Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Baptiste Robert Profile picture
Baptiste Robert
@fs0c131y
CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT

May 20, 2024, 19 tweets

The owner of the "Incognito Market" has been arrested. It's #OSINT time!

THREAD 1/n

Today, the @FBI announced today the arrest of RUI-SIANG LIN, a/k/a “Ruisiang Lin,” a/k/a “林睿庠,” a/k/a “Pharoah,” a/k/a “faro,” in connection with his operation and ownership of “Incognito Market,” an online dark web narcotics marketplace

justice.gov/usao-sdny/pr/i…

@FBI Of course, they are doing #OSINT at the FBI. In the indictment, they mentioned the "publicly available information" about Rui-Siang Lin

@FBI I started by a simple Google search and found this email address ruisiang2000@gmail.com mentioned in this Gitlab profile gitlab.com/ruisiang

@FBI Thanks to , we can find multiple accounts including his Github account predictasearch.com

@FBI Side note: A Garmin account is linked to this email address but it's not mentioned in the indictement. 2 possibilities: they didn't find it (unlikely), Garmin is not answering to legal requests

@FBI Ruisan has a pretty active digital life. All his social accounts are available here:

He also uses the same username everywhere: RuiSiang rs.me

@FBI As mentioned in the indictment he was working for the Taiwanese Ministry of Foreign Affairs

linkedin.com/in/ruisiang/

@FBI His last job was based in Santa Lucia which is confirmed by his Google reviews

google.com/maps/contrib/1…

@FBI This guy is pretty young, he was a student researcher and intern before

@FBI Also, he is on Twitter under the pseudonym @ruisiang_tw. You want something funny ? He did a thread about the arrest of the owner of SilkRoad. Is it what we called irony?

@FBI @ruisiang_tw Worth mentioning too. He appears in a video on Youtube to talk about his open source tool PoW Shield

@FBI @ruisiang_tw In the description of this video another email address is written: contact@ruisiang.xyz

@FBI @ruisiang_tw I will start to think that all cybercriminals are looking for love

tinder.com/@RuiSiang

@FBI @ruisiang_tw If we go back to the results, in his Github account he added ZenPeak Capital as a company predictasearch.com

@FBI @ruisiang_tw I found 1 website with only a landing page zenpeak.capital

@FBI @ruisiang_tw I also found this profile which mention a monero address 0x203356d6Ea71b8fF56C8Cd6afb4a4A29d49Cb492 app.ens.domains/zenpeak.eth

@FBI @ruisiang_tw This wallet contains $8,338.05 etherscan.io/address/0x2033…

I will stop this quick #OSINT check here but what we can say is:
- This guy seems to be skilled and passionated about cryptocurrencies
- His public digital footprint doesn't smell the drug lord he is as mentioned in the indictment
- We should probably start to investigate from his usernames

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling