Ep. 65: Open Source Intelligence
Nick Chernoff is an expert in open source intelligence (OSINT) and regularly trains police and three letter government agencies around the world how to use OSINT and how to protect themselves. This is episode is a real eye opener and jam packed with valuable information for anyone wanting to protect themselves online. The techniques discussed here can save you from criminal activity or personal injury.Transcript
Travis Bader: [00:00:00] I'm Travis Bader, and this is the Silvercore podcast. Join me as I discuss matters related to hunting, fishing, and outdoor pursuits with the people in businesses that comprise the community. If you're a new to Silvercore, be sure to check out our website, www.silvercore.ca where you can learn more about courses, services and products that we offer as well as how you can join the silver Corp club, which includes 10 million in north America, wide liability insurance, which sure you are properly covered during your outdoor adventures.
[00:00:43] It previous episodes at the Silvercore podcast, we've talked about situational awareness and how to safely comport yourself in everyday life. Today. We're delving into the world of cybersecurity and open source intelligence. Welcome to the Silvercore Podcast.
Nick Chernoff: [00:00:58] Nick Chernoff Travis. Thanks for having me.
[00:01:00] It's a pleasure.
Travis Bader: [00:01:01] So open source Intel. First off, what is that? And can you give us a little bit of background that you have on the subject?
Nick Chernoff: [00:01:09] Yeah, absolutely. It's a good question. So, uh, open source intelligence is essentially, uh, openly, publicly available information. If you're on social media, if you're writing on blogs, blogs, anything online that we can gather from just a basic, even Google search, social media search that is in the realm of open source intelligence.
[00:01:28] And, and, uh, we are doing that every single day. You know, for those of you on social media, when you go and look up a friend, significant other, maybe someone you're diving to get into a relationship with you are going to find them and find their open li publicly available information. So, uh, it's a bit more of that and not just social media and, and, you know, looking forward to talking with that throughout today, uh, about my background, I've been in the world of school safety for about a decade, uh, just over 10 years.
[00:01:53] Um, Privileged to be in this field at such a young age. And, um, I've been able to travel north America and presenting to law enforcement school districts, uh, certain three-letter agencies in the states, uh, regarding this topic and specifically school safety. Uh, so how do we gather openly publicly information and identify worrisome behavior, uh, to help protect schools, uh, as well, I've also an eight year member with the Canadian forces and the more of the reserve component with the Seaforth Highlanders of Canada.
[00:02:23] So in infantry, right?
Travis Bader: [00:02:24] Yeah. You got the shirt on, there could be gone, right.
Nick Chernoff: [00:02:28] Always representing, of course, of course.
Travis Bader: [00:02:30] So, you know, I've, I've got a very limited background in open-source intelligence, just in, you know, when we're hiring people on, we're going to be taking a look at their social media profile.
[00:02:42] Uh, I'll go on to in British Columbia, we've got court services online. I'll take a look through there to see what kind of background I can find if there's. Uh, a criminal history or a history of, uh, civil actions against somebody. And, uh, we've a BC online as well. And I can kind of pick around a little bit, but that's about the extent of the sort of open source intelligence set that I'm privy to.
[00:03:04] Uh, what do you usually do?
Nick Chernoff: [00:03:06] Yeah. You know, that's, that's all great things that we can use and you bring up actually, some, some good points because we are now seeing, uh, many employees. Figuring out, you know, they'll look at a paper, copy, resume. I come apply for Silvercore. You're going to see my background.
[00:03:22] You're going to see my history. It's all things that I've curated for your job, but what am I doing online? That's going to represent myself and your organization. And those are great things that I think many organizations should do. How are you being represented online? But you know, when we are gathering open source intelligence, we are monitoring and identifying every social media aspect.
[00:03:43] We're not just going in and finding someone's Instagram account or someone's Facebook account. It's every little detail. You know, when, when, uh, because of a part of my role is, is when a school shooting happens and I've been at the forefront investigating many high profile acts of violence at schools across north America.
[00:03:58] We are digging into that killer's life when, when they shoot up. And we are monitoring all aspects. So, uh, at our kind of command center within our office, we have multiple TVs, every single social media account available. There are ways to actually go behind the scenes and manipulate, uh, you know, and, and find information even down to, if I have your phone number, if I have your email address, I can find a majority of your social media accounts that are linked to you.
[00:04:25] And it's quite fascinating because when I am training law enforcement and, and school district professionals, we have them create social media accounts for doing their searching. Right. We always tell them, you know, never searched for somebody using your personal accounts and, and they don't even think about.
[00:04:42] Well, I'm going to download, you know, an application like Snapchat on my phone and somebody law enforcement members that are doing that. If I have your phone number, all I have to do is some certain techniques right now. No, all your, your covert type accounts and you're going to be burned like that. Right.
[00:04:57] Things to think about. If I were to take a photo right now on my smartphone, right? The smartphone that we all have in front of us, which I like to say is for convenience rather than for security, right? If you want to be really secure, go get a, go get an old flip phone. Don't put any applications on it.
[00:05:11] Just use it as like a, uh, just a. But when they're downloading applications and, and they're, they're using these devices to actually identify worrisome behavior, they don't really understand that everything is linked together. If I have your email address, well, I can run it through certain techniques online.
[00:05:29] Uh, we call it a Boolean search operators or, or Google dorking
Travis Bader: [00:05:33] Google dorking you haven't heard that. I know the Boolean search
Nick Chernoff: [00:05:36] sometimes referred to as, as Google hacking, but I can take your email address or what I know about you and actually find if your email has been in a data breach, which may actually, uh, show me your passwords to your accounts.
[00:05:49] Interesting. So there's many things that we can do outside of that. Just the generic. I'm going to see if they're on Facebook or on Instagram or on social media. So, so,
Travis Bader: [00:05:58] and just to be clear, this is the whole. Whole thing behind this is that it is open source, mean that it's open to anybody. The techniques that you use could be used by anybody out there more or less.
Nick Chernoff: [00:06:12] Absolutely both the good and the bad. And that's kind of why we know that. And, and the biggest, uh, cause I run a full day or I'll help run, uh, two days of training to train law enforcement, to school districts, how to identify worrisome behavior through techniques that we've, we're, we're providing to them to give them knowledge and the tools to really keep our kids safe and our community safe.
[00:06:33] And yeah, these tools can be used by individuals who are, you know, trying to find an ex-wife or an ex-husband. Uh, and there's quite invasive techniques. If I'm a partner who, who maybe is suspecting you of cheating, I could probably take your phone right now because maybe I know the password we're comfortable with that.
[00:06:51] But did you know that through certain settings on your phone, I can actually determine just by having your phone, every place you've ever been, how long you've been in those places? When I drove in today, they keeps track of how long it took me for my drive time, how long I was in certain it's based on your special on your iPhone, your significant locations.
[00:07:10] Um, that necessarily isn't open source, but you know, there's, there's definitely tools that people in the wrong hands could use for, for negative ways.
Travis Bader: [00:07:18] Well, okay. So that would be like iPhone or a Google Android phone. Like they both do that. Right? Of course. It doesn't matter what. Uh, would you suggest to people that they go in there and they turn certain settings off?
Nick Chernoff: [00:07:31] Yeah. I mean, even down to, if, if you take a photo from your phone right now and you have a certain setting on, okay, I could be, I could be, uh, an individual out there saying, Hey, I hope you're having a great time. You know, what are you up to send me a photo? And I'll share a great story. And I use this during training.
[00:07:48] There was a gentleman on Craigslist, and this is what I'm getting into. What's known as metadata. Think of data within the data. You take a picture with your phone. We see, and just focus on the photo, but us kind of, you know, tech nerds and whatnot, think about what's the information behind it, because it was taken from a very smart phone.
[00:08:07] So I could be like, Hey Travis, you know, you could be like, I'm at my secret hunting spot today. I know, right. Take, send me a photo. Then I take your phone. Uploaded into a metadata viewer, which gives me the exact phone. You've used the date and timestamp and possibly GPS coordinates. Right. And so that's, that's invasive, but that's all information that is now sent to me that I can gather your now note now, hunting spot that they made, you kept secret for the longest time.
[00:08:37] And we don't understand that with every piece of information that we send out there, we're giving data within that and yeah, go into your location settings on your phone. There's a going to be an app on there that says camera and beside that. So if you go to settings privacy and then location services on your iPhone, within your location services, you see every app that's using your location right beside that.
[00:09:02] You're going to, and I want you to focus on the camera. If the camera says never, it means, well, it's never embedding your GPS coordinates if it says while using well, pretty much every photo that you take, you embed your GPS, coordinates you, go on your. And the gallery on your phone. There's a section that says places and it's, it's a map that pinpoints where the photos were taken.
[00:09:25] That's great. However, I always think of things about, okay. What if that is a lot of information that we're giving out? It's cool to know, but it's kind of scary.
Travis Bader: [00:09:35] I like, I use the, the hunting analogy because I will specifically go in and screenshot my photos because I'm so paranoid at times. So it was sending a picture out, like, did I, did I remember to take my location services off?
[00:09:49] Am I sending them something that's going to have the, uh, the geotag associated with it? So I'll take a picture. I'll screenshot the picture, I'll crop down, and then I'll send that spec crop picture over it.
Nick Chernoff: [00:09:58] I love that. You're still going to give little metadata on the type of phone you've used and maybe the time of screenshot, but, you know, I was going back.
[00:10:06] I was going to share this story during training and it was a, it was a, uh, uh, law enforcement type file. I worked with both, uh, law enforcements, um, uh, north and south of the border in Canada, in the states, uh, some over in the UK as well, due to certain issues that are happening, but there was a gentleman.
[00:10:20] And when you upload photos on, on your social media, It is good that social media strips this metadata for the public, for the pup, for the public. Right. So I can't go to your, you know, and, and for those of you celebrating, um, uh, you know, different holidays or whatnot, if you could take a photo when you're having your Thanksgiving or Easter dinner and you upload it to social media, I can't take that photo and figure out where you had that dinner.
[00:10:47] So it strips the metadata, which is great. There was a gentleman on Craigslist, okay. He was selling his motorcycle. And if you kind of know a bit about, uh, human behavior and social engineering and how to manipulate people, it's quite easy to unfortunately take advantage of individuals who just don't understand that what is going on behind the scenes, a gentlemen gets a message from someone else inquiring on his motorcycle.
