RECON VILLAGE - Applied OSINT For Politics: Turning Open Data Into News
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 322 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39947 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
DEF CON 2637 / 322
18
27
28
40
130
134
164
173
177
178
184
190
192
202
203
218
219
224
231
233
234
235
237
249
252
255
268
274
287
289
290
295
297
298
299
302
306
309
312
315
316
00:00
Offene MengeTypentheorieOpen SourceDifferenteDatenmissbrauchVerschlingungProzess <Informatik>InformationTwitter <Softwareplattform>FontGewicht <Ausgleichsrechnung>BitComputeranimation
01:22
EindeutigkeitÜberlagerung <Mathematik>BeobachtungsstudieProzess <Informatik>EntscheidungstheorieRechter WinkelInformationBeobachtungsstudieTypentheorieProzess <Informatik>Open SourcePunktExogene VariableDatensatzAbstimmung <Frequenz>CASE <Informatik>Offene MengeComputeranimation
02:49
Prozess <Informatik>Abstimmung <Frequenz>Kontextbezogenes SystemProzess <Informatik>DatensatzMultiplikationsoperatorProgrammfehlerInterpretiererBitSchlussregelInformationVerkehrsinformationPunktÄhnlichkeitsgeometrie
04:52
Abstimmung <Frequenz>Office-PaketKategorie <Mathematik>Open SourceExistenzsatzVerkehrsinformationWeb-SeiteTemplateDatensatzDienst <Informatik>InformationAggregatzustandOffice-PaketAbstimmung <Frequenz>CASE <Informatik>FreewareGrenzschichtablösungGesetz <Physik>AusnahmebehandlungLesezeichen <Internet>Kategorie <Mathematik>BeobachtungsstudieComputeranimation
07:26
AdressraumStabVorwärtsfehlerkorrekturOffice-PaketMinkowski-MetrikSoftwareInnerer PunktAggregatzustandInformationMinkowski-MetrikTelekommunikationSpieltheorieStabProzess <Informatik>DatensatzOffice-PaketOrdnung <Mathematik>SoftwareMailing-ListeQuick-SortAdressraumEDV-BeratungVerkehrsinformationMereologieQuaderSchreiben <Datenverarbeitung>Computeranimation
10:02
Open SourceTransaktionKategorie <Mathematik>AggregatzustandMAPAusnahmebehandlungGesetz <Physik>InformationBitRegistrierung <Bildverarbeitung>MinimumKategorie <Mathematik>DatensatzComputeranimation
11:24
StabOffice-PaketStabDatensatzBildschirmmaskeWasserdampftafelOffice-PaketProzess <Informatik>Quick-SortAbstimmung <Frequenz>Computeranimation
12:29
Abstimmung <Frequenz>AdressraumDatentypAbstimmung <Frequenz>Registrierung <Bildverarbeitung>DatensatzInformationWhiteboardArithmetisches MittelFreewareMailing-ListeBitStichprobenumfangCASE <Informatik>Treiber <Programm>Exogene VariableAggregatzustandAdressraumBildschirmmaskeQuick-Sort
14:32
Kondition <Mathematik>DatensatzTypentheorieFlächeninhaltInformationDifferenteGesetz <Physik>StichprobenumfangElektronische PublikationVerkehrsinformationTwitter <Softwareplattform>ResultanteComputeranimation
16:55
Ordnung <Mathematik>Ordnung <Mathematik>Open SourceOffice-PaketMAPComputeranimation
18:17
StellenringDifferenteWeb logSoftwareschwachstelleVerkehrsinformationInformationSelbst organisierendes SystemOrdnung <Mathematik>MAPBitExpertensystemTypentheorieWhiteboardTermQuaderMultiplikationsoperatorHypermediaDokumentenserverGruppenoperationKonfiguration <Informatik>Office-Paket
22:41
Gesetz <Physik>TermVerkehrsinformationBitQuick-SortExpertensystemMultiplikationsoperatorHill-DifferentialgleichungLie-GruppeDatensatzSoftwareMultiplikationVisualisierungTwitter <Softwareplattform>InformationFokalpunktDifferenteTouchscreenFrequenzEDV-BeratungNichtlinearer OperatorAbstimmung <Frequenz>NormalvektorSystemaufrufNatürliche SpracheWort <Informatik>MAPRoutingOpen SourceSchreiben <Datenverarbeitung>HypermediaProzess <Informatik>GeradeLochkarteComputeranimation
30:18
InformationCASE <Informatik>Reelle ZahlWeb-SeiteBoolesche AlgebraTransaktionVollständiger VerbandDatensatzVerkehrsinformationMereologieBeobachtungsstudieOffice-PaketPunktDreizehnComputeranimation
31:52
Lie-GruppeDatensatzDifferenteGarbentheorieSpannweite <Stochastik>Rechter Winkel
32:40
TypentheorieInformationOrdnung <Mathematik>Umsetzung <Informatik>
33:27
Familie <Mathematik>Rechter WinkelVererbungshierarchieKategorie <Mathematik>Computeranimation
34:09
RechenwerkOvalFamilie <Mathematik>ICC-GruppeDreiecksfreier GraphBeobachtungsstudieMinimumTypentheorieVerkehrsinformationErwartungswertTotal <Mathematik>VererbungshierarchieOrdnung <Mathematik>Gewicht <Ausgleichsrechnung>DatensatzPunktInformationCASE <Informatik>
35:50
CASE <Informatik>Lesezeichen <Internet>Computeranimation
36:34
DatensatzRegistrierung <Bildverarbeitung>Kategorie <Mathematik>AdressraumInformationKondition <Mathematik>Abstimmung <Frequenz>Kontextbezogenes SystemDichte <Stochastik>Mailing-Liste
37:42
