Today we’ve got something special – an interview with a passionate, very prolific and meticulously regular contributor to the OSINT community – Cyber Detective.
Our guest sends out daily tweets about various OSINT tools and shares useful tradecraft tips with an unmatched regularity and quality that has brought a true avalanche of followers.
Apart from reading this interview, you should also check out the detailed list of OSINT tools, segregated into detailed categories and updated regularly.
Hi Ivan, how are you doing?
Hello everybody. Doing good but to clarify one thing – I am not Ivan. My name is Irina.
I usually use the name “Ivan Ivanov” to register anonymous network accounts, just because it’s a very common Russian name (which is kind of like “John Smith” or “Amit Kumar” )
How do you introduce yourself and what you do?
I don’t associate myself with my true identity when using my Twitter account.
What I do is I make daily Twitter posts in which people who are interested in OSINT can find something new and inspiring for themselves, and sometimes even stuff that is useful in their professional activities.
My tweets might come in handy to private investigators, investigative journalists, OSINT tool developers, and people who are interested in modern technology in general and just want to know a little more about OSINT.
How did you get started in OSINT?
I think it all started around mid-2000s, when I was a young girl and still going to school. At that time I just got the Internet access and I spent hours looking through catalogues of sites (for example, the aport.ru catalogue) in search of something interesting.
And then I came across the site nomer.org (telephone database for major cities in Russia, which has not been updated since the 90s). There I found my grandmother, grandfather, brother, father…
I was delighted, I added the site to my bookmarks and slowly began to wonder if there were more such knowledge bases. Then I started downloading phone books from Russian hacker forums… And from there it just sort of went on by itself.
What kind of experience do you have in it?
I have used OSINT most of all in my journalistic work (although it could rather be called a hobby or a part-time job). I also regularly use my skills to solve various personal issues for myself and people close to me – like finding business contacts, checking the reputation of new acquaintances, checking connections between people in social networks, etc.
How do you find the content you write about?
Sometimes I have to look for a tool to solve some work tasks. I find one, and I talk about it.
Sometimes I just find something interesting while reading the news and social media feeds.
And sometimes I’m sitting there and an idea occurs to me: “I wonder if someone has already made a service that…” and I find it! This was the case, for example, with the map for tracking sharks, turtles and crocodiles.
Sometimes, when I have time, I just chaotically browse Github, the Chrome Web Store, and other sites for posting apps and add-ons, hoping to find something that comes in handy for OSINT.
And, of course, readers regularly ask me questions and from those questions I get ideas for my tweets (and sometimes entire threads).
For example, this happened today with Drishti’s toolkit.
Do you try and test every tool and method you cover?
Each of my tweets that talk about a tool (with the exception of lists) has a screenshot attached that shows how the tool is tested and what comes out of it.
To be honest, I don’t always test all of the functions of a tool. But if at least a few of them work, that’s reason enough for me to talk about it.
What was the idea behind Cyber Detective?
The leading idea behind this project is to support independent developers of tools for OSINT.
Github and other sites have a lot of working, well-made and useful tools for investigation, but their repositories are often 10 stars or even lower. Github and its counterparts lack mechanisms for promoting projects, and their creators often just don’t want to promote them on social networks. Or don’t know how.
I wish that all developed tools, even those of little or no quality, would find their user and that their developers would get proper feedback.
What do you think would help independent developers find users for their tools?
I regularly check the latest repositories on Github, and most of my time is spent rejecting poorly designed and unfinished projects (it is unclear what they do, how to install them, and how to run them).
I would advise all OSINT tool developers to do the following:
– include a good README file with pictures that shows how the tool works;
– explain in the README how to install the tool on Windows, Linux and Mac;
– clearly state in the README what the tool does and include correct tags;
– write a help function for the tool (-h)
At this stage, the project is already cooler than what 95 out of 100 people put on Github (regardless of the quality of the code). And if a tool runs without users having to search for something on Stackoverflow, the developer is a real hero and a superstar:-)
But nevertheless, don’t expect that the project on Github will be promoted automatically. You should definitely publish links to it on various social networks. As an alternative, create an account on Twitter and contact various technical bloggers, asking them to talk about your project.