[00:11:13] So a guy was on, on Craigslist, searching for motorcycles. This guy gets a message saying, Hey, I love your motorcycle. I'm very. I'm very interested, but I'm not going to waste your time. I'm not going to waste my time. I'm only going to those motorcycles that I am. Uh, I'm interested in buying the only reason I'm messing you.
[00:11:32] This is because when I zoom into your photo on Craigslist, I swear there's a scratch on your gas tank. The guy's like, absolutely not. And you know, when you're just wanting to sell something, you want to get rid of it at any anyone who's at you take advantage of, of human behavior with, wow, someone's interested in this.
[00:11:47] I can sell it. I can make some money. You know? So the gentleman says there's no scratch. Okay, fine. You know what? Just prove to me, here's my phone number. Can you go down to your motorcycle in your garage right now? And if you don't mind doing that right now and text me a photo. So they've now gone from Craigslist Craigslist, actually strips metadata to the raw original format between a smartphone, which keeps metadata.
[00:12:16] Of GPS settings, unbeknownst to this guy, just wanting to get rid of his motorcycle. He sends a photo via text. This gentlemen uploads the photo into a metadata viewer figures out where this guy is selling. It goes two nights later and steals the motorcycle because he now has location based on that image, right?
Travis Bader: [00:12:38] Just that easy.
Nick Chernoff: [00:12:39] It's that easy. And it's, it's all about, you know, uh, we didn't grow up in this world of technology and social media. We're playing catch-up a lot of individuals will be like, well, okay. I don't know. I just use Facebook. I just use social media, but they don't understand there's way more out there from the states to even Canada, when I'm searching for a killer or understanding things about, about what they've done, the way that I searched for somebody in Canada is completely different from even the U S I I'm going to challenge a lot of your listeners right now.
[00:13:12] Have you ever Googled yourself on. And maybe you put in Travis Bader and maybe you've just done that, but using certain because Google, Google's very smart, but it's quite lazy. And I always like to say that because if you search for your first and last name, Travis Bader in Google, you're going to find everyone by the name of Travis and everyone by the name of Bader and not necessarily just find you the next time you search for your name.
[00:13:38] And this is serial listeners. Search your name in quotation marks, right? It actually narrows down your search. It tells Google. I don't want to final Travis's all beta, but Travis Bader together. Right? Right. And just little techniques like that through Boolean search operators or, or Google dorking techniques, I can use Google dorking to actually find open wifi cameras within your house, your ring camera.
[00:13:59] If you don't change your default password, there's a possibility that someone could be accessing that if you don't change your passwords, every few. It's not a matter of if, but when something's going to be breached and your passwords are available through, you know, forums on the dark web or, or, or deep web, or just a basic Google search.
Travis Bader: [00:14:19] So, any camera you get, obviously change your passwords. Any router, you get change your passwords on it.
Nick Chernoff: [00:14:23] You know, Travis, you bring up a good point with, you know, uh, change your passwords. And, and the biggest question during my training and, and I've, I've trained everyone from school to police to, like I said, different three-letter agencies.
[00:14:39] And the big question is like, I can't keep track of all my passwords. I use the same password or a character off for every other account because I can't remember them. Right. Invest in a password, man. Those are pretty safe for one, for the most part, I encourage you to do some research. Um, there's one called keep pass X, C K.
[00:15:01] It's a little bit more advanced of a password manager, but there are some out there that of course are not the best, but I would encourage you to do a bit of research. You're also going to learn just that much more in a password manager is essentially a vault on your computer. You then add all your accounts, all your passwords.
[00:15:16] I have probably over 60 accounts and I have a different password for each one. I don't want to remember each one, but I remember one password to get in the door of that password manager, which then I forget my password to this account. I go in reminder, bring it over, log into my account. It's a few extra steps, but that is the first step passwords.
[00:15:38] Two factor authentication. Isn't huge. It's huge. Um, there's also something that, that has been going around for a while called SIM swapping, right? Where the idea is I'll find your password. I will then understand that you may have two factor authentication on your phone. I will then figure out information about you.
[00:15:58] Maybe that I'm finding on your social media, maybe that that's your, and I always like to say, you're only as strong as the weakest link within your friend network on social media. So I may not be able to find information on you, Travis, but do your spouse, kids, whatever people that are close to you, are they putting out information?
[00:16:15] That's telling things about you that I can gather. Right? Think of, think of down to the questions that you could ask for your banking. What's your mother's maiden name? What's the street you live on? I never used my right answer.
Travis Bader: [00:16:28] No, no, I don't think anybody should.
Nick Chernoff: [00:16:28] No one should, but change it something different and don't have it on things that we can find on social media.
[00:16:34] But, but going back to SIM swapping is the idea where I now find information on you. I know your phone number. I then maybe we'll call your cell phone provider, pretending I'm you I'll answer questions that I'm finding from your social media and say, Hey, I need to swap out my. Then that two factor authentication code.
[00:16:52] Right. Right. And this is happening all over it. And it, um, it's crazy how many, uh, young kids are knowing about this.
Travis Bader: [00:17:02] What about SIM spoofing? That should be pretty straightforward. I guess if you have the, uh, the technology.
Nick Chernoff: [00:17:07] Yeah. And like I said, anything is vulnerable through, through, um, through, you know, manipulating your, um, your location through various apps.
[00:17:16] Right? Right. I can go and download a location, spoofing app and make it like I'm somewhere else around the world. That's why it's important that you may not care about your, your online security, because AI, I don't have Facebook, but you have a smartphone, you have email, you have other things. And, and there's some folks out there who have a lot of sensitive information on there.
[00:17:40] Are you changing your email regularly? And that's something that I always encourage, you know, organizations that do have it in a requirement every few months to be like, this is mandatory of you changing your email address, address or password. Sorry. Good question. Or clarifying password. Okay. By the way, here's my new, uh, here's my new email address every like few months.
[00:18:02] No, that'd be that's too much. That's yeah. So know your, your, your password. And this is something I do with my own family because my grandparents, uh, bless them, bless their heart. 96 years old. Uh, Mike, both my grandma and grandfather, uh, and they live on their own. My grandpa is obsessed with investing. He loves his email.
[00:18:22] That's his main way of communication. And, and I said, well, they may not care about it, but they're online. And, and I give you a story. I was with my grandfather a few weeks ago. They live, they live in Winnipeg here in Canada. And I, uh, he, he told me he got a call from, uh, apple, right? He doesn't use an apple computer.
[00:18:40] It's so it's so funny. Cause my, my grandma has an Android phone that she calls her, her iPhone. It's not it's it's anyways, I just let her do her thing. But you know, 96 years old, my grandma's texting me every day, works the iPhone. Exactly. And my grandfather was online and he goes, Nick, you know what you just told me and share with me about online security actually saved me.
[00:19:01] And I got a call one day from a, they said they were from apple and they said they need remote access to my computer because they had, they detected a virus. And I said, well, what do you do. I hung up and I say, that's fine. And then what did you do after he goes, I went to the apple website and called the support number on the website and he, wasn't afraid to just hang up and be like, and I, and that's, that's important, right?
[00:19:24] Sometimes we want to be nice on the phone and be like, oh yeah, you knew where I got a call. I had one of the best scams ever from actually. It was after I got my, uh, my wifi put in at my house from Telus. Right. And so the guy puts my wifi in. He, he says that he's had everything set up and he goes, Hey, you know, we're just doing a survey.
[00:19:42] You'll you might get a call in a few days just to see how it was. And, you know, give me, give me a five-star rating. And I was like, well, you did a good job. So a few days later, I'm, I'm distracted. I'm still kind of moving. And, uh, I get a message from Telus. It's like, this is an automated message. We want to let you know that you will be receiving a call shortly from Telus on the experience that you just had setting up your home internet.
[00:20:06] I was like, cool. Yeah, I'm expecting it. Yeah. So I pull over and I wait for the call within five minutes clockwork. I got. Hi, is this, uh, you know, Nicholas, we understand that you just had your, your, um, wifi put into your house. We just want to ask you just want to clarify exactly that we are talking to you before we go through the survey.
[00:20:24] I was like, oh yeah, no problem. I'm busy. I just read it. And so I'm, I'm distracted and they go, can you, can you just confirm your first and last name? And I'm like this, and they're like, can you confirm your email? And I'm like this, and they're asking me a few more questions that they would have anyways, on file.
[00:20:39] And then they're like, can you just confirm your social and or social security number? I was like, I started laughing. I was like, you guys, this is good. You guys did good. This is a good scam, but this is what's going to happen. I'm going to hang up right now. I'm going to call back. And the lady's like, yeah, no problem.
[00:20:53] We totally understand taking your security. Uh, and she just kind of went with it. I was like, and a lot of people would be like, oh, you, you seem so nice. Cause you know, people will hang up your spam callers. Right. They'll hang up once they understand that it's a scam, but anyone else who's not thinking about that in busy moving would just be like, Okay.
[00:21:10] Yeah. Yeah. Let's catch it. Okay. Let's just carry on. Yeah. Awareness. Right. We got to educate those who are not grown up in this world, but, but, uh, but use devices. Right?
Travis Bader: [00:21:20] So that awareness, like you're saying, okay. Let's say I'm really cyber aware. Right? I've got a good sense about my passwords. And you've talked about passwords prior to the, uh, like key chain and these different volts and things coming into play.
[00:21:34] I would just use an algorithm, just a simple algorithm that I can remember in my head that would work off of whatever the application that I'm I'm using. And I just do add digits, add letters, front and back, change digits and delighters around. I just know, like, if I'm logging into, let's say Gmail, that's going to have a certain password.
[00:21:54] So if anyone figured out my algorithm, all right, then I've done all my passwords. Say that. Right.
Nick Chernoff: [00:21:58] And you make it, you make a few good points because yeah. Um, create your own little algorithm. Don't, don't use your pet's names, your kids' names, something that will bring it back to you. If you're going to put a zero, maybe change it with an O upper case, lower case, things like that.
[00:22:11] And, and it's important that you are changing your passwords and I'll, I'll share something that actually happened to a close friend of mine. She gets. And she actually was an email. It was sent to her via email and it said, you don't know who I am, but I know you, and I know your password is this. And they actually put her real password.
[00:22:30] So she's like, what? Yeah. And then the rest of the letter says, and it was actually, um, and I'll explain where it came from in a second, but it kind of said, we have been watching you through your camera. We know what you were doing. Right. We have videoed everything and she's like starting to sweat. She's trying to think that I did, I do anything in front of my camera.