Kategorie <Mathematik>StellenringHill-DifferentialgleichungLesezeichen <Internet>Office-PaketOpen SourceBildschirmmaskeVerkehrsinformationDispersion <Welle>Computeranimation
38:43
Elektronische PublikationOffice-PaketHill-DifferentialgleichungSpieltheorieAbstimmung <Frequenz>MultiplikationsoperatorHecke-OperatorZählenVerkehrsinformationBildschirmmaskeElektronische PublikationKlasse <Mathematik>Computeranimation
40:31
Registrierung <Bildverarbeitung>Abstimmung <Frequenz>Reelle ZahlTypentheorieBildschirmmaskeKategorie <Mathematik>AdressraumBildschirmmaskeOrdnungsreduktionDatensatzCASE <Informatik>Elektronische PublikationAbstimmung <Frequenz>Office-PaketKategorie <Mathematik>MAPTypentheorieRegistrierung <Bildverarbeitung>MultiplikationsoperatorReelle ZahlWeb-SeiteVorzeichen <Mathematik>Einfache Genauigkeit
42:49
Web-SeiteCodierung <Programmierung>Direkte numerische SimulationSummierbarkeitEbeneWeb-SeiteProfil <Aerodynamik>PackprogrammMultiplikationsoperatorBitFrequenzNummernsystemOffice-PaketAutomatische HandlungsplanungWeb SiteGruppenoperationProzess <Informatik>AggregatzustandQuick-SortDifferenzkernBefehl <Informatik>GoogolBenutzerbeteiligungDomain <Netzwerk>DifferenteSichtenkonzeptDirekte numerische SimulationStatistische HypotheseComputeranimation
46:09
Formation <Mathematik>Computeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
The next session is a comprehensive talk by Lloyd Miller. He's going to be doing applied OZM for politics, specifically looking at the outline for the principles for investigating high net worth individuals and everything else. So hand over to Lloyd. Thank you.
00:20
Well, thank you so much. And so just a real quick about myself, I've been running political investigations for the last 10 years. I actually only found out that OSINT existed a couple of years ago. And there's a really great community of people who put out a lot of open source tools and are very helpful in working out the process
00:42
for different types of investigations. This slide, along with all of the resources and links to the many, many resources that I'm gonna talk about today are all on my GitHub. And if you have any questions, you can talk to me after the talk, find me around, or just ask me on Twitter. There's also an OSINT rocket chat,
01:00
OSINT.team, I believe it is. And you can find me on there. I'm not hard to find, that's my name. So before we get into the meat, I just wanna talk a little bit because there are gonna be a lot of, the documents that I'm gonna talk about are publicly available and are gonna have a lot of information that people might think is a violation of privacy.
01:23
So the first thing I wanna emphasize is transparency with what these documents is the point. These documents are public because the public should and has a right to view them. So when we're talking about the finances of an elected official, the public needs to be able to see that so that they trust that their elected officials
01:41
are making decisions in the best interest of their constituents and not what will make them wealthy. These records exist for you guys to examine them. I want you to go out and read these. I want you to go out and find them. They exist so that you can go and pull them. And then the last thing, and this is very important, is use this information responsibly.
02:01
I don't want anybody to do anything malicious that someone at some point in the future is gonna come and use as justification to restrict these documents. So what we're gonna talk about today, the first is the process generally for looking into elected officials' public records,
02:21
how you go from finding something to putting it out there into the news, a couple of the unique sources that I use and that you guys will be able to use after this to find this type of information, what to do if you find something. Obviously, we're talking about open data into news. So you found something, what do you do with it?
02:42
And then we're gonna go over a few case studies of where this process worked and then what happened. So this is the general process that I like to use. The first is a goal. The first thing, whenever you're looking into elected officials, there is a tremendous amount of information that you can look into.
03:02
So I think it's very important for you to triage what you're looking at. Pick an individual and elected official. Maybe it's somebody who is in the news. Maybe it's somebody, maybe it's your member of Congress or senator or your mayor or a member of the city council, somebody that you feel should have their records examined.
