A (14:00)

Increasingly, there's this emphasis on automation and tools and you know, we're being inundated with large language models and machine learning and artificial intelligence. And it's the AGI is going to appear at any moment and take away all our jobs. But I think that's a lot of noise. You know, at the end of the day, like when we're talking about intelligence, we're talking about open source intelligence or online investigations. It's a human thing. Like it always comes back to. Typically you're looking at some kind of criminal activity or something that a human has done and it takes another human to look at that situation and have the, you know, maybe the insight and the intuition to, to ask why things happened the way they did, or to, to, to tease apart the different aspects of the case that they see, you know, like it's not the machines can't solve those problems yet. Like we still need someone who's critically thinking about what's going on and asking why did these things happen and what does this mean?

B (15:02)

I think it's a really interesting point and, and the, this whole notion that you know, we have sometimes just a gut feeling and for people to have the freedom to pursue that, to chase that down, as you say, it seems to me, is something that can get lost in automation.

A (15:21)

What you see online as well, there's a lot of this is a common, I think, message that's coming out of the open source intelligence community right now as we speak. And I think it's really good to see that happening. And there are a lot of voices I think saying the same thing because we're in this space now where it's, it's, there's a lot of clout chasing, you know, like there are a lot of these self proclaimed Osint experts on the Internet, on Twitter, X whatever, trying to jump on the story right away, you know, something happened. I'm going to get this analysis in quotes out to the world right away. It's all this clout chasing and it's just like it's just making noise. Like it's not. There's no critical thought, there's no analysis, there's no actual, as some people would say, there's no tradecraft that's been applied to that. There's no deep thought sitting there quietly thinking about why these things are happening, what do they mean? It's an interesting time to be in.

B (16:19)

Right now and what's the potential peril of that? Of people, can I say, putting out their hot takes. How does that hurt us as an OSINT community?

A (16:32)

Those things get amplified, you know, like people jump on that and it just creates noise in the environment we see. It can spread to politics where you have people in positions of power that are suddenly amplifying and promulgating false narratives that have come out of, you know, like weird interpretations of events happening. I mean it even, you know, there's this dead Internet theory that the Internet is all completely filled with automatons and bots and it feeds into that, you know, it creates this noise environment where it's hard to find out what the truth actually is. And I mean that goes back to saying that this is a human endeavor, right? Like it just increases the importance and the need for critical thought.

B (17:20)

What role does curiosity and healthy skepticism play in good OSINT work?

A (17:27)

I think that curiosity is, you know, like one of the number one attributes that, that you should bring into that kind of work. Like asking why, Constantly asking why, and being skeptical about what you see because, you know, like the information that can be presented or the information that you find can be overwhelming, you know, and you, you don't know what the provenance of it may be. You don't know where it's come from. And having that kind of innate, I mean, I would call that investigative mindset, you know, like the, the ability to maybe harness innate curiosity and skepticism and kind of relentlessly pursue leads to find out where that kernel of actual truth is. You know, like going down every lead, following every, every rabbit hole and figuring out, you know, how do these things connect? Do they actually connect? Is important. That's kind of critical. Like without that, you know, you're just, you're just another robot. I guess at the end of the day you might just be like making assumptions and jumping to conclusions without actually actively questioning them. And it doesn't result in intelligence, it's just data and information being regurgitated.

B (18:46)

Well, for you personally, how do you train or sharpen those investigative instincts?

A (18:54)

For me personally or for teams that I've worked with, you know, we spent a lot of time talking about these very subjects, you know, having these conversations about as boring as it might sound like, talking about critical thinking and talking about our biases, spending a lot of time reading, you know, a variety of different types of literature, having conversations with other practitioners. I've been really lucky in that I have almost a mentor, I guess, but a good friend who's, you know, a long time investigator here in Canada, 50 years of experience, who has spent a lot of time doing online investigations. And having somebody like that that you can talk to, who has, you know, finely honed investigative instincts is super helpful. And you know, they call you out. Having a person like that around can, can help you because that person will call you out, they'll question why you're coming to conclusions, you know, and that's a good habit to pick up and a good thing to pass on to other people. And it's good to kind of cultivate friends like that that will question your assumptions and, you know, question your conclusions.

B (20:00)

Yeah, I'm curious. You know, I can imagine folks saying, you know, Brock, this is all great and curiosity and skepticism and the personal touch for OSINT is absolutely appropriate, but it's also really hard to scale. And we've got so much information coming at us that we need to rely on automation. What's your response to that line of thinking.

A (20:27)

I agree. And it's not just because I work for a tool company, but there's only so much you can do. And investigations online are completely reliant on tools. A browser is a tool, a search engine is a tool, but there's also huge amounts of data that you need to process and acquire and do analysis on. And there's only so much, as you rightfully pointed out, there's only so much a human can do in that environment. And so I think from my perspective, not relying on tools to do everything for you, but finding those places where the tools can augment the things you need to do. So if there's repetitive grinding work that has to be done that, you know, you could do it manually, but you can make it happen almost instantaneously by using automation. That's a good application of automation. You know, it's like amplifying what the person can do to maybe highlight the things that they need to look at. There's a risk with that as well because obviously automation that is producing massive amounts of data can also be completely overwhelming. And then you have to figure out how to process and analyze that. I think we're starting now to see that artificial intelligence or machine learning or whatever you want to call it is starting to maybe have some ability to clean up some of that data. And it's very interesting to cautiously find uses for those types of tools to help with that data overload. I guess that's how I look at things. It's that realistic. Not depending on the tooling, but definitely using it intelligently to augment your process and augment your workflow in a way that makes sense and helps to amplify your abilities.