[00:22:50] I shouldn't be doing, but they have my password and it's a well drafted. Email. Yeah, I got a call right away and I said, she says, Nick, I need help. Uh, someone hacked into my accounts, they hacked into my camera, they have my password. I said, let me guess they said that they were watching you and filming you.
[00:23:08] And, and they, and it kind of goes into like, we know that you were on some pornographic websites and we play on people's darkest fears. Right. I don't know if any of you are, if you've heard or watched the episode on black mirror, there is an identical there's identical episode of that. And people were just copying that.
[00:23:25] Exactly. But it was her password. So how do they get it? It's because she had her password for years. It was in a known data breach and. She didn't know about it. I always encourage people to go to a website called have I been poned P w N E D check for data breaches or another website called monitor.firefox.com.
[00:23:48] Or you actually put in your email in, and it'll notify you when a known data breach has happened. You know, things like that. How do you set up, how do you set up certain ability? Because, um, you need to protect your own self. Right? And I have, I have these, you know, cause my mom, my dad, my sister, they care only because I care, they don't maybe really care.
[00:24:08] So, you know, I have to set things up in their behalf and be like, all right, mom, dad, we got to change your passwords. Like there's been a breach here. And they're like, okay. Yeah, we'll set it up. And I said, please just don't, don't just change one character off your password, like create a good password. So yeah, just little things like that.
[00:24:26] But you know, I, I, when it gets into the whole world of open source intelligence and I, I think I told you this story, there's. Uh, a forum online and many of the Chan boards like four Chan or eight, eight Chan, which is now eight con right. Um, is a lot of, of, of time on people's hands and, and through Reddit as well.
[00:24:44] Right. It's a great source of actually, if, if, if you're ever interested in, in learning more about, oh, scent open source intelligence, go check out the, the, the, um, uh, on Reddit, there's you just subscribe to, to . And it actually shares with techniques, all these things, which are quite easy to do. Interesting.
[00:25:04] But there was a story how, um, uh, and it actually, if, if it's from, you know, Shyla buff, Shyla buff. So this is back when, when Trump was kind of getting into politics and, and before he came presidents and, um, what Charlotte did is he has a sign. It said, um, he will not divide us. And he takes this sign, which is essentially just a flag and he puts it up in the sky.
[00:25:29] And he puts a live stream camera on it. Now, no one knows where it is. It's somewhere in the United States. It is literally in a field somewhere in the night in the United States. He puts this flag in the sky. Huge flagpole. No one knows where it is. He puts a livestream camera on the flag and all you see is a flag and the sky, you see clouds, passing planes, passing, birds, passing.
[00:25:51] That's it. So how does a group of individuals on forums like Reddit find that flag? Well, how do we use open source techniques? Let's start by thinking it's a live stream. You watch the live stream, which will then narrow down sunrise, sunset. Right. Okay. So from your sunrise and sunset on that live stream, you're like, oh, that's definitely not west coast.
[00:26:16] It's still super sunny here. It may be isn't central. The sun, the sun is still shining over here or maybe it's gone. And so they, they narrow it down to, you know, uh, one third of the United States saying it's gotta be on the east coast. So just from that alone, they've broken down where it should be from there.
[00:26:34] They're starting to listen to sounds and see things in the sky. There's planes going by. There's actually a cool app on, uh, that you can get it's called, I believe flighty there's many, there's many apps that you can actually monitor. And, and this, this is actually what I was doing during the, during the pandemic, because all these flights being halted from China and everything, and I'm still seeing flights come in and it shows you a live stream of exactly every flight that's in the air now.
[00:27:00] So if you've ever looked up in the sky and you're like, oh, I wonder where that flight is going. There's an app for that. You literally GPS coordinates on your phone and you're like that app has, or that plane is over top of me. That that 7 47 is off to. Or it's landing in Vancouver. So they actually had people monitoring the app and trying to figure out, you know, where, you know, flights were coming, different flight patterns, and it's quite remarkable.
[00:27:24] It's getting these team together. So they kind of narrow down a certain area and then they hear frogs in the background and they're like, okay, it's not probably not. Or a certain type of insect. And they're like, that is that there's someone down there is like, oh, that's a native insect to, to this area.
[00:27:37] And so as they're starting to narrow it down, they actually get a bunch of individuals with their trucks. Okay. And they start driving everyone from certain, certain cities that they live in that are, maybe are close to where these types of animals are. They go and they start to honk their horns. So people on the live stream, so people in the.
[00:27:59] Oh, I, I heard you. I heard you over here and okay. Everyone else be quiet and it hot or cold. And then they finally narrow it down just by everyone working together and certain open source techniques or certain abilities, like, uh, you know, monitoring the flights and, and there's quite a extensive way that they were able to work together to find information.
[00:28:18] Right. And, and, and I, you know, part of my role within, within the military, as well as working with, um, uh, influence activities and psychological operations, um, we have, there's a great task force here in, in Canada. Um, and, and I, I work on the, on the kind of the, the west coast here, but when I shared just a basic presentation about how vulnerable police can be military can be, um, and I share a story where, um, uh, there was a certain, uh, force overseas and this certain area, a lot of the troops were, you know, had time off.
[00:28:54] So what would they do? They'd, they'd buy a phone from the. That's the first red flag. If you, if you want to buy a phone from the area, like I'd have the us or Canada ship their own phones. And maybe there's just a lot of weird red flags when I'm going to a place that I'm, you know, occupying and all of a sudden I'm buying a phone from there, right?
[00:29:10] So that's a few red flags. And then these, these, you know, 21, 22, 23 year olds, what are they doing? Well, I'm in, you know, Eastern Europe, I'm going to Ukraine pole in Latvia where some of our Canadian troops are, and we're, I'm at download Tinder, right. I'm going to start swiping and find, you know, and, and what were they doing?
[00:29:27] The enemy was creating fake Tinder profiles. That's brilliant to try to get information from our troops cause this hot blonde or maybe another force member is, is, is on. And then they're saying, oh yeah, like where are you located? You know, where are you going next? So we should, we shouldn't beat up. Oh my God, I'm there as well too.
[00:29:44] It's this catfish. Right. And that is, you know, I even said, you know, I even said, I showed and this kind, kinda got me in trouble a little bit, but it woke a bunch of people up where, where, you know, some of older individuals, they were like, uh, I said within five minutes, I could probably bring up a military member and share with you things about their life.
[00:30:07] And they're like, no, no, you can't, you can't do that. And of course in the military here in Canada, we don't do any intelligence or any gathering on our own folks. So I used a military member as kind of like a subject. So I brought this military member and I said, um, this is, you know what regimens he's in his wife's pregnant.
[00:30:26] This is his vehicle. This is licensed play. This is newborn. Okay. So here's the other thing. How can I use that from a psychological standpoint? Well, uh, maybe I know he's done. Right. Okay. And, and for me, I'm a, uh, you know, I'm somebody who, who just wants it, wants them to crash and burn. So I have fake profiles.
[00:30:46] What stopping me while he's deployed. He may not talk to his wife for, you know, a few weeks, maybe a month, depending on what he's doing, but what's stopping me from maybe messaging his wife while he's gone from another female fake account I've created right. Saying, Hey, um, I just want to let you know and introduce myself.
[00:31:06] My name is so-and-so me and my husband and I we've been, you know, having an affair over the last a while. I didn't understand that he was married. I thought I'd let you know, even though I'm falsifying this, but I'm just gathering information I found in your social media. Yeah. What's going to happen when he calls home.
[00:31:24] She has all of this anger and then they can't be together. And all of a sudden it's a mind game. Like I'm not cheating. And she's like, I got a cough. I have the messages, I have this. And now all the psychological mess up in his mind while he's halfway across the world trying to do a job. And he's out in the battle space and he's trying to defend, you know, watch his buddy six and all this.
[00:31:45] He's distracted for a second because he's like, my wife's probably mad at me. She's going to leave me, she, to me home. Is she going to find someone else? And, and it's just, you know, you're only as strong as your weakest link and these are things that we need to train our troops before they go over. Have you had a conversation with your wife about this, about what could happen, uh, about, about, Hey, I love, you know, I, I just came back from Texas yesterday.
[00:32:06] Right. And I traveled to the states once a week. Right. I'm I'm in an airplane over a hundred, a hundred, a hundred flights a year, traveling to the states all over. I did a day trip to Reno, Texas, back to Reno or back to Texas and I'll go, you know, Chicago, Denver, and that's a week for me. Right. A lot of air miles, by the way.
[00:32:24] So, yeah. And actually I gave him away actually for Christmas a few years ago. That was like my Christmas presents in my family. Wow. But how are we having a conversation about, and I love, you know, I love the state of Texas and it's, it's awesome. Right. And so they're. Proud military state. And so you'll see a lot of the times like bumper stickers, maybe the wafer or whatever, driving saying, I'm a proud, I'm a proud member of a current deployed us army, whatever.
[00:32:54] And like, you're just telling me that your husband's deployed right now. And now you put a bumpers, it's just like putting into the world of, uh, about things about you. So things that we don't really kind of think about, right?
Travis Bader: [00:33:04] A little soccer bowl, dangling from the rear view mirror.
Nick Chernoff: Exactly.
Travis Bader: [00:33:09] A little picture of the family. Helping your family.
Nick Chernoff: [00:33:10] Yeah. Right. Yeah. I love that. And, and these are things that we need to start to train, you know, uh, I deal with a lot of, uh, police who are undercover. Um, I have a certain, uh, friend who is in a certain three-letter agency down in the states who newly retired, but he's, he's been undercover or he was undercover for a very long time.
[00:33:33] And he was sitting in one of my classes and, uh, He's at the very back and he puts his feet up on the desk and it kind of leans back. He's like, you want me to search myself on Google and online, man, I've been undercover for, you know, over a decade longer than that. And I said, you don't think I can find you online.
[00:33:56] He's like, you're not going to find me. And so we had myself and another analyst of ours in the room and I suite, and I said, challenge accepted. And so I didn't have time then, but that night I searched him and I found out where he used to live when he was deep, undercover, and different addresses and phone numbers.
[00:34:16] And so I sent it to him. I said, Hey, you know, he's now, you know, shaved head bald. And I said, Hey, I didn't know, you lived here during the eighties. You know, what, what does your hair look like back then? And he goes, how did he know? I lived there. Because it was a challenge and I wanted to find information on you cause it was out there and there in the states, there's a huge database of people, search engines, right.
