The Defuse Podcast: Beyond Security - The Science of Feeling Safer
🔊 The Defuse Podcast: Personal Threat Management for High-Risk Lives
How do you keep high-profile people safe in a world of escalating threats, online hostility, and real-world harm?
Hosted by Philip Grindell, former Scotland Yard detective and author of Personal Threat Management: The Practitioner’s Guide to Keeping Clients Safer, The Defuse Podcast goes behind the scenes of elite protective strategies used to safeguard prominent individuals, executives, and private clients.
Each episode features candid, expert-led conversations on topics including:
- Stalking, fixated threats, and insider risk
- Protective intelligence and behavioural profiling
- Workplace violence and reputational harm
- Digital vulnerability, doxxing, and OSINT
- Crisis leadership and executive resilience
Whether you're a security professional, family office advisor, C-suite leader, or someone responsible for protecting others, this podcast will give you real-world insight into what works — and what doesn't — when lives and reputations are on the line.
Subscribe now and learn how to manage threats before they become crises.
The Defuse Podcast: Beyond Security - The Science of Feeling Safer
OSINT Part 1 - The Digital Lens Into Personal Security with Jon Blake
OSINT Part 1 - The Digital Lens Into Personal Security with Jon Blake
In the first part of this podcast, Philip Grindell interviews Jon Blake, a former Metropolitan Police Detective who has become an expert in Open Source Intelligence (OSINT).
They discuss:
- Jon's background as a career detective who moved into cyber investigations, worked in covert operations, and eventually became a national internet investigation coordinator before entering the private sector in 2015.
What OSINT is: Open-source intelligence refers to gathering publicly available information and processing it for reliability and assessment. Jon notes that in policing, they've moved away from the term "OSINT" to "triple I" (internet investigation and intelligence).
- The difference between the surface web (indexed by search engines), the deep web (content not indexed by search engines, such as commercial databases), and the dark web (accessible only through specific tools like Tor).
- The distinction between open source (publicly available information) and closed source (information from private systems).
- The importance of treating digital evidence properly, including creating audit trails, capturing evidence methodically, and preserving digital material to maintain its integrity.
- How investigators must approach OSINT with the mindset that any information gathered could potentially become evidence, so proper documentation and verification are essential.
The experts emphasise that OSINT is a powerful investigation tool but should be part of a comprehensive approach rather than relied upon exclusively.
Subscribe to 'Defuse News', our weekly update of the week's events on our website.
Follow me on X /Twitter
Connect with me on LinkedIn
Welcome to the Diffuse podcast with host Philip Grindell, CEO and founder of Diffuse, a global threat and intelligence consultancy that blends psychology and intelligence to mitigate threats and risks to prominent people and brands no-transcript.
Speaker 2:It's really designed for high-profile individuals, corporate leaders and security professionals, and each episode delivers expert insight on navigating real-world threats, both digital and physical. So this is part one of OSINT, the digital lens into threats. With John Blake from CyberOx Global, we're looking at how OSINT is used to detect, assess and neutralise threats before they escalate. Used to detect, assess and neutralise threats before they escalate. It's a tactical, real-world conversation and it's tailored for those responsible for their own security or that of others.
Speaker 2:John and I have known each other for years. Funnily enough, we worked pretty much in the same department, but on different sides of the fence for some time and, because it was all sterile corridors, we never knew each other and never met each other there, but found out that we'd worked on some similar jobs and same jobs from a different perspective, and John, like me, is a former Met police officer, but somebody who I trust implicitly with our open source intelligence we have done since we first started five and a half years ago. I've learned a great deal from John and I'm sure you're going to learn a great deal from him over the next two sessions. So, john, welcome. Thanks, phil. Great to be here. Good, good to see you, mate and listen, rather than me kind of reading out your bio and spending half an hour doing that, because it's obviously lengthy because of all the things you've done, can you kind of give us a quick intro into kind of who you are, what's your background and what are you doing now?
Speaker 3:Of course I mean so, like you said in the introduction there, former Met Police detective, sort of career detective really. I've worked in the usual places, you know, the murder squads we all did that, didn't we Robbery squads and sort of found my feet as a detective. But then, um, we realized that obviously technology was taking a big part in our investigation. So I sort of moved into um, into that world, um, looking at online investigations, and then moved into to covert operations. Um, I was in charge of some of the training there for undercover officers, supporting the operational officers there on the selection teams, and part of that was obviously the covert side of the internet investigations. And then I moved into a national coordinator's job at what is now the College of Policing, looking at internet investigations there nationally across law enforcement agencies.
