OSINT Blog > Post

Dirty Money’s Selfie Habit: The Digital Face of Financial Crime

If you can’t “follow the money” on paper, follow it on Instagram. Since the phrase was coined in the 1970s, financial crime and corruption have undergone a digital transformation in more ways than one. Dirty money may be laundered on paper, but it’s aired in real life: and these days, much of real life is aired online. With financial criminals increasingly hiding in plain sight, open source intelligence (OSINT) and social media investigations should be as intrinsic to financial investigations as forensic accounting.

Following the Money: New Frontiers

Many investigations begin with just a single lead or tip, and with limited, manipulated, or even no financial data. This is no accident: sophisticated financial criminals and “creative” accountants are adept at prettifying their books and smoothing over transactional evidence. In this climate, context is critical. Journalists, investigators, and lawyers looking to build a body of evidence need the capability to  do more than identify top-level "red flag" actions or transactions. They need to make sense of these actions as part of a bigger picture, join disparate dots, and see the unseen narrative behind them. This means going beyond the paper trail and exploiting the vast new terrain provided by social media, technology, and the open source internet.

Unpicking the Social Media Washing Line

The power of social media and OSINT investigations to turn information into action is vast and still growing. In a recent high-profile case, Dubai police recovered some $40 million in cash, 13 luxury cars worth $6.8 million, 21 computers, and 47 smartphones from the arrest of two Nigerian Instagrammer-slash-money-launderers. Essential to the operation’s success were the men’s social media accounts, which documented extensive information regarding their identities, activities, lifestyle, and assets.

Telling details can come from diverse and unexpected sources, and high-level capabilities should be able to unpick not just the Subject’s own social profiles, but those of linked individuals and entities. According to Pew Research, teenagers may in some cases be more active and less privacy-conscious than their parents on social media. Interior decorators often post images of their work on clients’ properties, helping investigators identify and catalogue moveable assets such as artworks, furniture or jewellery. Professional colleagues, secretaries, friends, yacht crew, or chauffeurs can all provide different and potentially useful windows into a Subject’s life.

Explicit evidence — a selfie linking two subjects who claim to be unconnected, or a time-stamped status update directly contradicting a given version of events — is of course a valuable acquisition. But proving the point is rarely so straightforward. With the right analytical capability, small but significant pieces of the informational puzzle can add up to create a powerful burden of proof.

Case Study: Hashtag Corruption

When the inaugural probe into President Donald Trump issued a wide-reaching subpoena in early February 2019, they singled out just one individual donor by name. Imaad Zuberi was under suspicion for his $900,000 donation to the inaugural committee, rumoured to have originated from foreign donors. Months later, he would plead guilty to multiple charges including failure to register as a foreign lobbyist, tax fraud, and funnelling foreign money into US elections. Prosecutors would detail his secret work for an array of foreign interests including Turkey, Saudi Arabia, Qatar, Sri Lanka, officials from Libya and businessmen from Bahrain and Ukraine. 

The press, however, had been on Zuberi’s case long before this. In 2018, Daily Beast reporters were given a tip regarding his involvement in the inauguration. With no access to his company documents, and a certain opacity to his professional dealings and corporate structures, the case could have fizzled out there. But, in a boon to investigative journalists and federal investigators alike, Zuberi’s social media profiles had meticulously documented years’ worth of “check-ins”, photographs, and status updates. 

Zuberi was quick to delete these records when the situation turned sour: but the damage had already been done. His digital dossier was a rich source of information and evidence that would help to build a formidable case against him. 

The Story Arc of Financial Crime: who, what, when, where, why

Investigating financial crime and corruption online is not unlike framing a story.  Sophisticated analysis should look to determine not just what is happening but when, where, why, how, and who is involved: and most importantly, the ways in which these critical data points interlink to form an actionable narrative.

A subject’s “check-ins” on social media are the most obvious way to follow their movements. This can tell you a lot about where and in what context they are gathering, moving, holding, and channelling funds, how they are doing it, and who they are working with or for. Imaad Zuberi’s social media travel-log listed rendezvous at specific hotels in London, New York,Washington, Turkey’s presidential palace, royal terminals, and military bases across the Middle East. It pinned him down to times, dates, and venues that could be used to link him to other suspects, place him in the vicinity of critical meetings, or add telling context to his actions.

On December 12th 2016, Zuberi checked into Trump Tower on Facebook. The date would become a focal point for allegations that Trump’s then-lawyer Michael Cohen had illicitly solicited $1 million from the Qatar Investment Authority. Publicly available CCTV footage soon emerged showing Zuberi entering Trump Tower with a group of Qatari dignitaries, greeted in the lobby by Cohen before entering the elevator together. Two weeks later Avenue Ventures, Zuberi’s investment vehicle, gave $900,000 to Trump's inaugural committee. Posting a photo of his invitation to the inauguration, he captioned it: "From our friend Michael Cohen.”

Metadata is a less obvious but no less important source for this kind of information. Images uploaded to the internet often contain contextual data that doesn’t appear on the “front end”, but can be searched for using appropriate technology. It can reveal, among other things, exactly where and when a picture was taken, on what device, and by whom. Other valuable indicators include registered addresses, phone numbers, website domains, and email addresses. Sophisticated tools can quickly scan for available information not just on where, when, and by whom these elements were registered, but dates and locations from which they have since been accessed.

Proof: a burden to some, a boon to others

Where financial data is lacking or unreliable, and subjects are working with low-disclosure structures or jurisdictions, social media and OSINT can shine a light on critical leads. A recognised asset or favorite holiday destination can point to a holding company, trust, or offshore vehicle being used to conceal funds or activities. Interactions online can highlight undeclared personal relationships or corporate affiliations, and flag up potential proxies, partners, or sponsors. Anomalous domain registrations or social accounts can shed light on trade-based money laundering activities. 

Without effective and intelligent analysis, however, sheer quantities of data cannot be translated into critical action  — whether that means direct legal action, gaining access to more privileged information through civil proceedings or complementary intelligence strategies, or compelling another party to engage in constructive negotiation. The key is in joining the dots effectively, and mining for evidence in identified hot-spots, to build a compelling burden of proof. Insufficient proof is a burden to the investigator: sufficient proof is a burden to the investigated.

Skopenow operates quickly, comprehensively, and analytically to gather the data you need to “follow the money” beyond the paper trail. It draws discreetly on a vast range of digital sources to collect, document, and link information and metadata on an evidential level, shedding light both on your Subject and their surrounding networks, and giving you a powerful framework from which to drive critical action. Skopenow is available to try for free.