03:22
Then you do your research. You're gonna look into their financial disclosures, their campaign committees. You might look into their private businesses, their voting records, both their legislative voting records and their personal voting records as a member of the public. Then very important is to verify this information.
03:43
Not just relying on what the public record says, but looking for other information out there that will help prove the point that you're trying to make and also to verify your own interpretations. A lot of these are complicated documents with very, very arcane rules. You wanna make sure that you understand the legal requirements for filling out these documents.
04:04
When something isn't in there, does it need to be in there or were they allowed to leave it out? And then packaging it. This means going beyond just the information that you found and looking at the context. What else was going on at the time? Also finding past examples of where
04:23
something similar occurred. How did the process play out? This will help you prepare and get a better understanding of how to release this information, whether or not you're giving it to a journalist, an interested party, or if you choose to do so, and I generally recommend against it, which is self-publishing research.
04:40
And then finally, if you do choose to self-publish, you're gonna have to be prepared to defend not just your research, but yourself. I'll get into a little bit more about why I recommend not self-publishing and defending it is most of it. So the OSINT tools that we're gonna talk about. First, campaign finance records. So this is going to be every dollar that goes in and out of any political committee
05:02
is going to be publicly recorded. The Federal Election Commission actually just recently put out an API to pull all of this information. I find it very useful. I put together a little webpage that you can find on my GitHub that allows you to just quickly search all of this data. Personal financial disclosures.
05:22
Every elected official is gonna have to disclose their finances. Great tool for being able to look into how an individual goes through and reports and lives out their likely very wealthy existence. Legislative office disbursements. This one is something that I never really find
05:42
a lot of information on, but when you do find something of value, it's usually something very big. One of the case studies, everything that brought down a politician was found in a publicly recorded office disbursements. Voter records. Every person who is registered to vote, all their information is a public record.
06:01
A lot of it is online. Sometimes you might have to go and ask for these records, but they're mostly free. Business and property records. I'm not gonna get into the details of these, but these play a big role in verifying the information and continuing research that you find from personal financial disclosures, campaign finance records, and voting records.
06:22
And then at the end of the day, even though not all of these records are gonna be available online, you can always ask for them. If it is a document produced by the government, it is considered a public record unless it is explicitly exempted. Even then, you can seek to have the record released with redactions.
06:40
So never be afraid to make a public records request. There's also, if you are a little nervous about making a public records request or not sure how to go about it, there are some great resources out there. Two of my personal favorites. One is MuckRock. MuckRock is a tool, a service that helps people make public records requests because sometimes you have to pay money.
07:01
They also will help you raise money to pay for these records requests. A second tool is the National Freedom of Information Coalition. They have templates for public records requests for all 50 states and the federal government. Each state has their own public records laws and the federal government operates on a separate public records law
07:22
that includes everybody except for the White House. So campaign finance reports. Any candidate running for public office is gonna have a campaign committee. Campaign committee has to report every dollar coming in and out. You can go to the Federal Election Commission or it's usually the state elections office
07:40
to get these records. Almost every state has them online. Some of them even have really great search tools. Federal Election Commission, as I said before, has an API so that you can pull this information very quickly. For an individual donating to a campaign, you're gonna get a lot of great OSIN information
08:01
just by looking at their donors. Every donor has their home address listed. Some of them will use a P.O. box but for most individuals, they will actually have their home address. They'll also have their employer and their occupation which isn't that interesting. But if you're, say you're looking for
08:20
the CEO of a company, CEOs often give political contributions. You can search by an employer and then find all of their job titles and employees who have given political contributions. Obviously along with obvious information like their partisanship. Are they giving to Hillary Clinton or Bernie Sanders?
08:43
Are they giving to Donald Trump or Ted Cruz? On the other side of the coin, you have the disbursements. Where are they spending their money? So this might be, are they spending their money on literally buying a car? Are they spending their money on excessive,
09:00
what am I thinking of? Excessive luxury items. There's one example where a candidate literally bought himself tickets to a football game using his campaign money. That's illegal. And you can find all of this information all publicly recorded. Then you can also look at their campaign staff. Every member, every individual who works at on a political campaign is gonna be paid.
09:22
This is an example of Hope Hicks who was President Trump's communications director. Her name, I redacted out her home address but all the personal addresses for all of the campaign staff is all gonna be on their record. Some campaigns do some effort
09:42
in order to minimize that sort of personal disclosure. But for the most part, that information is gonna be out there. And then obviously how much the individual is getting paid. You also get a list of vendors for a political campaign. All of their consultants. What software they're using. Where they're renting office space and who are they renting office space from.
10:02
Next financial disclosures. I love personal financial disclosures. You get a tremendous amount of information. Every single politician at every level in every state and even some government bureaucrats are required by law to fill out financial disclosures that have, what assets do they own?
