Hal talks OSINT with David P. Weber—a CFE, attorney, and private investigator with decades of investigative experience in the government and private sectors.
David P. Weber has quite a resume and lots of interesting tales to tell. He was assistant inspector general for investigations for the United States Securities and Exchange Commission — AKA, the SEC’s chief investigator. He handled enforcement matters for the FDIC in the western U.S. And he served as special counsel for enforcement for the United States Department of Treasury.
Now he’s carrying all that experience into the classroom, teaching in the Fraud and Forensic Accounting program at Salisbury University in Maryland. And he somehow finds time to practice law — his firm specializes in fraud examination and forensic consulting.
In this episode of the Sound of Pursuit Podcast, Weber shares a few OSINT pro tips that go beyond Internet-based searches, and he explains why idiCORE has become his go-to proprietary database.
(note: This transcript has been whittled down with a heavy editorial hand — it’s essentially just a highlights reel. So if you don’t want to experience severe FOMO, you’d better listen.)
HAL HUMPHREYS: I think a lot of people, David, think of open source intelligence as “stuff I can find on the internet.” But there are so many other sources for open-source intelligence.
Finding Putin’s Money: The Library
DAVID P. WEBER: And I can give you a great example. One of the greatest is the library. So some people who might be listening to this might know that I was one of the two experts who assisted the International Consortium of Investigative Journalists on what today is called the Panama Papers investigation. This investigation revealed that over 140 world leaders were involved in hiding money and kleptocracy by stealing from their own countries. Creating shell companies through a law firm that had been hacked, which is where the data mostly came from. And this was how they were hiding their wealth. One of the key subjects that I helped within the investigation is a guy you might not have heard of. His name is Vladimir Putin.
HUMPHREYS: And what does he do?
WEBER: And so, Vladimir Putin, obviously, you know, the oligarchy and kleptocracy in Russia is very well documented. But despite that, these are not guys that are holding the money in their own name. And in the Panama Papers, a number of international banks were making loans with no collateral, no security, for hundreds of millions of dollars. Multiple loans, and many of these loans were made to an LLC.
Research showed that the LLC is were owned by a guy named Sergei Roldugin — a Russian state orchestral violinist and cellist and conductor. So you ask yourself, how could a violinist — are they the kind of people that an international bank would lend over a billion dollars to with no collateral? So it turns out that Sergei Roldugin is holding this for Vladimir Putin.
And how do we figure this out? We figure this out from the library. I’m a professor in the University of Maryland system, a world-class school with a huge collection of Soviet era books. And it turns out that Sergei Roldugin, his father was a KGB agent. And this is in the books: Vladimir Putin, of course, was a senior level KGB official before the breakup of the Soviet Union, but a lot of people don’t know that his father was in the KGB, too. So the kids of KGB officials didn’t go to summer camp with the proletariat. They went to a KGB summer camp.
And so based on those books. I was able to identify the connection between these two guys, this is how they’ve known each other. So they’ve been friends since they were little kids. That’s an example of OSINT that’s not coming from Google.
Further reading: “The Cellist and the Lawyer” (OCCRP)
HUMPHREYS: That is the thing that I want to get across in the discussion about open source intelligence: Google and the internet and the Dark Web, they’re great tools, and if you know how to navigate those things, bully for you. But if you know how to go to the library, I mean—
WEBER: Librarians are the most capable of helping us. Any state university is going to have a comprehensive library. And those universities are not just there to assist the students. They are there to assist their community.
One of the great benefits of Salisbury University is that it provides incredibly rich resources to the community. So if you were a private investigator on the eastern shore of the Chesapeake Bay, your resource would be getting in touch with the library and seeing how they can help you. In many cases they can even get you digital access. Many of these libraries are using scanning services. Copyright doesn’t allow — they’re not going to post it on the internet. But if you’re looking for 12-year-old kid’s name who was at a summer camp with our buddy Vlad, they would be able to photocopy that chapter for you and send it to you as a PDF without you ever coming into the library. They enjoy it. It’s their job. Our job at a university like Salisbury is to create knowledge.