Speaker 3:I decided to make a change after 26 years, 2015, stepped into the private sector and I think that's where we reconnected. And then I sort of went into the consultancy world supporting companies like yourselves in investigations, into training and a lot of international work with organisations like the United Nations on the human trafficking side of the business and Foreign and commonwealth office, now the fcdo. I've worked in 50 countries, mainly in consultancy and training, a little bit of operational stuff as well, and now onwards and upwards. Really it's it's much more of the same. After covid, things changed. We moved into, obviously, the online space for consultancy and trading, but thankfully we're back now on the face-to-face. So, yeah, it's been an interesting journey and, as I say, it's good to be working now with people that we know and trust. The great thing about working for yourself, of course, is you can choose who you work with.
Speaker 2:Yeah, yeah, that's always a bonus, that's true, okay. So so let's I mean, I guess you know, let's start from the top and and kind of work our way through this subject because I, you know, as I've talked to you about previously, it's a bit of a fashion subject now. Everyone's doing it, um, and yet we know that not everyone's doing it particularly well. And, without wishing to be, um, disrespectful to any of your trainings, I know your training is exceptional. You know, some people have done a two-week course. I did a two-week course in the police on osint, so I've got an understanding of it, but I don't do it myself, I get other people to do it, experts to do it, like you, you know, on behalf of our clients, etc. So what is osint?
Speaker 3:well, it's. It's interesting that you mentioned, you know, the the sort of basics of this, because, um, you know, let's start right at the top. So we use this term osint, which is obviously a shortened term of open source intelligence. Um, what you call something is important, you know. We can use the term OSINT as long as we understand what it is we're referring to. So when we talk about, you know, gathering intelligence, I think the first thing to understand is what exactly is intelligence? There are lots of different definitions out there, but a really good one is intelligence is information that has been processed for reliability and assessed from the source perspective. So when you think about the term OSINT, actually it should be OSINT, because what we're actually doing is we're gathering information and then we're processing it and assessing it. And this was something that I sort of had a bit of conflict with in the police and, interestingly, in the police now, the term OSINT is redundant. They use a term called IIII, which is Internet Investigation and Intelligence, and that's how I like to refer to it, because when we talk about open source investigations, we're talking about gathering material, assessing it. Is it intelligence? Is it evidence? How, how reliable is it? What can we use it for. So I think that's important that we understand. You know exactly what we're doing here, um, I always say to everyone who asks me this question that the open source internet digital, whatever you want to call it is never going to be the one thing that is going to solve the problem, but it's a very, very sharp tool in your toolbox and just sort of from a training perspective, what I've discovered over the years is you can train investigators to become really effective open source investigators. But what's difficult is to take people that don't have an investigation background, and it's not impossible, but it's more difficult because all you're doing is conducting an investigation in a different environment. That's all open source investigation is. So you will hear me talk about internet investigation, open source investigation. They're all really the same thing, but it's important to understand the landscape.
Speaker 3:So when we talk about the internet, um, we're talking about the infrastructure. We're talking about the switches, the servers, the connections, the routers, all the things that make stuff work. Now, when you're having a conversation with your, with your mates, down the pub, you, you can say I found this on the internet, I bought it on on the internet. But when we're working, we need to understand that we're using internet services. So the service that is obviously used in our work is the World Wide Web, and the World Wide Web was invented all the way back in 1990, and it sort of took off almost immediately. But that's where we're operating.
Speaker 3:We're not operating on the internet, we're operating. We're not operating on the internet, we're operating on a service that runs on the internet, and the World Wide Web is made up of millions of web pages and websites and databases. But that's where we're positioning ourselves. Now, that's not to say that we can't investigate the internet, because some of our investigations are technical and we'll come on to that a little bit later about how we can leverage technical material, um, to to form a picture of whatever it is we're looking at. But, um, our main focus is on content of websites, social media, um, and and databases. That's where we're. We're sort of looking. So the environment is important, uh, and I think that's that's a really, you know, important thing to get, to get home and, uh, initially, so we're over on that subject.
Speaker 2:then can you define for us the difference between the, the worldwide web, what is called the deep web and what is called the dark web?
