Historical incarnations of the role of “the investigator” might conjure images of Sherlock, Hercule or Nancy – the classic gumshoe lurking in the shadows, quietly assembling the pieces of some iconic mystery.
But what does that role look like today, several leaps into the 21st century and seven decades deep in the Information Age? New-generation investigators and analysts have never known a world without social media. Have processes evolved accordingly?
Maria Thomas, Lead Investigator at Unit 221B, sat down with Fermata Insights to answer some of these questions, communicate hopes for the larger industry, and share on the raw thrill of the find that keeps her powering through even the toughest cases.
What drew you to the investigative industry? What was the path that led you here?
Years ago, in the mid to late 2000s, I spent a good amount of time on 4chan, which I would not recommend to anyone. There, I saw people showing off their investigative skills, which were used there to bully and terrorize each other. If someone made the mistake of posting a picture of themselves, even with their face redacted, there was a chance another user would find them and their location just from the background. One that stuck out to me was an image posted of a person in their bedroom, and one sleuth managed to identify their address and the school they went to by the peek of a street corner through a window in the background, and the edge of a jacket sleeve poking out of a closet.
After seeing that, I realized just how much information could be discovered from one point of entry – a picture, a name – and I would occasionally spend my free time trying to see what I could find about people. A bored weeknight here and there was spent digging into random people online. I never, ever, contacted them or used this information, and forgot it the next day – it was just a hobby. For example, I got a suitcase from a flea market that had some blank postcards from the 1950s, an initial, and a last name, so I spent the night digging into the family of the person it had originally belonged to and locating the exact spots the photos on the postcards were taken. I’d grown up on the internet, and knew how to navigate it well, so finding the people involved was simple.
Years passed, jobs were cycled through, and COVID hit. I am a gamer, so what else would I do during the long, empty days of early quarantine than play games? In one of these games, I met someone who was just getting started in cybersecurity. When I told him about my internet hunting hobby, he informed me that OSINT as a profession existed. I had no idea. He opened the door of cybersecurity for me and let me take some of the tests his OSINT class was taking. When I aced them quickly, I decided to dive into the field, hard. I had zero experience, so I had to start from the basics, using the training websites Hackthebox and Tryhackme to get up to speed. I took courses on cybersecurity and OSINT. I started participating in various challenges and events, such as Quiztime on Twitter, Tracelabs’ Search Party CTF, and a Hackathon, learning more with every step.
In the meantime, I had lost my job, and was searching for another. I knew I didn’t want to return to my old field. I started connecting with cybersecurity people on Linkedin and asking them questions. “What path do you recommend to someone new to the industry?” “What steps did you take to get here?” “How do I get into cybersecurity?” Finally, I chanced upon Lance James, CEO of Unit 221B. He answered my “How do I get into this field?” with an offer to meet up and chat. We met, we talked, and he hired me as an intern to join the company. And now, I am happy to say that I have been working at Unit 221B for over two years, and it has been an extremely rewarding, life-changing experience.
How does your expertise in animal behavior apply to your investigative approach?
My education and experience in animal behavior has been extremely helpful in my investigations. Humans are animals, so our behaviors are not all that different – the internet is just a different ecosystem. Animals tend to be neophobic. We tend not to stray too far from the status quo. We crave patterns. Humans in particular are social primates, so we want a sense of community. Humans are also highly intelligent, creative, and self-aware, so we want to stand out. We want recognition. If we use a particular username, for example, on one site, we will likely use it elsewhere – that plays into the need for recognition (a recognizable name), community (names are for other people to address you by), and the need for homogeneity (using the same name across sites). Additionally, the study of behavior is pinpointing a “why” behind an action, and once that “why” is found out, it is not so hard to follow the possible future steps a person took, making it possible to guess and investigate other avenues that might not be immediately apparent.
What advice would you give to aspiring investigators who are hoping to work in this field?
Practice, and think about what YOU would do in your target’s situation. I always try to get into the shoes of the target to try and figure out their mindset. But truly, the most important thing is to practice. There are many online resources that are available, including various geolocation games and Tracelabs CTF. Read up on tips and tricks from other OSINT blogs, take courses if you can. But most importantly – don’t use OSINT to hurt anybody, don’t do anything illegal, and never report any information that you aren’t very, very sure about. There is a lot of extremely powerful data floating around and in the wrong hands it can cause a lot of real life harm.
What is your favorite part about investigative work?
My favorite part of investigative work is the thrill of the find, when you’ve been on a hunt for hours with your team, and then you find the piece of information that clicks everything together. It’s a massive rush. My second favorite part is when I’m doing work for a client that has been threatened, and they need help identifying the threat, and I provide it for them. Putting a face on a bad actor makes threats much more manageable.
How do you sharpen or expand your investigative and analytical skills?
I try to learn something from every hunt I go on. Every new technique is a benefit to future investigations, and I’m still learning. If I see an interesting class, I’ll take it. I try to keep up to date on new discoveries other people have made. If I see an article, I try to think where an article originates from, what’s the impetus behind it, who is it serving? Practicing critical thinking is very important.
What are some of your hopes for the investigative industry as a whole, and your work within it?
I’m hoping that the investigative industry continues to grow, however, a caveat: there are many investigation jobs that are not, in my opinion, ethical, and I feel like that is something that will be an issue if the industry grows without checks. It is one thing to investigate individuals who are KNOWN to have committed a crime. It is a whole other thing to hire someone to investigate someone just because a client doesn’t like them, or, more worryingly, because they are a journalist on the “other side” of a politician. The internet, especially in the States, does not afford a lot of privacy, and since its inception we have been using it almost on an honor system. Of course the information is out there, but the only people who dive in and “doxx” people are either bad actors or investigators, and in some cases I feel like that line can get crossed. It is very important that this work remains ethical.
As for my own work within the industry, I hope to help protect people on the internet. I want to help bring awareness to the concept of privacy and cybersecurity to people outside of the “geek world”, as it were, because so many people just have no idea that they are at risk. There is such a high incidence rate of harassment, spam, and general abuse online due to this lack of knowledge and lack of privacy, and I want to help mitigate that. 
For more information on investigation firm Unit 221B, visit their website at www.unit221b.com.
