All of Chris Monteiro's Comments + Replies
My attempts of creating summaries with ChatGPT violated the content policies last I tried.
There is lots of OSINT work to do, but until I have normalised all the ID data out from the message data, I am not comfortable handing it over to OSINT specialists or their AIs.
Yes, but it's probably closer to saving maybe 25 lives, and saving 500 people from stalking/abuse/etc
The data is not public. I accessed it anyhow. Perhaps you want to listen to the podcast to get a fuller chronology, I have not written it up yet.
Publishing the whole list, without precise addresses
To identify a person internationally, a name isn't enough, you must also supply an address or social media links.
I've performed medium level OSINT on most people so I annotate a fair bit of extra info internally.
I do have tentative plans to publish a highly redacted format, such as 'A <seriousness level> plot where someone <did/didn't pay> to <kill/beat/harm> a <number of persons> of <genders> in <city/state/location + country> who appears to be <relationship-details...
Up to late 2023
Do you know anyone who could guide me through this process?
Interpol (and Europol) doesn't work for the public, only for incumbent law enforcement agencies.
Europol took explicit credit for one case, https://www.europol.europa.eu/media-press/newsroom/news/dark-web-hitman-identified-through-crypto-analysis but that was actually overturned in the Italian courts years later.
Attempts by the podcast team to route cases from the UK through to Interpol and other countries yielded no results, likely due to the game of 'telephone' such referrals go through. One case in India ended up informing the would-be-killer about his p...
It varies depending on how powerful the law enforcement agency is and whether they understand it or not, with the FBI and German Federal police being the most effective.
It's not all saving lives, often it's protecting people from stalking, physical and mental abuse, child custody disputes and the like, because in many cases (especially so with women perpetrators) they would never actually turn to violence themselves.
I have not been party to all of the journalist hard costs for local investigators, but I think they were doing at least $3,000 initially per m...
1In that case I would consider applying for EA funds if you are willing to do the work professionally or set up a charity to do it. I think you could make a strong case that it meets the highest bar for important, neglected and tractable work.
I've looked! The only one that comes close I am aware of is https://globalinitiative.net/ with whom I have been trying to engage for some time. There appears to be more money to study crime and do things like victim support than any money to fight crime.
If I were to speculate, policing agencies would not like the existence of non state-aligned policing agencies, being considered like mercenaries, private detectives, vigellantes and hacktivists.
Any body who could appear sufficiently legitimate in the eyes of the law would be subsumed into the system by definition I reckon.
It varies by the country's policing capability, citizens online footprint, the history and status of the feud, the severity of the online element and language barriers as well as highly variable economies of scale such as an effective engagement with a law enforcement agency.
The only ones that have come close to this have been the FBI and the Bundespolizei (German Federal Police) where there is evidence they did at least a basic investigation of every major case based on a medium (US) and very high (Germany) public arrest and prosecution records.
I won't sh...
It sounds like you are saying it should cost <$50,000 to get all 800 cases taken care of. How many lives do you think this would save in expectation? Based on what you said above, maybe like 5? So that's $10,000/life, not bad eh? And if it's more than 5 in expectation then this is really cost-effective. (And if it's less, it's still somewhat cost-effective compared to most charities.)
I have had very random people reach out to me who have been the target of threats etc so I have looked them up.
But compared to the scope of data breaches and the ease of checking them via an email address, my 1000 names is not at that scale. I have had some very small scale investigations work commissioned off of these queries, but it's so quick and easy for me to do I have not got around to charging or doing extended investigations.
Maybe, but I have been contacted by people who have received the scam email before.
It's true that some people reached out AFTER the podcast aired, only then taking it seriously. I am partially able to leverage it for credibility also.
Ultimatey significant effort is required to contact people, and then further more to provide a full context, risk assessment, after which they typically require support taking the issue through multiple law enforcement agencies, that is if they don't turn to violence themselves which has happened in at least one occasion:(
But how are people supposed to react to such framing? Also some orders are limited to just name / address etc, where as some plot graphic torture for weeks and months.
I got to the suggestion by imagining: suppose you were about to quit the project and do nothing. And now suppose that instead of that, you were about to take a small amount of relatively inexpensive-to-you actions, and then quit the project and do nothing. What're the "relatively inexpensive-to-you actions" that would most help?
Publishing the whole list, without precise addresses or allegations, seems plausible to me.
I guess my hope is: maybe someone else (a news story, a set of friends, something) would help some of those on the list to take i...
Not really. Journalists spent months doing this via phone, email and messages and were ignored.
Also, there are literal 'I am a hitman hired to kill you, pay me money to stop' scams that exist.
without social support from people who have seen this stuff before
The little contact I have had with police doing darknet investigations of this nature leads me to believe they are mostly ineffective at anything international, as does last year's operation by the police against the site.
The police have presumably learnt that 'international is hard' (which it is) and chosen to accept this.
In about 50% of cases I have social media links for the victims, but that is not the same as having their emails. I am working on abstracting the contact details from the ...
With regards to dumping the info on the internet, the files by definition contain extensive personal identifable information about people, names, addresses, photos, social media links often alongside allegations of their alleged crimes ranging such as infidelity, child abuse and financial fraud.
I can rarely substantiate these, and know for a fact based on the investigated cases that such allegations are often completely fabricated in order to frame the user's request for violence as more morally justified. I don't think it's fair to publish such informatio...
It would be a valuable service to point the people targeted to information about them. I'm imagining something like Have I Been Pwned, but if you don't want to post the info in cleartext, perhaps you could encrypt the information about each person with name as the key?
The way I see it, if I were on this list, I'd want to be able to find out. You keeping the information to yourself (or telling only cops who ignore the information completely) out of some sense of ethics doesn't help me very much.
I am sure there are some interesting uses of agented AIs in can configure for automated OSINT but this feels quite large a task given I am bottlenecking more in who to hand the data to rather than it being insufficiency rich.
Know any preconfigured agency menageries for something like this?