Speaker 3:Yeah, so the worldwide web, you know, contains all of the things you've just mentioned. So what we generally refer to are three levels, as you said there the surface web, the deep web and the dark web. So when you think about an ocean, say the Pacific Ocean, it's a massive expanse of water and it's really deep. What the search engines do is they float around on top of this ocean and they put their nets in and they scoop up information, anything that they can see. They'll scoop it up and use their algorithms to index it and, depending how effective that index is, um, we'll be able to leverage that information and find it. Um, but but search engines can only see certain things. So if you've got a website, you might decide actually I want Google or the other search engines to index my whole website. Or you might decide actually there's parts of this website that I don't want to index. Or you might have a website that you want Google to see the existence of, but you don't want them to get hold of the information. So if Google can see something and it can index it, generally we call that the surface web and then below that is the deep web. So a really good example of the deep web is a commercial database, so you've spent money building a database. Yes, you want Google to find that database, but you're not going to allow it to get inside and index the content, because that's where you're making your money. So stuff that Google can't see and when I say Google I mean search engines in general, but I'll use the term Google just for clarity you know it can, it can see the existence, but it can't get in. And then, right at the bottom of this ocean, you've got the dark web. And the dark web you need a specific tool called the tour or the onion router. That's the most common way of accessing the dark web and this is um, this is uh, any sort of web address or url that ends in dot onion. And you'll see that if you try and access those websites without that specific tool, then you won't be able to to get access to it. And and you know we can talk about the dark web probably in the second part of this podcast, because it's useful for us as investigators.
Speaker 3:But the type of work that we do, we only really ever go there if the evidence takes us there. We don't go there and hunt around because there isn't really a proper search engine for it. Some people might argue that there is, but my experience is those search engines don't work. So a really good example of this, of the three sort of tiers, is Companies House. So if you Google a company name in the UK, so if you Google CyberOps Global, you'll get my website and the next hit will be Companies House and that will take us into our Companies House record. And that's because Companies House is a surface web database so the search engines can see it and they can get into it and index the content.
Speaker 3:But if you go across the water there to Republic of Ireland, they've got something called the Companies Registration Office or the CRO and they've got a deep web index. So if you Google a company name in Ireland, you potentially get a link to the record, but when you click on that record it will take you to the registration or login page for that database. So that's a really good example of a difference between a surface web database or a web page and a deep web. But you know, most of the time we're operating in the surface and deep webs. Just a quick point on that as well. You know people get sort of concerned when they hear that their information is on the deep web, but it doesn't make any difference to us from a security perspective. Uh, it just means that that the the material is accessed in a different way so that the term open source obviously has an implication that it's open and accessible.
Speaker 2:Yeah, so what would be closed?
Speaker 3:source. Okay. So open source generally refers to something that's publicly available, and actually this is always interesting. We've been doing some training with a UK law enforcement agency recently and this raised a few sort of eyebrows when we talked about exactly what is open source. Because if something's publicly available a company's house, for example there's no dispute that is open source. But sometimes stuff gets published on the on the Web in error. So a really good example of that is minutes of meetings. So you know we have a meeting, don't we? It might be a public authority, so we're duty bound to publish those minutes. We have the full version and we have the redacted version, and sometimes the full version gets published accidentally. So whilst that's available, that's that's open source.
Speaker 3:You know we can grab it, and this is a sort of method that journalists use. If they're focusing on a particular business they might focus on. Every time something's uploaded, they'll grab it just in case something has been published in error. So if it's publicly available at the time, then then we would refer to that as open source. Closed source is something that potentially is not publicly available. So a good example of that is if you take a government agency, if we take HMRC, for example, when we log on to their systems, we leave behind a big footprint of our own, we leave our ip address and information about, so so those investigators potentially could could harvest that information, but it's coming from their own systems. So that would be what we refer to as as closed source. And, by the way you know, we're not giving anything away there because because of data protection law, um and other legislation, organizations have to tell us what they're harvesting about us anyway. But once it's ingested into their systems, that would be closed source.
Speaker 2:And so then, what would be? How would you term then private forums, as an example on social media?