It is worth noting that promoting and monetizing any application or tool is a very hard and time consuming job, even if the tool is unique and practically useful. Especially if the developer does not invest any money in it.
What is your favourite OSINT tool / technique and why?
I really like the different maps that show geolocated videos, photos, and social media posts. Right now, my favorite tool in this category is Skylens.
Sometimes a person might not have social media accounts and does not publish any information about themselves online, but at the address of their home and workplace can be found on profiles of their colleagues, friends, relatives, neighbors. You can sometimes find an avalanche of information about the subject of your research.
Currently there are many courses and platforms that offer OSINT training. Some are very expensive. What is your opinion of them?
When I look at the price of a course from SANS (more than $7,000 for 6 days) or workshops from Bellingcat (800 euros for 16 hours), I imagine how one day I will make my own course, start teaching, and then buy myself an apartment, a yacht, a jet…
But seriously – I think that to become a good investigator one should first try to do at least a few complex and serious investigations, while utilising free articles, textbooks and OSINT toolkits. There is a tremendous amount of information out there in the open and you shouldn’t rush to pay for it.
But if you need certification for a job, then the courses make sense.
To enormously increase your productivity in OSINT, you can devote 2-4 hours to each of the six topics mentioned above.
Do you think certification is necessary for someone who wants to pursue a career in OSINT?
Before you pay for certification, you can always write to the company you are going to apply for a job with and ask. In my experience very few companies require formal certifications.
Also, the OSINT services market is still only in its infancy and highly paid jobs for just “OSINT specialists” are not that many. Being competent at OSINT can help you find a good job, but only in combination with other skills (though, maybe, the situation will radically change in the near future).
The ability to apply practical OSINT skills can be very helpful in the following professions: journalists, scientists, police officers, human resources managers, pentesters, cyber-security specialists, private detectives, etc.
And how is the job market for OSINT specialists looking in Russia?
I will answer this question with one picture – a screenshot of one of the largest job sites in Russia:
For comparison, there are 6693 jobs require Python skills.
Jobs for OSINT specialists are few and far between. And besides, the ones that I have seen (most often in Telegram channels devoted to the subject) are not very well paid (500-1000 dollars monthly). None of the suggestions seemed interesting to me.
But once again, it is worth studying OSINT not to get a job, but to achieve better results in your main professional speciality.
Speaking of money. Are you planning to monetize your Twitter account somehow?
I’m more of a dreamer than a planner.
Today I still have too small of an audience to think about it. Sometimes I imagine if it could happen when I have tens of thousands of followers – and the prospects are not so rosy.
For example, I will not be able to bring readers from Twitter to my account on Medium and receive money for the views, as Russia is not among the countries where the affiliate program works.
There is a similar situation with sponsorship on Github. This function is not available for Russia because there is no support for the Stripe payment system.
In addition, it is not possible to cash checks and open Payoneer bank cards in Russia (since last year, only transfer funds from there to Russian bank accounts).
There are similar problems with different other platforms when it comes to earning and withdrawing money from them.
Have you thought about seeking donations from readers?
I think it’s a pretty pointless exercise. Even @sector035 with his 18,000 followers has only 9 supporters on BuyMeaCoffee.
And WHIInspector has only two of them.
So, I think the only hope is to sell some products or services.
You mentioned on your profile that your previous Twitter account got closed. What happened and why?
One day, on August 11, 2021, I was on Twitter liking the tweets in my feed. Then suddenly there was a notification that this action was forbidden for me. As it turned out, my account had been suddenly blocked.
I wrote to tech support, but they never told me the reason for the blocking. Moreover, they wrote to me that I was not allowed to create new accounts and they could also be blocked.