10:24
What properties, what businesses, where is their income coming from? Unfortunately the only exceptions are gonna be Idaho and Michigan. Only two states that don't have a financial disclosure law. I don't know why. Vermont just passed one. So their financial disclosures aren't online but you can go and ask,
10:42
the Secretary of State I believe is gonna be able to provide those documents. These are all documents where all you have to do is ask and they will give them to you. This is an example of a member of Congress. Their assets. As you can see you get an IRA, bank accounts, LLCs.
11:01
The second one from the bottom is gonna be one that I'm gonna reference in a little bit because using that, tying that to business registration records, property records, and then campaign finance records, putting that all together showed some level of kind of brazen corruption.
11:24
Let's talk a little bit about legislative office disbursements. So this is gonna be how, where is an elected official's office spending money? Any government dollar is gonna come in, goes out, there's gonna be a receipt. There needs to be a record of that.
11:40
US House of Representatives and the US Senate both publish every, I believe it's three months in the House and six months in the Senate, every dollar that got spent. So every member of their staff, how much they got paid, what their job titles are, where they are traveling. Any political or any elected official, when they travel overseas,
12:02
if that travel is being paid for, if it's a hotel, if it's any sort of fact-finding mission they have to file forms so you can see where are they traveling, who's paying for that travel. And then vendors and equipment. This is everything from literally who is supplying the water to their house office,
12:22
that vendor, who their printer is. All of that is going to be listed out with how much they paid them and when they paid them. Voter registration records, I love voter records. Voter records can show you a tremendous amount. I know we've heard a lot recently about voter fraud. I will talk a little bit about what legitimate cases
12:41
of voter fraud do exist and how you can suss them out. Not wide-scale voter fraud, but voter fraud committed by an individual. As you can see, this is a sample voter registration form. This is a public record. Has driver's license information on it, date of birth, home address. All of that is going to be a public record.
13:00
Depending on the state and jurisdiction, they might redact some of that information, but anyone who's ever made a public records request knows that redactions can be unredacted or government bureaucrats or people too, they're going to make mistakes. Again, this goes back to using this information responsibly. You don't want to use any of this information for any sort of nefarious means.
13:21
We're talking about using this to find corruption and misdeeds that can be exposed for the public good here. With that, you also get date of birth, social address, partisanship. Most states require somebody to register with a certain political party. Other states allow you to be unaffiliated
13:40
and then just choose a party ballot at the election, which, again, voting history. This is a very interesting record. It's not usually something that's listed online, but again, you can just write a county board of elections official or county clerk. They'll give you this information for free in most cases. You can get literally a list of every single election
14:02
that they voted in and how they voted. Now, when I say how they voted, I don't mean, did they vote for President Trump or did they vote for Hillary Clinton? I mean, did they vote absentee? Did they vote in early voting? Did they vote in person? Did they not vote at all? One of the most simple tax that you can ever make
14:21
against a politician is going to be, this person wants your vote, but never bothered to vote themselves. So, after you go through all this information, you think you found something. It's in the public interest. You think it might be an example of corruption. Somebody bought a house at a discount
14:41
from a campaign donor. Somebody who was misusing government funds. Somebody loaned themselves money that they did not have. What do you do with it? Most important thing is about flushing out the story. I cannot tell you how many investigations that I have personally led in which for weeks, we thought we found the silver bullet.
15:02
There is no silver bullet. It's almost never what you think it is. You wanna go through and find out all the information that you wish you could find that you don't have. You wanna try and figure out what are all the possible explanations? What are all of the reasons why what I'm looking at
15:21
isn't what I think it is? Then you wanna see, okay, maybe this is. Maybe you think you've got exactly what it is. It's an example of a government, official misusing government funds, corruption. You think this is a story. Well, has it happened before? Can you find previous examples of this happening? How was it used? Was it given to a reporter?
15:41
Was it, did somebody file a complaint with a certain government body? What was the result? So that way, you can go back through those stories and then figure out what's missing from what information that you found. Then you wanna think, okay, who is my audience? This goes back to your goal at the very beginning.
16:00
You found something. What do you want to do with it? Who is it that you want to tell? You might want to tell them directly. You might want to find an intermediary to help tell the story for you. And then last, this is always very, very great. Because all of these records and these types of investigations
16:20
touch in many different types of areas of expertise, law, public records, legislation, always helpful to go and find somebody who knows more about the subject than you, who might be able to give you some insight on that. If you guys ever are in these types of investigations and you're not sure what you found and you want somebody else to take a look at it,
16:41
like I said, that gave you my contact information, I'm always happy to be honest with you about where you can look for for other information. And like I said before, my Twitter, Lloyd A. Miller, easy to find. So this is actually a handy chart that I love to use when thinking about what is the impact of what I am going to find.
