutes.  This first task represents a great opportunity to provideeducation on what makes a safe website and the importance of asking questions aboutdata collection and privacy before giving information online.

Once the employees take the “Big Five Personality Test” (also known as the five-factormodel 'FFM' and the 'OCEAN' model), that information is for their own use and not forthe employer to collect.  Once the employees know their own personality profiles (ratedon the five domains of openness, conscientiousness, extroversion, agreeableness, andneuroticism), the trainer can explain how different personality results protect them fromcertain risks and make them vulnerable in other ways.  This engages the employeespersonally in the session right from the start and will enhance their learning.  Uebelacker& Quiel’s 2014 conference paper  (“The Social Engineering PersonalityFramework”)  provides helpful detail in understanding the links between the personalityfeatures and the risk profiles (see Reference 3).

Subscribe Past Issues Translate

For example, individuals who score high in conscientiousness tend to value competence,self-discipline, self-control, persistence, and dutifulness.  As they are rule-followersgenerally, they are more vulnerable to social engineering techniques that exploit rules,social norms, and policies.  They tend to respect authority figures and do what they’retold by authority.  They can be easily exploited by a threat that impersonates an authorityfigure (by phone or email) to get the employee to release sensitive information or reset apassword.  A conscientious person complies with the organizational hierarchy to be agood employee.  It can be helpful to explain to the group that awareness trainings areuseful for conscientious employees.  It is also essential that an organization’s cultureminimizes fear of embarrassment for such employees in reporting their mistakes andpossible “accidental insider” actions – the training should openly address the issue ofpotential embarrassment.

Personalities with a high agreeableness component value compassion, cooperation,belief in the goodness of humans, trustfulness, helpfulness, compliance, andstraightforwardness.  They have a higher vulnerability to disclosing private information if asocial engineer establishes a trust relationship.  They can be targeted by a socialengineer who does them a favour to gain the employee’s trust.  Then, the social engineereventually asks for the favour to be reciprocated – for example, helping out in anawkward situation like forgetting their security card.  These personality types benefit fromsecurity training that includes an element of story-telling examples of these types ofsecurity breaches – this can help agreeable individuals appreciate the risks of trusting tooeasily.

Openness is a personality characteristic where people are creative, flexible, enjoy fantasy,and appreciate new experiences.  They are vulnerable to scarcity techniques that leadpeople to believe that things that are available on a limited basis are more valuable.  Forexample, if they receive an email stating that only the first ten employees to log on to thisexternal beta site will receive a bonus, they are more likely to enter their login data on thisexternal site, which is collecting their email addresses and passwords by them doing so.

Utilizing personality types is just one example of how to engage employees incybersecurity training.  The human factor in cybersecurity is a serious issue andnecessitates creativity and understanding of psychology and learning styles forcybersecurity efforts to be maximally beneficial. 

What has worked for your company?  Feel free to reach out to us with your experiencesand thoughts. References

1. Hadlington, L. (2017). Human factors in cybersecurity; examining the link betweenInternet addiction, impulsivity, attitudes towards cybersecurity, and riskycybersecurity behaviours. Heliyon (London), 3(7).

2. Khan, B., Alghathbar, K. S., Nabi, S. I., & Khan, M. K. (2011). Effectiveness ofinformation security awareness methods based on psychological theories. African

Subscribe Past Issues Translate

Journal of Business Management, 5(26).3. Uebelacker, S., Quiel, S. (2014). The Social Engineering Personality Framework.

Conference: Workshop on Socio-Technical Aspects in Security and Trust, STAST2014. Vienna University of Technology, Vienna, Austria.

Dr. Cynthia Baxter is a Canadian forensic psychiatrist who has been assessing and managing violent

offenders, sex offenders, and severe personality disorders for the criminal justice system, law

enforcement, and the health care system since 2002.  She is board-certified in both Canada and the

United States and enjoys collaborating with a variety of different professionals in order to assess and

manage difficult cases.

Dr. Baxter is also a clinical professor of psychiatry at the University of

Calgary, Faculty of Medicine, and has an appointment with the Alberta

Review Board for the management of individuals found not criminally

responsible for crimes.  She is a Diplomat of the American Board of

Psychiatry and Neurology (DABPN) and a Fellow of the Royal College of

Physicians and Surgeons of Canada (FRCPC) with forensic sub-specialty

certification.

Learn more about Dr. Cynthia Baxter and her work here.

Tools and Resources for the OSINT Professional

https://analyzewords.com - Tool for profiling Twitter users by username

https://igaudit.io  - Useful tool for finding how many followers on any public Instagramaccount are real and how many are fake

http://www.yasiv.com/youtube - Interesting visualization tool for YouTube that displays allvideos related to a particular search query

https://www.hashatit.com  - Hashtag search engine, searches Instagram, Twitter,Facebook, Youtube, and Pinterest for hashtags

https://snoopsnoo.com - Reddit user analyzer, search by username

https://storiesig.com - Website for downloading Instagram stories and highlights 

https://www.europeana.eu/portal/en/collections/newspapers  -  A rich resource for

Subscribe Past Issues Translate

historians, researchers, educators, genealogists, and creative users alike to discovernewspaper and printed heritage from across Europe

https://tweetbeaver.com  - Convert a username to an account ID number (vice versa),check if two accounts follow each other, and more

https://somesnapcode.com - Tool for searching Snapchat usernames

http://izuum.com - Zoom Instagram profile pictures for easier viewing in high definition 

https://atomiks.github.io/reddit-user-analyser  - Reddit user analyzer, provides joiningdate, analyzes text, lists most used keywords and top subreddits 

http://ytcomments.klostermann.ca - Tool that grabs/scrapes YouTube comments from anuploaded video, including usernames and dates

http://www.instasaverepost.com/instasave-repost-for-instagram  - iOS and Android appfor saving Instagram videos, photos, and albums

https://bit.ly/2lbp2MD  - FireShot, browser extension, great for taking full webpagescreenshots, available for Chrome, Firefox, Explorer, Tor, and more

https://bit.ly/2kFyV9A - Treeverse, Chrome browser extension that is useful for visualizingTwitter conversations

https://www.ipfingerprints.com - IP address and geographical location finder 

Follow us on  Twitter  for our resource of the day,  or visit our  Free ResourcesKnowledge Base to see more resources like these.