But I still decided to create a new account and try to build my audience again. On August 11, I had 1,912 followers on my old account. Today the new account has over 3,500. But I think that I should be ready to start from scratch again anytime.
I can only guess what the reasons for account suspension were. I really wish it was just because I was too active in getting likes… But my account wasn’t the only OSINT account that has been blocked. For example, a similar story happened with Ben H (new account @Techjournalisto), who lost over 3,000 followers.
Do you have any tips for Russian related OSINT?
Of course, there are a lot of them. I rarely write about them, though, because I don’t have many Russian-speaking followers.
The main trick in the “Russian OSINT” is the use of numerous telegram bots, which search for information about an address, phone number (also searchable with Nomer), car, person using databases illegally leaked to the network by government officials, law enforcement officers, traffic police (automobile inspection) officers, sales people in mobile phone stores, etc.
In Russia, the penalty for the disclosure of personal data is very mild (fines of $300-500 for individuals) and, therefore, the sale of various official databases is a very popular way to make money.
It is also worth looking at Russian Telegram channels where the leaked databases are posted. I, for example, like this one (https://t.me/leaks_db). There you can find interesting databases on individual cities and companies.
When you choose a list of databases to check the information on a particular person from Russia, it is worth remembering that tens of millions of residents of our country had experience of living in other countries of the now defunct Soviet Union.
When you are looking for information about a person from Russia, you should also use Belarusian, Ukrainian and Kazakh OSINT resources.
Well, and, of course, in order to search for information about Russians, you need to deeply explore the OSINT possibilities on portals VK.com, Odnoklassniki, Mail.ru, Yandex.ru (for the latter, for example, there is a tool YaSeeker, which by ID gives a complete list of links to accounts on different Yandex services).
If you are interested in the Telegram bots mentioned above, you can find some of them here: https://t.me/howtofindbot.
You mention Telegram a lot. Do you think it is really an anonymous messenger?
If you look at it from the point of view of protecting correspondence from being hacked by random people, then yes, probably so.
But if you want to use Telegram for some crimes, you should not rely on it.
State security agencies regularly identify and arrest people engaging in illegal Telegram activity. Not just in Russia, all over the world.
There are many talented and qualified people from Russia in this space. Yet it feels sometimes that a lot of them get tarred with the same brush because of the actions of Russian APT groups, hackers and the government. How do you deal with that?
I do not feel any impact of the bad reputation of Russian hackers on my life. Moreover, until now I did not think that Russian hackers had any particularly bad reputation.
Yes, that is because Russian hackers generally do not attack targets in Russia. But for example the ransomware attacks in US and Europe? Did anybody ever say anything to you like “you are Russian, so you are probably a hacker” or “all Russians who know IT are cyber criminals”?
No. No one had ever said that to me and I hadn’t even thought about this being a problem prior to you asking about it.
Is it hard to maintain digital privacy in Russia?
This is possible for a child who has been hidden in the basement by his parents since birth and who does not have a passport, an individual taxpayer’s cell phone number, etc.
If you’re a regular person who obeys the rules of the system they are part of, it means the following:
– your passport information, criminal records, phone calls records and cell phone numbers are tied to social networks, train rides, air travel, personal property, etc. These records can be available to anyone willing to pay $50-100 (and sometimes $10 can be enough).
– all your activities on the Internet and telephone conversations are under strict control of the system SORM (‘System for Operative Investigative Activities’) and completely transparently visible to the intelligence officers, should they wish to look into them.
The only way to get around these restrictions and keep some of your privacy is to break the law. This means the use of illegally bought SIM cards and phones, using compromised Wi-Fi hotspots instead of your own, etc.).
What advice do you have for people who conduct OSINT on Russian targets but don’t speak the language?
Install Telegram and launch @HowToFindBot (https://t.me/howtofindbot). There you can find many services to find information about Russians with English-language descriptions.