Exposing a Pretender using SocMed OSINT
SocMed = Social Media
OSINT = Open Source Intelligence
So you’re an investigator and you’ve been given a task to prove that a person named Thomas Straussman is a cheater who pretends to be so in love with his fiance, Francesca. One of the existing information that was given to you is his username, “tstraussman”.
Username Investigation
In this portion, we will check if the username exists in different online accounts. If you will do this manually, it will take you a lot of hard time and effort. Fortunately, we have “Sherlock” that automates these things.
As you can see, there’s a Reddit within the result which will be the focus of this writeup:
https://www.reddit.com/user/tstraussman
Social Media Investigation
First, let us view posts, comments and other information on the target’s Reddit for us to come up with a specific strategy.
So there’s only one post which is a bad thing for some since less information will be accumulated but not for us. Do you remember the saying that when you put something on the Internet, it is there forever? Well, it is somehow true in this case. What we will do is to investigate the past versions of the comments section in order for us to identify if someone commented in this post and then deleted it since that someone might lead us to something for the target especially if they are close.
We will be using WayBack Machine (wayback.archive.org) to check for the past versions of this . However, before doing that, instead of just reddit.com, we will use the old version of Reddit which is the old.reddit.com. So the final output that we need to input in the WayBack Machine if we wanted to check the past versions of the comment section is: https://old.reddit.com/user/Tstraussman/comments/kh1pzg/big_thank_you/
If you will click on the oldest version, you will see this one comment that seems to know our target personally. Take note that this comment were deleted since we cannot see it on the latest version.
If we will view the profile of minikhans, he has some posts and comments with a real name of Hans Minik. However, there is no content that is related to our target. What we can do is to perform what we did on Thomas’ profile to Hans’ profile. So let us input the profile of Hans into WayBack Machine. After checking the oldest version, you can see that there’s a new entry that we didn’t see on the latest version.
This post have a blackmail letter from Hans to Thomas. It seems that Hans knew what Thomas did (cheating) and Hans is using it to gain money.
Then let us view the link and use the text below it as password.
So as you’ve read in Thomas’ email to Emilia, we now have evidence that he is really cheating and just pretending to be in love with his fiance, Francesca.
P.S. Thomas is just a fictional character.
Wanted to Learn More About Hacking?
Train here: https://referral.hackthebox.com/mzw8Olf