fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

A Tattoo and an Etsy Shirt Led Cops to Arrest Woman Accused of Burning Cop Cars

A Tattoo and an Etsy Shirt Led Cops to Arrest Woman Accused of Burning Cop Cars

An elaborate open-source intelligence investigation shows the potential danger of posting protest photos online.

IMAGE: DEPARTMENT OF JUSTICE

Protests over the police killing of George Floyd have swept the country for weeks. Thousands of people have filled the streets of cities all over the U.S. to protest systematic police brutality and racism, ignited by the video of a Minneapolis police officer kneeling over Floyd’s neck for more than eight minutes.

A small minority of the people in the streets have vandalized property, and the police are finding novel ways to use social media and other internet breadcrumbs to find and arrest them, highlighting how some people can be identified and arrested via scant, obscure information on the internet.

On Wednesday, prosecutors announced that they charged a woman for allegedly burning down two Philadelphia police cars on May 30, accusing her of arson. FBI agents were able to identify her thanks to an investigation that largely relied on data freely available online, based on an aerial video taken the day of the protests, an Instagram picture, photos taken by an amateur photographer, and—crucially—a forearm tattoo and an Etsy t-shirt.

Also read: The impact of GDPR and PDPA in Singapore

This case highlights how law enforcement is getting better at using open source intelligence—or OSINT—on the internet, how hard it is to blend in and protect your identity when protesting in public, and how videos and photos posted of protests can help amplify them, but also come with risks for people who are there.

“FBI investigations are adapting with the changing times as people increasingly put themselves out there online in ways they don’t fully appreciate at the moment or even remember later on. You pull one thread in the morning and you got it figured out by lunchtime,” Seamus Hughes, the Deputy Director of the Program on Extremism at George Washington University, who was among the first to spot the case before it was announced, told Motherboard. “Cameras are everywhere, whether it’s protestors’ iPhones, news organizations covering the crowds, or the surrounding buildings’ CCTVs. If you set two cop cars on fire, they’ll eventually find you, it’s just a question of how quickly.”

In this case, it only took a few days.

The FBI agents analyzed an aerial video recorded by local news and posted to Vimeo that showed the scene: people breaking windows in Philadelphia on May 30, and a woman burning down two cop cars, according to an affidavit signed by one of the FBI agents investigating the case.

The FBI, as well as the Department of Justice, declined to comment on the case.

Paul Hetznecker, Blumenthal’s lawyer, said in a phone call that he’s concerned about prosecutors charging her in a federal court, instead of leaving local authorities to handle the case as they have done in other similar cases after the incidents in Philadelphia.

“The techniques utilized by the FBI are gonna be scrutinized during the course of my pre-trial investigation of this case,” he said, declining to comment further on the case.

The agents were able to find a few Instagram pictures of the incident (seen above), and then obtained more than 500 photos from an amateur photographer who was at the protests that day. One of the pictures showed the writing on the woman’s t-shirt: “KEEP THE IMMIGRANTS, DEPORT THE RACISTS,” the FBI agent explained in his affidavit.

As it turned out, that was a custom made t-shirt sold on Etsy.

The FBI agents saw that an Etsy user named Xx Mv, whose personal Etsy URL was “alleycatlore,” which described herself as living in Philadelphia, had posted a review after apparently purchasing the shirt.

1592421036947-Screen-Shot-2020-06-17-at-111651-AM

The FBI then Googled “alleycatlore” and found a user named “Lore-Elisabeth” on the mobile fashion store Poshmark. Another search for “Lore Elisabeth Philadelphia” led the agents to a LinkedIn page for a woman who works as a massage therapist for a company in Philadelphia.

On that company’s website, there are videos of massages hosted on Vimeo. One of the videos shows the tattoo that is visible on the woman’s forearm in one of the Instagram pictures that the feds found.

The agents also found a phone number for the woman, which they used to find a home address through the DHS Electronic System for Travel Authorization, a government system to screen foreign individuals traveling to the U.S. This then led them to find her DMV photo, according to the court document.

At the same time, the Etsy seller provided purchasing records following a subpoena, which confirmed the Xx Mv user had purchased two KEEP THE IMMIGRANTS, DEPORT THE RACISTS t-shirts, one of the in the same color as the shirt that appeared in the photos. The subpoena also revealed the shirts had been sent to a Lore Elisabeth in Philadelphia, according to the FBI agent. The Etsy seller did not respond to a request for comment.

1592420923846-Screen-Shot-2020-06-17-at-105508-AM

At that point, the feds had enough evidence to arrest the woman, who is now in jail and appeared in federal court on Tuesday.

This investigation is a great—and scary—example of just how much one can find out with just an internet connection. In the past, news organizations such as Bellingcat or The New York Times Visual investigations team have used similar techniques to break major news stories such as the identity of several Russian spies, or to reconstruct the murder of journalist Jamal Khashoggi.

This is also a great reminder that any image of protests users share on social media could help inform law enforcement investigations, even if that wasn’t the user’s intention.

Correction: a previous version of this story reported that Etsy provided purchasing records to the FBI. It was actually the Etsy seller who makes the KEEP THE IMMIGRANTS, DEPORT THE RACISTS t-shirt who provided records following a subpoena.

Also read: Overview of the Personal Data Protection Act – SG

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us