17:01
It's a little counterintuitive and a little depressing when you think about it, how far down illegal activity is. But the truth is that if somebody does something unethical, not a lot of people are gonna care about it. If somebody does something reprehensible, this is going to be covering up sexual assaults,
17:21
paying out, there's an example of this, a member of Congress was using his office disbursement fund to pay out sexual harassment claims against them. Hypocritical, nobody likes a politician who says one thing and does another, even though we think they all do. Immoral activity, not a lot of immoral activity
17:42
are you gonna find through open source investigations, but they might be the reason why you started an investigation into somebody. Then like I said, illegal activity and then unethical activity. What I mean with this order of attention is the higher up this is, the more likely that people are gonna be interested in it, the more likely that journalists
18:01
are gonna wanna run with the story, but also the more likely the level of scrutiny that will be on both the story and the person writing it. Again, another reason why I generally don't like to self-publish. Oh no, that disappeared. All right, so I don't know how this happened,
18:21
the PowerPoint that I'm gonna upload online will have this filled out, I just converted this to Apple keynote for the first time, I've never used keynote before, so I apologize for this. What this is supposed to say is, first one is gonna be your journalist, these are going to be, people will help you verify the information that you found, they're a great resource,
18:41
and then four different types of journalists, local journalists, these are people who are gonna know local politicians very well, they might not have the most nuanced understanding of federal legislation or politics, so they're very good if you're dealing with mayors,
19:00
school board members, local journalists are gonna be your friend, they're also very likely to publish the information just because of the lack of news out there. National reporters, these people are going to be experts in not just the subject that you're talking about, but the individuals as well, they're gonna be a great repository for being able to talk to you about,
19:21
did you find something, what is it, how do you go about getting it out there. Then investigative journalists, while I love investigative journalists, the problem with them is that a lot of times it still requires a national journalist to pick up the story after an investigative journalist publishes it before it starts really breaking
19:41
into the zeitgeist. And then partisan journalists, partisan journalists are gonna be people with agendas for or against the subject of the elected officials that you're looking into, if they have an agenda against that official, say you're looking into a Republican, giving it to a liberal blog is gonna be a great way
20:01
to get it out there. The downside there being is again the level of legitimacy in order for it to get out there, to reach a broader audience, you're still gonna want it to reach a local or national traditional mainstream media reporter. The second one is gonna be your interested parties. This is gonna be the subject.
20:23
Maybe you found something, you really like the subject, maybe you're doing a vulnerability on the individual, you like them, you support them, you found something that's questionable, you wanna let them know, say hey, I found this, I just wanna put this on your radar, this might be something you guys have to deal with, or maybe it's totally innocuous, it just helps those campaigns prepare
20:41
for the possibility of that information coming out there by somebody who either misinterpreted it or doesn't care about the actual explanation. Then you have their opponents. This is a great way of getting information into the hands of people who will use it. The other side of the coin is they might not. When, obviously if I'm running for office,
21:02
and I say something about my political opponent, people aren't necessarily going to give that a lot of credence. However, thanks to the First Amendment, politicians, when they're running for office, are given a very, very wide latitude in terms of what they can say. It's why people say, oh, politicians lie all the time, it's because they're allowed to be able
21:21
to make a little bit more of an exaggeration or leave out the nuance of certain stories. And then outside parties, maybe you wanna leak it to somebody who is going to be a super PAC, a 527 organization, a 501c4, your nonprofit, political organizations that are gonna get it out there.
21:41
But again, with all of these, once you get it out there, that's not just enough. You wanna be able to reach the audience that you are targeting, which might mean releasing it to multiple groups. Maybe you give it to a reporter and you give it to the opponent, see who releases it first. Because once you give it to these people, you're giving it away.
22:00
You no longer have ownership of when it released, unless the bottom box there is self-publishing. This is always an option. You found something, nobody is biting on the story, you really think it's important and you wanna get it out there, tweet about it, write a medium post. If you've got a blog or a built-in audience, give it out to them.
22:21
That's great in the sense that it doesn't preclude you from giving it to other people. It's very likely that the subject and the opponent and their political opponents are going to pick up on that and they might run with it. They might look into it and say, hey, there's actually something here. We're gonna run with the story now. So you found something, you wanna give it to a journalist.
22:42
Pitching a story to a journalist. First, know the reporter. Do your research on who is writing these stories, who is writing stories about the subject, who is writing stories on the topic. Don't just reach out to a political reporter because you've heard their name in the news. They're most likely not the person
23:01
that's going to write that story. So doing your research and making sure that if you're writing, if you found something on somebody's campaign finance, Money in Politics reporters exist at every major newspaper. If you found something on a financial disclosure, they're gonna be, say if it's a member of Congress, they're gonna be Capitol Hill reporters, there's gonna be reporters
23:21
who are gonna be covering the election. There's gonna be individuals who have written a lot of stories about the subject. And also don't get caught in releasing it to just one newspaper. You might wanna think about just because you like the New York Times, you wanna give it to them. Smaller newspapers are also gonna be more likely to publish the story at a faster rate
23:41
and take more of a risk in terms of sticking their neck out there. When reaching out to a reporter, start small. And please don't send them a five paragraph screen to read on what you found. With 30 attachments, you will sound like a crazy person and they will not listen to you. When I send something to a reporter,
24:01
five to 10 word subject line, tip, something about what it is, one sentence introducing myself, two sentence summary and that's it. Reporters just like everybody else, they're busy people. They're working on 30, 40 stories at a time. They're juggling a bunch of different information. You don't know them, they don't know you.
