Cyber, Physical and Facebook

Andrew Love
Brand Protection/Investigations, Specialized Bicycles  

Chris Salgado
Co-founder, All Points Investigations, LLC

Afternoon Chris. I’m looking out my front window, on the first day hinting of spring across the Wasatch Mountains of Salt Lake City. Where are you?  

Hello, I’m in Florida looking through my window at a sunny, blue sky in February, which reminds me of why I left Chicago.    

Florida in February sounds as wonderful as Chicago winters are tough. So tell me about the path you took to find your career in brand protection. Your background is unusual.

I began in Chicago nearly 19 years ago. I was a PI conducting physical investigations, such as surveillance, accident scene investigations and interviews. I also dabbled in online investigations and ended up running undercover operations both online as well as in-person global operations, sometimes involving hundreds of investigators in contracted services for a multitude of brands.

In December of 2016, I left Chicago to help build the investigations division at Facebook in California. I was very honored to be placed on a team of folks who were very talented and from various walks of life.

“Building the investigations division” at one of the most rapidly growing companies in American history. NBD right?

Ha. Definitely! Being on the inside of the world’s largest social media platform, we were quite busy. It was typical corporate investigations and maybe not so typical corporate investigations.

So you were there when-

Yes, a pivotal time — the Cambridge Analytica situation climaxed and when there were claims across media that the Russians hacked our platform to manipulate our election in 2016.

Being there also meant networking with other Silicon Valley companies, such as Google, Twitter, LinkedIn, YouTube, etc. It was great meeting those folks and learning about their platforms.

Cool, I’ve been working with eBay and Alibaba forever. Knowledge of people and platforms is so important. As a former FB guy, what are the best tips for working a FB based case? 

FB has changed so much since I started with them, and since I left. In my opinion, FB is the most difficult social media platform for external investigators or non-users to obtain information, which is great for FB and their users.

Many tools and methods that external investigators use to dig into FB from yesteryears are now quite obsolete. One example is FB’s Graph Search. FB seems to be continually re-inventing their algorithm to make the use of FB more convenient for its users but also ensuring the privacy of their users.

Again, you must be inventive to obtain similar valuable information. If you can work with HTML, JSON and Base64 coding, you’ve got an advantage. With an approximate 2.6B userbase, FB remains a valuable resource. All in all, you must ensure that you don’t violate any laws or terms of service as well.

FB aside, you have been investigating a long time, what is your key lesson right now in this rapidly changing landscape.

Everyone at the table needs to maintain relevance, you have to be up on such a wide range of things: varying and new social media platforms – terms of use for these platforms, changes to the algorithms of these platforms, privacy laws (U.S. and international), new efficient investigative interfaces, modified general online habits of bad actors, the value of the dark web and so much more.

Yesterday’s search strings can be ruled out today. An aggressive OSINT operation entails all of this and more.

Does the cyber based investigators toolkit differ than other types of brand protection work? 

Exemplifying the relevance point that I made earlier, your free OSINT tools can be fantastic one day and either gone the next or offering the same results via an annual license cost of $1K USD. And that’s just one tool! It’s imperative that you crosscheck your findings with other tools. In the end, investigative tools come and go; what remains is you…

Without maintaining relevance with everything changing so fast, you’ll quickly solidify yourself as the personified 404-error code.

Don’t become of professional equivalent of the 404 error! Ouch! Super advanced Google search operator abilities seem to stay relevant. But the wrinkles surrounding that-

Something that I regularly preach about is the nexus between the cyber world and the physical world. Our real world is being infiltrated by bad cyber actors.

20 years ago, cyber attackers were engaged in moving decimals to steal money or methods to become an online nuisance, in general. 

And now- 

Our real world is being infiltrated by bad cyber actors. As recent as last night, I was up till 2 A.M. working on a cyber-attack that occurred here in Florida. A cyber attacker tapped into a Florida city’s water supply and attempted to increase the levels of sodium hydroxide, also known as lye, from 100 parts per million to 11,100 parts per million! This occurred last Friday, just two days before the Superbowl and about 20 miles from the stadium. Thankfully, it was detected by a city official and the attack was thwarted. At the time of this interview, I’ve heard that the FBI, Secret Service and local sheriff’s office are engaging in this matter.

Manipulating our water supply, seizing life support machinery, hijacking smart vehicles, hacking into smart baby monitors, doxing people for bad actors to show up on their doorstep… Social engineering is a leading precursor for engagements like these.

This intersection between the Internet and “things” is crucial. Heck, Specialized has e-bicycles that talk to your smart phone in quite detailed ways. I’ve used that a couple of times in theft investigations.

When investigating in this time of merged physical and digital, you need to play the same checks on everyone. 

I want to thank you for this, and I am never going to look at the water coming out of my faucet right now as a cyber-free resource… That one will keep me up at night.

Many devices are hackable because of our growing desire to live in a convenient world. This should be a concern to everyone. In my opinion, everything is hackable. We all enjoy simplicity… convenience, me included, but it only takes a single incident to turn our world upside down. As much convenience and happiness that these smart devices bring us, is it worth it if you become the victim to a cyber-attack that enters your physical world and lands on your doorstep?