Profile
Summary
Brandon has also worked investigations for numerous other Fortune 500 companies over the last 10 years investigating theft, fraud, organized crime, corporate espionage, and many high profile cases as well as being an educator, published author and featured speaker on surveillance, computer forensics, complex investigations and ethical hacking.
For more information visit: www.BrandonGregg.com
Experience
- Dec 2010 - PresentChapter Treasurer / ASIS San Francisco Chapter
- Jul 2009 - PresentFreelance Writer / IDGWriter for CSOonline.com and IDG publications (ComputerWorld, CIO, IT Tech, etc.)
- Oct 2006 - PresentGlobal Investigations Manager / Seagate Technology
Education
-
2007 - 2008Boston UniversityMasters in Criminology
-
1998 - 2000San Jose State UniversityB.S. in SociologyActivities: Chi Pi Sigma
- Harbor High School
Additional Information
Posts
Careful use of online sites can track down hard-to-find information and leads
Brandon Gregg challenges current thinking about organized shoplifting rings. Forget the hype and get back to basics.
Free software once used only by the CIA. A pen that will change your life. Brandon Gregg shares these and other inexpensive ways to manage corporate investigations.
Ready to catch your bad guy in the act? Investigations manager Brandon Gregg on how to put the right surveillance equipment in the right place.
The care you use in selecting the right camera for a covert investigation can be undercut if you don't also choose the right video recording device
Is covert surveillance a necessary part of your investigation?Lux levels, nanny cams and other camera considerations
Visualization can help close an investigation and help communicate the findings. Corporate investigations manager Brandon Gregg explains common tools and formats.
Concerned about identity theft? Selling or recycling an old computer? Corporate investigations manager Brandon Gregg explains three tools for making sure your data is really deleted.
Investigations manager Brandon Gregg explains how to collect evidence for network investigations on the cheap without damaging the mission at hand.
Step-by-step instructions for downloading and using free or inexpensive digital forensics tools.
Corporate investigator Brandon Gregg explains how online services and tools can help crack a case.
A corporate investigations manager shares five tools for concealing your identity.
Investigations manager Brandon Gregg explains how to keep an eye on intellectual property using Monittor, Limewire and other free tools.
Posts
ICE, the Internal Revenue Service Criminal Investigation, the Federal Bureau of Investigation, the U.S. Department of Agriculture - Office of Inspector General and the Oakland Police Department worked together on a nearly two and one-half year investigation looking into the activities of an ORC ring operating in the San Francisco Bay Area with ties throughout the United States and abroad.
Teams of criminals linked by cell phones have fanned out across Western Washington to steal all the Visine eye drops, Crest White Strips, Prilosec heartburn medication, Similac infant formula and Excedrin pain relievers they can get.
Police say Zoe Johnston, 53, worked as a security guard at Seagate Technologies - a computer peripheral manufactureer near Boulder. She then would take the hard drives home to her son Matthew Tennant, 26, who would sell them on ebay.
Electronic espionage has been well proven over the last year, and not just governments and big business are at risk - but all businesses. These spies use tools undetectable by regular means. 7/27/2010 5:34:00 AM By: Bob Violino
The Alliance for Gray Market and Counterfeit Abatement (AGMA), a non-profit organization dedicated to addressing the gray marketing (also unauthorized resale and parallel imports of branded goods), counterfeiting and warranty and service abuse of branded goods around the globe, kicked off the new year by holding their annual member meeting on January 20 and 21. The conference, hosted by Hewlett-Packard in Palo Alto, California, provided members with insights into many issues related to these topics, including best practices to mitigate gray market fraud and how to engage and partner with law enforcement agencies.
he announcement today by federal and local authorities of the takedown of a nationally organized retail crime ring in San Jose, CA, highlights a significant and growing criminal enterprise in the United States and the need for federal legislation to combat it.
ASHLAND When Karen Lightcap was teaching in Lewisburg on March 8, she was mugged in London at least thats what her Facebook page and her e-mail were telling friends.
SANTA CRUZ - Jurors on Friday found a Santa Cruz father of three guilty of first-degree murder for killing his wife in their bedroom on a September night nearly two years ago.