[00:34:36] That are pretty robust. They are down to where you live, right. There's a website that, that if you want to search yourself, if you're from the states, mainly US-based website, it's called Spokio right. Many websites like that, you know, um, family tree now.com uh, all these other things. And, and there's information about you, even though you may not be on social media.
[00:34:58] So we need to train our law enforcement who are, who are deep, undercover, because guess what, if I identify who you are, I'm going to find information that may be blow your undercover, or it could be just a generic general duty officer. You could have your name badge right here. You could pull me over and I could be like, oh, officer so-and-so right.
[00:35:16] I could grab your last name. What's stopping me then from searching you online. And the next time you pull me over, I go, oh, officer so-and-so. I understand your, your kid goes to school down the street. Oh, your wife, wife works here. You really want to give me that ticket. And now they're in this predicament.
[00:35:33] Like, so we have to understand that, that it's not just maybe us it's maybe especially we're in a law enforcement type role or a military type role or whatever, even just even just bumping down the street or, and it seems somebody and, and, and, you know, then maybe figuring out what your name is or you're in line at a grocery store and your, uh, what's your rewards number for file.
[00:35:55] A lot of people will have their Starbucks rewards or, or grocery store rewards based on their phone number. Yeah. How many times are you blurted that out for everyone to hear everyone, everyone. Right. So we need to start to think about these basic things and not just for. For those that we love around us.
[00:36:10] And that's all, that's all understanding the, how much we can gather from that open source available information
Travis Bader: [00:36:17] Oh, like this idea has been around well Fort well, before the internet, it's just open source things that people can gather information on. I remember hearing stories, my grandfather, he was Vancouver police, and you would have people parked out front.
[00:36:31] And, uh, I remember my mom saying one time, he just dragged a guy in, from a car from outside, take him across the desk and started laying into him. I guess what you did back in the day. I remember as a kid, uh, we we'd get phone calls, even though were unlisted or my, uh, my grandparents had phoned up and they say, no, someone's looking for you.
[00:36:50] They're trying, they're trying to find you. So I give them your phone number, tell you where they can find them. There's always this. This sense of privacy that everybody needs and different people in more secure roles will need a higher level of, uh, privacy because of the people that they're going to be surrounded by.
[00:37:07] But in today's day and age, we're not really afforded that luxury of being able to say all my, my phone number is unlisted, right. Or I, when you're talking earlier about, okay, you've got yourself sorted, you've got your open source intelligence profile. You've Googled yourself and it looks good. What about your husband, your wife, your kids.
[00:37:31] And I've told this story before in the podcast. It was, I just did it for fun. I mean, it was at a lawyer's office, was doing some consulting for, and I was waiting while the private investigator was chatting with the lawyer and they're telling them all about how they can't find this one woman that they're supposed to be serving a warrant.
[00:37:48] And while I'm waiting there in the side room, I'm just kind of listening to him, the conversation that's I started typing away and I didn't find her through any of her own accounts, but I found it through her child's music teacher account. And I said, um, you know, if, if you go there next Thursday, at this time on swamp, she, a music teacher that's going to be, and they were able to find the person that way.
[00:38:10] So let's say you're completely squared away. How do you square away those, those data leaks or those privacy breach leaks at all of your friends and relatives might have?
Nick Chernoff: [00:38:23] You know, um, for me personally, I, when I first started this role, I was very, uh, I'm deleting everything. I'm going to get a new phone. I'm going to start over with a new email.
[00:38:35] I'm going to start on everything. And then really for me, I had to, uh, you know, I create a lot of burner accounts just to learn about it. But as I started to transition from fully investigating to now taking the information and doing training and development, I do have an online presence. Right. I I'm active, you know, and the biggest, the biggest one and the challenge for me was LinkedIn.
[00:38:57] Okay. LinkedIn is. Wealth of information on individuals. And I was very reluctant to have it, but because I was meeting and presenting to, to, uh, you know, groups of, of different agencies down in the states, different law enforcement, they're always like, Hey, are you on LinkedIn? Let's connect. And now it's kinda my way of connecting.
[00:39:19] So I had to I'm either fully in you're either full. Or full out. You're not just, you don't just have like a little bit in, cause you're in, right? You got a presence. You are no phone number, no, no email address, no social media. And even down in the states and uh, when you buy a house or, or when you get, when you do get a phone number, like there's, there's going to be listed to you.
[00:39:43] And there's a gentleman who's kind of a subject matter expert who I look up to in this field. Michael Buzzell, basil is his name. Yeah. He teaches people how to buy homes, uh, without having their names attached to it, or kind of disappear online. Right. Um, uh, Intel techniques.com is a great website for four.
[00:40:01] And I get no kickbacks or ties from that one site. It just, I, I I've learned a lot from him. So, so I w I want to share that kind of love, but. I it's just, you know, even, even right now, you're like, Hey, let's, uh, let's take a photo and you'll put it on your social media. Okay. That's great. Promoting the podcast, promoting the great work that you're doing, but are we going to take a photo with all your little key features of, of your electronics here?
[00:40:24] Maybe there's something on the wall that, that someone could zoom into. And, and I don't think people really realize that we're in the day and age where our kids and I've seen time and time again, how many kids are going into mom and dad's closet and finding their military or, or, or, uh, uh, law enforcement uniforms and putting that on or taking photos of, you know, maybe different things or posting online.
[00:40:46] But it's, it's having a conversation that we know kids will be online these days, your kids. Oh yeah. But you can be online, but constant communication, open dialogue to say, this is what mom and dad do for. And it may be cool to want to take a photo of the inside of our house or a photo of our car where you see a license plate, but I want you to start to think how can that eventually get us in trouble?
[00:41:14] And it's all about training and awareness. It's like, you know, when my kids go to school, they will be K I don't want their name. You know, if they're going to play sports, uh, I don't want their name on a, on, on, on the sports roster because all those rosters get put online. Right. And I know exactly. And I grew up playing junior hockey, university hockey, and I loved it back in the day.
[00:41:33] It was great. But now you search my name. You see where I lived at this time, you know, uh, where I lived at that time, all the information about you, my stats, how much I weigh, you know, how tall I am, uh, what my hometown was, because that's all information that is put out there. So, I mean, there has to be a balance, but I think at the end of the day, we're always going to be on.
[00:41:54] You find that small percentage that is not, and doesn't want to be, and doesn't feel the need to promote. But if someone else close to you, like when your kids grow up, are they going to want to be on social media? Probably. If they're not, they're going to be the only kids in class. And that's the biggest thing we get from parents is my kids, the only person in class who doesn't have a phone.
[00:42:11] Okay. It is. And, and you're a bad parent. If you don't get your kid a phone. Cause they're, they're, they're not communicating nowadays. Exactly. But there's nothing stopping that you can't consistently remind your kids. About the vulnerabilities of, of what they're posting and how they're posting it. And we see kids all the time posting from inside their bedroom, outside their school, uh, you know, everything down to their school uniform on just right away.
[00:42:39] I've seen Mo you know, uh, the first day of school parents are proud to send their kids to school and they hold this little sign in front of their house and say, you know, uh, first day of school, and all of a sudden you're saying, what school you go to, what your favorite teacher is, you know, your house address probably in the background.
[00:42:55] And there's gotta be a fine balance, but I think it comes down to just constant awareness that what's in the background of photo. What can we not put out there yet? Don't, we're not, we're going to go on vacation. I'm not telling the world I'm going on vacation. Many people will, right. Many people will be going away.
[00:43:11] Oh, great. Enjoying a great trip to, to Mexico. Great. Now I know your house is available to go into, so there's, there's, you're either full, inner, full up at the end of the day. And I, and I don't really have an answer to that other than just constantly. What about the other side?
Travis Bader: [00:43:25] What if you just inundate the web with false information?
Nick Chernoff: [00:43:29] Yeah, it's funny. It's funny that you say that because there's a lot of disinformation misinformation. Why? Because. I've possibly created accounts. Sure. What information that is fully, you know, I am I'm this height and I'm way this, what I really weigh this, or my hometown's here, my age is this, so yeah. Uh, you can either just fully inundate with misinformation about yourself and I, I, at some point someone's gonna be like, Hey, I don't really know that detail about this person.
[00:44:00] I'm sure. There's ways of finding it. I'm sure there's other people's search engines that maybe, but yeah. Inundate and I, you know, it's funny in our training, um, you know, I was in Texas, uh, someone was like, I searched my name through this platform that you gave us and everything's wrong. And I was like, that's not a bad thing.
[00:44:19] Do you want, do you want this to be accurate about yourself so everyone could see they're like, oh yeah. And so, yeah, that's definitely inundate inundate, right? If it's already out there because the internet may forget. It never forgets, right? There are third party websites, like, uh, the, the Wayback machine archive dot I S it used to be called Google cache data.
[00:44:40] Um, uh, a search engine based out of Russia called Yan decks. I've heard of that one. Yeah. There's ways of implementing your information, even though you may have deleted it off your accounts and figuring out what they have archive because they go and screenshot everything that we do the way back machine.
[00:45:00] Right. You're your use that one so many times, right? And, and your website is archived forever.
Travis Bader: [00:45:06] So good or for bad. I mean, you can, you can, I'll use it for good. I can go back and show how things were. Let's say 10 years ago where we've grown or somebody can say you used to advertise this. I'm like, did I, I can go on, on...
Nick Chernoff: [00:45:19] Yeah, So, so yeah, at the internet may forgive, but it never forgets. So if you have information out there and you're like, I need to get rid of this all I'm like, okay. So let's try to think of other ways. If the internet is full of your information, it's going to be decently easy to get it back. So you make a great point.
[00:45:33] Let's just inundate with everything we can, so...
Travis Bader: [00:45:38] So, let's say a school violence school shooting something's happening or how. How would your response to that be? Cause I think I kinda brought this up before and I was talking with Sonny from six sites and I kind of delved in. I said, I don't really know, but I think it's got something about setting up geo-fences
Nick Chernoff: [00:45:56] Yeah. So, you know, everyone was big in the school safety realm of social media monitoring. Okay. So you set up an electronic fence around a school site and you keyword monitor on a majority of social media applications. When someone mentions bomb drugs, gone fight, kill due to restricted access now to the APIs of Facebook and Instagram and Snapchat and Tik talk.
