I self describe as a hacker but that word is overloaded. Laypeople jump to the conclusion that I’m violating Title 18 § 1030 aka the Computer Fraud and Abuse Act. Those who know me a bit understand that there’s some nuance to that Covert Acquisition Specialist role I recently admitted on my LinkedIn profile.

For the sake of a visual, I’m more like … Professor Horace Slughorn. I … collect things.

And most recently I collected a researcher account for IntelX, which I’ve shared with a couple of select diggers by installing it in a Sapper Labs Cloak account. You see, I complain so regularly and specifically about Cloak, they’ve accorded me a team environment …

Attention Conservation Notice:

Exploring a fun new tool that we’re trying to exercise hard enough that they’ll let us keep it. No animals were harmed in testing, but there will be additional angry Iranian agents soon, based on the chatter in certain Signal rooms.

Cloak:

First, a bit about Cloak. It’s a Kasm Workspaces based system with a curious network contraption that hides one’s location. During our initial call we talked network stuff, which is how I got access in the first place, and since then I’ve periodically had a go at breaking things. I suspect I got close to the Chamber of Secrets when they took away most of the international exits, but such is the price one pays for being too nosy.

Among my investigation oriented suggestions was the notion that they should provide TailScale as a user configurable thing so we can employ burner phones as exits. One of the big issues any more is that fraud detection is so tense you can hardly sneak around without stepping on some sort of land mine. Being able to pay for a fresh burner and then use it for all activity would be a huge leg up in this area.

This is new, Cloak Xray was broken for a while, now it’s back. And Discord, Signal and Telegram all work(!)

IntelX:

These guys at IntelX are worse packrats than I am. The interface difference you see here is that my personal Cloak is older, and has the KDE desktop, while this new shared one is an Ubuntu setup.

But just look at all that juicy data …

I was a curator of many documents with Disinfodrome (RIP) but that was primarily large volume FOIA data, and certain sorts of leaks I was handling for journalists. The breadth of material in the IntelX system is truly amazing. It’s as if someone collected every single leak in the world, all in one place.

I did a few personal searches, but the bulk of the activity is connected to findings in the Iran PressTV leak. This thing is truly a hydra, all sorts of players are directly involved, and the friends of friends network is a wonderland of “Wait, what?!?!?!”

I’m itching to dig deeper into this - my precious RiskIQ unlimited researcher account is gone. Microsoft bought it, fucked it up pretty good, and then cancelled the entire RiskIQ offering at the end of 2024. The flabby Microsoftified successor is so uninspiring I haven’t even bothered to see if they offer researcher access.

But this looks … promising.

Conclusion:

Early this morning is the first time I’ve been able to touch IntelX since Fleeing Black Mold. I checked the things I needed, and now I have to go do some Python programming, my first stick time with Visual Studio Code since I escaped that dreadful PHP quagmire.

I’m going to take some requests from the audience here - let’s see what we can find within IntelX. If there’s something that’s always intrigued you now would be a great time to drop me a note with the particulars.