A federal judge in Minneapolis Wednesday ordered Haas TCM chemical company embezzler Chad Jurgens to return $6.3 million and serve five years in prison.
In the case The People v. Amy Marie Garvin, Court of Appeal, Sixth District, California. Feb. 10, 2005 the defense offered expert testimony from Dr. Richard Ofshe who testified that "a poorly done interrogation could produce a false confession. Poorly trained interrogators use false "evidence ploys" in conjunction with inappropriate psychological "motivators" to coerce false confessions without knowing that the confessions are false. These interrogators focus only on producing a confession without thinking about the guilt or innocence of the person interrogated." The jury rejected this testimony and found the defendant guilty.
Posts
Although many organizations have varying degrees of different definitions, I use the following:
Investigation: The investigation of a formal allegation of a criminal act, ethics violation or wrong doing.
Probe: A exploratory inquiry into questionable or suspicious activities that may lead to the finding of a criminal act, ethics violation or wrong doing.
See question on Quora
Yes, two primary services are the Great Good Bye at http://www.greatgoodbye.com/ and Death Switch at http://deathswitch.com/ .
Both offer different forms of emails and services from the grave. Between the two, Death Switch appears to have more service oriented tasks and could be used without the help of a friend or lawyer in the manner described in the question. With Death Star, a "Check in" email is sent to you at set frequencies. If you don't respond to the check in, Death Switch assumes you are dead (or kidnapped) and sends out the email(s) you prepared before your departure.
Great Good Bye works well too. According to their site "After your death your friend will type in the activation codes on our site and the system will automatically send out the emails from the grave that you have prepared. Such trusted person will not be able to view, edit or administer any of your prepared messages - he or she will only trigger their sending out by providing the activation codes."
Whether you choose to trust yourself or your friends both sites let you setup your message to be sent to the press, law enforcement, etc if you die or go missing.
See question on Quora
The difference between the two tools is quality. In all honestly both products work great and I believe are the future of network forensics, malware detection and network protection, but Solera added all the features Netwitness left out. From simple exporting to excel, to easy automation of importing public and open source malware feeds Solera is a better tool.
Netwitness had (has) an amazing product too. Easiest way to compare them: A basic model vehicle without power windows to a vehicle with all the bells and whistles like GPS, Bose speakers and seat warmers.
See question on Quora
Install Connectify (http://www.connectify.me/) or Maryfi (http://www.maryfi.com/) for free. Both work great and offer simple setup to share your wireless with others.
See question on Quora
Your choice in virus software is very important. To understand why, you need to look at how most anti- virus software works:
Companies like McAfee and Norton use R&D, advance web crawlers, scientists, intelligence (spying) and other resources to track and identify known and unknown viruses and their frequent mutations. All this data is then turned into a signature based detection system. By indexing and hashing your files on your system and then comparing them to known virus hashes and signatures you can confirm if you have any malware on your system. It's even faster to identify new files, no major scans are needed. So each time your anti-virus program provides you an update, its adding to the list of known viruses to scan for. Sounds simple, but is full of major issues, including these two.
Issue 1: An advance persistent threat (APT) aka China or a talented black hat hacker or the NSA make a 100% custom, never seen before virus (Stuxnut anyone?) and sends it to one system (Iran?) instead of blanketing it on the internet for McAfee to stumble upon. Do you think on one targeted machine McAfee will find it and then send out a signature file for the rest of us? Probably not.
Issue 2: I can confirm McAfee (and others big boy virus companies) white list (ignore) viruses for law enforcement and other intelligence agencies (including private companies). So you could have a keylogger, Remote Access Tool or other malware on your machine that McAfee is allowing!
So now what virus tool do you use?
Open source/Free tools may not have the same R&D budgets that the above companies have, but they do have the power of crowd sourcing and no bureaucracy or agenda other than protecting you. There isn't a goal to update only once a month or with a subscription fee. Instead most open source tools update as soon as a new issue is identified.
Personally I use two forms of virus protection: Microsoft Security Essentials and Malware bytes. Microsoft really impressed people with their free, low resource anti-virus tool just before Windows 7 was released. It keeps a stable anti-virus tool with the resources of big boy Microsoft running on my machine. Malware bytes is my resource to make sure Microsoft is doing its job and not missing any newly identified custom viruses like Stuxnut or caving into law enforcement and white listing some keylogger. Running this once a week seems to work well and not eat my system resources. Sometimes when I'm extra paranoid I throw in Trend Mirco's online scan for good measure.
