Uncovering Information on a Dark Web Gun Seller đź”—︎
Dread can be considered the Reddit of the Dark Web and, just like Reddit, it is subdivided into different sub forums known as subdreads. The subdread named [/d/murderhomelesspeople] is the sub forum where drug dealers (or people pretending to be one) discuss their different experiences. In this case study, we will investigate the persona of Scaryred24, an individual who offered a gun for sale in a thread posted to this subdread.
Chancing Upon Scaryred24 đź”—︎
The image below shows the Dread post found on the onion site Dread. The post, made by the user okbuddydread around October 2021, notes that they want to take revenge against their drug dealer who allegedly owes them money.
Amongst the 20 comments added to this post, we found one comment by the user scaryred24, who offers to sell a gun to okbuddydread.
At this stage, it is already possible to gather significant information from these posts. To begin with, the username scaryred24 seems quite unique. And, given that scaryred24 offers to sell a “piece” (firearm) to the poster if they are in or around the Boston area, it can be assumed that they are located somewhere within that area. Lastly, scaryred24 has also provided a phone number on which they can be contacted via WhatsApp or text.
This information already provides a good start to an investigation. The different pieces can be used as starting points to see what kind of information we could gather to unmask the person hiding behind the user scaryred24.
Investigation Methods & Workflows đź”—︎
With the known username on Dread, we used ShadowDragon SocialNet and Pipl to investigate the person behind scaryred24.
First, we retrieved social media profiles sharing the same username using ShadowDragon SocialNet, which also led to a Paypal account associated with a full name. After a series of extensive analysis on the returned GitHub, Twitter, Gab, Myspace, and Reddit accounts, we were able to make hypothesis about the hobbies, location, and political interests of the person behind scaryred24. These information allowed us to discover a new username potentially controlled by scaryred24.
We then went back to the full name associated with the PayPal account. Using ShadowDragon SocialNet, we retrieved a few social media platforms as well as websites where this name was mentioned. This led us to discover arrest reports and news articles about this person’s criminal history.
Finally, we used Pipl Transforms to obtain more personal identifiers related to this name. The Transforms returned the same location where we believed scaryred24 resided in, as well as a phone number that scaryred24 shared in the original Dread post.
Download this Case Study for A Detailed Investigation Walk-Through! đź”—︎
This case study demonstrated the step by step on how we gathered and combed through social media information to discover the persona behind scaryred24.
Download it now to learn how to efficiently and effective combine information from multiple social media platforms and derive specific personal identifier data!
Download the resource
Don’t forget to follow us on Twitter and LinkedIn and sign up to our email newsletter, so you don’t miss out on updates and news!
Happy investigating!
About the Author đź”—︎
Mathieu Gaucheler Mathieu Gaucheler is a subject matter expert at Maltego. His responsibilities include research-driven content development for blog posts, webinars, and talks. He started working in cybersecurity in Barcelona, focusing on malware analysis and sandbox development. He has previously presented his research at BotConf and RSA APJ.