Thursday, March 13, 2014

Association, Location, Chronology, Deleted Rauhauser Post; November, 2012

Posted By: ZiLe Ohai - March 13, 2014

Neal claims there's more than one person writing on his blog in this deleted post from November 1, 2012.

 Association, Location, Chronology

by Neal Rauhauser
I think some of the more perceptive folks are catching on that more than one person knows the password for this blog. The posts showing personality are still me, but the rote documentation and review are more than one additional pair of hands and eyes.

Earlier “I” fixed something, then “I” told “me”, and after “we” talked, it’s something that deserves a post here.

The Steers & Queers Revisited post had a significant error, placing Sean Tompkins in Austin, rather than San Antonio. Sean has been in the back of my mind as a candidate for being @AnonKitsu and this geographic matches goes with temperament, associates, and activities. If I had some audio of Tompkins I could probably confirm/deny, but it’s not a high priority.

But this is a pitfall when you’re trying to sort out confusing situations. If you have Maltego it provides a nice, network and social media-centric link analysis/data visualization tool. I have played with a few, this is the one that actually got me to beg $650 to fund it.

Maltego has limited ability to express geolocation data and no sense of chronology. There are location entities, but it’s a manual thing, and the organization of a graph can not be tied to physical locations. There is nothing in the way of event timing available. Maltego graphs are a moment in time, or they have a chronology the creator knows, but it’s not implicit in the entities themselves.

Sentinel Visualizer seems to be the next logical step. It’s $2,700 for a single workstation seat, or about $5,000 to add geolocation and temporal analysis capability. When you get the advanced add ons you also get the ability to have multiple stations working from a central datastore.

When I evaluated it there were examples like a credit card transaction master file for a west coast chain of stores. Individually they could tell they were having losses, but not when or how. Once the data was visualized in both time and space a pair of men based in Portland who were working a loop from there down to San Diego and back every two weeks was immediately apparent.

Nothing I do really has a geolocation component beyond the fact that some of the people I am interested in live in the same city, or attend the same event, or work for the same organization. I am trying to aim a few humans diggers, not a flight of cruise missiles. Temporally I do have some things that fit the law enforcement/counter-insurgency visualization methods, but there are half a dozen things I would do with $5,000 before I committed to the time to convert to Sentinel Visualizer.

If Sean is in San Antonio and that conversational slip last year indicates he is behind @AnonKitsu that solves a bunch of mysteries for me. But it introduces a new one, because that puts an eighty mile air gap between he and Brandon Darby, who were thought to be acquainted through their mutual love of flag football.

We have a bunch of names here, a bunch of events, and within those events there are implicit social (work, play, organization membership, etc) links. There are also timelines in some of them, sometimes explicit (dated), other times implicit in the flow of the story. Yesterday we started adding geographical locations. We are not hunting some shadowy transnational narco-terror syndicate, we’re looking at a couple of factions of political activists, most of whom have ethical deficits or potential criminal problems, and a few of which plug in further up the food chain in terms of money and media reach.

Where I sit I see the usual suspects, diggers and bloggers, and the Backer/Walker discovery fiasco just got the attention of some bloggers with longer reach and a law firm that is interested in my tale of years long defamation. We’ve always had a federal lurker due to the false police report problem, but they have their own ways and means, and that’s a one way pipeline.

So we’re largely manual, we just recently split into open(here) and secret(Kookpocalypse). We’re not showing everything from the discovery, because we have a couple of really excellent hole cards and in interpreting the content those have to be at least implicitly made known, so the diggers don’t go down any bunny holes, either mine or those placed by opponents. Some of this discovery is liable to end up a civil suit and it’s fine if that’s aired here – if any of the players start to clean up and there is a federal indictment, hello obstruction of justice charges. That’s like double coupon days at the supermarket – 24 months becomes 48 in the blink of an eye.

So we document people and the events they are involved in, if we goof we publish a correction or a retraction as needed, if we invalidate old intel due to superior evidence then we post something that explains the evolution. And if we keep trudging maybe justice will be served one of these days.