24:23
So to get them to listen, you want it to be very, very low cost for them in terms of time to be able to get that sort of information. Also be prepared. When a reporter comes back to you and says, that's interesting, what did you find? Can you send me what you found?
24:40
Don't make them wait a week to put together your package to verify all the information that you found. Do that before you reach out to a reporter. This will also help give you more credibility with the reporter if you are doing these investigations over time and you're gonna have multiple different pieces of information that you're gonna be giving them. Again, don't over promise to a reporter.
25:02
Don't tell them something that you didn't find. Don't draw the conclusion for them. Focus on I found something interesting, this looks funny. I always like to end with a question. I'm not sure what this is if you might wanna look into it more. I think there might be something there.
25:20
Be very open ended to have them start the investigation. Make them more interested. Kind of leave a cliffhanger. If there's something here, I don't know what it is. You might wanna look into it. And then finally, I personally established my reputation with certain reporters over a long period of time working with them. Most of you probably don't know these reporters
25:42
and again, like I said, they don't know you. So be honest about who you are. If you're working on behalf of a political campaign or a political group, be honest about that. Don't lie because if you lie to a reporter, that is a very, very quick way to get them to ignore you completely. Also, I didn't leave this up there or put this up there
26:02
but with contacting reporters, email, Twitter, DMs, best ways to go. Don't call them. Reporters generally reserve phone calls for people who don't want things written down. So when you're reaching out to them, they're not gonna take your phone call. Most people don't listen to voicemails anymore
26:21
or leave voicemails like, again, a crazy person. So you wanna make sure that you sound like a sane, normal person who's honest about who they are and what they found and you're just trying to get a reporter interested in the possibility of a story being there. Now, if you choose not to go down this route
26:40
and you wanna self-publish it, I hope it's not for your own personal interest and self-promotion. Please don't do that. It will always backfire on you eventually but you wanna get it out there. Nobody is writing this. So if you are gonna self-publish, first keep it simple. Just like with pitching a reporter, write the elevator pitch, your two sentence,
27:01
one minute of talking summary of what's going on, simple language so that people don't get too caught up in the details. Verify all of this. Verify everything that you found because you are staking your reputation on this. Many times I've seen it happen.
27:21
People will put something out there because they think they found something great. Dig in a little bit deeper and it turns out they were misinterpreting a document. They thought something was illegal. They said it was illegal. It turns out there's a specific exemption in the law that was passed maybe 30 years after the original law was passed. They didn't look into enough because they didn't ask an expert.
27:43
Visualizations are great. People love to be able to look at, if you're trying to map out a network, these tools like Multigo are gonna be great for being, to help you visualize and then just take a screenshot, put that at the top and then have an explanation of how that network comes together and sells your story.
28:01
Be very, very cautious with trying to be funny. People tell jokes on Twitter all the time and then lose their jobs over it. Don't let an inappropriate joke distract from the story that you are trying to tell. Remember, if you guys have a built-in audience, your existing audience isn't necessarily
28:21
going to be your target audience. You might have an existing audience of people who are, say, interested in open source intelligence but they're not political. They might be overseas and not the constituency that you are trying to reach. And then at the end, promote and pitch your story.
28:40
Once you self-publish, you are allowed to be able to just send that self-publish, that Twitter rant, media post, send that off to a reporter. Give them the link, give them the two-sentence pitch and say, I wrote this up, if you've got any questions, need original documentation, ask me about it. Two more tips on this.
29:01
The first one, documentation. This is where tools like Punchly are gonna be really, really handy. Some of these records are gonna get amended. They're gonna get taken offline. You wanna make sure that these records that you're citing, the information that you found is going to be with you when you publish
29:22
because when you self-publish, you become the story. It is you saying, I found this thing. When you're dealing with political operations and elected officials, there are literal microeconomies around these officials. There are individuals who have worked with them for 10, 20 years whose entire careers are tied up
29:42
in the success of this elected official. There are consultants who built their entire firm around consulting for these elected officials. When you go after one of them by saying that they are committing some sort of level of public corruption, they're going to come after you. They're going to do the same things
30:00
that you guys would do and look into. They're going to look into you. Who is this person? What are their motivations? How do I discredit them? So you want to make sure that if you do choose to self-publish, you are geared up for that because that is absolutely going to happen. So let's talk about how this happens in the real world.