Speaker 3:Yeah, so there was always a bit of a dispute around this, certainly in law enforcement, about you know what we could do and what we couldn't do. But if we move out of law enforcement for a second and just think about a public person you can register for a forum and if you're accepted into that forum, then that information would become open source, because a sort of bolt-on part to the open source definition is available to the public, or a section of the public, so that there's a really interesting military database, um, a forum actually. Um, it's called the army rumor service and we've used that a lot. But when you, when you look at some of the users, their their bios, um, they're all xsas or xsbs or you, and you just know that these are accounts that people have created to get in and look at the forums. So I would say that in most cases you know we would refer to those as open source because we can still get access to the information.
Speaker 2:So when you're accessing a group because they're allowing you into it, yeah, but you're operating undercover or covertly, is that still open source, even though you've gone in under a pseudonym or gone into in under under a legend or a covert personality?
Speaker 3:yeah, I'd broadly say that it is. I mean, obviously, you know government departments are legislated around what they can and can't do. What we've got to be careful of is law. You know we've got to make sure that we don't break any law. We've got legislation under the Computer Misuse Act that potentially we could infringe, so that would be covering unauthorised access to computer material. That law may change in the near future. It's under review at the moment.
Speaker 3:So there's a massive difference between what we would talk about as as public authorities or government agencies and and and people like ourselves. But but you know, it's it. You then, getting into the ethics and the morals of, you know, would we be allowed to do this or wouldn't we? Um, you know, if you think about if you're working on behalf of, say, a brand and you needed to make a test purchase to establish whether an item is counterfeit, for example, um, you know we would obviously use covert techniques to do that. But but the point is is, you know we would be acting lawfully. So you know there's a, there's a open source, closed source, they're all just terminology.
Speaker 2:It's when we get into actual legislation and and acts, that's when we would have to be a little bit careful of of how we position ourselves and we've both probably worked on jobs where people have been accessing private groups, potentially on the deep or dark web, um, which are illegal in terms of the activity they're talking about. Is is uh, threatening, is is abusive. You know child abuse comes to mind, but you know there's there's recent ones we've been dealing with around um kidnapping and all sorts of things. Um, um, I mean, can you just access those or are they tightly monitored? How do they manage those so that they don't let you and me in as an example?
Speaker 3:Yeah, I mean, these are always challenges. What we know is that criminals evolve. People evolve the way they use the internet. When we talk about criminals, we're talking about people that are out there using the Internet and the World Wide Web to commit crime, to share illegal material, to move data around. You know we'd have to, we'd have to think carefully about how we were going to do that in relation to some sort of infiltration, but you know there are methods that we could use to facilitate that. It really does depend on a case by case basis. You know how good are these people versus how good are we?
Speaker 3:What I will say, though, is that you know, sometimes you go into certain forums. I mean, we did some work around the illegal streaming space a few years back on behalf of one of the big companies in the UK, and that was really difficult. They wanted to know a lot about us before they even let us into the forums. But they know that. You know they're committing crime, they know that they're under investigation or they likely are. So, as you know, you know criminals when they're committing crime, their responses are heightened, their, their reactions, the way they they conduct themselves. But you know every every case is different, phil, you know, um, but I would say that the majority of the time we're successful, but sometimes it's a slow burn and that's a problem for clients because they want an instant response, whereas you can't just magically appear out of nowhere and arrive in a forum and start talking about. You know where do you buy this? Who's the best person to speak to?
Speaker 2:it's a difficult environment to be in and so when, when the public and you know us now, we're in the public now hear about cases where guns have been bought or trafficked, or people have been trafficked, or or drugs are being sold on the internet, how, how are they doing that? What's the mechanism? Is that dark web? Or how are they doing that?
Speaker 3:Potentially. I mean again, you know you can buy firearms on common marketplaces and I suppose you know the whole perception is that the dark web is, you know, is where you go for criminality. But actually there's a lot of child abuse imagery. You can buy firearms, illegal weapons. But actually there's a lot of child abuse imagery. You can buy firearms, illegal weapons. I mean, we saw it recently in that case where the guy bought the crossbow online and murdered the members of the family there I think it was his girlfriend's family, or his girlfriend or his former girlfriend and her family. He bought that legitimately.
Speaker 3:You know the World, know the, the, the worldwide web, the internet, the marketplaces they're, they're crammed with this stuff. They're crammed with this stuff and, and a lot of stuff is word of mouth. Um, if you go down onto social networks like um, reddit, uh, you go, you go and have a dig around there, you'll be able to find where to purchase these things. Um, and it's not just reddit, um, you know, that's one that springs to mind. But you know social media is is the place to go to to find out where this stuff is.
