In this episode for The Pivot podcast, we welcome Nico Dekens!
Nico Dekens, known as the Dutch_OsintGuy online, is an All Source Analyst specializing in open source intelligence (OSINT), online human intelligence (HUMINT), and online investigations. He has over 20 years of experience as an All Source Intelligence Analyst at Dutch Law Enforcement.
Nico eats, sleeps, and lives everything related to OSINT, online investigations, intelligence gathering, and analysis. As the co-founder of the OSINTCurio.us project and a SANS Institute instructor, he is very active within the OSINT community. Currently, Nico is working as the Director of Intelligence, Collection Innovation at ShadowDragon.
In this episode, Nico provides valuable insights into his investigations on the decentralized web, experiences of saving people from the ongoing war in Ukraine, as well as concerns for the polarized-bound world. He also touches a bit on Vicarious Trauma, taking himself as an example, and offers a few prevention tips in the end.
The Pivot: Your New OSINT and Infosec Podcast 🔗︎
Brought to you by Maltego, The Pivot is your OSINT and infosec podcast that dives deep into topics pivoting from information security to the criminal underground. Through The Pivot episodes, we aim to share insightful information for beginners and seasoned investigators alike, shedding light on all things OSINT and infosec from an insider’s perspective.
Each episode features one or two of Maltego’s own Subject Matter Experts as the host and an external expert, researcher, or industry leader invited to share their projects, stories, experiences, and advice.
Where to Listen to The Pivot? 🔗︎
The Pivot podcast is available on Spotify, Apple Podcast, Google Podcast, and the Maltego YouTube channel. Each episode is 45 to 60 minutes long and is released on the 15th of every month. Stay tuned with us for more updates!
Tell us what you have been up to! 🔗︎
Nico: Currently, most of my time goes into refining the courses that I’ve written for SANS. I’m also doing a lot of investigations regarding Ukraine, but the majority of them are conducted privately. When I do investigations, I will never make them public, which is my golden rule. It might have something to do with my background in the Dutch government. Even though things are open source intelligence, they should not always be exposed to the app or the public.
Other than that, saving time is my biggest priority nowadays because I’ve got so much to do, and I’m always looking for new ways to perform open source intelligence more efficiently. For example, it could be building my own little Python script, looking at someone else’s script to see if I can grab pieces from it and work with it, or playing around with Maltego to see if I can build a Transform or automate the process.
What are some of the tools you used? Niche tools are also welcome if you can talk about it. 🔗︎
Nico: The biggest tool I use is my brain. Simply put: Critical thinking, doubting everything, assuming nothing, and checking everything. That’s my standard operating procedure and something I always preach. For me, the most important part is that I know what tools to use for certain tasks, and that I have a digital toolbox filled with tools, scripts, methodologies, and techniques based upon my case.
Besides my brain, my number one tool is Maltego, particularly with SocialNet by ShadowDragon. I run a Transform in Maltego, and it gives me simply more time to do the proper analysis. I’m the hoarder of all data and have my own database with breaches. Along with some friends, we collect all kinds of breaches. I run my own monitoring based upon RSS Hub, which is basically an open source GitHub project that allows you to monitor feeds from RSS, Facebook, and Twitter. I also use search or Searx to plug in my own data sources.
Sometimes these tools simply speed up my process. I recently had a case where there was a presumed school shooting, and someone asked me to investigate that. I could have done that manually, but it probably would have taken me at least five days to collect all the data and then another five days to sort through the data, giving it some meaning and finding answers. In this case, with a combination of Maltego and some manual searching, the investigation was done in two and a half hours, including a conclusion and a written report.
Have you seen people getting stuck using specific tools and thus held back by the hindrance of using those tools only? 🔗︎
Nico: In my opinion, it’s a good thing to have standard operating procedures and methodologies to do certain tasks that you have done previously. What I’ve seen investigators do is that they stare themselves blind on that one tool. However, every tool has limitations, and if you’re not capable of seeing those limitations and figuring out how to deal with them, your standard operating procedure is basically shutting down your own business or your own investigation. I hate to say that you are thinking out of the box, which is a popular term, but that’s something you should always be able to do within OSINT.
When I look at my background in the Dutch government, most governments would use flow charts, especially for the people who don’t do open source intelligence 24/7 and 365 days a year. They need to have manuals and playbooks, which are good for them as a starting point.
Nevertheless, don’t stare yourself blind on playbooks. If you only look at the playbook because that’s the only path you can take, you’re doing your investigation short. If you only stick to those rigid standards, such as flow charts or decision trees, you will overlook certain things. There’s never an option of “what if’ in decision trees, and this is why I don’t like them.
