Free Consulation

Call 866-629-3757

Archive for the ‘Privacy’ Category

Beware: Free Google Play Flashlight Apps Could Cost You

March 24th, 2015 | Cyber, Privacy, Security | 0 Comments


March 24, 2015

By Stephanie Kent
Investigative Research Assistant

Why would you go to the store and pay $0.99 for a flashlight keychain when you could just download a free flashlight app from the Google Play Store? Perhaps because the latter could cost you your privacy, your identity and thousands more dollars in the long run.

Researchers have found that the most popular flashlight applications are secretly stealing personal data stored on users’ mobile devices. Gary Miliefsky, cybersecurity expert and CEO of SnoopWall, has called this issue “bigger than Ebola,” as he explains that “500 million people are infected without knowing it.” Based on his company’s research, Mr. Miliefsky asserts that “the top ten flashlight apps from the Google Play Store are all malware; they’re all malicious; they’re all spying; they’re all snooping; they’re all stealing.” It’s a costly assumption that these applications solely function as flashlights. Upon one click of the app, they can access and store any information you have ever entered on your device. Masses of such stolen data have been tracked and linked to three countries: China, India and Russia. Mr. Miliefsky states that this personal information is primarily used for criminal purposes, but also provides nation states an easy way to collect information on Americans.¹

How do they get away with this?

Let me refer you to a recent lawsuit: the Brightest Flashlight application was sued by the FTC for this malicious activity. As part of the settlement, Brightest Flashlight agreed to construct a 25-page Privacy Policy essentially stating that by accepting the terms and conditions, the user is allowing the application to access all personal data stored on the device. At the time of the lawsuit, Brightest Flashlight had 50 million downloads. Now, it has approximately 100 million downloads. Clearly, people are not reading the Privacy Policy.

What are the top-ten flashlight apps from the Google Play Store that have access to personal information?

 1. Super-Bright LED (Surpax Technology Inc.)
 2. Brightest Flashlight Free (GoldenShores Technologies, LLC)
 3. Tiny Flashlight + LED (Nikolay Ananiev)
 4. Flashlight (Zerone Mobile)
 5. Flashlight (Mobile Apps Inc)
 6. Brightest LED Flashlight (Intellectual Flame Co., Ltd.)
 7. Color Flashlight (Notes)
 8. High-Powered Flashlight (iHandy Inc.)
 9. Flashlight HD LED (smallte.ch)
10. Flashlight: LED Torch Light (Mobile Apps Inc)

What if I have already downloaded a malicious app?

First, uninstall the application from your device(s). Then, backup your crucial data (family photos, contacts, etc.). Finally, take your phone in for a factory reset, which will wipe hidden data areas where malicious trojans have been installed by the application.

Note: Simply uninstalling the app is not always sufficient, as trojans often operate in the background while you do important things on your phone, like mobile banking or online shopping!

How do we know which apps are safe?

1. Read the privacy policies! That means scroll and read through every page, and make sure they aren’t blatantly telling you they’re going to access your personal information.
2. Take note of the application size. Ex: Safe flashlight apps should be under 100KB. The malicious flashlight apps are generally 1.2+MB. Any flashlight around 1.2MB or larger is suspect – that is an abnormally large file to just turn a light on and off.
3. Know the features to which each app is requesting access. If the app requests information beyond the requirements for that particular app function, don’t install it!
Ex: If Google Maps wants access to your GPS, that makes sense! However, if Angry Birds or Candy Crush (for example) wants access to your GPS, you should be skeptical!

Note: 82% of malicious apps send, receive, read or write SMS messages. Very few legitimate apps require any SMS permissions; 10% of spying apps ask for permission to install other apps – another unlikely requirement of legitimate apps.²

How can we protect our smartphones and ourselves from eavesdroppers and privacy breaches?