[00:46:18] You're not gathering the information on what once was available to you. Okay. So we teach it to it from, from our, we teach from a human standpoint of a human gathering information rather than a software machine generated report this fence. So each application is going to be different. So. When a school shooting happens, God forbid we have one of our analysts dedicated to, and this is mainly the one application that you can do it for Twitter.
[00:46:49] Uh, today I was training folks from around north America, uh, on how to set up an electronic fence on Twitter, around your school and keyword monitor. Anytime someone mentions bomb, drugs, gunfight kill, that can happen on Twitter, but for Snapchat, which is usually a one-to-one communication, it's a little bit harder, but there's a website called map.snapchat.com.
[00:47:13] You don't have to be logged into you can go online and there's hot spots in certain areas. So when the flooding was happening here in BC, I went on map.snapchat.com. There's going to be a hotspot over, you know, the Abbotsford area or certain areas. And you get a lens of, of people on the street, uploading Snapchats.
[00:47:33] And now you get to see those Snapchats that someone else has put out there. You're not going to see everything because you have two options when you're Snapchatting to send it to your friend individually, or upload it to your kind of, uh, my story or have it kind of sent out there in the world. So you're not going to see everything, but you're still finding data in every aftermath of a school shooting.
[00:47:55] The hotspot over that school is red. It is on fire with everyone in an area on their phones, right. Go to a concert, go to event everyone's on their phones. Everyone's posting, you're going to get some information. And so you're going to go on map.snapchat.com and you're going to see a lens of everything that's happening.
[00:48:12] The, the, and I was there about four days before the Vegas. All right. I was, I was staying at the Mandalay bay four days before when I leave. Of course, that's when the terrible act of violence happened in Vegas. Right. But when I was going on map.snapchat.com to figure out what people are posting, what they were actually doing was they were, they were downloading, every video was posted and they're actually building a timeframe based on when things were posted to maybe when shots were fired or, or, but they're all gathering it from, from, from social media who knew that we could go and find someone's posts to then build a timeframe of the incident that just happened.
[00:48:56] And, and, and on, on Instagram, right? We can, there's, there's just so many things that you can do with finding people. Uh, every image that I come across, right? A lot of times kids were having threats to schools daily, unfortunately, across North Korea. When a student makes a threat and post a photo of a gun, all you see in their social media posts is a gun, and they're like, don't come to school tomorrow, right?
[00:49:20] It's a pretty generic threat, especially the language analysis. Like there's no specificity in the language, but that photo of the gun is concerning. But if you conduct a reverse image search, which means you take that photo 10. Exactly. And that's a website we use or Google images. If you upload a Google and Google images or into bing.com, uh, the image section or even Yandex it'll scan.
[00:49:44] And I, and I want you to start to think of Google, Bing, Yandex tonight. They're all different businesses. They have a different way of, of indexing their, their, their images. If you upload that gun photo to Google being Yandex, uh, whatever I, and it comes back with. Yeah. We also found this image being hosted multiple other places on the internet.
[00:50:05] Well, a possibly for that threat, it just went down and we're having school districts shut down, schools alone. Just on that threat. Don't come to school at Memorial. Here's a photo of a gun. That's, there's a lot more factors that need to be taken in consideration if there was specificity in that language.
[00:50:21] And there was that image came back like zero results. I'm like, okay, we either, we have a concern here. Right? And even something as simple as, as, uh, ensuring police know that regardless of what you do on social media. So the big idea, you know, from parents to, to educators, to schools is, oh, I deleted that post.
[00:50:43] You did on your profile, but you don't think Facebook or Instagram or Tik TOK stores, still everything that you've done, every private message you've ever sent on social media, regardless of you delete. Law enforcement can get back. Right? Right. You, as a user of Facebook can actually, whether you use Facebook or Instagram or any platform, you can actually go into Facebook through your settings, request everything that Facebook has on you.
[00:51:14] Right. It's going to give you an and I was blown away when I first did this. Um, I requested information on Facebook, on what they had about me. And I've used Facebook for over 10 years. My Facebook account now is dead empty. I'm like, I don't want anything. I don't use it. It's, it's mainly to keep track of friends around the world.
[00:51:32] So I said, well, there's nothing on my profile. They, they probably don't have anything. And boy was I wrong. They had every photo I've ever liked. Every, every private message, every photo uploaded, every video uploaded, every place I checked in, they even had all of my private messages and every contact in my phone.
[00:51:49] Because when you download an application at
Travis Bader: [00:51:51] one time, you may have given it permission or at one time it didn't need permission. Did it?
Nick Chernoff: [00:51:55] Exactly. Think about the apps you downloaded? People were just like, okay. Okay. Okay. I just want the app, but right. Why is this app asking for access to my contacts for convenience to go through your phone, to figure out who else has the app?
[00:52:10] So you can add them as friends saying, oh yeah. Uh, you know, Nick from your contact list also has Snapchat. What'd you like to add them as a friend? It's cause we're in the generation of, of, I don't want to say being lazy, but jeez convenience. Exactly. Right. It's for convenience rather than for security, but the minute you allow an app access to your contacts, guess what?
[00:52:30] They have their context. So some of the three-letter agencies that I'm going down and I'm keynote presenting at. And I tell them that they're like, Do you know how many people in our phone are some quite high up individuals in the intelligence world. And I'm like, yeah.
Travis Bader: [00:52:46] I do and now so does everybody else who's got access to that.
Nick Chernoff: [00:52:48] Exactly. So there's, there's vulnerabilities there.
[00:52:51] So just things to think about at the, of the day it's awareness, there's actually a great, uh, there's a great few documentaries online. I listened to a podcast called, called reply all it's a tech based focus podcast. Uh, there's a great Netflix documentary called the social dilemma. If you've ever seen it on Netflix, it just talks about how these applications are really businesses, manipulating everything we do daily huge, right.
[00:53:15] And their algorithms and the way that they're doing things.
Travis Bader: [00:53:18] So we're getting a dopamine. Exactly. Whatever we can do to trigger that and keep people on it.
Nick Chernoff: Exactly, so...
Travis Bader: Well, what about that Netflix one with the, uh, the cat killer.
Nick Chernoff: [00:53:27] Oh, don't F with cats. So that's actually a funny that you bring that up. Um, our organization actually just previous to my, myself coming on, dealt with that because what they don't share and I hope I don't get in trouble for saying this, what they share, what they don't share is, do you remember where they sent, uh, the body parts to,
Travis Bader: [00:53:50] yeah. One was a school year in Vancouver.
Nick Chernoff: [00:53:52] Did they say that in the, in a doc? Okay. I didn't know if they said that, but yeah, that's why we were involved and they send it to a school here. They sent it to the politicians, but, but everything that, those that, that I can't remember her name and the other gentleman, same where there, you know, what's the street pole look like in Montreal and they're going on Google maps and here's a gas station and the view up like that.
[00:54:12] Open source intelligence. That's what I'm doing daily. That is actually probably one of the best documentaries that you can watch to really understand how, you know, things that you have in front of you can lead to finding you like the wall sockets. Uh, I think on one photo where like that's not north American, that's European and right.
[00:54:31] And things like that. That's everything that we're doing and that's open source intelligence to, to,
Travis Bader: [00:54:37] so there's going to be some computer algorithms you can run through. That'll be just AI learning. You can say I'm looking for, I mean like apple has it with your photos. You can say a boat, you can type into your search.
[00:54:50] It'll show you all the things that was a boat in there. It's like, wow, that's pretty good. Do they have the same sort of thing for, uh, more of an open source or for search of these things? Or?
Nick Chernoff: [00:54:58] There was a website that I think just became paid. I only think it's actually a few dollars. I think it's called PIM eyes, PIM, PIM eyes and you can run a picture of your face and it actually scans the whole internet. And I did this on myself and I was like, okay. You know, I always test things on myself or, or work colleague first. And I was like, oh my goodness. I did not know that photo. It was like, you know, when I was like super young, you know, they, they have photographers at the club and, and I'm like 21.
[00:55:27] And they're like, Hey, smile for the camera. It's going to be put on our, our promotion website. And I'm like not thinking about it at the time. And, and I'm like, they found that photo from like 14 years ago, know that photo, right? There's, there's many photos, there's many photos that are out there and, and, um, Yandex, a Russian based search engine has great facial recognize.
Travis Bader: [00:55:56] Facial conditions is insane that we have out right now. That's publicly available that we have. I remember watching a, um, uh, I think it was a documentary or it may, could have been a, uh, just a quick, uh, news clip on it. I think it was over in China and they had a guy and he said, okay, cool run. You probably know this one better than I do.
Nick Chernoff: [00:56:18] Are you talking about the social score that they have in China? Are you talking?
Travis Bader: [00:56:21] Oh no, no, no. They said, okay, we're going to try this. We have however millions of people over there and we'll see how long it takes to find them. And we're going to give them a headstart, go run mind you. They also have cameras everywhere, too.
[00:56:35] Right. And through facial recognition and this guy, he was gone. They give a big head, start, click, go thing turns on. And it didn't take any time at all when they found the guy.
Nick Chernoff: [00:56:45] Yeah. And that's, that's the. Oh, it's I look it on, on both sides. It's like, Hey, at what point is there the privacy to, to the monitoring of citizens, to the big brother and everything is talking about.
[00:56:59] And I mean, I truly believe that if we were just to have no agencies monitoring what we're doing online, there's going to be issues happening. The reason why there's certain agencies, you know, possibly, as I say, big brother is because, well, it's really their job to keep us safe, but
Travis Bader: [00:57:19] we've elected people in.
[00:57:20] Who've hired people to keep us safe and
Nick Chernoff: [00:57:22] yeah, and it's all information we're putting out there. And the facial recognition is absolutely insane. And, and, you know, I was just talking about this, the social score in China, uh, you as a citizen spit on the ground as you're walking jaywalk, uh, you, um, do things that maybe don't make you the best citizen.
[00:57:43] This is. This is actually black mirror. This is a black mirror episode, but it's happening in real life. You get a social score, your score goes below a certain amount. You are possibly banned from flying or buying this or buying that. And it's all based on trying to keep it citizens in line in line. Right.
[00:58:04] And that is a black mirror episode.
Travis Bader: [00:58:05] That just gets scary. I mean, all of it, all of it, the farther we advanced it to this gets. And get scariest like Ilan. He talks about artificial intelligence. He says like, that's one of the most scary things around. They should be a, a, an oversight body to watch what we're doing.
Nick Chernoff: [00:58:22] there was.