Comprehensive E-Learning Program:"Using the Internet as an Investigative Research Tool™" 

 

Take Your Online Research and Intelligence Skills to New Levelswith TII's Industry-Recognized E-Learning Course

Subscribe Past Issues Translate

 

The most comprehensive and up-to-date internet research and investigation e-learningprogram available, "Using the Internet as an Investigative Research Tool™" is designedto enable investigators, researchers, and intelligence professionals to find better onlineinformation, in less time, at less cost, with less risk™.

For a fraction of the cost of classroom-based training, our flexible and interactive virtualclassroom environment allows candidates to progress at their own pace and competencylevel, with a qualified personal instructor on hand at all times to ensure success.  Initiallylaunched in 1998, this highly-acclaimed and continually updated online course has beensuccessfully completed by well over eight thousand investigators and knowledge workersaround the world. 

Enrolment takes only a few moments; online credit card payments are accepted, andgroup discounts and licensing options are available for five or more registrants.  Visit thecourse page to find out more and instantly register, or contact us directly with anyquestions. 

Bonus: Tuition fee includes special access to select OSINT resources.  As a HRSDC certified educational institution, TII provides Canadian students with a T2202A Tuition Tax

Receipt.

More Online Training

 

We are pleased to be offering a special price of $399 on all of our e-learningcourses as part of our Fall Special, in effect from September 18 - October 18, 2019.  

 

Open Source Intelligence for Financial Investigators40-Hour E-Learning Program

Essential for all financial institutions and corporations required to comply with the

Subscribe Past Issues Translate

European Union Fourth Anti-Money Laundering (AML) Directive and similar legislation, orotherwise engaging in enhanced due diligence activities, this comprehensive trainingprovides financial and business professionals with the latest tools and techniquesrequired to effectively gather online OSINT, with the aim of enhancing complianceactivities and minimizing potentially detrimental risks to an organization — both quicklyand accurately.  Sign up or learn more here. 

Introduction to Intelligence Analysis40-Hour E-Learning Program

This program provides a rich and interesting opportunity to explore the key concepts andintellectual foundations which inform intelligence analysis activity. Students will developawareness of, and gain experience in, using common tools and methodologies toconduct analysis assignments, as well as learn how to fashion one’s insights and ideas ina way that communicates effectively to clients and other intelligence consumers.   Signup or learn more here.  

Criminal Intelligence Analysis40-Hour E-Learning Program

This program is designed to equip aspiring and inexperienced analysts, as well as otherinterested law enforcement and investigative professionals, with the knowledge and skillsrequired to undertake criminal intelligence analysis work, and to understand criminalintelligence analysis products when encountered.  Sign up or learn more here. 

Strategic Intelligence Analysis 40-Hour E-Learning Program

This program is intended for professionals working in public sector enforcement,intelligence, national security, and regulatory compliance roles, or those aspiring to doso.  Students will be equipped with the skills and knowledge required to effectivelyconceive, plan, and implement strategic analysis projects, and deliver impactful strategicadvice to clients and other end users.  Sign up or learn more here.

"How-To's and Articles of Interest for the OSINT Professional"

Subscribe Past Issues Translate

 

OSINT & Search

"Google's 'secret web tracking pages' explained"

"How to Download a Web Page or Article to Read Offline"

"Boolean search for social media monitoring: What to track, how to track, and why" 

"How To Tell Stories: A Beginner's Guide For Open Source Researchers" 

"A Guide to Open Source Intelligence (OSINT)"

Privacy

"Police can get your Ring doorbell footage without a warrant, report says"

"The Best Web Browsers for Privacy and Security"

"How to Check and Tighten All Your iPhone's Privacy Settings"

"4 Ways to Avoid Facial Recognition Online and in Public"

Instagram

"How to save Instagram videos"

"This App Lets Your Instagram Followers Track Your Location"

Facebook

"Here's how to delete or deactivate your Facebook account"

"Thanks to Facebook, Your Cellphone Company Is Watching You More Closely ThanEver: Facebook's Work With Phone Carriers Alarms Legal Experts" 

"Facebook debuts Libra cryptocurrency: a Bitcoin killer?"

"Facebook's image outage reveals how the company's AI tags your photos"

"US Court rules users can sue Facebook over facial recognition technology"

Subscribe Past Issues Translate

Twitter

"Hate speech on Twitter predicts frequency of real-life hate crimes"

"Twitter disables precise location tagging in tweets"

"Twitter may have shared your data with ad partners without consent"  

Follow us on Twitter for daily articles and other interesting industry updates.

follow on Twitter | friend on Facebook | forward to a friend

Copyright © 2019 Toddington International, All rights reserved.

unsubscribe from this list | update subscription preferences

Subscribe Past Issues Translate