Common sense goes a long way when it comes to protecting our personal information. In order to accept this responsibility, we must recognize that our smartphones can be serious threats if not properly protected. Take the following free and easy steps to better safeguard your smartphone:

1. Disable your GPS and Bluetooth after each use. They should never be running when it’s not necessary.
2. Permanently disable your NFC (Near Field Communications) or, on Apple devices, your iBeacon.
3. Verify all app requirements and privacy risks before installing. Do some research and ask yourself “why is this app requesting access to my GPS, microphone, webcam, contacts, etc.?” Most apps only use these ports if they intend to invade your privacy. Don’t install these risky applications – there are usually safe alternatives.
4. iPhone users: Go to “Settings” > “Privacy” and see which apps request which information. You may switch a particular application to “Off” if you do not want it linking to certain data (like your contacts or photos, for example).
5. Either cover your webcam and microphone or disable your smartphone when you are not using it. This may sound extreme, but it will ensure your personal safety. It’s better to err on the side of caution when it comes to identity theft!³

If you or your organization has fallen victim to any malicious cyber activity, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation or visit us online at www.jsainvestigations.com.


Curt Schilling Case: Taking a Stand on Cyber Bullying

March 17th, 2015 | Cyber, Privacy, Security | 0 Comments

Don't be a victim of online bullies.

March 17, 2015

By Stephanie Kent
Investigative Research Assistant

Former Red Sox pitcher, Curt Schilling, found himself “trembling with rage” last week at the sight of heinous tweets directed towards himself and his 17 year-old daughter, Gabby Schilling. When Gabby had been accepted into Salve Regina University — where she will join the softball team — Curt posted a tweet publicly congratulating her. In response, he received a number of abominable and abusive tweets sexualizing and harassing his daughter. Despite my discomfort quoting such abhorrent words, I must do so in support of Schilling’s fight against these soulless Web users. Society needs to feel how deeply disturbing these words are, and take action against this malicious online behavior.

“how far is Salve Regina from Jersey? I wanna come and play but Gabby wants me to cum and stay”
“teach me your knuckle ball technique so I can shove my fist in your daughter”
“I’m sure she could fit a nice Easton in there as well for some DP”
“I’d put my 32oz Louisville slugger between your daughters tits” (accompanying an obscene graphic)
“curt bleeds more from his sock than gabby does from her pussy when she’s on her period”
“throw me a meatball curt so I can take it deep in your daughter”
“he doesn’t like answering. Might have to slide back in Gabs DMs like last week”¹

After reading these nauseating comments (amongst others), it’s easy to dismiss this as a unique attack made by a few disturbed people lacking intelligence, class and basic humanity. However, it’s time for the public to take action and fight this serious behavior as Curt Schilling has done. We must realize that this is merely one example of a grave cyber bullying issue that continues to worsen in the modern age. As in all cases like this, there is no explanation that could warrant such malicious behavior. This inexcusable online activity shouldn’t affect the intended targets alone; it should affect each and every one of us. How did we create a society in which “people” feel proud to bully innocent victims? We need to get the message through to everyone that cyber bullying will have detrimental consequences not only to their targets, but to themselves both legally and socially!

Legally, we are making progress as a nation. Each state has already passed some type of bullying law or policy. All states but Montana have passed at least one law defining “bullying” and entitling authorities or school officials to act appropriately to stop the phenomenon. Although anti-bullying laws vary on the state level, they typically list the distinct behaviors that constitute bullying. Among these behaviors are generally “teasing, threats, intimidation, stalking, harassment, physical violence, theft, and public humiliation. States may also identify certain characteristics or traits of students who are often targeted for bullying, as well as provide guidance to school staff regarding how to address bullying issues.”² The term “cyber bullying” refers to harassment or intimidation by means of mobile devices or internet. While no federal laws addressing bullying have been passed, certain civil rights and nondiscrimination laws may mandate schools to intervene with specific kinds of bullying.

While we’re creating laws to abolish cyber bullying, we must also hold ourselves to a much higher standard as a society. We need more people to take a public stand against bullying of any sort — whether or not it involves us directly. What can you do to strengthen the fight against cyber bullying?

1. Be aware of signs of bullying. As stated above, teasing, threats, intimidation, stalking, harassment, physical violence, theft, public humiliation and embarrassment can all be considered bullying. And that is according to most laws!