30:22
So first case study. In 2009, a congressman filed a financial disclosure report. On this financial disclosure report, he had six pages of transactions for stock sales. He sold on one day 1.3,
30:43
or as much as $1.3 million in stock. Weird thing about that though was that he sold all of that stock on September 13th, or sorry, September 17th, 2008. On September 16th, 2008, day before,
31:02
Treasury Secretary and the Federal Reserve Chairman hold a meeting with the leadership of Congress in Senator Harry Reid's office to let them know that AIG, the largest insurer in the world, is going to need a bailout and is ready to collapse. Two weeks after September 16th, the stock market dived 777 points in a day
31:22
and the Great Recession begins. So between when Congress was notified in private before the public was notified, before the stock market crashed, this member of Congress got out, liquidated a huge chunk of his assets. Now the question is,
31:41
did this congressman know in advance? Was he part of the meeting? There's no actual record or list of who was in the meeting nor who those people told. So this is an example of the financial disclosure section of him selling all of those assets. You can see the second column from the right,
32:02
that's the date of sales, and then the column all the way to the right is a range of the value of the sale. They don't have to be specific, they get to be very generous about ranges, which is why this sale of stocks, somewhere between 90,000 and 1.3 million.
32:22
But you can say, be honest, as much as 1.3 million. Don't say he sold 1.3 million because that's not what the records show. Also, if you look, you can see the actual names of all of the different stocks and holdings that he had. So what happened when somebody found this?
32:40
They wrote a book about it. Very popular book, published in 2011 on all of the different ways that members of Congress used private information that they were told confidentially, as a member of Congress, to sell or buy stocks because of the public impact
33:01
of those conversations. So this book was published in 2011. In 2012, Congress passes the Stock Act that makes this type of insider trading illegal. Kind of surprising it wasn't illegal already, it was just unethical, which again, moves it up that order of attention
33:22
from unethical behavior into illegal behavior. Money laundering. So we have a candidate running for Congress. This candidate loans his campaign $355,000. This candidate didn't have $355,000 to his name.
33:45
We know that because we looked at his financial disclosures. So who did? How did he get this money? First place you look, if you're like, where did this money come from? Look at the parents. This candidate's parents, right before he announced
34:01
he was running for Congress, sold a property for $800,000. Just out of the blue. So how did you find it? How did we find this information? First, looking at his campaign finance reports. You can see there, I highlighted at the bottom, total amount of loans received, $355,000.
34:23
Then you'd look at his financial disclosure reports and say, well, did he have this money? You have to disclose your checking accounts, your savings accounts. You can figure out a candidate's net worth very easily and say, either they didn't have this type of money available, or they would have
34:43
to liquidate huge percentages of their net worth in order to create that type of income, at which point you can say, well, where are the sale records, as I showed you guys with the previous case study? So this was information that was given to the candidate's political opponents.
35:01
They used it against him, they raised questions, they filed complaints with the FEC. This was in 2010. I know this is going to come as a shock, but this candidate won. Then the next cycle, he lost. So two years later, he runs again and wins.
35:20
Then, in 2015, the Federal Election Commission finally gets the candidate to admit he didn't have this money. It was given to him by his parents. So what is the legal fallout of this? The campaign had to give the money back. That's it. Important to understand that you should always temper your expectations for what the outcome is going
35:43
to be. It's almost never going to be as great as you think it is. One of my personal favorites, how to save $300,000 on a home. I think we all would like to do that. Unfortunately, we are all not US senators, I hope.
36:02
So in this case, there is a home builder. He has a friend who also happens to be a US senator. This home builder has given a lot of money to this campaign for this US senator and even offered to host a fundraiser for him. Two months later, the candidate buys a house.
36:23
Buys the house for $700,000. The house market value, $1 million. So how did we find this information? First, you would start with the voter registration records.
36:40
Voter registration records, like I said before, give you the candidate's home address. Look at the property records. That is publicly available right online. You can look it up right now. You can see the seller and buyer's name and the amount and the date. So who was the seller?
37:03
They were a political donor. Then you start looking at giving context. Well, finding a PDF of a fundraiser that they were hosting from two months before the sale date. And then that bottom list with all of the assessments, that's just from Zillow.
37:21
And you can see that between 2011 and 2012, the assessed value of the house dropped by 33% as well, 37%. That's because assessments are based on sale values when they sell. So this candidate is also saving a bunch of money on their property taxes by getting the house at such
37:41
a big discount. Now, this is literally one of my favorite examples of open source intelligence, in no small part because of the outcome. So in 2015, in February of 2015, Washington Post style reporter wants to write a story
38:01
about a congressman's fancy congressional office. Shows up, interviews the interior decorator that was paid with government funds to decorate this office in, and I'm literally quoting the interior decorator, in the style of Downton Abbey.
38:21
Beautiful vases, artwork, I think the chairs were, you can look. All of that was disclosed in Senate disbursement forms, or sorry, house disbursement forms, it was a member of Congress. So this started,
38:43
sorry, here we go. So this started people looking deeper into, what the heck is this guy spending government money on? And what they found, looking at a car that he was using was that he had reimbursed himself for driving 170,000 miles in this car.
39:04
This car only had 80,000 miles on the odometer. Filing a false reimbursement form, it turns out is a federal crime. So, this is also the candidate that I mentioned earlier,
39:21
used campaign money to go to a football game, or to buy tickets to a football game, used government money to buy the first class tickets to go to that game. So this happened very quickly. From February of 2015,
39:40
that Washington Post story is published. People start digging into this guy. Who is he? Where is he spending his money? Well, it turns out, he had a long history of doing things exactly like this. The scrutiny became so much, he resigned. Before he resigned, he paid back $122,000
40:03
to the federal government for misusing those funds, including $35,000 for the interior decorator. And this is one of the few times I get to say there was really good news at the end of this. He is also now currently facing 24 counts
40:22
over misuse of government funds, filing false reports, bank fraud, and wire fraud. So, last thing, voter fraud. Voter fraud is real, and it does happen. Now, it might not happen the way that some people
40:41
who go on certain news channels are gonna talk about it, but here are a few ways in which you can use OSINT right now to be able to find voter fraud. The first is gonna be duplicate voting. Real voter fraud is going to be if you are voting in the same election in two jurisdictions at the same time.
41:00
Well, voting histories, if you voted in those elections, is going to be a public record, very easy to find. Filing false registrations, this might be giving a fake address or registering at an address you don't actually live at. And then ballot petition fraud. In a lot of jurisdictions, you can avoid paying,
41:23
excuse me, filing fees for running for office by having people fill out ballot petitions for you, saying, I want this person to run. It's great, it's a great way for people who don't wanna necessarily spend money to be able to get on the ballot, and a lot of times it's a sign that you can get that type of support from your community.
41:44
However, people falsify these ballot petitions. You can get every single page of every single ballot petition. They are public records. Again, remember, these records are created for you to inspect them. So you can look at voter registration forms and voting histories, property tax records.
42:02
If you fill out a voter registration form, you are signing under penalty of perjury that you live at this address. If you take what's called a homestead exemption, which is also a form that you fill out under penalty of perjury saying that you live at that address so that you can get an exemption on your property taxes or a reduction on them.
42:20
That's also two documents in which you are signing under penalty of perjury that you live at those places. If those addresses are different, you've got yourself an example of actual voter fraud or possibly tax fraud, depending on which one they're lying. Although in any case I've ever found it, it's usually both. And then again, a lot of these records
42:40
aren't gonna be available online, so you can actually make the public records requests to be able to get these records. Emailing, they're all existing at the county level. A few other quick examples I know we're wrapping up, so I just wanna get through them real quick. Using more traditional OSINT techniques, resume exaggeration, are they lying on their LinkedIn profile about a job that they had?
43:02
Stolen valor, huge problem in political campaigns. I'm sure we have a few veterans in the room right now who would be very upset to find out people were lying about having served, where they served. Straw donors, this is very illegal. Easy way to find out if there's a straw donor scheme
43:22
or what could be a straw donor scheme going on is if you have both a CEO of a company donating to a political campaign and a lot of employees donating to the political campaign who have jobs that don't necessarily indicate that they have the disposable income to give to that campaign. Straw donor scheme is where somebody
43:41
reimburses somebody else for those political contributions. Plagiarism, there are a lot of automated tools like Plagescan to be able to find if somebody plagiarized, say, their master's thesis, the book that they just had ghostwritten before they run for president. Very easy to find and very common.
44:00
Also, issue pages on campaign sites. Great way to find out where are they stealing their copy from, who else is saying the same things about the same issues as them. Planes and yachts, we've talked a little bit and I've heard other people talk about tracking boats and airplanes. A good example of this in action was a candidate for a US senator,
44:20
actually a sitting US senator, very, very wealthy, owns their own plane, decided to be one of the common men, take an RV tour of the state. Somebody looked at the candidate's plane and noticed that it was going and tracking the exact same path as the RV over the whole state over the week.
44:44
And then finally, web research. You can find out, you know, ViewDNS is gonna have all of the different websites registered by a candidate or by the candidate's spouse. A fun example of this is Google the phrase towel charms.
45:00
I don't know what they are still, but there is a wife of a very, very high profile elected official who thought that they were going to be joining the private sector and needed to earn some real money, registered I think 10 different domains for towel charms. I don't, still have no idea what they are.
45:21
And also looking at archived pages, last thing before I wrap up is candidates, especially candidates who have been in a public office over a long period of time are going to have a long history of political websites. Those political websites, what they talk about is gonna change over time. A great example of this is every single Democrat
45:42
who is in office now, who was in office in the 90s has flipped on the issue of marriage equality. They will have statements from the 90s supporting Don't Ask, Don't Tell, or even just blanket opposing any sort of idea of marriage equality. Those statements are all gonna be on the archived pages of their websites.
46:00
Some of those candidates didn't even change their position until as recently as 2014. All right, so it looks like we're out of time. So thank you guys so much. Please go out there and do some good. Thank you.