4 Steps to Protect Your Privacy During an Online Investigation

4 Steps to Protect Your Privacy During an Online Investigation

By CyberProof CTI Team

OSINT (Open Source Intelligence) plays a remarkable role in the universal economy. As this business intelligence report by Pioneer Reporter indicates, exploits continue to be developed that allow tools and datasets to be exploited and new information to be tracked and extracted – and at the same time, within the investigative community, anonymity is crucial. 

Across many different business scenarios, it’s crucial to ensure your online activity is not trackable. So, whether you need an anonymous setup for investigative analysis or cyber security investigations, or you are worried about your privacy being compromised by threat actors – properly managing your online identity can help keep your privacy safe and minimize the risk of having your online activity and data exposed.

online investigation

Here are 4 steps to maintaining anonymity during an online investigation, and maximizing the chances that your activity will not be tracked:

Physical Setup

  • Network isolation: Make sure you are working on a dedicated network – not one that links back to your home or work network. You can increase your level of anonymity by using different Internet providers.
  • Separate device for investigative work: Never use the same device for personal interactions that you use for investigations. Don’t keep any passwords or link to the real identity of the intelligence analyst on the same machine.
  • MAC address spoofing: Consider MAC address spoofing whenever using a specific device for investigations.
  • Other identifiers: The size of the screen resolution, signature drivers, and name conventions can be used as identifiers. To mitigate these issues, do not maximize windows you are working on, and make sure not to use the same pattern when naming files or any other items that may be exposed publicly.

Architecture 

  • Work virtually: It’s best to work on a VM (virtual machine) that sits on top of the host device. The VM should be configured to NAT (network address translation)and not configured as a bridged adapter. Ideally, the VM should be configured on an isolated network. Everything related to investigative work should be limited to the VM and not done on the host.
  • Use snapshots: When working on a VM, use snapshots to quickly setup preparation for the next investigation while not leaving a trail.

Mask Network Traffic

  • VPN: Configure your VM to route all the traffic through a VPN (virtual private network), adding another level of anonymity to your settings. 
  • Avoid the use of free services that typically log everything about you.
  • Tor: Configure your traffic to be routed through Tor rather than using the Tor browser directly. Also, use Tor Bridge relays.
  • Proxy (SOCKS5/4): Leverage the usage of Proxy (SOCKS5/4) as an optional alternative to maximize your anonymity. 

Signature-Based Applications

Your browser version, Java version, Adobe version, and more – can all leave a trail. Here are some tips on how to minimize that trail.

02

  • How to set up your browser: Your browser can be configured to minimize the personal information that is left behind – i.e., off the end user’s device. Certain browsers are better for this than others. Find one that minimizes what can be tracked, allows you to turn off all ads and tracking information, and gives you maximal control over what information is collected.
  • Optional, for Firefox – If you’re using Firefox as your browser, make sure to disable WebRTC and disable browser geolocation. For more information about disabling geolocation, see My Real Connection is Detected When Connecting to VPN.
  • Change the user agent: You can define different user agents for each avatar identity – different kinds of laptops, mobile devices, etc. Accessing a forum leaves a fingerprint, and by using a different user agent it changes your digital imprint – adding falsified information – and makes it harder to be tracked.
  • Enable “HTTPS Everywhere”: Utilize the option of “HTTPS Everywhere” and force SSL to make sure it does not work in your browser on an insecure connection – as HTTPS can make your traffic encrypted and more secure so that you avoid potential MitM (Man in the Middle) attacks or any form of eavesdropping. 
  • Beware of repeating password use: In addition to optimizing your configuration, avoid using any of the passwords that you may have used for personal online activity. Where the same password is used in multiple contexts, it’s possible for threat actors to track the real identity behind the avatar. See Why Virtual HUMINT is Vital to Effective Threat Intelligence for examples of why this is cause for concern. Passwords can be reverse searched and can expose any email address that is known to have been compromised in the past. 

Who Does This Apply To?

The need to maintain privacy isn’t limited to the realm of cyber security. A wide range of information is collected whenever you conduct online activity; this may not be in your best interest and it has different ramifications.

03

For example, even for something so benign as to raise the price of your plane ticket the next time you make travel arrangements. By taking the basic precautions, you will be able to keep your online identity safer. 

Want to know more about CyberProof security services? Request a call with one of our experts.

Written by CyberProof CTI Team
Our Cyber Threat Intelligence Team is always on the lookout for the latest threats facing the digital ecosystem. Stay ahead of the risks so you don't need to find out about them after they become your next attackers.


Share this article