2. If you witness any type of bullying, report it to an authority immediately. Do not let time pass. The following are authorities to whom you may report a case of bullying: school administrator (teacher, principal, dean, guidance counselor or academic adviser), coach, police officer, lawyer, even your parents if you are a minor! Informing someone who may have more insight and authority to act on the matter is extremely important.

3. If you are being targeted by a cyber bully, do not engage yourself with that person. No matter how tempting it is to rebut and stand your ground, do not respond to aggressive chats, posts or emails sent by the bully. Do not give them fuel for their behavior.

4. Keep a record of everything. Collect and document every piece of cyber bullying evidence you have received. Save every post, every message, every missed call, and record every word (if he or she bullies verbally as well).

5. If you see social media posts that are inappropriate, even if they’re irrelevant to you, report it to that social media network. Online cyber bullying can take place on many public sites, not just Twitter. Keep an eye out, and be ready to act.

6. Do not “follow” cyber bullies or add them as friends on any social media networks. Do not “like” any of their inappropriate comments. Don’t be a bystander who stoops to this level to see what else that person may post. Peer support enables cyber bullies, and if they feel that their heinous comments are gaining publicity and followers then they feel supported to proudly say such things in our society. Take the high road and do something about it, do not stand by and watch as they bully more victims.

7. Avoid posting any material that could be used against you by a cyber bully. This means no provocative photos, no evidence of illegal or inappropriate activity, no status updates that you wouldn’t feel comfortable sharing with the world (including parents, children, employers, etc.). A common case of cyber bullying is an ex targeting his or her former partner. If during a relationship, you send explicit photos of yourself to your significant other, realize that he or she will still have those photos when you break up! In many cases, photos like this have been publicized out of jealousy or to get revenge after a break-up.

If you or your child has been a victim of cyber bullying, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation, or visit us online at www.jsainvestigations.com. All inquiries are strictly confidential.


¹http://www.huffingtonpost.com/good-men-project/as-a-father-and-as-a-man-i-am-disgusted-by-curt-2. schillings-twitter-trolls_b_6848008.html

Stay Low: Tips for Preventing Social Media Cyber Crime Victimization

March 11th, 2015 | Business Security, Cyber, Privacy, Security | 0 Comments

Social media cyber crime photo 1.

March 11, 2015

By Stephanie Kent
Investigative Research Assistant

Social networking websites have not only revolutionized social connectedness, but they have generated a powerful new means of advertising and marketing for small businesses and entrepreneurs. Although it may sound like the ideal medium through which to connect with old friends or engage masses of new customers, social media may be the single thing that will cost you your identity, wealth, business and reputation. Like anything that appears ‘too good to be true,’ social media can have irreversible negative consequences if users do not take the appropriate precautions. The number of con-artists, cybercriminals, and other fraudulent actors who exploit online social networks for iniquitous purposes continues to increase rapidly.

In December, 2013, security experts discovered a cache of approximately 2 million pilfered passwords to popular social media websites. Hackers across the globe had stolen usernames, passwords and credentials through 326,000+ Facebook accounts; ~60,000 Google accounts; 59,000+ Yahoo accounts and ~22,000 Twitter accounts.¹ Today, more than 600,000 Facebook accounts are compromised daily (that’s ~219 million jeopardized Facebook accounts a year)!²

According to the FBI, cybercriminals who exploit social networks can typically be divided into two tactical groups.³ The first employs computer savvy hackers who are well-practiced in writing and altering computer code to gain access or install undesired software on your device. The second group uses “social engineers” who exploit personal relations through social networks such as Facebook, Twitter, Instagram, LinkedIn, etc. These hackers use the World Wide Web to gather information about a person through his or her history of statuses, photos, comments, tweets, online interactions, and other personal information they’ve posted. With this abundance of intimate knowledge about the victim, social engineers know exactly how to assume the target’s identity and manipulate people into getting through all types of security walls. They frame their stories as to appear totally harmless and legitimate, and with the help of human naivety, they often succeed. Falling for this type of seemingly harmless social media scam could be extremely damaging not only for a personal victim, but also for the organization that employs that victim.

