Oftentimes, investigators do not possess ample information to launch a person of interest investigation. They may have a name or an alias as a starting point, which is the most common scenario but not most optimal, as these types of data are not always strictly linked to a unique individual. While people may randomly share a name or an alias without being connected in any other way, a phone number of an email are data types that investigators may pivot off of with a much higher degree of confidence in the results. However, a phone number or an email might not yield as much information as a name or an alias.
To conduct a successful person of interest investigation, an investigator must combine the previously mentioned types of personal identifiers in order to harvest the maximum amount of information. We will demonstrate this in the following investigation.
Recently, a list of phone numbers—supposedly belonging to employees of the FSB, one of the main Russian security agencies, was published by the Defense Intelligence of the Ministry of Defense of Ukraine. In this case study, we will investigate these phone numbers in an attempt to validate them.
Investigation Methods & Workflows 🔗︎
To start our investigation, we pasted the phone number we want to investigate into Maltego and retrieved social media accounts associated with it as well as an Alias Entity and location using ShadowDragon SocialNet Transforms. In hopes of finding commonalities between our target and the returned profiles, we dug into the location and went through the social media platforms one by one, focusing on the platforms that are more popular with this demographic–Mail.ru and VKontakte. Unfortunately, none of the profiles matched what we know about our person of interest.
This could be the end of the investigation; however, we looked into the profile picture we obtained earlier performing a reverse image search using Yandex, whose users are mostly Russians. We were able to find a perfect copy of the profile picture linked to a VK account with matching personal identifiers, such as workplace, name, surname, hometown, and current city of residence. Pivoting further, we loaded the right profile directly into Maltego and populated the graph with our person of interest’s hometown, his current job, friends, posts, and more.
Download this Case Study for A Detailed Investigation Walk-Through! 🔗︎
This case study showcased how to use ShadowDragon SocialNet to conduct your person of interest investigations.
Download it now to learn how to pivot from a phone number to further acquire other personal identifiers on social media platforms!
Download the resource
Don’t forget to follow us on Twitter and LinkedIn and sign up to our email newsletter, so you don’t miss out on updates and news!
Happy investigating!
About the Author 🔗︎
Mathieu Gaucheler Mathieu Gaucheler is a subject matter expert at Maltego. His responsibilities include research-driven content development for blog posts, webinars, and talks. He started working in cybersecurity in Barcelona, focusing on malware analysis and sandbox development. He has previously presented his research at BotConf and RSA APJ.