Speaker 2:And then I suppose we're into things like telegram groups and whatsapp groups and we've all seen the sort of fallout of those places and I guess that's where the difference in expertise as an investigator comes in, in terms of knowing where to look, knowing how to access it, knowing the language to be using and the techniques. In the old days, when we used to deploy UCs et cetera, there was a particular methodology that we would deploy, I'm guessing, with someone of your expertise and others. That's the same. That's what you're buying. You're buying that level of expertise. You're investing in their skill and their experience and their expertise to act in the way that is, or to find and act in a way that allows access to that information.
Speaker 3:Yeah, and I mean that's exactly it. And when you think about what an investigator is, I mean, a definition I like to use is, um, a person who collects and handles evidential material in accordance with the law, policies and procedures, that's an investigator. So it doesn't have to be a formal investigator. You know, as in as we would, we would know an investigator, but it has to be someone with that investigative mindset. That's the the first thing. So collecting and handling material online is different to collecting and handling physical material in a crime scene or whatever. So we've got to deal with the evidence in a certain way.
Speaker 3:One of the pitfalls that investigators fall into sometimes is they treat material as intelligence, and actually you and I know that something can go from being evidence intelligence material to evidential material in the blink of an eye. Um, we can't see into the future. We're not mystic meg, so we can't. We can't know whether something's going to be evidence in the future. So one of the things I always say to people is do do everything to an evidential standard.
Speaker 3:Um, so the first thing is you're buying is how to do that and how to deal with digital material in a way that it can stand scrutiny. And the second part, I suppose, is the trade craft, as we would call it. How do we do it? What have we learned over the years around how to approach people, how to position ourselves, and also it's having the footprint. You know, you can't just create a Facebook account or an online account today and expect people to take it as credible. You know, you've got these accounts running for years and it's a common thing in cybersecurity and penetration testing they call them sock puppets. So they're, you know, they're accounts that people use to do certain things. We wouldn't call them those, but we've got our own, obviously our own tradecraft around how we would do that.
Speaker 2:So, okay, you touched on the issue around treating it as evidence. Yeah, what does that mean? What does that look like?
Speaker 3:Okay. So when you think about digital material, so let's say, we go to a marketplace and we say, right, there's our client's product for sale and we're going to make an attempt to purchase that, to establish whether it's genuine or is it counterfeit. So the first thing we've got to do is maybe capture that evidence. So what are we actually capturing? Well, we're capturing what's on our screen at that point, on our screen at that point. So, um, we need to take a capture of that and we need to apply some digital evidence principles to that around how we capture it, what tools we use. Where do we keep the original? So how can we use technology, um to to prove that that's got a certain dna, if you like? Because every time you change a file of the dna of that file changes, um, so we'll keep that, so we'll keep the original, we'll apply this tool to to give it its dna. We'll always work on a copy. So at that point we've got an audit trail, so we'll record everything that we do time, date, how we did it, etc. Um, and we'll park that away so that later on, um third party can take that original material, follow our audit trail and say, yeah, this is how they got it. This is what they got.
Speaker 3:I get the same result, and you know, the problem with the Internet is it's so dynamic. Whether it's technical Internet, whether it's World Wide Web, stuff's changing all the time. So one of the things we've got to be very cautious of is, you know, missing stuff. So we might find an ad on a marketplace and then think, right, we'll go back in a minute, and when you go back it's gone or you simply can't find it, you know. So capturing stuff as you go along is important, keeping an audit trail, applying technical measures to give that evidence, a DNA, because you can't physically hold it up. You can't say, look, here's the weapon that was used in an assault or here's the credit card that was used in this fraud. You haven't got anything physical to produce. So you have to use technical methodologies to give integrity to the evidence.
Speaker 2:So you come from a policing background, so you're about evidence. Would somebody who came from an intelligence background operate differently?
Speaker 3:I think certainly in a law enforcement intelligence environment they would operate the same Outside of law enforcement, so people that haven't been exposed to it, so things like business intelligence, corporate intelligence, those sorts of environments not necessarily. And I think that when we deliver training to these types of organizations, their eyes open a little bit and they realize how vulnerable their material is. Now, look, you've always got a person on the end of that material that can give evidence and produce it in the court or a tribunal. Always got a person on the end of that material that can give evidence and produce it in the court or a tribunal. You can be cross-examined, you can ask, answer questions, and that's fine. But the more integrity you can give to your digital material, the better.