[00:58:23] And I just, I read this in the news and I, in no way have had time to follow up with this. Um, but they were saying that there was an, uh, a bot that they created artificial intelligence and it actually. I don't know what it did is it spent some time online or it, it, it fed it some, you know, forums to look at.
[00:58:41] And they said that the bot actually came out to be a little bit racist and homophobic. I remember, you know, the AI is just there's. We always hear those horror stories and what's that one with will Smith, right? Where I think that's camera, what it's called. People are probably screaming into the mic right now.
[00:58:58] Maybe it's that movie, but yeah, it's, it's the world. And, and, you know, I travel a lot. I'm I'm I was just spent a week on the road and, and some days I'm gone for three weeks, some days I'm gone for a month, some days I literally just go to the states for, for a day and a half, right. Over a hundred flights a year.
[00:59:14] And a lot of the time I'm like, Hey, I have to pay bills. I have to, I have to, you know, log into different accounts when I'm on the road. I have to, uh, people are probably going through the airport. Rushing logging into their banking on the open wifi in the, in the, in the airport, sending some money to an account, paying their bills, not even thinking about it.
[00:59:33] Somebody could be going to a Starbucks and, and sitting down at the Starbucks, connecting to wifi and logging into passwords, checking their social media. But what I could do if I was nefarious minded, nefarious minded is by up, what's called a wifi pineapple, right? I could be sitting in my truck, literally in the parking lot of Starbucks, I could be plugging it in and doing my thing.
[00:59:56] I can have my computer going. I can name my wifi, pineapple Starbucks. You're going to see possibly two Starbucks pops up, but the amount of people that go through there, they might just click the first one. And it could be mine. You're connected to the internet, but it's connected to me giving you internet, right.
[01:00:13] Or there's multiple ways of doing this, but it's essentially kind of. Key logging, right. What you're doing, what passwords you're putting in. You may be thinking you're just checking Facebook, but really I'm actually seeing what you're doing in the backend. So, you know, I always suggest, you know, you're using a VPN or definitely, definitely do not.
[01:00:32] Like when I go to my hotel and I live in a hotel for like a week, I gotta go, I gotta do my banking on my computer. I hotspot off my phone or I'll just do it off my phone. I'm not connected. Exactly. Right. So little things like that, right. Where we need to be aware of.
Travis Bader: [01:00:48] Do we know if so key logging? Of course, if I have a direct key logger, I remember years ago I had, when he could plug in the computer, plug it into the, in line with your, your, uh, keyboard there and every keystroke would be locked.
[01:01:01] And then you can key log through programs and like monitoring or specter software type type things that you can install. But yeah. If you auto-populate a password, something that's stored from your key chain.
Nick Chernoff: [01:01:16] That's a good question. I wonder that's a good question. And I, that is actually a really good question.
[01:01:21] I...
Travis Bader: [01:01:23] because if they're using a has to, um, I guess it depends on how it transmits and how it goes.
Nick Chernoff: [01:01:29] I, I want to say no because you're not actually putting a password. It's just auto-populating but I, I couldn't, I couldn't confirm or deny that I never, and by the way, I never tell anyone to, you know, save your passwords on your devices.
[01:01:42] Like if I have your computer right now and you're like, huh, go to the washroom. Uh, you know, if you're bored, just go on my computer. I can go to the settings on your internet and figure it out. Accounts you have saved your passwords for, and then get into actually open up your passwords through your browser.
[01:02:00] So I had actually a work colleague. Uh, he used my, I was away for like a week. He came up from the states, uh, sat at my computer. He logs out of my email logs into his. Okay. Right. And then I was like, I was like, there was someone else logged in and I was like, so I go through my settings on my computer. I figured out, uh, the account he used and he actually had saved his password because he was like inspector tools.
[01:02:24] No, it's actually through your settings, it's through your settings on your browser. Uh, because when you, auto-populate a password, you go save password stars, right? Yeah. It shows with stars, but in the backend settings of your internet, you can actually view your password that way. So I, I messaged him. I go, Hey man, uh, use my computer.
[01:02:41] He goes, yeah, thanks. You know, I know you were gone. And I said, and I just shut this password. And he's like, excuse me. And I said, you know, a clear, clear history before you leave. Yeah. Um, and, and don't auto-populate and save your passwords, right? That's for convenience rather than for security. And, and sometimes you'll need to know the password to the computer to do that, but just little things like that, right.
[01:03:03] You go in, uh, the, the best, the funniest thing is, you know, I got to go get a new phone, uh, tomorrow. I guarantee, and this happens every time I'm at an apple store, you get, uh, you get that mom and dad running around, getting their phone, you get the kid at one phone, testing it out, but what does he do? And he's logging into his Facebook or his Instagram there.
[01:03:22] I need to save it and keeps it open. And I'm like, okay. Right. Like, so yeah, you gotta, you gotta be mindful on what you're doing and logging in and into what, what devices. And so these kids just, they just want to check their Facebook or social media, but then it's logged in and maybe all your personal, and so, yeah, don't auto save your passwords essentially as well.
Travis Bader: [01:03:40] You know, I guess it's less on the open source side when the people start going in, in that area. It's just human error, right? Totally. Yeah. I remember I had a, um, there was one law firm that I was doing some work for and a, they called me up and they said there's, uh, a woman came in and she was having problems with her husband, wanted to divorce him.
[01:04:01] And the lawyers do the first thing that lawyers typically will do is pour a lot of cold water on you. Right. Try and get some, some common sand syndrome. It's going to cost a lot. It's going to be a difficult process. It's gonna, anyways, they go through this whole thing and she says, well, I got money and she pulls out a can, so big wad of cash inside here.
Nick Chernoff: [01:04:21] Like, like an actual, like paint cans, tin cans. I think.
Travis Bader: [01:04:25] Yeah,from what it was relayed to me, it was like a soup can or something. Right. And what if a cast, like, where'd you get this? Oh, my husband, he's got a whole bunch of these. Right. Okay. What's going on? And he started digging a little bit anyways, say, um, I, uh, they contacted me on, on some of the work that needed to be done.
[01:04:44] And then I spoke to some of the security agencies that we do work with and they just needed to do a detail on, on the individual and the place. Of course she gave permission. They go in, but the. Everything, uh, thumb drives and it tells you what's been put on, what's been taken off, uh, there's uh, little tidbits of information with data timestamps, your toaster, right?
[01:05:08] Like everything that they can, they go in there and they securely properly image these things. So that's a little less on the open source, but from a privacy standpoint, um, also I guess, knowing who you're with right. Would be, would be a good situation or your buddy there goes, luckily you're honest. And you tell them like, look, don't, don't use your password like this, but that's a, uh, it does bring up a really good point.
Nick Chernoff: [01:05:34] So, Travis, you, you, I thought about a story here because do you ever, what do you do with your phones when you, when you, when you get. And you may be different for, you may be different than most so, but everyone else thinking, I guarantee you, your folks listening, they're like, well, that's a 500, $700 phone.
[01:05:53] I'm going to resell it. Yeah.
Travis Bader: [01:05:55] Nope, not not one. I can show you where they all are
Nick Chernoff: [01:05:57] and I'll show you. I have probably 50 that, that phone that has to go back to work and I'm going to be like, ah, we should just, you know, because criminals were going to like garage sales or, or buying fax machine. Think of when you think of your fax machine or your.
[01:06:14] How much personal information you are sending through that,
Travis Bader: [01:06:18] your scanner and fax machine, they are so poorly encrypted for the most part that you can pull that data off. Yes. Yeah.
Nick Chernoff: [01:06:26] So I sell my phone. I plug in, I buy for 10 grand, a celebrate kit. Okay. Celebrate a lot of time. Law enforcement will use that to extract data off devices, right?
[01:06:38] Every photo that you take on your phone, even though you delete it can still possibly be extracted. There's. There's a lot of information. I sell my phone to the wrong person, even though I factory reset it, there's still ways of possibly getting back that information. And I have a good friend of mine.
[01:06:53] Who's also with me in, in, in certain, uh, with the , uh, influenced activities in, in, uh, here within the military. That's what he specializes in. Right. And, uh, so you plug in this celebrate. And criminals, we're getting information from facts, scanners, and, and now they're, they're exploiting people who have, you know, just want to get rid of their equipment and make money off of it.
[01:07:18] But unbeknownst to these individuals, these criminals are getting some pretty sensitive information. Think of all the checks, all the documents, all the information you scan, think about contents on your phone, and now you have these individuals extracting all that data. Well, okay. Back could crumble a business
Travis Bader: [01:07:34] from what I understand, I, and maybe law enforce is going to have different tools, but the I-phones particularly now every generation that comes out a simple factory reset on that can, can be very, very difficult to retrieve any
Nick Chernoff: [01:07:52] information.
[01:07:52] Yeah. And that's, and that's something that, that is definitely, if you're going to sell your phone right. Factory reset it. I, uh, It is going to be, it is starting to be a lot harder. Um, the iPhones are getting very, um, very privacy focused. I mean, even, even back to the San Bernandino shooting though, uh, I, I, they couldn't get backdoor access, so it wouldn't give them no, because that's a, that would be bad on their end for all users.
[01:08:23] So they had to go to a third party, which eventually kind of got through. And so, yeah, there's, I mean, there's always ways of getting through to things or information, depending on how much money you spend on these celebrated kits. But, you know, the basic thing is I phones are, are definitely a great phone, uh, your apple computers.
[01:08:39] Um, but
Travis Bader: [01:08:40] The computer, however, because we've dealt with a few of these X years, a company here locally, TCS forensics, parent used to own it. I believe he sold it now. Um, anyways, we've worked with them on some files and, uh, We had, I remember one in particular fellow wiped the, uh, the computer then through a bleaching software on there, but there's still a lot of information that can pull up.
Nick Chernoff: [01:09:05] I I'll tell you right now, like w hopefully work, lets me keep this phone and dispose of it on my own. Like, it's, it's going to go in the microwave or it's going to go, uh, you know, uh, I'm gonna have a bonfire on the weekend. It's going to kind of go in there. I going to get rid of it in, in a, in a certain way.
[01:09:20] I'm never, never going to sell a phone. And a lot of times it's $500 you could get from that. But...
Travis Bader: [01:09:27] What's $500 in the grand scheme of things?
Nick Chernoff: [01:09:28] And don't get me wrong. It, no one may do any harm to it. Like some kid could buy it. They're like, yeah, I just put my, get my SIM card, do this, but who knows? You don't want to be.
