OPPO help needed - digital fingerprinting and forensics

Kinja'd!!! "505Turbeaux" (505turbeaux)
07/15/2014 at 13:51 • Filed to: None

Kinja'd!!!0 Kinja'd!!! 13
Kinja'd!!!

Oppo I humbly ask for your assistance for you IT geeks out there, and yeah, it relates to cars. I have a dealer client who is having an issue and it is just a little out of the scope of what I know about digital fingerprinting. The dealer gets paid an additional bonus on how many surveys Nissan sends out to a clients email address that get completed and the score on them. Nissan is challenging my dealership on a month of this bonus due to the fact it appears the same exact computer was used to fill out 3 different surveys, on 3 different days throughout April, from 3 different IP's (probably dynamic though). This is for 2 service customers and a sales customer, with 3 different VIN numbers. All of the clients are legit, one even sending a notarized letter to Nissan telling they owe her an apology for thinking she was part of a scheme. I would tear it apart in analytics for the client site, but the survey is run off site, so I rely on their reporting. The matter of money is trivial, but my client feels like his integrity is being called into question. I know him, I know alot of his staff and he is way above board

So OPPO sleuths, I redacted some info off these 2 email scans, but I feel like this should be enough, what is my pushback with Nissan on this matter. Thanks, and whoever comes through wins all of the internet for a week, plus a special NSFW post or post of your choice if that is not your thing. Thank you OPPO! Have a some Datsuns for taking up space with this on here

Kinja'd!!! Kinja'd!!!

DISCUSSION (13)

Kinja'd!!! chuck07 > 505Turbeaux
07/15/2014 at 14:27

Kinja'd!!!1

See what the geolocations are. Maybe they used a computer at the library to get this done. Maybe they all work for the same government or corporate office.

Do an IP lookup to see where they worked.

Kinja'd!!! 505Turbeaux > chuck07
07/15/2014 at 14:30

Kinja'd!!!0

yeah they were all home when they did the survey. They dont work together. It is infuriating that this should be so simple.

Kinja'd!!! chuck07 > 505Turbeaux
07/15/2014 at 14:34

Kinja'd!!!1

Maybe check what plugins they have installed. Maybe they have some standardized browser that makes it easy to use or more secure (fixed plug ins). The rest of the information could be spoofed if it is a secure thing.

Kinja'd!!! 505Turbeaux > chuck07
07/15/2014 at 14:46

Kinja'd!!!0

supposedly, they said the browser versions, plugins, OS and everything matches between the 3 submission. Did 3 people just get a DELL or something super standard and not change anything on the box...maybe

Kinja'd!!! Nibbles > 505Turbeaux
07/15/2014 at 15:36

Kinja'd!!!1

Did they expound on the os/browser versions? Are we talking each one from Windows 7 SP1 running a fully updated Google Chrome (auto-updated) with the same plugins (Java, auto-updated and Flash, auto-updated), or, did each of these people fill out the survey on their AT&T iPhone 4S?

Browser/hash identification can only go so far. Being done from a mobile device would explain them being on the same IP range too.

Kinja'd!!! 505Turbeaux > Nibbles
07/15/2014 at 15:39

Kinja'd!!!1

these were flagged as non mobile, and they have not shared the browser versions/OS/plugins. I thought of that too, or all 3 using 4G iPads would result in the same thing and not flag mobile.

Kinja'd!!! Nibbles > 505Turbeaux
07/15/2014 at 16:13

Kinja'd!!!1

True that on the iPad part - even the olds are getting those things these days too. They're so ubiquitous, that is a very reasonable explanation. See if they'll forward you the OS type etc - if not, throw back at them that these three people were on iPads, and if they're unwilling to share extra data to get to the bottom of the investigation, then case closed.

Kinja'd!!! 505Turbeaux > Nibbles
07/15/2014 at 16:28

Kinja'd!!!0

agreed, thanks

Kinja'd!!! 505Turbeaux > Nibbles
07/16/2014 at 09:35

Kinja'd!!!1

just to circle around on this. I guess I asked the right questions because this "went away". Thanks for your help, I owe you a post of your choosing.

Kinja'd!!! Nibbles > 505Turbeaux
07/16/2014 at 09:52

Kinja'd!!!1

Kinda figured that would happen :) Always glad to be of service

Kinja'd!!! lisa > 505Turbeaux
05/14/2015 at 00:07

Kinja'd!!!2

They only check for tampering surveys in the same month

Kinja'd!!! lisa > 505Turbeaux
05/14/2015 at 00:14

Kinja'd!!!0

If one was in April and other in may, do they check that

Kinja'd!!! lisa > 505Turbeaux
05/14/2015 at 14:47

Kinja'd!!!0

Thanks