There are places going through some drastic changes. In terms of what you do and how these changes affect your work, what are your biggest concerns as an investigator? 🔗︎
Nico: Looking back at the past three years and witnessing the outbreak of the pandemic and the war in Ukraine, I think my biggest concern is that the world is becoming polarized. People who used to be friends are now enemies. People who once trusted their governments now have strong doubts about their governments because of fake information or disinformation.
Social media, in general, could rather be renamed and revamped to asocial media because there’s nothing social about it anymore. Most of these platforms are more about people showing off how good they are, putting other people down, or becoming victim platforms. We’re not even talking about TikTok as a platform itself being used for spying by a nation-state mostly, which has been proven now by numerous academic researchers.
People think or thought that the world should have become a safer place or heaven as it’s becoming more interconnected with the internet. Nonetheless, things are going sideways. I noticed an incident recently on the news where two young women were being harassed by a very large group of young guys, and there were at least two times more people standing by. But no one did anything, except putting it on Snapchat or Tiktoking it. That has become my biggest worry that people are so passive, scared, or so numb that they only film but don’t act anymore.
As you mentioned, social media is not about social anymore. How is that affecting the younger generation and people worldwide? 🔗︎
Nico: The impact for the younger generation is that every step they take outside, they are anticipating to be exposed online, and these materials could stick with them for the rest of their life. As the younger generation grow, they will one day apply for a job, and their employers could easily look up their accounts on TikTok and watch videos of them doing some crazy stuff when they were kids.
These past two years, we have seen more demonstrations and rallies thanin the last two decades, and I assume most people remember rallies and demonstrations from the Cold War period. Nowadays, people just rally and demonstrate on social media because it’s so easy to sit behind a keyboard, saying whatever you want without thinking of the consequences. People can get really hurt by words, and people forget about that.
On your blog, you’ve touched on vicarious trauma. Could you explain more about this concept? 🔗︎
Nico: Vicarious trauma is basically trauma that you get from looking at, listening to, or watching horrific things. This content could stick to you and traumatize you, later evolving into vicarious trauma. It’s indirect trauma, so you’re not directly there witnessing the incident. Still, the impact of looking at the footage could take its toll on you.
When I was in law enforcement, I spent almost 10 years doing counterterrorism work during the high rise of the Islamic State. While others were eating their lunch, I was eating my lunch and watching footage of people being decapitated, murdered, or set on fire, and that’s abnormal. We had mental health check-ups every few months. Even though you say, “Hey, I’m perfectly fine.” They still say, “You need to go and talk to the psychologist just to make sure.”
That’s something I would like to encourage people who are doing investigations to do, especially in the fields of war, riots, child abuse, or subject matters where you see horrific content. Make sure you check your mental health regularly or read about vicarious trauma on my blog or from other parties writing about it. Getting traumatized by doing online investigations is real, and you could burn out on that or even go as far as never being able to work again.
Therefore, I wrote about vicarious trauma on my blog to give out some tips on how to avoid getting the trauma. For instance, if you’re watching a footage, you can turn off the audio, which will help reduce the impact. As we all know, if you watch a horror movie without the audio, it’s actually quite funny.
Do symptoms of vicarious trauma also include being desensitized in front of horrific materials? 🔗︎
Nico: Absolutely. I had former colleagues point out to me saying, “Nico, hey, I’m walking behind your office, and you’re eating your lunch while watching these things. That’s not okay. That’s not normal human behavior.” Or, I got so paranoid that I was out with my family in Amsterdam, and an advertisement screen fell over, making a loud bang. I was like, “Okay, now it’s going down. Now there’s a terrorist attack.” I started to become a bit edgy or too paranoid owing to work, and for me, that was literally the sign to take a step away and ask my leadership, “Hey, I need some time to unwind.”
It’s hard to do it now as I’m a one-man show. Nevertheless, when I was in law enforcement, I had the luck to talk with other people and take care of each other. I would like to encourage people working in a team to keep talking to each other every now and then, grab a cup of coffee or tea, and ask, “Hey, how are you doing? Did you have any fun things in life?”
We all have biases and fallacies that we fall for. If we combine that with being traumatized, for example, looking into the entire anti-vaccine world, you could also be sucked in and become detached from reality. It could be part of the mental health issue you’re running into, and you’re probably not even aware of it yourself because no one tells you. This is why you should always keep talking.
There’s More! Listen to Our Full Interview with Nico! 🔗︎
If you have found those interview snippets interesting, don’t miss out on the complete version!
Listen to our full interview with Nico to learn more about:
- Why Nico thinks investigators should do more of thorough and proper analysis breakdown
- His reason for becoming an investigator
- His contribution to saving lives and keeping people safe from the war in Ukraine
- What Nico considers to be the most important principles for OSINT beginners
And much more!
Check out Nico’s work on Twitter!