[01:09:38] It's like winning the lottery. It may never happen, but this is the lottery you don't want to win. Right.
Travis Bader: [01:09:43] So with open source, I guess, whereas looking at before, we're talking about artificial intelligence and learning software to be able to help scan. But when we talk about the don't F with cats, that's just lots of people out there, or with the Shiloh buff one with the, uh, this is a lot of people on Reddit looking at, do Osen agencies rely on crowdsourcing information.
Nick Chernoff: [01:10:08] I'll tell you right now, when a shooting happens, I have somebody monitor Reddit for Chen eight con there's another site called Kiwi farms, because especially on Reddit, there's almost like a, I like to call it the Reddit bureau of investigation. It's, it's probably a bunch of individuals that you would picture, you know, drinking mountain Dew and mom, and dad's basement with a lot of time on their hands.
[01:10:33] Yeah. It's just, but these, oh, I've met some of these individuals who are just. Geniuses. Yeah. And so this one analyst may not think they're doing a lot, but I say scan that like, just keep refreshing these forums because these individuals, kids, adults, they're just bombarding these pages with everything they're finding it is we are just relying because we have our analysts doing the same thing and we're finding the same and maybe more, or maybe not enough, but I say, you will sit and refresh this page for the next few hours and you will document everything you find, even though we may have document over here, but there is going to be information that like literally when the name of the shooter is announced, people are going to their page.
[01:11:17] They're finding the killer's profile because within no time at all, Facebook, Instagram, they're deleting these, these people off. They're also applying upload to the archive. Exactly. Right. I remember when I was investigating and working at the, uh, uh, the Christchurch New Zealand shooter. Right. Okay. My job was to find the manifest.
[01:11:37] That's that was my sole job. I fist scanning these forums. I found it on this, the, uh, Kiwi farms going to the link. It was literally linked to this one, this one page, um, for no time at all. And I got there just a little bit, not fast enough. So I'm like, well, okay. It's. It's not hosted there anymore. I found a link though.
[01:12:04] So what did I do? Put that link way back machine way back machine. What they did is is they, they screenshot everything on the internet and they noticed that there was a lot of individuals going to this, this one page. So it must be important that you read of themselves there. They had screenshot the whole amount of Festo and I'm getting content back, but I relied on someone posting the link to it from a crowdsource page, like this thing.
[01:12:27] So yeah, we are definitely using it. And I, and I guarantee police are doing the same thing. Other agencies are doing the same thing and it would be silly not to, it's like having someone do the work for you and, and there's some smart individuals out in this field. So yeah, Reddit and all these different forums, I'd be careful on the four channels and the eight cons.
[01:12:44] It's really the cesspool of the internet. Not, not good. Content goes, they're kind of more, more to read it, but yeah.
Travis Bader: [01:12:51] Um, I think it was called a Cicada. There is a, uh, there is a picture that went out on the internet. One. And anyways, they, I, I think it turned out to be a great big online puzzle and they're trying to, they're hiding clues within information and they just go in behind the picture.
[01:13:11] They look at the metadata, they find something and they ended up working themselves all the way, all the way around the world to try and solve the I'll put a link to it, a cicadas, something really interesting sort of thing. But it kind of reminds me about, uh, this whole crowdsourcing effort for, for intelligence.
[01:13:28] And when we talk about these guys who are drinking the mountain Dew and in mom's basement, man, I don't know, they got the time on their hands. They can do some devastating thing. With a little bit of knowledge and time. Yeah.
Nick Chernoff: [01:13:42] And that, and that's it they've, you know, they have, that's what they dedicate their lives to.
[01:13:46] And they have a lot of time it's just passionate to them. And, uh, if you're not relying on crowd source data for sometimes these intelligence gathering, then, then you're missing key pieces to the puzzle. Right.
Travis Bader: [01:13:58] So here's one, uh, maybe just a little bit off topic, but a more of a personal thought on it would be.
[01:14:05] You talk about in the military. And I believe recently in Canada, we had a, a news announcement in regards to COVID information that was being released. Did you read any about that?
Nick Chernoff: [01:14:17] What specifically?
Travis Bader: [01:14:20] I believe that was specifically stated that, um, it was, uh, uh, IA measures were used in order to gain COVID Compliance. COVID vaccine.
Nick Chernoff: [01:14:33] Again, I didn't read that. I thought you were referring to something else that happened out East. Uh, but, uh, I
Travis Bader: What'd you read back East, this sounds more interesting.
Nick Chernoff: I don't know if I, I don't know if I want to bring this up. It's a certain issue that happens, uh, in, uh, in more of the east coast of Canada.
[01:14:55] I'll leave it at that. Uh, but yeah, I mean, I think every single day when you and I are influencing people's activities, the news, the, the people you meet on the streets, um, and, and whatever way you look at it, it could be, how do we get the most amount of people vaccinated so they can be kept safe and, and maybe there is a component to it.
[01:15:20] I know that the Canada's, uh, Canada doesn't do. That type of work on our citizens. Doesn't do that type of
Travis Bader: [01:15:30] I think that's what the news release said was that they actually did. And I don't know if it was a bit of a training exercise to see how effective they could be at it or what all the details were, but it was, it was plastered up in a bunch of different plans.
Nick Chernoff: [01:15:41] I don't know if I want to speak, speak specifically to that. Cause I don't know full details. I may know what you're referring to, but you know, um, you know, every single day we're, we're, we're being manipulated. Um, you know, I, I even, um, I even was applying for a job once and I figured if I'm going into this interview, they know about me.
[01:16:09] Why not figure out what I can about them. Right. And so, you know, through some basic searches and figuring out maybe who the hiring manager is. W I want this person that liked me. I want this job, right. If I come to you and, and, you know, even, even coming out in him, he going out on a date on the weekend, or you're going to, what's stopping me from going into an interview or on a date or whatever to search for that, that hiring manager to figure out his or her likes dislikes.
[01:16:39] And maybe I just spend my conversation a way to say, oh yeah, you know, what do you like to do for fun? I just bought a boat and I like to go boating. You want a boat? That's, that's crazy. And you're just starting to relate to somebody and you get back into this more social engineering aspect and biohacking.
[01:16:53] Yeah. And, and there's, you know, there's some, there's some great, um, great individuals that I follow on Twitter. And on different forums who specialize in, in, in social engineering, biohacking, uh, open source intelligence and, and, um, you know, I'm always learning from them because they're coming out with new techniques and tactics.
[01:17:14] And, um, I think that's the biggest thing is you're ever interested in, in this type of field. Type in online, you know, open source intelligence techniques, what is social engineering? And you're going to be like, that's social engineering that if someone did that to me and I didn't even realize it
Travis Bader: [01:17:31] It sounds nefarious, and it can be used for nefarious means, but it's not necessarily a bad thing.
Nick Chernoff: [01:17:36] no, not necessarily.
[01:17:37] And I, every, every job interview that I'm going into or every, Hey know, possibly a new client I'm meeting, I'm, I'm searching them. You better believe I'm going to search them online to figure out who they are, uh, uh, you know, what they're about and what their interests are. So maybe I can just even connect with them just that much more.
Travis Bader: Right.
[01:17:55] All right.
Travis Bader: [01:17:57] It's smart. I think it makes sense. And we have the tools and the ability to do it, to not use that I think would be a. A little foolhardy.
Nick Chernoff: [01:18:04] Yeah. And you know, I think we have a lot of catching up to do with our, our, uh, different agencies to, you know, going into the RCMP Depot training league. It's important for them to be.
[01:18:15] And I don't know if they do, I'm not, I'm not a member. And I can only imagine they're, they're playing catch up, but training these officers in depth that you know, what you're doing online can come back to haunt you. What you're doing online. Hey, like I always, I always have, uh, when I'm talking to parents and the parents are like, yeah, my kid wants a phone and wants to do this.
[01:18:33] And, or even kids come and talk to me and say, you know, I really want to be a law enforcement officer when I grow up. I said, that's great, very rewarding job, but what are you doing now? So when 10 years comes up and you're in that undercover role, something you're doing now, doesn't come back to haunt you.
[01:18:48] And they're like, I didn't think about that. Right. And it's always, what's, it's always kind of way back in the day, we would make one mistake and there's been, you know, politicians or individuals going into, into that politics. Who've done something like 10 years ago, but we know the opposing party is going to find it and they don't even run because they're like, oh, it's gonna haunt me down the road.
[01:19:07] And we've seen that happen through different Paul Paul. I know I was just going to say it, you know, it's happened to some people, right. Uh, to, to, to some individuals in various political roles. And, and I always like to say. You're going to make mistakes. If you're online, you're going to make mistakes, but let's just hope that mistake doesn't come back to haunt you down the road or, or being used in a, in a bad way.
[01:19:33] And I, I shared the story as well with, uh, you know, how important it is to train your kids, right? Talk to your kids about what they're posting. There was a family on vacation and, uh, and I guarantee, and then for those of you that are listening, if you have your own kids, ask them, ask your own kids. If you, if they know everyone in their friends list on social.
[01:19:54] Um, your, your kids are gonna come back and maybe lie to you and say, yeah, I do. But if they have like hundreds of kids following them and they're like 15, 16, like, do we really think our, our kids know, like really know every single one of those, those kids in their friends list. So there's a story of a family they're going to Mexico.
[01:20:11] Okay. So mom and dad take family and a few of the kids in it and ACU the kids, friends, and another couple, they go on vacation and parents that are just there to drink my tea. I sit on the beach and have a good time, right? Yeah. What are the kids doing? Well, I want to get to the resort. I want to take a photo.
[01:20:26] I want to show to my friends that I'm on vacation while they're at home. You know what they're doing, whatever. Um, and so the kids rush, they start to post online. And a few days in one of the kids receives a message from a, a boy that she's had in her friends list for her for years, but never actually met them in real life.
[01:20:45] And this boy. Oh, my gosh, you are you're in Mexico right now. I was there last year at this time. I've actually, I still stayed at the exact same resort as you and, and down the road, you should try ziplining at this one place and rock climbing across the way. And there's a sea doing place down the road.
[01:21:03] And that is I'm so jealous. We just couldn't afford it this year and take tons of photos. And when you get back, maybe we should finally find time to hang out. And the girl's like, oh, wow. Like, yeah, for sure looking kid, let's go hang out. And the boys like, well, what are you home? I'll make time. And put it put time aside to make time for you.