B (22:14)

Is there an aspect of this, of allowing for the reality that not every avenue is going to pay off, that sometimes someone's going to have a hunch and they're going to chase something down. And in the end it really just doesn't lead anywhere. But that's okay.

A (22:31)

I guess I would, I would say like encouraging people to, to make mistakes is what I would call that, you know, because that happens all the time. Like you go down, you go down rabbit holes, you find a piece of information that seems like it might make sense and you chase it down. And you might spend hours or days chasing down leads that go nowhere. That's challenging to overcome. The feeling that that creates, that you've wasted time. But at the same time, that's what we want. Investigations take time. It's not this fast paced Thing it can be, there are times where it can be, but inevitably that leads to mistakes. And we don't want to put the wrong information into the people's hands who are consuming the intelligence reports that we're producing. It's okay to go down those paths. You also, you need to be able to cut your losses too and recognize that this is going nowhere. And I need to take a different tack. Working in a team that, that helps, you know, to have somebody looking at what you're doing and saying, does this really make sense? And questioning, you know, those questioning the, the assumption or questioning the path that you're on.

B (23:43)

Yeah. What does success look like to you? A well running team who's balancing human side of thing, but also taking advantage of some automation. Can you describe what the ideal is?

A (23:59)

That's a really good question. Having worked on a really well running team with automation, I think that, you know, everybody's happy. You have to tell them to stop working. You know, that's a good indicator. You have to tell them to stop. Like you cannot continue investigating these subjects when you're supposed to be off because you have to recover, you have to relax, you have to get some downtime, you have to spend time with your family, you know, being able to take on tasks to work with, you know, whoever's giving you the intelligence requirements or the RFIs, whatever it might be, being able to work with them to develop and understand their requirements and then to be able to translate those, you know, into a plan, into a collection process, gathering information, using tools maybe to help automate that information. Whether, you know, it might involve scanning huge chunks of the Internet to find certain pieces of infrastructure and then being able to process that information and glean the intelligence out of it that you need to find and then conducting that analysis on it and providing it to the consumer at the end of the day and having them say to you, you know, like, this is exactly what we're looking for. When all of that's working and running as a well oiled machine, that's success. The team knows what they need to do. There might not be that many dead ends. They're working together like a well oiled machine. They're using the tools to augment the work that they need to do. And it's a beautiful thing to see when it happens.

B (25:38)

Yeah, it feels good too. It's fun.

A (25:40)

What's that? Dopamine hit of success, right? Like I actually achieved something here. Like it's great.

B (25:45)

That's Brock Lupton, product strategist at Maltego At Talas, they know cyber security can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more@talasgroup.com Cyber.

C (26:47)

I'm Christian McCaffrey, pro running back, and Abercrombie is an official fashion partner of the NFL. I'm not kidding when I say NFL by Abercrombie broke the Internet last year, and I think this season's lineup is even cooler. And so does my wife who keeps stealing all my hoodies. Stay fit for the season and Abercrombie's newest arrivals Shop NFL by Abercrombie in the app, online and in store.

B (27:22)

And finally, in a story that hits uncomfortably close to home, it seems cybercriminals have decided that if you can't get on a podcast and you might as well pretend to host one. A new phishing campaign is making the rounds in the crypto world, with attackers impersonating the popular Empire podcast to lure developers and influencers into exclusive interviews. The pitch arrives via DMs, complete with fake flattery and calendar invites. But instead of market insights, the victims are nudged towards convicting lookalikes of platforms like Streamyard or Huddle, where they're told to download a desktop client. It's not a client, it's Amos Stealer, neatly wrapped in a DMG file. Once installed, the malware dutifully rifles through credentials, cookies, and crypto wallets, handing them over to cybercriminals for resale. This scheme follows hot on the heels of August's fake CoinMarketCap journalist stunt, proving scammers are nothing if not creative. Perhaps the moral is that not every podcast invitation is worth accepting, especially if it comes with a download link. Present company accepted, of course. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2n2k's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign Attention Security Startups there's less than a week left to apply for the 2025 Data Tribe Challenge. This unique program accelerates early stage cyber companies. Refine your messaging with startup veterans, then pitch to top venture firms shaping the future of cyber. The live pitch competition takes center stage at Cyber Innovation Day, November 4th in Washington, DC. Applying is easy. Go to challenge.datatribe.com Share your company info and upload your pitch. Submissions close September 19th. Submit your entries today. And now a word from our sponsor. ThreatLocker the powerful zero trust enterprise solution that stops ransomware in its tracks. AllowListing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.