To avoid becoming an easy target of social media cyber crime, refer to the simple steps listed below.

How to Better Protect Yourself on Social Media:

1. Create a Strong Password for Every Account

Although hackers may seem like masterminds, nearly 16,000 of the compromised Facebook accounts mentioned above used the same simple password, ‘123456’! These users may as well have gone on vacation, left the house key on the doorstep, and put their passport, wallet, and birth certificate inside the door! Make your password at least 10 digits long, with a combination of various numbers, symbols and letters (include capitals and lower-case). Avoid using the same password for multiple websites because once your universal password is decrypted, every account you own is easily accessible to the hacker.

2. Change Your Facebook Settings to “Friends Only”

View your privacy settings on your Facebook account. Make sure your default privacy setting is not set to public (along with posts and photos you publish on your wall). If you have set it to “Custom,” be sure you are aware and comfortable with any “Networks” with which you’re sharing data.

3. Be VERY Wary of Who You Add as a Friend or Contact on Facebook, LinkedIn, etc.

Many accounts are created under false pretenses in order to gain your information upon your acceptance of the friend invite. If the person inviting you to connect via social media has very few friends or connections, or has published limited information about him or herself, exercise caution! This is probably not someone you know. Even if the person shows one or two mutual friends, ask those friends of yours how they know this person before accepting the individual as your own friend. Remember, social engineers are very clever and will use whatever photos, info and aliases they can to access your profile publicly. Never add people to your social media that you do not surely know and trust with ALL of your posted information!

4. Avoid Posting Personal Information on All Social Media Venues

It is important to note that once something is posted to any social networking website, it is no longer private. Even when you enable the highest security settings on your accounts, your information can certainly be leaked on the Internet! It’s true that the “friends only” setting will help protect you, but the more information you post to social media, the more likely you are to become a target for hackers. The more info you share online, the easier it is for hackers to impersonate you and deceive your contacts into sharing their own information, downloading malware, or providing access to restricted sites, thus feeding the vicious cycle of cyber crime! Avoid posting your personal phone number, birthday, address and email on Facebook. Your Facebook contacts can always send Facebook messages to contact you privately, and if you are close enough to be Facebook “friends” they would most likely have your other personal info anyway.

5. Avoid Dropping Pins with Your Device’s GPS on Social Media

Allowing people to pinpoint exactly where you are in the world at a specific time is not the wisest idea when trying to stay safe from criminal activity (whether cyber or not)! You may as well post a sign on your front door saying “At the international airport, going to be in Europe for two weeks… make yourselves at home!” Just don’t do it. Either privately inform your friends about the upcoming trip, or wait until you have returned to post about it.

6. Password Protect All of Your Devices

Yes, folks, that means your Macs, your PCs, your tablets, your iPads, your iPhones, your Androids, your iPods, your Blackberrys, and every other device under the sun that connects to Wi-Fi! Not only password protect them, but get those creative juices flowing beyond ‘123456.’

7. Put a Google Alert on Your Name4

This is a very easy way to be aware of what’s being posted about you online. It takes under a minute to do. Go here: https://www.google.com/alerts and enter your name and variations of your name with quotation marks around it. Finished!

8. Log Out Of Your Online Accounts When You’re Finished Using Them

Not only does this help reduce the chances of being tracked as you surf the Web, it prevents the next person who uses that computer from loading one of your accounts and snooping. This is especially important when using a public computer. Remember, ‘x’ing out of a page does not mean you are logging out! People often forget this and suffer the horrible consequences of personal invasion.

9. Turn On 2-step Authentication in Gmail

One small step for a Gmail man, one giant leap for his Gmail security! 2-step authentication requires that you enter a code (that’s sent to your phone) each time you attempt to access your account from a new device. Therefore, even if the malicious type decodes your password, they won’t be able to sign into your account from an unauthorized device.

If you believe that either you or your organization has been victimized by cyber-criminal behavior, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation, or visit us online at www.jsainvestigations.com. All inquiries are strictly confidential.



