I was doing some pro-bono work because the 'client'—in quotes, since I wasn’t getting paid—had a fairly dire situation. They had lost track of a target who was violent and most likely armed. I can’t say more than that.

To sum it up, they were fucked.

They gave me a name, a city the target lived in, and an email address.

Let’s begin.

I began with my sharpest and deadliest weapon: Google. I also ‘Bing’d’ everything I could related to the target because it’s a good practice and sounds kind of sexy. 

There were a few hits, but most of it was locked down or wiped. Instagram was empty. TikTok was barren. Music accounts had some content, but minimal, and nothing useful—just learning the target and I have very different tastes in music. No judgement, I guess, but their musical taste was total shit.

Did bringing down the swift blade of justice become slightly more personal due to that fact?

I cannot confirm or deny.

Now, I decided to try something new(ish).

Maltego was not a tool I used very often. I used it a few times way back in the past, like 4 or 5 years ago, but it never caught on with me. I like to kick it old school. Notes. Push pins. White boards.

Regardless, about two weeks ago, a very nice person from Maltego slid into my DMs and said I should try it out. They gave me one of those limited trials. They said that they valued my opinion and, at one point, called me a “thought leader.”

Fuuuuck me…

After making them swear upon the spirits of their ancestors to never call me that again, I decided to give it a whirl. And for the record, I’m not being paid or made to do this. I explained that if I thought it sucked, I’d say it out loud at some point.

Anyway, I decided to plug the target’s email into Maltego’s graph tool.

And for what it’s worth, Maltego doesn’t suck.

It led me to a bunch of user and phone accounts and provided plenty of useful information. It also provided me with a possible date of birth, which I could not confirm. Still, I did find images of the target via a social media account they must have forgotten about, and it was a rough match. Suffice it to say, they were in their very early twenties—a kid. 

Now, all the information Maltego provided was very useful. But the most helpful aspect was the context their tool was able to provide. The target had a boatload of video game accounts, and they all used the same username. 

I found accounts for Roblox, Minecraft, Call of Duty, League of Legends, Valorant.

It was a smorgasbord of nerdiness.

Now, I grew up in the late 80s and early 90s. My video game experience was different than that of the target. I mean, no judgment, but first, we had the shit taste in music, and now shit taste in video games? 

Ok, fine, I take it back. Full judgment.

Based on what I found, the target is a 20-year-old kid who likes to play video games. They skipped their hometown, or they're there somewhere but hiding. Their social media accounts are mostly wiped. They are clearly trying to go dark.

I began to think about my next move. 

Now, I want to give a shout-out to Darkside here, a breach data tool I often use. 

Using the target’s name (which is one of those ‘every person’ names because there are about million of them on the planet), I was able to correlate some other information that allowed me to find a few hits. Darkside provided me with a secondary email and additional confirmation of a consistent username that seemed to be used everywhere. This was the same person. I now had an address, too, albeit an old one. Still helpful, though.

Now, I know Darkside has a Maltego API. Did I use it? 

Do you honestly think I will change my ways just because a very nice Maltego employee says I’m a “thought leader?” 

First, the term “thought leader” needs to be taken out back behind the barn and shot. If you call yourself a “thought leader” in public to other human beings, shame on you. 

Second, I’m stubborn. Of course, I used Darkside in the old-fashioned way. I’m no people pleaser. 

But what was interesting is that the secondary email I found connected to a bunch of other phone numbers, which then connected to more video game accounts, all with the same username.

Fortnite, Destiny, Battlefield.

More kid nerd stuff.

I needed to ruminate. I withdrew. I collected a Coke Zero from the fridge (still not endorsed or sponsored by Coke, by the way) and wandered around my basement.

The Coke Zero was cold—refreshing. 

I considered how I would hide and what I would need. Moreover, I had to think like a 20-year-old. Do young people even enjoy Coke Zero? Probably not. They probably sip energy drinks or vape or some shit. 

If I were in hiding, I would have to figure out a way to get my Coke Zero fix. Habits die hard. I looked over at my fridge and opened it. I had about 3 cases of the Zero. If I suddenly decided to run, I’d have to take these with me. Credit cards can be tracked, and I’d need them to keep me going until I could muster up some cash.

I wasn’t about to leave all this divine nectar behind. It represented my work. How I labour hard under the yoke of Permanent Record Research, get paid, and exchange that pay for goods and services. No. It was a matter of pride. This was MY Coke Zero. I earned it. It was like a point system—my stats, which measured my success as a person on this Earth.

I suddenly remembered my teenage nephew. He once talked to me about Fortnite, this really popular game that I didn’t care about. He went on and on about his stats and his many wins and losses. It was exceedingly important to him. It mattered. A lot.

He even went so far as to show me his stats once. Everything was tracked. Hours played. Games played. Wins. Losses. Weapons used. Information dating back to the very first game, and updated to the minute with the most recent data.

I took a sip of my Coke Zero. It stood to reason that, even in hiding, my 20-year-old target would conceivably continue to play video games. 

There are a bunch of handy websites that track video game statistics.

Plink.gg is an app you can download, and start searching for usernames. Blitz.gg is another one that tracks games and matches. In this particular case, I turned to a site called tracker.gg.

My target was fairly predictable. They used the same user name across multiple places. Whether it was their socials or their video game accounts, it was always the same.

I knew the games they played and their user name, so I began to hunt.

I got hits with nearly every game. The target played between 6 months and a year ago, but nothing more recent. 

Then, I got to Fortnite.

I punched in the username, and it popped up. There were stats for the last seven days. At the time of my investigation, the target had literally just finished a round of this inane game. I was about 45 minutes behind them. 

They were hiding but leaving this digital trail of video game statistics that could be monitored or subpoenaed by law enforcement. Moreover, one could backtrack and find their phone number or email address, which would still need to be active to play. 

In simple terms, this massive lead can open up a whole new host of selectors. It also can provide context and show a pattern of behaviour. When do they play? How long? It also ties to a specific gaming system, which can also be useful, as that system will have a specific address. Those gaming accounts often have public “friends” lists, which can also be monitored. I was able to locate a colleague of my target, who also used a recurring username for various apps and played Fortnite. By looking at play times, one could possibly find other contacts of the target who may have further information.

We didn’t know where the target was yet, but we knew they didn’t burn everything down. Remnants of their old digital life were still very active. 

When I handed everything over to the client, including several phone numbers and other accounts I had found, they were quite pleased. I was working for free, after all. And while I only spent about an hour on this, they had more than enough leads to pursue. 

I felt like I did something good for the world. I felt warm inside. I was still poor, mind you, but warm.