Speaker 3:And we have been challenged on this and and we work with um, with a lawyer, um, and and she, she's got a really good example of you know cross-examination um, and she will ask she's not really interested in the in the material, what it says. At this point she wants to know where did you get it from, where did you put it? Who's had access to it? Once she, once she's realized that actually we can stand scrutiny around that, then she'll turn her attention to the, to the actual content.
Speaker 2:So it's all about, you know, the integrity which is not that dissimilar, isn't it in terms of when we used to give evidence in court? It wasn't, you know, it wasn't around. Did they commit the crime? Quite often it's actually. Where do you get the information from?
Speaker 3:yeah. So it's the starting point, yeah, yeah. And that brings us on to an interesting point feeling that. You know, open source investigation, certainly in criminal investigations, is often a starting point. You know, and if defense lawyers can chip away at the, the, the, the foundations, everything else that that's built on is going to come crashing down. So it's really important that we get it right, or at least we can stand scrutiny. We make mistakes, of course we do, but it's about being able to give the best possible evidence. And of course this applies to tribunals, it applies in civil cases, it applies right across the board. You know it's not just let's not just focus on criminal cases. You know a lot of the work we do is civil and in your world, you know, it might be a cease and desist. You know we need to get a certain amount of level of integrity before the court will use that material to issue an order.
Speaker 2:But it's such an important point you made there that you know it's a bit like building a house, isn't it? If you don't get the foundations right, everything else crumbles eventually. Yeah, and so so your element of it. If you're and you may not be necessarily thinking at the point where you're conducting the initial investigation of a prosecution, you may just be saying I, I'm fact-finding, I just want to have a dig around, see what's out there, I want to have a look around, and that's fine, but you don't know where that's going to end up. So you need to make sure that you're starting, as you mean to go on, ethically, obviously evidencing your audit or creating an audit of what you're looking at and how you've acquired it, etc. Because you never know where that investigation is going to end up I mean, it isn't.
Speaker 3:It is exactly that it's about starting off with a view that potentially, everything could be evidence. Um, and look, it's not that much more difficult. It's a couple more clicks, it's one entry in a log, you know, and and it, you know you've given evidence at court. And even if you know your evidence is absolutely bang on, you're still nervous. You know you'd be, you wouldn't. It'd be wrong not to be, because if you get to call to give evidence now, um, you know that somebody is disputing what you've said. Um, so what you're producing? So so the point is is you can sleep a night knowing that you've done everything you can? Um, and I think we're seeing more of that now. We're seeing people actually applying proper tradecraft, proper audit trails, proper processes around digital evidence, because it's where the weaknesses are.
Speaker 2:So really what we're saying is when we're looking at if we're going to use the term OSINT or III, whatever an OSINT investigator finding the material is just one piece of it. It's about preserving all of that as evidential. But also you made a very good point at the beginning of this around the difference between information and intelligence, and I always make the point around some of the work we're doing that you can be the best investigator in the world, but if you don't know what you're looking for, you won't find it. In fact, you'll probably miss it. So the the analysis of what you're finding is also critical yeah, I mean that.
Speaker 3:So just on that termosin, I mean, yeah, we'll use the termosin as long as we understand what it is. Yeah, you know, as long as we understand that. You know it's information, that you know that that's a given. But you're right, you know it's the whole point of you know, doing this type of research, particularly at the beginning of an investigation. Sometimes you don't know what you're investigating. You know someone's just got a concern and you might go out and you have a little bit of information. You know might have an email address, a username, whatever, and you can build on that. Sometimes you don't know what you're looking for. So you know you have to sort of use your investigative mindset to try and work out. You know what's going on here. Why is this important? Why is something not so important? But it is important that you collect as you go because, as I say, stuff does change and disappear. Do you think that?
Speaker 2:people get lazy in terms of they become over-reliant on what they think they're going to find on the internet and they forget to do the old-fashioned kind of walking the streets, etc.
Speaker 3:Yeah, I do, I'm a big fan of you know. When the streets, et cetera. Yeah, I do, I'm a big fan of you know. When we talked about the definition of intelligence and we said information that has been sort of verified or assessed or whatever you want to call it, but it goes through some sort of process, depending what environment you're operating in. But I'm a big fan of if you find something online and you know what the source of that is, then pick the phone up, drop an email and say, look, I'm investigating this, I found this. I mean, obviously that's not suitable in every case, but I do it quite a lot. You know, go to people and say, can you just confirm? And they'll come back to you and say, yeah, yeah, that's correct or no. Hang on a minute, that that's an old record, what we should have updated that.
Speaker 3:So you know, I'm a big fan of of you know, not over relying, even though it's what we do as a business, as an investigator, it's always good to have a conversation with an actual person and we've had some really good results with that.
Speaker 3:You know we were investigating an IP address, which we'll probably talk about in the second part of this podcast, but we're investigating an IP address, which we'll probably talk about in the second part of this podcast, but we're investigating IP address. We found out that it belonged to a hotel or was being used by a hotel in Abu Dhabi. Didn't tell us a huge amount, but when we actually contacted the hotel and spoke to the security team there and I mean this is a non-law enforcement investigation, it's just one that we were doing for a client they were really helpful and they gave us a lot of information that we could never have found online. So sometimes the information you find is a starting point and the information simply doesn't exist online. You're going to have to speak to somebody you know and find out what's in their head.
Speaker 2:You mentioned IP address. So let's just talk about that for a moment, because I think there's again lots of misinformation and confusion around that. So let's just talk about that for a moment, because I think there's again lots of misinformation and confusion around that. So explain what IP is then.
Speaker 3:Okay, so IP is the internet protocol. I mean protocol is another word for rules. If you look around all the technology that's out there that makes the internet work, you will find lots of different P's, lots of different protocols, but IP is the oldest one, and an IP address basically is your phone number, if you like, for the internet. It's oversimplifying it, but it gives you a location. So when you ask for a website, your router and your service provider jump out onto the World Wide Web. They ask the server to send you back the page and it comes back to your IP address. Now the thing about IP addresses is there's a lot of technical issues around them. Sometimes they stay the same, sometimes they rotate round, sometimes they're private, sometimes they're public.
Speaker 3:But the myth is that you know an IP address can identify a person.
Speaker 3:Sometimes it can, but more often than not it'll just take you to a service provider and then, unless you've got lawful powers to get into the service provider I mean, if you take my IP address here, for example, you would very easily find out that it's a BT business IP address, but that won't tell you any more and it comes back to London and I'm up in Cheshire, so it doesn't give you a huge amount of information.
Speaker 3:But if you spoke to BT using law enforcement powers, they will be able to tell you exactly where I am, but it would only take you to the router. So, again, it only takes you to the office, it doesn't take you to an individual. Then you've got to start asking about who did what. So years ago, finding IP addresses was almost like the golden goose, but now, to be honest with you, they're not that important. People can use VPNs, they can use all sorts of technology to hide their IP address, so they're not hugely important, although, again, you don't know what you've got until you start to build on it so it's again, it's a starting point.
Speaker 2:It's a starting point yeah, and some.
Speaker 3:Sometimes it'll take you to a hotel in abu dhabi. Sometimes it'll take you to a bt business service.
Speaker 2:You know, it depends what you've got so we're going to get further into all the kind of technical details and and the tactics, um, in the second part of this podcast.
Speaker 2:Um, we're going to get further into all the kind of technical details and the tactics in the second part of this podcast.
Speaker 2:We're drawing to a close on this episode, which has been really informative, john, in terms of, I think, probably allowing people some clarity around some of the terminology, understanding, I certainly think, understanding the difference between let's be blunt someone who's done a kind of two-week osin course, which I've done in the police, to somebody who is a proper internet investigator as such. Um, so we're going to come on to put all that in part two, but for now, john, thank you so much, just reminding everybody that, um, you know, subscribe to our website, which is out every monday. You can do that on our website and, if you're enjoying this podcast, obviously wait for the second part, because it's going to be fantastic. But subscribe and that way you can get access to all of our podcasts. You get alerted to when they're on and we're available on all the on the usual platform. So for now, john, thank you so much and we look forward to part two. You're very welcome.
Speaker 1:Thanks, phil, you so much and we look forward to part two. You're very welcome. Thanks, phil. Thank you for listening to the Diffuse podcast with host Philip Rendell, ceo and founder of Diffuse. Please rate, review and subscribe on your favorite podcasting platforms.
