13 October 2023
Webinar

Webinar | From FSB Agents Phone Numbers to Addresses: Investigating with District4 Breached Data

Person of interest investigations often come with this challenge: Starting with a name or common alias yields lots of information but with less relevance. Starting with an email address or phone number retrieves results with higher confidence, but in smaller quantity.

Using compromised records for your investigations makes things easier. Compromised records form a database of email addresses, domains, IP addresses, names, passwords, and other personal identifier information, which helps uncover a subject’s online presence, identify threat actors, and determine a company’s breach exposure.

In this webinar, the largest compromised data provider District4 and Maltego come together to demonstrate the breadth and depth breached data can bring to your investigations. We will start off with a set of alleged leaked phone numbers of FSB agents, explore over 40 billion records provided by District 4, and end with physical addresses of FSB-owned buildings in shockingly controversial places.

In this webinar, you will learn:

  • 03:00 What Are Compromised Records?
  • 06:09 Why Do Investigators Use Breached Data?
  • 10:22 How Can You Query Darkside Data in Maltego?
  • 14:12 How Can You Use Flexible Searching in Darkside?
  • 25:00 Exploring FSB Agents’ Leaked Data: Demo Intro
  • 30:59 Verifying Maltego Findings
  • 32:30 Investigating Location Addresses in Maltego
  • 36:05 Investigating Leaked Phone Numbers in Maltego
  • 42:35 Investigating Passwords in Maltego
  • 44:25 Using Leaked Data for Complex Searches in Maltego
  • 47:00 Recommended Steps for Investigation Follow-up

About the Speaker

Mathieu Gaucheler is a subject matter expert at Maltego. His responsibilities include research-driven content development for blog posts, webinars, and talks. He started working in cybersecurity in Barcelona, focusing on malware analysis and sandbox development. He has previously presented his research at BotConf and RSA APJ.

As the Founder & CTO, Matteo Tomasini built District 4’s dark web capability and breached credentials repository over the past decade. He also serves as Practice Lead for Prescient’s Cyber Practice and is a recognized expert at conducting complex cyber investigations and dark web collection with previous experience at K2 Intelligence and BlueVoyant.