Ineffective Employee Background Investigations of Educators and Staff

April 25th, 2014 | Education, Privacy, Security | 0 Comments

An increase in the number of cases involving sexual misconduct by teachers, administrators and staff in our nation’s schools prompts this investigative response. Recent arrests reported by media have publicized and uncovered flaws within hiring practices and educator candidate vetting. Protocols and procedures for the thorough vetting of new hires and even the notion of adding existing staff in predetermined sequential years for re-vetting needs review. While cursory reviews typically take place during the initial hiring process, clearly, thorough background investigations are not routinely conducted. If comprehensive vetting is performed by trained staff, it would likely uncover issues such an out of state arrest or prior litigation that would evidence the applicant’s or an employee’s past and most recent history.

background-investigation-documentsQuite alarming is the number of documented incidents reported to Administrators who have failed to take appropriate action and cause a more detailed personnel or incident investigation.

Our research indicates that most school districts conduct background checks focused primarily on qualification and credentialing to determine if the prospective employee possessed the educational certifications and experience to qualify for the position. While fingerprinting is required of applicants in most school districts, the responding agencies including the F.B.I. do not provide arrest information, only records of convictions reported to those agencies. In some instances, the state bureau of identification may not have updated criminal conviction files in a timely fashion and may, as a matter of routine, purge criminal conviction information. Typically this takes place after ten years from the date of adjudication.

The safety, security and welfare of our children is the foremost responsibility of American educators. As such, thorough and comprehensive background investigations of educators and staff, to whom we entrust our children, must be given high priority. Simply put, both Public and Private Schools must do a better job to preclude and prevent abuse of our children.


NSA to Release More Details in Surveillance Leak

June 13th, 2013 | Cyber, Privacy, Private Investigator, Security | 0 Comments

Since Edward Snowden blew the whistle on the National Security Agent a few weeks ago, and then fled to Hong Kong, the NSA has been under a great deal of pressure to explain just why they are invading the privacy of Americans without cause.

NSA to Release More Details in Surveillance Leak

The Director of the NSA explained that the information given out by Edward Snowden has created many misconceptions and inaccuracies about the program and why they collect communications data on people in the United States.

The Director said that the problem with divulging certain information is that it could supposedly put the American people in danger with that information. The NSA claims that they have been collecting communications data is to keep terrorism at bay.

The Director goes on to say, “The more we know, the more dangerous this situation becomes,” he said, adding that people believed to be intent on doing Americans harm had already altered their activities since the existence of the programs became public.

The whole ordeal has caused a great deal of confusion about whether or not Edward Snowden has broken the law or not and what his intentions were behind everything.

Senior Democrat, C. A. Dutch Ruppersberger stated, “He’s broken the law,”. “We have laws in the United States for whistle-blowers, for people who think injustice is being done. Yet he chose to go to China.”

  • Jennings Smith Associates Professional Certifications

    • Professional Certified Investigator (PCI), ASIS International
    • Certified Protection Professional (CPP), ASIS International
    • Physical Security Professional (PSP), ASIS International
    • Certified Homeland Security Level 5 (CHS-V), American Board for Certification in Homeland Security
    • Certified Business Continuity Professional (CBCP), Disaster Recovery Institute International
    • Certified Healthcare Safety Professional (CHSP), Board of Certified Hazard Control Management
    • Certified Healthcare Emergency Professional (CHEP), Board of Certified Hazard Control Management
    • Certified Safety & Health Manager (CSHM), Institute for Safety and Health Management
    • Certified Hazard Control Manager (CHCM), Board of Certified Hazard Control Management
    • Certified Forensic Consultant (CFC), American College of Forensic Examiners International

    Certifications Continued


    Cyber Forensic Investigations

    JSA's cybersecurity experts are ready to assist you with a complete array of cybercrime protection, data recovery, and evidence collection services. Cyber forensic Investigations include: unauthorized data access; PII (personal identifiable information) exposure; IP (intellectual property/proprietary information) theft; employee social media/email/messaging abuse; ransomware data corruption; and more.

    Cyber Forensics Continued

  • Share

  • Major Credit Cards Accepted