The spies in our lives aren't like the ones in movies -- they take the form of a suspicious lover, obsessive coworker or jealous "friend". While you can't distrust everyone you meet and lead a happy life, you can protect your personal information from falling into the wrong hands. Here's how to guard yourself from spies without slipping into a state of constant paranoia.
Securely Manage Your Online Information
The goal of spying is to gain information, and ayone can find your personal information by knowing where to look. I spoke with security and investigations expert Brandon Gregg to find out the most common sources:
In today's world 90 per cent of everything you need about someone is online because of their own postings on Facebook and LinkedIn. Another 9 per cent can be found on private databases like TLO, CLEAR, Intelius, Lexis Nexis and other pay-for-data sites. The last 1 per cent (passwords, secrets and personal personal data) can be found via social engineering tricks. Surveys have shown ‘34 per cent of respondents volunteered their password when asked without even needing to be bribed and 79 per cent of people unwittingly gave away information that could be used to steal their identity when questioned.' Need higher chances? Another survey showed ‘More than 70 per cent of people would reveal their computer password in exchange for a bar of chocolate.' Add some social engineering tricks like intel about your target (boss' secretary name from LinkedIn) or caller ID spoofing and you will increase your chances to the high 90 per cent range.
You can't prevent the information collected about you in private databases, but you do have some control over your online presence and can protect yourself against social engineering.
Be Careful About What You Post Online
The best way to protect yourself from revealing too much online isn't to stop posting, but rather to change the sorts of things you post. Public details about your personal life make it very simple for just about anyone to find out a lot of information about you and use it to gain your trust. While you can continue to do this and simply be vigilant, social networks like Facebook and Google+ make it possible to share certain posts with some people but not everyone. Manage your Facebook privacy by creating groups that can see personal posts and ones that can't. You can do the same on Google+ with circles. When posting publicly, or at least to a wider audience, limit that content to impersonal things like links to articles, products you like, images of other people or things, and online videos. You're still at risk by posting anything at all, as anyone can potentially gain your trust by simply knowing a few of your interests, but if you're careful you won't fall victim to any social engineering hacks.
Perhaps more importantly, be very careful about your online check-ins. When you disclose your location, anyone who's watching now knows exactly where you are. Site like Please Rob Me popped up on the web because thieves began using online check-ins as a way to determine when their targets weren't around. If you stop checking in or at least do it privately, you don't have to worry about this at all. Don't expose your check-ins to the world, because you never know who's watching.
If you do have online data you want to get rid of because it puts you at risk, it's possible. Check out our guide on commiting internet suicide for details.
Never Trust Anyone with Your Password
You can only do so much to protect yourself against social engineering hacks and keep spies out of your personal information. Truly staying safe necessitates a little healthy paranoia. While it should go without saying, never give your password out to anyone. Most social engineering attempts focus on gaining your trust enough to get your password, so you can protect yourself far more by simply keeping it private. That said, a social engineering attempt won't necessarily fail just because you didn't give up your password. These attacks work because they lower your guard and get you to provide information you don't consider sensitive without realising it. The request for your password may not come until two or three calls down the line. Protect yourself by knowing exactly who you're talking to before giving them any information at all.
For more on protecting yourself from social engineering hacks, read our guide.
Safeguard Your Trash
Not all valuable data about you exists in a computer. In fact, spies may find more valuable information in your mail or files. Letters and receipts tell a story, provide a fair amount of private data, and put you at risk. Anyone with access to your home can easily steal this information without you ever finding out, and those who don't can find it in your rubbish.
What kind of magic can you find in the garbage bin? Brandon explains:
Dumpster diving, trash pulls, digging in the garbage (or whatever you may call it) often times provides great intel and evidence due to people's consistent disregard for their own privacy. What may be a meaningless piece of garbage to them, can build your intel about the suspect to a level that would creep the average person out. Family names, former addresses, phone numbers, account numbers, bank statements, credit card purchases, DNA (toothbrushes, combs, cups, etc) and a whole slough of raw data can be found and combined to give you further intel gathering tools (social engineering, pre-texting, etc) or even provide you with a smoking gun for your investigation.
If you want to protect yourself from dumpster divers, you need to shred your rubbish. While you can buy cheaper shredders that split paper into individual strips, any spy with a little time on their hands can reassemble that with ease. Instead, spend the extra money to get a more heavy-duty shredder capable of cross-cutting. Nothing short of obliterating your sensitive documents will prevent reassembly, but cross-cutting reduces the likelihood that anyone's going to put your paper back together without breaking the bank.
Avoid Getting Tracked
It's easy to track someone nowadays, especially if a spy has access to your smartphone. GPS tracking devices are cheap and easy to come by. If you think you're being tracked, here's what you need to look for.
Make sure Google Latitude isn't installed or active on your phone. With the right settings, Latitude will post your location publicly so a spy can find it at any time without ever being identified. Even worse, software called Flexispy allows anyone who installs it to access pretty much everything on your phone whenever they please. Spies will need access to your mobile in order to accomplish this, so lock your phone with a secure password and don't share it with anyone you can't keep an eye on.
While it may be difficult for a spy to install tracking software on your phone, it's incredibly easy for anyone to track you with a GPS data logger. According to Brandon, you can pick them up for practically nothing on eBay. A spy can strap one onto your car for a week or two and pick up the data at their leisure. If you believe you're being tracked, check your car regularly. For detailed information on where to look, check out this post.
Don't Try to Catch a Spy
Although it might be tempting to try to catch someone who is spying on you, it's very hard to find any definitive proof. I asked Brandon how spies should avoid getting caught and most mistakes seem easy enough to avoid:
There are many ways to "get burned" while spying on someone. From someone noticing you walking too close to advance counter surveillance tactics like TSCM equipment that easily find any covert camera or audio bug you planted. The key is not to be aggressive, know your target, and don't let your tactics trace back to you. Depending on who and why you are spying remember your target will be there tomorrow. Take your time. Plan. No one suspects they are being spied on; use that to your advantage. If you get confronted, turn around and walk away. Just like being arrested, not talking gives them nothing to work with.
Basically, even if you do catch someone spying on you, there's a good chance you won't be able to prove it. Instead, worry more about protecting yourself and stay vigilant. Don't give out personal information easily. Avoid living in public, even if that is what the times dictate. Most of us won't be subject to spies, but don't think it can't happen to you. Suspicious lovers, vengeful enemies and jealous coworkers may take small steps towards finding your personal data. You never know who is lurking around the corner. It may be a stranger or a friend, but you won't have to worry if you make an effort to protect your personal data.
Special thanks to Brandon Gregg for his expert advice. Brandon has worked investigations for numerous Fortune 500 companies over the last 12 years investigating theft, fraud, organised crime, corporate espionage and many high-profile cases as well as being an educator, published author, and featured speaker on surveillance, computer forensics, complex investigations and ethical hacking. You can find out more about him here.
This post is part of Spy Week, a series at Lifehacker where we look at ways to improvise solutions to every day problems Bond-style. Want more? Check out our spy week tag page.