[01:21:21] And then the girl's like, I'll be home Saturday. I can't wait. Yeah. She goes back. They invoice, enjoy her vacation and they come home Saturday. Well, rested go in the door only to find that their places been broken into this kid. Even if he was a kid. Never been to the resort, sees a photo of him at the resort.
[01:21:42] What's a quick Google search. What's cool in the area. Right. And just sharing things that he's probably reading on like different reviews, but really just wanting to know when you're going to be home. I don't care about you. I don't want to meet you. I don't care. I've never been there. Right. So things like that.
[01:21:56] And, and you want to go on vacation posts when you get back, do you do things like that? Your kids are going to want to post because they want to prove that they're having a good time. But yeah, we gotta be careful on those types of things.
Travis Bader: [01:22:06] So this, okay. There's a, a Twitter post, a went around one time. And, uh, I dunno if it was a stage comical thing or what, but this guy he's like, oh, look at how much weight they've lost.
[01:22:16] Right. He takes a picture of the scale. Right. Then the next day you see. Ah, shit. How do I delete a post? Cause he stand on the scale, making his reflection in the glass, but I, I guess from the comical side, I, what if somebody goes out there and they put something online and they're like, oh shit, I didn't realize that there's stuff in the reflection.
[01:22:34] Right. Or whatever. Um, obviously the internet won't forget, but are there some quick go-tos that people should be looking at at sort of like maybe tidying up things that they shouldn't've put up there?
Nick Chernoff: [01:22:47] yeah. And you know, if that guy like literally right away, was he, he posted within a minute or two later, he deletes like chances are, there's going to be very minimal people to see it.
[01:22:57] Right. But maybe he, like, he posts the gym, he does his full hour and a half workout and he comes back with all these missed messages and he's like, uh, awkward, um, Who knows how many people that saw that are going to screenshot. I like that's, that's comical.
Travis Bader: [01:23:15] That's right. You screen shot it and you share it with everyone.
Nick Chernoff: [01:23:15] You're going to screenshot it.
[01:23:17] It's just, it's just human nature and how easy it is to screenshot. Um, I always tell kids and there's a, there's a, uh, actually I was investigating a, uh, a kid in front of a school, um, who had a gun in front of the school and I didn't know what school it was. And so what do I do? I go to Google maps, do that little street view.
[01:23:42] I figure out the, I knew the community, but there is like 10 schools in that community an hour and a half later as I'm circling every school. So I have the photo up on one screen. I have three monitors. I have the photo of one screen and I'm literally going Google maps around the photo to figure. Okay.
[01:24:02] That's that looks like the school. There is the, the playground that's the school. And so we go, we get security footage. We figure it out from there, but you can probably hide your hide. Uh, and I give another story. A, a young girl had her, her mom. Okay. Got like an old school Volkswagen beetle. Okay. She is posting on the, on the inner driveway sitting on the vehicle, like look at the, look at the karma, just Scott, but she's posting on the street.
[01:24:33] No, no house riders in the background, but she lived on a corner and on the corner on her lawn was. Street signs at the top. So I take the street signs, I plug it into Google maps, spin it around. And now I have the front door of her house. Right. So, you know, we have to think about, you know, what are you taking a photo of?
[01:24:52] And I literally just takes a few seconds. What's. What's on the table. Like during COVID we saw a huge, huge increase in people just wanting to take photos of their, with their home setup. There was a, a teacher who took a photo of her, of her desk. She got a, she had it, she got a kitten. She, she fostered a kitten during COVID and, uh, you know, it didn't have a home to go to, and it was at the shelter.
[01:25:16] So she's like, ah, y'all foster this kid. She takes a photo of her desk, but off the side where a few log-in usernames and passwords. And so she sends it to her class. It's literally an elementary school, like grade six or seven class. She goes, I can't wait to share with you on zoom, my cat and the kids.
[01:25:33] Like, what is this? Kid's like, I don't care about the cat. I see the passwords where they're supposed to logs into the calendar. It just takes a second. Right. There's there's ways of, of, of going onto your social media and actually going to the back end through inspect element, extracting the photo and possibly getting a higher resolution of that image.
[01:25:48] So yeah, I see kids all the time where blur out your license. Because, especially in the states, I can run your, your license plate through various license plate readers to figure out information about your, your plates are what you, uh, here in Canada, it's a little bit different. What's in the background.
[01:26:05] Like I could take a photo of you right now, but over your right shoulder, there's, you know, possibly your, your business license to the back, or I could zoom into just it's situational awareness, but what's in that photo, that's going to give away information about you
Travis Bader: [01:26:17] Slow down and have some disciplines.
Nick Chernoff: [01:26:21] We're so fast to do things in it, put it out there and get the likes and comments and validation. And, uh, you know, adults could be just as bad for this. And, and it, it really just takes that extra second. Uh, I love my mom because you know, when I'm doing remembrance day, when I'm doing certain things, like I don't, I don't want her to post photos of me in uniform.
[01:26:42] Because God forbid I ever have to go and deploy or do something she's in connected to me. And I don't want her, you know, just in unified, just maybe just don't want it on hers, her profile. And so she, I love her and what she started to do this, she actually, um, she sends me every photo. She wants to upload it.
[01:27:00] She goes, is this okay to upload? Like, it's crazy. And I'm like, oh, I'm like, bless your soul mom. Like, this is awesome. And she'll she'll and I'll be like, Hey, just look out for this. And she goes, oh my God, I didn't even see that. Right. There's like a sticky note off to the corner. That's like very blurry, but zoom in a little bit and make it out.
[01:27:17] It's just, what's around you. Right. So yeah, just take that few extra seconds to just think slow it down. Yeah.
Travis Bader: [01:27:24] A lot of information. And I know we're just scratching the tip of this. Is there anything that we should be talking about? Is there anything else that we haven't talked about that we should really think about getting it.
Nick Chernoff: [01:27:35] Yeah. Yeah, that's a good question. There, there is a lot of information and really it comes down to, I mean, some of you could be listening and be like, well, the cast is great knowledge, but like, I don't have the time. I don't, I don't have, uh, I have so many things going on already. And I, I think it just starts with having a conversation with yourself about how you're going to better protect yourself, having a conversation with your kids, significant others, depending on what role you're in, uh, what your job is, uh, having a conversation about what they're putting out there for me.
[01:28:02] Um, I, I, I have an iPhone. I text my friends, but I also use apps like signal. I use an app called confide depending on the conversation I want to have with sometimes people around the world. Confide is one of those apps where I message you to read your message. I actually have to scroll down the screen and every line disappears as I scroll past the next line.
[01:28:28] Interesting. When I want to reply to you, there's no constant thread. If I want to scream. You only get one line. I get nothing. So I get kicked out of the app, right? When I go to the grocery store and I, they say, what's your number for your store rewards? I don't give them my Friel phone number. Right. I have some, I have a, I have a fake number in my head that I use.
[01:28:51] And then I'll go from there. I mean, yeah, there is a, still a vulnerability with that because maybe some, maybe someone else could use your number and they say, you know, what is the name behind it? And maybe the, so you just also be careful situation awareness. When I go into a hotel, I spend more than enough time in hotels.
[01:29:07] I have a card I carry with me because every time I go to a hotel, they ask welcome, sir, uh, you know, welcome to this hotel. What's your name? And or email or phone number for records for your file to look you up. Right? So on this card, I have three lines, my full name, my phone number and my email and I place it, I place it down and they say, okay, thank you.
[01:29:30] I take it back after when they give me a room key and this has happened many of times, there's a big line of people that are like, all right. You know, and I'll say, please, don't say my name out loud. Not cause I tinfoil hat wearing individual. I just, I don't know. Who's behind me. Right. I then say when they're about to give me my car, Um, thank you, please.
[01:29:52] Don't say my number of my room out loud. Cause a lot of times I'll be like, all right, so Nick, you know, you're on room, uh, you're on floor for, at a, you know, four 16 and I'm like, and I've had to do the awkward, like, do you mind giving me a new room? Because, uh, now you've just told the whole line, my right it's kind of awkward.
[01:30:07] And I, I get kind of, you know, especially when I don't sleep for, for a long time on the road. I remember, uh, there was somebody that was, uh, uh, you know, all old, busy and old. I'll just kind of rushed to their room and they're grabbing things out of their wallet and they're grabbing things from here and there.
[01:30:22] And the guy's like, you know, what's your phone number for, for looking you up. And there, he just blurting it out loud and I'm standing there and I'm like, I just want to go to bed, but I'm going to make this a teachable moment. And I blurred it back to the guy and the guy looks at me and he's like, what.
[01:30:36] Ah, you just, I thought you were telling me your phone number. Well, now I have it. And he's like, oh, that's weird, man. And I talked about what I do and, um, for, uh, there's a great website called blur. Blur is, uh, a, uh, car masking service. It's a paid for app paid for a service where you put in your credit cards or other information you use that kind of drop dead number that then forwards to your real kind of credit card number.
[01:31:00] Uh, no one, no one really has my real email. I mean, I'm sure you can get it, but if, if you want my email, I give you a, uh, forwarding email, third 33 mail.com go to 33 mails, sign up, put in your real email address. And then it allows you to create a kind of a drop dead 40 Neal. Let my email could literally be you have like your unique username, but I could, I could have my email.
[01:31:27] You're like, what's your email. It could be like, oh, it's Travis Bader at. And then whatever my username is. And you're like, what? But it could be whatever you want. So when, when I start getting spam from Starbucks or whatever, I can just drop it, get a new one, things like that. So invest into your numbers, invest into your email addresses and, and maybe just do a bit of research, how to protect myself with, you know, different tools and tactics when it comes to, or even just even just searching what is open source intelligence, because it may open up your mind to other things or capabilities.
[01:32:06] And you're like, I didn't know that someone could do that. Right. And so then it may spark your knowledge into learning a bit more. And, and if, uh, if, uh, if anyone has any questions, I'm sure they can reach out to you. I'd be more than happy to, to kind of, uh, talk with them or guide them in the right direction with just really.
[01:32:23] At the end of day situation awareness and understanding what we're putting out there. And those close to us are also putting out there.
Travis Bader: [01:32:30] I'm going to put some links up on YouTube. I'll put links up through the podcast. And if people who are listening to this have questions and would like to hear more.
[01:32:39] I'm sure we could probably arrange a time to go through those in a future podcast. Nick, thank you so much for taking the time to be here on the Silvercore Podcast.
Nick Chernoff: [01:32:47] Appreciate it. Appreciate it. Thanks Travis.