HUMPHREYS: I worked on a an asbestos case a couple of years ago. They were looking for people who had worked at this one shop and in a small small town in East Tennessee. My first stop is the library, because in their archives in this small town, the local library also had the morgue file from the local newspaper.
WEBER: Yes, genealogy records are frequently at the library. Keep going.
HUMPHREYS: Back in the day, there was a service that was kind of ubiquitous in the United States called the “city directory.” And the city director would have phone numbers listed in sequential numbers order, addresses listed in alphabetical and sequential order names, and all those things cross referenced. A lot of them would have the census records. And I was able to take the city directories from the timeframe that this lawsuit was referencing and not only identify who had worked in that place; I got their job title. I got their home address. I got their phone number. These are all 1940s addresses, but that’s a starting place.
The thing about going to the library or the courthouse, or the basement of a newspaper is you see things there that you won’t see with a specific query on an online database. You’ll see Vladimir Putin’s name at the camp and then little bit further down, you’ll see the violinist’s name.
WEBER: And if you didn’t use the right search term within five words within 10 words within 15, unless you’re just flipping through the book, you’re not going to see it. Absolutely.
HUMPHREYS: So for me, the fun thing about open source intelligence is there’s so much more available information that is free to the public to anyone who cares to ask.
Hidden in Plain Sight: Birth Certificates
WEBER: Another example would be vital statistics records. Many states, you don’t have to have a business purpose to get access to birth certificate or birth records or marriage certificates. I worked on a fraud case while I was at the Treasury Department in which a very senior level bank official had changed his name. We had all kinds of theories for why. And when you become a senior level official of a federally-insured depository institution, you’re required to have a background investigation. He had been fingerprinted, I mean everything. Normal, no issue.
Later the bank failed, there was massive fraud, bad things happened. And there was a particular guy who had a lot of big loans that went bad. We couldn’t figure out what the connection was. I ultimately got the birth certificate of this bank official. And remember: the birth certificate is in this other person’s name, right? It’s his prior name. And what was interesting was that he was the second of two children born on the same day. It turns out this other guy with the other name was his brother who popped out 36 seconds earlier.
So we’re talking like a record from, you know, 80 years ago, a handwritten record. We couldn’t get it online. We have to send somebody in person. We send people with badges. But if you come in and say, “Hey, I’m doing a background investigation. Here’s my license. I’m a private investigator,” I’m confident you wouldn’t need a badge.
HUMPHREYS: That’s fantastic. So open source intelligence information that’s available to anybody, just for the asking. You’ve got to know who to ask, but it’s there.
Launching Your Investigation: Proprietary Databases
HUMPHREYS: Databases that private investigators have access to — a lot of times, it’s kind of a starting place. To point me in the right direction. We are sponsored this month by idiCORE, kind of a new player in the database game. I understand, David, you’ve had some really good use out of it.
WEBER: Listeners, I want you guys to know: I was not a sponsor plant. I was supposed to be doing a podcast for you on OSINT, and then it just happened that I use the same software as your sponsor.
Obviously I have used databases for many, many years At this point, I’ve probably used all of the major players. I personally switched to idiCORE when its competitor was bought. TLO, the program that I was using in the past, was created by a gentleman by the name of Asher, who was a brilliant guy, also a felon. But in his later life, Mr Asher turned a corner and his whole career was assisting law enforcement and intelligence through TLO. When Mr. Asher died, it was sold to TransUnion, one of the big three credit bureaus. They immediately raised prices. Most annoying to me is they started charging a per user fee per month. The problem with the per user fee is it’s the wrong model for the investigations business. When I charge somebody for a report, I billed that as an actual expense to the client. My invoice says “actual expenses.” How the hell do I bill a monthly service fee?
IDI enters the business probably a little before Mr. Asher dies. It’s just coincidental that I have steam coming out of my ears because I can’t pass along this monthly fee. My staff investigator says, “Hey, there’s this new company called idiCORE, and it looks a hell of a lot like TLO.”
