By Zac Storella, CountingPips.com
An interview with a security specialist that created a tool to help with online security research, it can help with online investment research as well
Today I am very pleased to bring you my latest interview with Justin Seitz, an online investigator, author, blogger and the creator of Hunch.ly, a software tool for online investigators. Justin is the author of the programming books (Gray Hat Python and Black Hat Python), has been written up on Motherboard (Vice) and contributes to the very popular investigation website bellingcat.com as well at his own intelligence training site automatingosint.com.
I have gotten to know Justin a little bit after discovering his Hunch.ly program when I was looking for software that would help me organize and contain my investment research ideas in one place instead of many, many hard to organize places. Hunch.ly has proven to be an enormous help in this regard and I would absolutely recommend finance professionals or other researchers to take a look at this software if they are in the same boat as me and trying to find a new way to catalog their ideas (and no, I am not getting paid to say this!).
I hope you enjoy the interview below with my questions in bold. In the interview, OSINT refers to open source intelligence.
Q: Can you give us a brief history of your background and what drove you to being an investigator?
Get our Weekly Commitment of Traders Report: - See where the biggest traders (Hedge Funds and Commercial Hedgers) are positioned in the futures markets on a weekly basis.
Get Our Free Metatrader 4 Indicators - Put Our Free MetaTrader 4 Custom Indicators on your charts when you join our Weekly Newsletter
I spent about a decade in the computer security field doing offensive work. This means we were a group of people who were focused on breaking into things, and not defending them. A big part of our penetration tests were performing reconnaissance against a target which had a significant OSINT component. As part of that, I began to get more and more interested in looking at how I could apply OSINT in a more general sense and not just in the context of a penetration test.
Q: Did you have any specific success stories or investigations that gave you an “ah-ha” moment, that maybe gave you the confidence in your skills and piqued your interest to keep going further?
There actually isn’t any one particular case that sticks out. I know that in my penetration tests there have been times where you find some really amazing pieces of information that you know you are going to be able to leverage for a successful attack. I often find with investigations that you can either find smoking guns, or very little. It’s pretty rare to get lukewarm leads in between. The cases with little information found, those are the ones that keep you up at night.
Q: Can you tell us what Hunch.ly is and what spurred you on to create this tool?
Hunchly was actually a tool that I had developed only for my own purposes. I had a big interest in counterterrorism research, and part of that was just me poking around and looking at various groups, social media profiles, forums, etc. At one point there was an event that occurred and, in my travels, I remembered seeing the folks involved with that event. When I went to go back and look at their social media profiles, the profiles were gone.
At this point I realized that I hadn’t taken any screenshots or done any data capture. A huge fail. So I vowed to never make that mistake again and decided to build a tool that would automatically take full content snapshots of every page that I viewed. Eventually I started using this tool during my consulting gigs, and people would often ask why I always seemed to know when to take a screenshot or capture information. I had to confess that I had this little tool I had built and that it did it for me.
From there, Hunchly was born.
Q: Who do you feel are the ideal candidates to use Hunch.ly?
There are a number of good candidates for Hunchly users. Although it is a tool built for investigators there are all kinds of people using it. I have travel bloggers, financial analysts, due diligence researchers, forensics practitioners, law enforcement, journalists, and even system administrators who use it to assemble their research when they are solving technical problems.
Q: You have written two highly regarded books, Black Hat Python and Grey Hat Python, can you explain who the audience for those books is and what kind of skills one would expect to acquire reading those?
For both books they are written for hackers, reverse engineers, and pentesters. They do have a bit of a higher bar in terms of having some technical proficiency and some coding skills required to get through them.
Just being tenacious. Often the best investigators don’t always have the best tech or the newest tricks but they just keep chasing leads, keep reviewing evidence, and repeating this cycle until they find what they are looking for or exhaust all the possibilities.
The more tenacious you are, the better your investigations will be.
Q: With so many hacks and security issues in the news of recent years with more surely to follow, it would seem logical that the intelligence industry would be experiencing explosive growth. Do you see this as the case? What Trends do you see happening currently in security?
I think that the intelligence industry has been growing pretty steadily for the last 20 years or more and will continue to do so. There is more information, more people, and more online platforms popping up each year. I always hesitate to talk about trends or future events in security because sadly we only need to look backwards one calendar year to see the same things happening in our current times. Although IOT has been a hot topic in 2016-2017, it is really just a dead horse that was beaten a long time ago. Folks just didn’t listen.
Q: In one of your posts, you use the python library sci-kitlearn (a machine learning library) for an investigation, is machine learning becoming a big part of the security field?
I think that as the really smart people doing the ML stuff begin to make it more accessible to those of us who don’t have a math background, we are going to see more and more tools that use it. I think we also need to continually remind ourselves that humans will always be the best analysts.
Q: Can you tell us what tools or resources, in addition to hunch.ly, you use to further your research and investigations?
It really depends from investigation to investigation. A few of my regular go to sites are IntelTechniques.com for the forum, EchoSec.net for geographic profiling and hands down DomainTools.com for doing any investigations related to websites or domains. Also everyone should bookmark osintframework.com as it is full of resources.
Q: With automatingosint.com and hunch.ly being such great resources on security and investigations, are there any other online security/investgation websites out there that you would recommend for our readers?
I know I am missing a bunch of others, but Bellingcat.com is a fantastic place to see open source investigations take place by real pros.
Q: For our interested readers, what would you suggest as the best way to follow along with what you are doing?
Thank you Justin for taking the time to share your story and insight with us.
To read more from Justin and his investigations here are a few very interesting articles:
- Analyzing bin laden’s bookshelf
- Bait and Switch: The Failure of Facebook Advertising
- Automatically Finding Weapons in Social Media Images