Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Baptiste Robert Profile picture
@fs0c131y
May 20, 2024 19 tweets 8 min read Read on X
Scrolly
The owner of the "Incognito Market" has been arrested. It's #OSINT time!

THREAD 1/n
Today, the @FBI announced today the arrest of RUI-SIANG LIN, a/k/a “Ruisiang Lin,” a/k/a “林睿庠,” a/k/a “Pharoah,” a/k/a “faro,” in connection with his operation and ownership of “Incognito Market,” an online dark web narcotics marketplace

justice.gov/usao-sdny/pr/i…
Image
@FBI Of course, they are doing #OSINT at the FBI. In the indictment, they mentioned the "publicly available information" about Rui-Siang Lin Image
@FBI I started by a simple Google search and found this email address ruisiang2000@gmail.com mentioned in this Gitlab profile gitlab.com/ruisiang
Image
@FBI Thanks to , we can find multiple accounts including his Github account predictasearch.com
Image
@FBI Side note: A Garmin account is linked to this email address but it's not mentioned in the indictement. 2 possibilities: they didn't find it (unlikely), Garmin is not answering to legal requests
@FBI Ruisan has a pretty active digital life. All his social accounts are available here:

He also uses the same username everywhere: RuiSiang rs.me
Image
@FBI As mentioned in the indictment he was working for the Taiwanese Ministry of Foreign Affairs

linkedin.com/in/ruisiang/
Image
@FBI His last job was based in Santa Lucia which is confirmed by his Google reviews

google.com/maps/contrib/1…
Image
@FBI This guy is pretty young, he was a student researcher and intern before Image
@FBI Also, he is on Twitter under the pseudonym @ruisiang_tw. You want something funny ? He did a thread about the arrest of the owner of SilkRoad. Is it what we called irony?
@FBI @ruisiang_tw Worth mentioning too. He appears in a video on Youtube to talk about his open source tool PoW Shield
Image
@FBI @ruisiang_tw In the description of this video another email address is written: contact@ruisiang.xyz
@FBI @ruisiang_tw I will start to think that all cybercriminals are looking for love

tinder.com/@RuiSiang
Image
@FBI @ruisiang_tw If we go back to the results, in his Github account he added ZenPeak Capital as a company predictasearch.com
Image
@FBI @ruisiang_tw I found 1 website with only a landing page zenpeak.capital
Image
@FBI @ruisiang_tw I also found this profile which mention a monero address 0x203356d6Ea71b8fF56C8Cd6afb4a4A29d49Cb492 app.ens.domains/zenpeak.eth
Image
@FBI @ruisiang_tw This wallet contains $8,338.05 etherscan.io/address/0x2033…
Image
I will stop this quick #OSINT check here but what we can say is:
- This guy seems to be skilled and passionated about cryptocurrencies
- His public digital footprint doesn't smell the drug lord he is as mentioned in the indictment
- We should probably start to investigate from his usernames

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Baptiste Robert

Baptiste Robert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @fs0c131y

Baptiste Robert Profile picture
Mar 15
Regarding the DDoS attack on X:

- Yes, we have identified the correct individual, and he is aware of it. He has attempted to delete evidence since the publication of the tweet.
- Again, it’s not a one-man job. We have also identified the other members of the team.
- They are aware of it. They sent 500 million requests to predictasearch.com over the last three days.
- Trust the process. A report has been sent to the concerned authorities, and they will do their excellent work as usual.Image
They created a new Telegram channel. The last post they forwarded is from a channel called "Russian Partisan." This is not surprising according to our initial findings.

Image
Image
Regarding the DDoS attacks on :

Cloudflare is clearly the best option available on the market when it comes to DDoS attack protection. predictasearch.comImage
Read 5 tweets
Baptiste Robert Profile picture
Mar 11
Hi @elonmusk,

I've identified the people responsible for the DDoS attack on X yesterday. I'm currently in Washington and will be at the Eisenhower Building tomorrow (for another matter). Would you be interested in meeting?

In the meantime, let me explain

It's OSINT time! Image
@elonmusk Yesterday, a group called "Dark Storm Team" claimed responsibility for a DDoS attack on Twitter.

Their leader, MRHELL112 on Telegram, has previously used usernames like Darkcrr, GLITCHAT1, and GLITCHcracker. Image
Image
Image
@elonmusk In a Telegram channel about "DDoS Attack Services," DrSinaway is mentioned alongside Darkcrr.

DrSinaway’s TG bio also references a group called CyberSorcerers. Image
Image
Image
Read 11 tweets
Baptiste Robert Profile picture
Mar 3
Votre volonté d’ajouter une porte dérobée dans les applications de messagerie est une énorme idiotie. Presque autant que votre condescendance…

Explications ⬇️
Beaucoup s’inquiètent, donc madame explique. À coup de novlangue et de mots clefs.

Le fameux : “Si les français ne comprennent pas c’est que l’on n’a pas assez expliqué”

Vous prenez les gens pour des idiots et après la classe politique s’étonne des résultats dans les urnes
Après avoir dit que le texte est trop large un tweet plus haut on parle “des services” ? Il n’y avait pas un mot plus large dans le dictionnaire de la French Tech ?

Non il n’y a pas de backdoor qui respecte les libertés et la vie privée. C’est un MENSONGE.
Read 12 tweets
Baptiste Robert Profile picture
Feb 7
Operation TALENT - Tracking the Hackers

On January 29th, Operation Talent dismantled the cybercrime forums Cracked and Nulled, led by two young individuals and used by millions.

Want to dive deeper?

It's OSINT time! ⬇️Image
To complete this investigation, the @PredictaLabOff team utilized our platforms predictagraph.com and predictasearch.com.

Thanks to the collaborative mode, you can access a snapshot of the graph here:
predictagraph.com/graph/snapshot… Image
@PredictaLabOff Time to uncover who was behind the forum Cracked.

@CrackedTo is the official X account of the forum. The associated email, olivia.messla@outlook.de, was revealed in the 2023 Twitter breach. Image
Read 16 tweets
Baptiste Robert Profile picture
Jan 19
The IP address of DrugHub, a well-known dark web drug marketplace, has been exposed.

The website owner made a critical OPSEC blunder.

It's OPSEC time!
On the website's /info/market-links page, three links are provided:
- The primary .onion address
- A clearnet link
- A permanent mirror Image
Currently, drughub[.]xx is protected by Cloudflare, but two months ago, it was hosted on the IP address 186.2.171.6. Image
Image
Read 9 tweets
Baptiste Robert Profile picture
Jan 14
Worried about a TikTok ban? Americans are now flocking to Xiaohongshu (REDnote), another Chinese app.

Spoiler: Yes, it tracks its users.

Time to dive in! ⬇️ Image
When creating an account, you must verify your phone number by entering a code received via SMS.

The request sent to Xiaohongshu's server includes your phone number (of course), along with your IDFA and IDFV. Image
Image
What’s an IDFA? The Identifier for Advertisers (IDFA) is a unique device ID assigned by Apple to every iOS device.

Many actors, like data brokers, use it to profile you, track your location, and more.

Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(