Thoughts on identif...
 
Notifications
Clear all

Thoughts on identification of user on Reddit alias

2 Posts
2 Users
0 Likes
403 Views
(@tateconcepts)
Posts: 9
Active Member
Topic starter
 

Hi all,

I'm new to the forums so I may not have this question in the right place, if there is another forum that would be more appropriate please let me know.

I have a user that is the subject of a potential corporate/criminal investigation. The only things I have to work with (besides their generic identity profile - age, race, sex, marital status, interests and a few other artifacts that are relevant), are a Reddit alias that they frequently post under, a different alias used for YouTube videos and an altcoin wallet where tons of money is flowing to. The joy of this user is that the only forums I can identify any relationships use imgur (which strips EXIF data) and the user is clearly a talented malware author who matches the subject of investigation.

While I can link to another site on one of those forums, it would be difficult to know which of the hits against the web server are them (nor would I be surprised if they aren't using TOR not to mention, opening images offline). They are very bold in their statements of accolades but very clean when it comes to online presence. In fact, they clearly have designed software that impersonates users as a service, is polymorhic and uses a CORS proxy to run undetected to keep persistence. They also appear to be either a sysadmin or developer, not an executive and in a possible suburban or rural area. I've attempted to cross-correlate users that are on both forum threads but doesn't seem to have anything admissible from Maltego.

Would anyone have any thoughts on how to catch this fish or at least obtain enough info from what I have for corporate security?

 
Posted : 24/08/2017 8:49 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Hello,

If you are LE, you can write a search and seizure warrant to both Reddit and YouTube asking for

Within a specific date range, all IP addresses and devices which have accessed the accounts.
The original email address, IP address, and device which was used to create the accounts.

If you are a civilian, a lawyer could write a 3rd party subpoena to Reddit and YouTube asking for the above information but will have to reference a filed lawsuit.

If you PM me I will send you templates for both above examples (LE and civilian)

Then, depending upon the responses, you could follow the trail to the next step if there is one.

 
Posted : 24/08/2017 9:01 pm
Share: