The first time I ever sat and went through someone else’s email with Maltego and The Timeline Project was about this time in 2011 - the HBGary Federal intrusion. Senator Ossoff, who was just Hank Johnson staffer Jonathan Ossoff, is the one who circulated the white paper I wrote, which led to twenty House offices calling for hearing. The woman in the middle is Beth Becker, my former business partner. She stayed in politics when I went off to do other things at the end of 2012.

My ex-wife had a corporate organizational development practice when we met, so I’ve done a bunch of assisting in that process, sat in on a number of exercises, and twice applied it to startups in which I was involved. We separated right at the turn of the century, but the learning stuck with me. I don’t precisely remember the first time I sat down with Maltego and MY network, with an eye on enhancing productivity, reach, and security but … 2014? 2015?

Attention Conservation Notice:

If you’re managing volunteers in any fashion this will be helpful. If you’re trying to learn how to assess group behavior based on the trail they leave, this will be helpful. If you’re an individual contributor and had no idea things like this happen, or if you’re a happy specialist with a niche, feel free to resume doom scrolling elsewhere.

Cultivating Self Awareness:

Change is the only constant. If you’re in the midst of a large, messy flow of events and you are not tracking things in a functional fashion, if you are at all effective you WILL get rolled, it’s only a matter of time. I used to do a lot with grassroots groups, but that environment is deeply toxic. I did a major housecleaning in 2020 and then again last summer. Where once anonymity was a benefit, today personas are all de facto persona non grata, no matter what they claim or even actually produce. People who are always around but who lack any discernible means of support are presumed to be paid nuisance actors, and shunted to low value profiling activities, if they’re engaged at all.

Whatever obscure stuff we were doing in 2023 is winding down and the election is seven months off. Like kids milling around the gym on a snow day, we’re in the process of picking teams for dodge ball. Post-housecleaning there are 58 green “people” dots, 17 teal “group” dots, and the orange pairs are logical groupings so the whole thing isn’t an impenetrable mess.

The world is continuously variable and that graph is something I update … quarterly? Not even that, more like two or three times a year. This update folds in one death due to natural causes, a debilitating brain injury, and two people whose newfound focus is coping with long COVID.

Time Bandit Patrol:

This Gambits for Deception infographic is from an article entitled JTRIG Manipulation, which we know of thanks to Edward Snowden. While the United Kingdom is nominally an ally, the one encounter I’ve had with GCHQ paid trolls makes me glad that Snowden, whatever his underlying motivations might have been, counted coup on them. Without going into great detail, the right wing bias seen in American law enforcement is also on display in this area as well.

One excellent cure for people who can do this sort of thing full time is a fulsome activity log. I’ve gotten used to seeing what’s likely to be important and stashing it in files that have the name format YYYY-MM-DD-Entity1-Entity2-etc.

If I need to do a time based review of events, which was a more or less monthly thing when I still tolerated walk on talent, one command would sweep the needed time range into a Dropbox for those involved in the review. Prior to anyone else seeing it I’d go through and delete the not so useful stuff, typically a quarter to a third of all items. The point of the reviews was sense-making, but it was also a collection enrichment exercise. Anything that required group attention usually resulted in some new entries.

Proper Tooling:

When I rebooted this Substack at the start of September 2023, the first thing I did was convey some basic tradecraft and tools that are within reach. Substack has been having some post indexing issues, so the Tool Time content is NOT accessible at this time and it’s not anything I can fix. That being said …

Basically, Maltego Community Edition is free and you also need some way to put things in temporal order. Stamping files works for me, as do funneling Talkwalker Alerts into Inoreader, and for truly serious problems there’s my underutilized Sentinel Visualizer license. I’ve seen people have good luck with various calendar apps.

Mindset:

There’s a book that keeps turning up in recommended reading - Psychology of Intelligence Analysis. That one is free and per some retirees I know it remains the “bible” for the CIA’s analytical teams. It was joined on my tradecraft shelf by Structured Analtyic Techniques for Intelligence Analysis, but be aware from the start that this is way too heavy to impose on a volunteer force.

There’s a seasoning aspect to things - there are things that would have confounded me in 2012 that today are the subject of sly mockery. There’s a bit of that in this post, a non-acknowledgement of that certain someone and their delusions of adequacy.

Hi there :-)

Conclusion:

No matter what sport you enjoy, there’s almost always some sort of scrimmage aspect to it. This is the same - if you want to develop the sense of the people, resources, and time that go into the influence operations you are observing, there’s no better way to learn than applying the same discipline to your own stuff, where you CAN see the internal flow of activity. If you can manage it without triggering a tsunami of paranoia, it’s good to recruit someone from, or better yet just near your group, and ask them what they perceive. Comparing what an outsider sees to what you know will sharpen your ability to envision how your moves look from the outside.

This is a very different post than what I thought I was going to write when I opened the editor an hour ago. The best ones are always like that …

Coda:

Circulated the graph among my peers and learned about all sorts of things that have either been written off, or interface has changed dramatically, and there are several new things. Overall down to just 38 names and 15 groups, but I don’t think “ponderously gravid with potential” is excessively hyperbolic.

There are three things balancing on a knife edge that would change everything. They’re not a perfect line of dominoes, but there is a LOT of synergy. It’s been a while since I’ve had a good wave to ride, maybe this is it.

Encore:

Another response, leading to two new groups, with one person new to me in each. What I said earlier about gravid is quickly proving out …