I will never pay for a service that cares more about subscription fees and helping the government over my protection and privacy.
See question on Quora
Super Circuits has a great selection of wearable hidden cameras that law enforcement and other security professionals use often. http://www.supercircuits.com/Hid...
Personally I suggest making your own covert camera out of a basic pinhole camera for less that $20 and staying away from wearable cameras. As good as some of the cameras are at Super Circuits and other CCTV vendors, they a) charge a ton for a cheap camera because its in a cheesy covert cover and b) fail to advertise the recording and power requirements needed to successfully use their camera like a scene out of a spy movie. Just imagine a camera in your tie. How are you powering it? What is it recording too? How are you powering the recording device? And please don't mention wireless or I will scream.
If you must use a wearable camera, stick to the pen dvr cameras found on ebay. They offer audio (something most legit cctv vendors are scared to sell), they run on batteries in the pen and record to a mirco sd card for easy playback. Best part you can put it on a desk, write with it or wear it on your shirt/purse and no one will be the wiser... http://www.google.com/products/c...
For custom cameras visit www.BMGInvestigations.com
See question on Quora
Alan Cohen and Kim Guldberg offer some good software solutions to monitor internet traffic, however I see one piece missing, how you access the traffic. A standard router won't show you other user's traffic. To actively monitor another machine on your network you need to use a hub or your router needs to be able to output the targeted computer's data via a span or tap port. If buying a hub is out of the question or your router doesn't support tap ports you could always use APR poisoning via the program Cain and Able.
Once you have the proper connection made you can record your traffic via wireshark or some of the tools mentioned in the answers above. I recommend recording with wireshark and reviewing the data with RSA's Netwitness Investigator freeware. If there is specific data you are looking to monitor please post in the comment and I will update my answer.
See question on Quora
The largest publicly known Chinese hack has been the Aurora attack in early 2009. The following companies have stated they were victim: Google, Adobe, Juniper, Rackspace and unofficially (but confirmed by leaked emails in an Anonymous hack) Morgan Stanley and Dupont. The press also indicated Yahoo, Symantec, Northrop Grunman and Dow Chemical were part of the hack. In total at least 20 companies were victim of that one attack by China.
China has also been linked to a recent hack at RSA that lead to three more defense companies to publicly admit to being hacked: Lockheed Martin, L-3 Communications, and Northrop Grumman to be hacked by the Chinese. So Alan Cohen's friends are correct...
Unofficially the press has also labeled China responsible for hacking "The United Nations, the Indian government, the International Olympic Committee, the steel industry, defense firms, computer security companies, the governments of the United States, Taiwan, South Korea, Vietnam, and Canada, the Association of Southeast Asian Nations, and the World Anti-Doping Agency."
See question on Quora
I can't speak for the MacBook Air, however the Seagate's series of FDE drives all encrypt data "as it is being written and decrypts data as it is being read." Once a computer is turned off, the drive "locks" and all the data on the drive remains encrypted until the computer is powered on and a password is entered. Leaving the computer in sleep or hibernation keeps the drive active and unlocked for anyone to wake back up and take your data.
Not only do I suggest using an FDE drive to protect your files, but still use file/directory level encryption to protect your files from hackers that may be remotely on your systems or from live images collected by law enforcement/your company/bad guys. Sounds paranoid but you can never be to safe with your personal data.
See question on Quora
For free use Cybergate... if you want something less risky check out Spectorsoft.com. They have monitoring tools starting at $99. Very impressive software.
See question on Quora
Not all states allow the search of people's license plates. For example, in California after actress Rebecca Schaeffer was killed by a stalker who got her home address from a private investigator who got it from her vehicle and abortion clinic staff were stocked by their license plate information, California passed the Driver's Privacy Protection Act of 1994 (DPPA) to lock down this kind of information. So unless you are law enforcement or have a have a special license to search unrestricted ($50,000 Bond needed) with DMV you are out of luck to covertly get an address and name from a license plate in many states. If you don't mind the owner of the vehicle knowing you are looking for them then use a Request for Record Information (INF 70) form found here:http://dmv.ca.gov/forms/inf/inf7...
