Overbearing spouses, disgruntled employees and corporate moles have a wide new path for spying, considering that nine in 10 adults own mobile phones. Aiding the hackers is protective software that’s thin at best.
The trend has opened a new avenue for one of the city’s oldest private gumshoe firms, International Investigators Inc.
The company, owned by Tim Wilcox, spends increasing time digging into phone data—with their owners’ permission or court orders in hand—to help attorneys build court cases or settle private disputes.
At $2,500 a crack, the firm is pulling 20 percent of its revenue, in the low-seven figures, from mobile- and cyber-related cases. And Wilcox doesn’t see that slowing as he continues to fetch five to 10 inquiries a day, more than he can handle.
“Five years ago, would you have imagined a smartphone?” he said. “Five years from now, what’s going to be out there? I had no idea how complex and sophisticated spying could be.”
Wilcox had owned International Investigators since 1970 and run it like any other private investigator, rooting through documents or conducting surveillance. But the droves of personal information people horde on their phones opened a new dimension for the firm—mobile forensics.
“We as a culture and society are so tied to our devices, and the smartphone now has just become an extension of us,” said Marc Rogers, a Purdue University professor and fellow at the university’s Center for Education and Research in Assurance and Security.
International Investigators’ cases cross the spectrum.
“Corporate espionage,” Wilcox said, “an employee wanting to find out what the boss is up to; the boss wanting to find out what the employee is up to; wondering what your wife is up to; she wants to know what you’re up to; you’ve got a neighbor that you don’t like and you want to know everything about your neighbor; your teenage son or daughter is out throwing around and you want to know what they’re up to. Just use your imagination.”
Some cases have been as big as using cell towers to triangulate former Indiana Secretary of State Charlie White’s location during a months-long span amid his 2012 voter fraud case. The evidence was never used in trial, and Wilcox maintains that it would exonerate White from charges that he used his ex-wife’s Fishers address on his voter registration in the 2010 Republican primary while living with his fiancée in another district. A jury convicted him of six felony counts including voter fraud.
International Investigators isn’t alone in watching the trend.
Law firm Faegre Baker Daniels about five years ago noticed an uptick in mobile spying, both at the corporate and personal levels, as smartphones hit the market in force, said partner Drew Soshnick.
In response, law firms have turned to private investigators for assistance.
“I see them as IT specialists, IT consultants who may be housed in an overarching business of private investigation,” Soshnick said. “It isn’t just a cottage industry, where you’ve got some gumshoe out there trying to figure out how to use a computer.”
Rooted in a divorce
A case in 2004 turned International Investigators’ attention toward digital forensics. A California family law attorney contacted the firm needing help. A client was divorcing her husband, and the man somehow always knew what the woman was discussing with her lawyers, despite closed doors, Wilcox recalled.
“They were absolutely sure that this lady’s estranged husband was listening to their conversations,” Wilcox said, “because he knew everything that they were talking about—between a client and an attorney, which is supposed to be sacred.”
International Investigators sent a team to check for bugs or wire taps, but turned up no evidence.
“We finally figured out that the only common denominator was this lady’s cell phone,” Wilcox said. “Back then, it was a pretty straight cell phone, a 2004 model. Well, guess what? Her husband was an IT manager for a big company out there.
“Even back then, every time there was a call made or received, it would send a text to the bad guy. A text notification, telling him that so-and-so was talking, and he could listen.”
Investigators began looking deeper and discovered an emerging underworld of mobile espionage. Two primary websites provided spyware then; that number is in the hundreds today.
A virtual lack of security on mobile devices opened the doors for hackers, stalkers and other cyber criminals, said Purdue’s Rogers.
Phone and app makers write programs using publicly accessible open-source data, which makes the devices easier to use but also easier to get into.
“Because of that, there really is almost no security on phones,” Rogers said. Plus, “the concept of anti-virus on the phone is pretty much laughable.”
Large anti-malware vendors struggle to keep up with hackers on standard computers, so they haven’t had a chance to focus on mobile devices, said IT security consultant J.J. Thompson, CEO of Rook Security in Indianapolis.
Worsening the situation, it’s difficult to detect malware on a phone until the damage is done.
“Most people don’t know that they’ve been compromised,” Thompson said. “There are not a lot of good ways to detect that they’ve been compromised. People are really struggling with this problem right now, and there are not a lot of good solutions.”
Keeping it legal
Although International Investigators steers away from anything illegal, such as spyware, the firm pulls in plenty of work digging into mobile devices legally to extract information, Wilcox said.
That can mean a company turns over an employee’s corporate-issued phone to find whether the person breached a contract.
Or that can mean working with a defense attorney to track a client’s whereabouts to support an alibi in a criminal case.
“Let’s say you were accused of a crime on Nov. 3, 2013, at 4 o’clock in the afternoon, and you claim that you were at work downtown at your office,” Wilcox said. “There’s nobody that can remember. You have a weak alibi. The crime that occurred, you shot seven people, and the state’s brought a case against you. If the police already didn’t sample your phone, your triangulation records, then it would prove where you were at the time.”
Court orders are the key in most cases. They’ll grant investigators legal permission to look into a phone, as well as define what investigators can look at.
But there are still a lot of legal and ethical gray areas, Wilcox said.
Investigators might go into a phone looking for one piece of information but come across something illegal. Laws concretely state the person must report finding certain types of information, such as child pornography. Other, non-violent crimes aren’t so clear because laws simply don’t exist defining what they need to do.
Wilcox mentioned one case in which he found evidence of a competitor spying on his client, but the client told him not to report it to the police.
“On the private [investigator’s] side, it’s a complete gray area,” Rogers said. “Other than child pornography or risk of imminent death or harm against somebody, there’s really no direction.”
That leaves a lot of decisions relying on the investigator’s own ethics, he said.•