Your colleague Lisa in the SOC has prepared a report of findings for you regarding the threat actor of concern. Lisa is a trained OSINT analyst from her days in the military working intelligence cases. She has found the following information from a wide range of sources.
The threat actor is named Jack Doe, and he was born on May 22nd, 1989, and currently resides in Atlanta, Georgia. According to his Facebook profile, Jack is recently divorced, has no children, and owns two dogs. Most of the pictures on the account are associated with his sports and hobbies. These hobbies include fishing, hunting, and cross fit. Jack has made posts regarding the current election. While most of these posts are sarcastic in nature, a few posts could be considered threatening. Jack is enrolled in Computer Science courses at a local college where he is working on his Master’s. There are a few pictures of Jack at a party, but nothing damaging was found.
According to LinkedIn, Jack Doe has recently changed jobs and is now working as an IT specialist at a small biotech company. There are countless posts of Jack disparaging his old company. There seems to be some friction between him and his old boss about a promotion he did not receive. Interestingly enough, his old boss is now in a leadership position here at JVM Cybersecurity Consulting and Managed Security Services. Additionally, Jack (as was mentioned on Facebook) is taking courses to pursue his Master’s in CS. He has also taken various SANS ethical hacking courses, CI courses, and has attended conferences such as Blackhat and DEFCON this past summer.
On October 1st, Jack tweeted, “My IT (hacking skills) are getting good. I am learning to use this amazing hacking tool.
On September 15th, Jack tweeted a negative sentiment towards his work: “My previous organization was so mismanaged they couldn’t organize a bake sale let alone a million-dollar SOC service project for a banking customer.”
On September 8th, Jack tweeted, “I hope my boss quits before I have to.”
Forums
It was confirmed Jack has posted the following:
“Message me on how to seek revenge against an old company”
“Anyone have any ideas on “how to hack without being detected.”
Jack has also posted technical questions on tech republic and related forums about
“How to best use Metasploit and other password cracking tools.”
Dark Web
Jack has expressed interest in the Dark Web, but no further information is known at this time. Analysis was not done on any dark web activity but is an option to consider in the future.