In other states, such as Minnesota you can simply go onto the many database sites online and pay a small fee $.25 (Accurint/TLO) to $50 for the shaddy websites to get the information. TLO (www.tlo.com) takes it one step further and shows you pictures of the make/model/color of the vehicle. Nice touch.
Lastly there is Google. You would be surprised that even license plate information can be found online. An old trick I use to use back in the day was searching Government Smog check sites for the plate. Not only would they say if the car passed or not, often the website would list the smog shop that serviced the car or vin # of the car. Then I would search the vin for more details and/or ask the smog shop for the vehicle owners information...
See question on Quora
I have to disagree with Alex K. Chen's statement about Anonymous. The hacking done by the collective group Anonymous and Lulzsec is the greatest example of destructive hacking used for good. Have the targets been controversial and illegal? Yes. Has the damage cost millions? Yes. But their hacks truly have been for the greater good vs self interest.
Instead of using their black hat skills to covertly penetrate systems, steal millions of our credit cards and silently slip back into the night, the two groups are exposing major security holes by publicly outing the company or government they have chosen to attack (most oftentimes also behind a social issue). The constant news about such hacks and leaked information has awaken the IT security world and caused many global businesses and governments to take a more serious view on security and protecting their user's data/privacy. Just think if Anonymous as a white hat group went to Sony with their findings privately. Sony would be grateful no doubt, but how long would it take to fix there security holes? Could other hackers be in the same systems riding the zero day attack? With the publicity from Sony and other attacks, security was increased and should be taken seriously now...
On a personal note: Anonymous cannot be controlled based on its design. However I do agree with a recent panel discussion at Defcon that Anonymous should continue their mission by attacking dictators, child porn sites and other obvious abuses on the internet. Just my two cents.
See question on Quora
As Tom Robinson stated, connect to a VPN whenever on wifi. I prefer Cyberghost. Its free, fast and easy to use for any level of computer user. cyberghostvpn.com.
See question on Quora
Actually this hack would be easy to pull off for even a non-computer nerd.
Step 1) Use a War Dialing program in the school's prefix. I.e: Call all numbers between 904-0000 and 904-9999 looking for unlisted modem connections at the school.
Step 2) Simple password guessing or social engineering. Remember this was the 80's. Not a lot of education on strong passwords or leaving a user name taped to the desk.
Step 3) Change your grades.
Pretty simple if the stars are aligned for you.
See question on Quora
Nothing is more easy then buying a Seagate FDE drive. Computer turns on, type in password, drive unlocked, boot up starts. When computer turns off, drive stays encrypted. The problem comes into play at an enterprise level with key/password management.
Unfortunately people are blind to protecting themselves and the governement isn't going to push encryption (without a backdoor) on the population. Companies like WD and Seagate should sell all drives with FDE at no added cost and make it a standard...
See question on Quora
My experience has shown Jan Mixon's statement about non-chain convenience stores as huge money laundering operations to be true 100%. Plus they are everywhere. Lets just say I could walk into a store front operation (covert camera recording for documentation) and spot if the store was a front in seconds...
The best business front I ever ran into was an African Arts and Antique store. All the items were bulk purchased trinkets from third world corners probably for pennies and confirmed Pier One Import cheesy art, priced 1000% mark up or more and then "sold" on the books to clean the cash...
See question on Quora
Bitcoin might sound like a good tool for laundering money after repeated statements about bitcoins being anonymous, however researchers have just published work "An Analysis of Anonymity in the Bitcoin System"(http://arxiv.org/abs/1107.4524) that proves different. For a quick recap of there findings see: http://anonymity-in-bitcoin.blog...
Long story short the researchers were able to identify the suspect of a recent bitcoin theft by tracking patterns found in the users public transaction keys over time. This effectively shuts down the anonymous argument and may lead to tracking of criminals using Bitcoins for Silk Road or money laundering...
See question on Quora
The objective is to save lives. Zipping down the highway, often higher than the posted speed limit can come to a deadly end when you approach a construction zone. However having a CHP posted with their lights flashing or flares near/on a construction zone can decrease a driver's speed and remind them to drive safe.
See question on Quora
