I get asked this question a lot: what is the biggest thing you look for in a good investigator?
Hands down my answer is always this: tenacity.
Report writing, technical aptitude, web browser wizardry, these are all things that can be trained into a (willing) investigator. Tenacity on the other hand is something that is incredibly difficult to drill into someone’s brain.
Explaining to someone that sometimes you DO have to read thousands of Tweets to find your answer. Or that yes, examining all 500 Instagram posts could actually give you clues you may not otherwise have found. Another incredibly enlightening statement to make is that Google results beyond the first 3 pages may actually have something useful in them.
Mind blown, right?
Some people look at the task with glee (hire these people) others may completely disregard or shrink away from such a challenge.
There have been many times where I have fielded emails or phone calls from investigators that go something like this:
Investigator: Justin, I am stuck on investigation X, do you possess any secret sauce you can share?
Me: No secret sauce but how long have you been at it?
Investigator: Well I spent two hours looking at their Twitter timeline and I just can’t seem to find anything.
Me: You’re not stuck. You can barely watch a good movie in two hours, that’s not enough time to get stuck in an investigation.
I totally understand that sometimes (particularly in private practice) you may be limited by your client in terms of how many hours you can spend. This is no different in law enforcement either, you do not have unlimited time and resources (contrary to popular belief) to perform an investigation.
I get it, I really do.
However, there are many examples of tenacity being the only thing that breaks a case. Not fancy tech. Not some secret search method on Facebook. Just sheer tenacity.
Here are a couple of war stories to illustrate:
The Overwhelming Twitter Feed
I was involved in an investigation where an anonymous Twitter user was levelling threats against a set of individuals that belonged to a particular organization.
No other social media accounts, no email addresses, no name. Nothing.
So I head to the target profile and…..36,000+ Tweets.
My initial reaction was: F&@*! No one wants to go through that many Tweets trying to find clues.
However, you have to remember, you should be excited to see that much data. An account with 3 Tweets means that unless they have made some significant OPSEC failures, it’s going to be tough to find any useful nuggets. Thousands of Tweets vastly increases your chances of finding something useful. In security terms we would call this the attack surface.
So I did what anyone should do. I started reading, and scrolling and reading and scrolling. For hours. With only a few hours remaining in the investigation I found a single Tweet where the user referenced a Facebook group.
You can guess what happened next. I jumped to the group, hunted through all 500+ members until I found a user that had the same profile picture as the target Twitter account. Found a single photograph they had taken from their apartment balcony, geolocated that photo to pinpoint where they lived and eventually pinned down their name too. Case closed. Report written.
Tenacity pays off.
Unmasking Thomas Paine
Craig Silverman from Buzzfeed is one of the best investigative journalists out there. He routinely employs a dizzying array of OSINT tricks and takes tenacity to a whole new level.
Recently he ran the story linked below, where he was able to cooperate with a handful of other researchers to eventually uncover the person behind a pro-Trump propaganda website.
At the bottom of the article Craig actually speaks to how the real life person was discovered in the end. It involved identifying a handful of Twitter accounts that were used currently or historically, and examining those Tweets for clues. One such clue was a YouTube video of a young hockey player, at which point they identified that the parent of this hockey player was in fact the same person who ran the propaganda Twitter account and website.
Tenacity pays off!
I may have mentioned this before: tenacity pays off.
That’s it. Next time you are stuck on an investigation, or overwhelmed by data, just remember to keep your head down and keep digging.
A Note From Craig on Hunchly
Craig is a Hunchly user, so naturally I asked him how he used Hunchly for this particular story. Here is what he said:
For this investigation I created two different Hunchly cases. I started with a general True Pundit case, where I did my initial information gathering and searches, and that grew to be 844 pages with 72 notes and 134 searches. Once I zeroed in on Michael Moore as my target, I created a new case just for him and ended up with 447 pages with 46 notes and 88 searches. One key thing in Hunchly 2 is being able to enter a keyword to filter the case pages without having to create a new selector. This enabled me to quickly bring up the relevant information while I was writing and fact checking the story.
Very cool use of the filtering in the History table! You can also tell that Craig is heavily leveraging the note taking system in Hunchly which is incredibly useful for documenting important posts or setting down investigative milestones for when you are preparing your final report or story.
Grab a free trial from here: https://www.hunch.ly