I get approved, and I start using it. And in fact, it turns out it’s better than TLO. And IDI has become one of the most unusual and useful data providers. All of these databases generally pull from credit headers of the credit reporting agencies. All of them generally pull from criminal record searches, civil lawsuit databases. But IDI’s doing data analysis.
IDI started doing some other innovative stuff: They have purchased access to all these license plate readers. I don’t know how many of you have ever gotten an automatic enforcement traffic ticket if you live in a big city, but it is the bane of my existence in the D.C. Metro. So that location data, if you have a license plate, can be so useful if you’re trying to find somebody to serve them with a subpoena. So if the average D.C Metro driver passes by six cameras, and if idiCORE has that data, we’ve got double the data we need to triangulate where somebody lives, where they sleep, where they go to work.
You know, they are using cameras on parking enforcement vehicles to simply cruise up the street. And the parking permit for the resident is not a sticker on the car. It’s just in the database. If a parking enforcement vehicle goes up that street every day, now we know within a three-block radius where the person lives.
Man, compared to having to do surveillance, day after day, compared to having to charge a client to do that? Imagine if you can use the data to triangulate where somebody is! And then you can just do the surveillance on that block and when they walk up to their car: “Well, sir, here’s a subpoena.”
HUMPHREYS: I have not yet had access to idiCORE. I understand from a couple of friends, one of them says that their phone numbers are way more accurate than TLO and they’re excited about that. The other one said that their email addresses are much more accurate.
WEBER: They have emails and they have IP addresses. If you put in the IP address of a person who’s not using Tor or some type of VPN that’s going to make it look like it’s coming from somewhere else, the IP address can really get down sometimes even to the switch on the block where the user is. I’m just going to use Salisbury, Maryland: If you know the IP address, the provider is Spectrum Communications. And Spectrum can probably tell you the switch is on XYZ Street. You’re down to five houses or ten houses. And that can be really powerful evidence if the allegation is somebody sent an email.
They’re not getting that from a credit header. I’m actually not exactly sure how to getting it. But that’s an incredibly useful piece of information that I’ve never had until recently, and it’s only because of IDI.
Salisbury University’s Fraud Program
HUMPHREYS: David, thank you so much for taking the time to talk to me today. I’ve certainly enjoyed it, and I look forward to hearing more from you next month, which is Fraud Month at Pursuit and PI Education. We’re going to be talking to David on our monthly webinar next month about fraud issues. But today, it’s all about open-source intelligence.
WEBER: I just want to thank you guys for inviting me in. And I would invite any of you who want to take your education to the next level to consider this fraud program. It’s an undergraduate certificate, so you do not have to get a four-year degree if you don’t want to. You could simply get this certificate in fraud and forensic accounting. For those of you looking to expand your practice, you would start with the basic accounting tools, which is financial accounting and managerial accounting and then after you have your basic accounting platform
Then the remaining four classes are fraud. Fraud 24-7. Fraud and data analytics, a class in fraud examination, a class in advance fraud examination, and a class and white collar crime and how it applies. And then you get a certificate, suitable for framing. Perhaps, if I can convince you, and you want to go into the library stacks with me and do some investigations, you can come here. The thing is, it doesn’t have to be an accounting major. You could be a criminology major. You could be a sociology major. You could be a basket weaving major, for all Professor Weber cares, as long as I can teach you how to crack heads and chase people. Obviously all of us listening, investigation is in our blood. And I just thank you for listening to me.
HUMPHREYS: Thank you again! I appreciate your time.
About the guest:
David P. Weber is a clinical assistant professor of accounting at the Perdue School of Business at Salisbury University. He is a certified fraud examiner, registered private investigator, and licensed attorney. He completed more than two decades of public service in 2013 as the Assistant Inspector General for Investigations at the U.S. Securities and Exchange Commission, the SEC’s Chief Investigator. He now teaches full time in Salisbury’s Fraud and Forensic Accounting Certificate Program, and leads a boutique law firm with an expertise in fraud examination and forensic consulting.