“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET
07 Apr 2022

Jumpstart Your Person of Interest Investigations with People Data Labs and Maltego

Maltego Team

With nearly 2.5 billion unique profiles available for searching, People Data Labs allows investigators to advance their person of interest investigations in seconds and with a single click.

Maltego hub item - people data labs

Founded in 2015, People Data Labs began as recruiting software intended to help companies better understand and source candidates. Today companies around the world and across industries use PDL’s data to build compliant people data solutions.

Please also note that People Data Labs data access in not available for Law Enforcement customer segment.

What type of information can we query with the People Data Labs Transforms? ๐Ÿ”—︎

The PDL Transforms allow you to query the following information about a person:

  • Email address
  • Country
  • Employer
  • Interests
  • Job Title
  • Location
  • Phone Number
  • Skills
  • Social Media Accounts

Let’s check an example of this. We will start with a Person Entity. In this case, we will use PDL co-founder and CEO Sean Thorne as our starting point, and we will run the To Person [PeopleDataLabs] Transform to get all the information associated with Sean.

Run To Person [PeopleDataLabs] Transform in Maltego to get all associated information

You are required to provide at least one of the following fields (Locality, Region, Company, School, Location, Postal Code) when running the To Person [PeopleDataLabs] Transform to query data. Otherwise, the Transform will not return any result.

Inputs reqired to run the To Person [PeopleDataLabs] Transform in Maltego.

Once you provide the information and click on Run, a new Entity will be created by Maltego containing all the details associated with the person you are investigating.

Let’s take a look at the details tab from the new Person Entity.

New entity with assiciated information created by Maltego

As mentioned above, we can query different details associated with a Person. Let’s check a few of these Transforms.

The To Emails [PeopleDataLabs] Transform allows you to retrieve work and personal emails associated with a Person.

Run The To Emails [PeopleDataLabs] Transform in Maltego to retrieve work and personal emails

The To Phone Numbers [PeopleDataLabs] Transform allows you to retrieve phone numbers owned by a Person.

Run the To Phone Numbers [PeopleDataLabs] Transform in Maltego to retrieve phone numbers.

The To Social Networks [PeopleDataLabs] Transform returns social media accounts linked to a Person.

The Maltego To Social Networks [PeopleDataLabs] Transform returns social media accounts

The To Location [PeopleDataLabs] Transform provides information on where a person resides or has resided in the past.

The Maltego To Location [PeopleDataLabs] Transform provides information on where a person resides

Those are just a few of the Transforms available on the People Data Labs Hub item. We encourage you to test these and the rest.

Additionally, you can use the following pieces of information to pivot into a Person Entity.

  • Phone Number
  • Affiliation (Social Media Account)
  • Email Address

How to Access People Data Labs Data in Maltego ๐Ÿ”—︎

People Data Labs Transforms for Maltego are available for all Maltego Pro and Enterprise users via the following methods:

Data Subscriptions ๐Ÿ”—︎

Simply purchase a monthly data subscription for People Data Labs in our web-shop, starting at 16 USD per month for 50 Transforms per month!

Bring Your Own Key ๐Ÿ”—︎

If you are an existing People Data Labs customer, simply plug in your own API key to install the Hub item and get started.

For those using the People Data Labs Hub item via data subscriptions, Maltego will provide you with the number of remaining queries available on the output window every time you run a PDL Transform.

Remainning queries provided by Maltego.

Use Case: Romance Scammers Investigation ๐Ÿ”—︎

Now that weโ€™ve covered the basics, let’s take a look at a real-world investigation based on an indictment of a group of individuals located in the United States, according to the indictment published by the United States Justice Department.

A real-world scammer investigation use case

Taken from www.justice.gov

Although the indictment includes 23 individuals, we will focus our efforts on the four individuals mentioned on the court document obtained by The Record, a cyber intelligence news site by Recorded Future.

  • Solomon Esekheigbe
  • Chidindu Okeke
  • Ngozi Okeke
  • Isaac Asare

We will start by creating the Person Entities as well as any Aliases mentioned in the document for those four individuals

Creating the Person Entities in Maltego graoh.

Let’s select the Person Entities and run the To Person [PeopleDataLabs] Transform.

Run the Maltego To Person [PeopleDataLabs] Transform.

As we can see, PDL returned new Entities for all of them.

Now, let’s retrieve the information from these 4 Entities by running the Expand Details Transform set from People Data Labs.

Running the Maltego Expand Details Transform

We can see some immediate connections between these Entities based on their location and some interesting details such as companies mentioned on their profiles, skills, personal and work email addresses, and LinkedIn profiles. One of them even returned numerous phone numbers associated with them.

As we mentioned before, you can also pivot from other Entities such as Phone Numbers. Let’s test this by selecting the Phone Number Entities in our Graph and running the To Person [PeopleDataLabs] Transform.

 Running the Maltego To Person [PeopleDataLabs] Transform.

We can see how a couple of the phone numbers can be associated with another person with the same last name as one of the defendants, which means that there is a high chance these two individuals are related. However, this does not mean that they have taken any part in the actions taken by the defendant.

Another exciting find is that the skills associated with one of the individuals match the profile of one of the defendants as detailed on the court documents.

The skills match one of the defendants

Let’s check one of the LinkedIn profiles returned by People Data Labs to look for more clues on these individuals. If we open Solomon Esekheigbe’s Linkedin profile, something interesting catches our attention: Under the “People Also Viewed” section, we can see some of the individuals mentioned on the indictment as well.

Look for clues from Linkedin Profile

As usual, we can also combine the new Entities with existing data sources such as Social Links to map out the social media presence of these individuals and further confirm the relationship between them.

Let’s take the People Data Labs Person Entity for Solomon Esekheigbe and run the [LinkedIn] Search Transform by Social Links Pro.

Run the Maltego [LinkedIn] Search Transform

We will also query the details of the “People Also Viewed” section using another of Social Links Pro Transform called [LinkedIn] Get People Also Viewed to bring the details of these individuals into our Graph so that we can continue with our investigation.

Run the Maltego [LinkedIn] Get People Also Viewed

As we can see some of the people mentioned in the โ€œPeople Also Viewed” section has been also mentioned in the indictment, we will convert the new LinkedIn profiles into Person Entities to highlight the individuals already in our Graph.

Convert the new LinkedIn profiles into Person Entities

We found eight additional individuals potentially associated with Solomon Esekheigbe, some of which are also mentioned on the court documents, lets run the To Person [PeopleDataLabs] the Expand Details Transform set on the new Entities.

Run the Maltego To Person [PeopleDataLabs] the Expand Details Transform

This is only a brief example of how you could use the People Data Labs data set to kickstart your Person of Interest investigations, with only a few Transforms we were able to map out connections between the defendants and uncover details such as phone numbers and email addresses that can be used to expand our investigation

Use People Data Labs data in Maltego to do Person of Interest investigations

Note: A grand jury indictment is not evidence of guilt. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Donโ€™t forget to follow us on Twitter and LinkedIn and sign up for our email newsletter to stay updated on the latest news, tutorials, and events.

Happy investigating!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.