WEBVTT 1 00:00:00.160 --> 00:00:03.120 Welcome to the Deep Dive. Today, we're taking a deep 2 00:00:03.160 --> 00:00:06.799 dive into the world of digital security and investigative journalism, 3 00:00:07.440 --> 00:00:09.080 and we're going to be doing that through the lens 4 00:00:09.199 --> 00:00:14.240 of Michael Lee's book, Hacks, Leaks and Revelations. I've got 5 00:00:14.279 --> 00:00:16.440 to say, you shared some really fascinating excerpts with me, 6 00:00:16.600 --> 00:00:18.679 and I'm really excited to get into it. Yeah. 7 00:00:18.719 --> 00:00:20.719 It's really interesting how Lee kind of pulls back the 8 00:00:20.760 --> 00:00:24.559 curtain on this whole world of data leaks and how 9 00:00:24.719 --> 00:00:28.120 journalists can actually use cutting edge technology to get to 10 00:00:28.160 --> 00:00:30.480 the truth. You know, it's not just about looking at 11 00:00:30.480 --> 00:00:33.359 the raw data, it's about understanding like the context and 12 00:00:33.479 --> 00:00:36.359 you know, really importantly the potential impact on everyone. 13 00:00:36.759 --> 00:00:38.479 Yeah, it kind of feels like we're stepping into like 14 00:00:38.520 --> 00:00:42.399 a real life digital detective story. Yeah, you know, speaking 15 00:00:42.439 --> 00:00:44.759 of detectives, one of the things that really stood out 16 00:00:44.759 --> 00:00:48.280 to me was Lee's emphasis on data sensitivity. He makes 17 00:00:48.280 --> 00:00:50.439 the point that not all data sets are created equal, 18 00:00:50.600 --> 00:00:54.399 especially when you're dealing with information that could expose really 19 00:00:54.399 --> 00:00:55.280 powerful entities. 20 00:00:55.399 --> 00:00:58.200 Yeah, it definitely makes you think about like where we 21 00:00:58.240 --> 00:01:00.359 store our data. You know, Lee actually are is that 22 00:01:00.439 --> 00:01:05.719 everyday cloud services like Google Drive, which seem really convenient, 23 00:01:05.799 --> 00:01:07.879 might not be the best choice for investigations that are 24 00:01:07.959 --> 00:01:12.319 highly sensitive because they're vulnerable to legal requests. Right, So 25 00:01:12.359 --> 00:01:13.879 that means that you know, a company with a team 26 00:01:13.879 --> 00:01:16.959 of lawyers could potentially access your data. 27 00:01:17.040 --> 00:01:20.359 Okay, so no storing my top secret expose on Google Docs. 28 00:01:21.000 --> 00:01:23.239 Got it. But isn't the cloud supposed to be like 29 00:01:23.319 --> 00:01:26.159 super secure? Why would I need anything more than that? 30 00:01:26.599 --> 00:01:29.120 Well, that's a great question, and it is true that 31 00:01:29.159 --> 00:01:32.840 cloud providers do offer some security measures, but they are 32 00:01:32.879 --> 00:01:36.560 still subject to legal processes. So if you're investigating like 33 00:01:36.560 --> 00:01:39.719 a really powerful entity like a corporation, they might have 34 00:01:39.760 --> 00:01:43.120 the resources to compel those providers to hand over your data. 35 00:01:44.120 --> 00:01:46.799 And so for those cases, Lee really recommends taking extra 36 00:01:46.879 --> 00:01:49.599 precautions and using more robust solutions. 37 00:01:49.799 --> 00:01:51.760 That makes sense. So let's say we have taken those 38 00:01:51.760 --> 00:01:55.120 precautions and we've actually received elked data set. How can 39 00:01:55.159 --> 00:01:58.120 we be sure it's authentic? Can't anyone just like fabricate 40 00:01:58.200 --> 00:01:59.400 data these days? Oh? 41 00:01:59.480 --> 00:02:03.560 Absolutely? Verifying the authenticity of your sources is absolutely crucial, 42 00:02:03.760 --> 00:02:06.519 and Lee actually uses some pretty clever methods to confirm 43 00:02:06.560 --> 00:02:10.199 the legitimacy of the data sets he works with. For example, 44 00:02:10.199 --> 00:02:12.960 when he received the data set from America's Frontline Doctors, 45 00:02:13.240 --> 00:02:16.520 a group that's been known for promoting misinformation about COVID nineteen. 46 00:02:17.000 --> 00:02:21.919 He actually cross reference patient information with public posts on GAB. 47 00:02:22.240 --> 00:02:24.680 It was almost like a digital fingerprint that helped confirm 48 00:02:24.719 --> 00:02:25.599 the data's origin. 49 00:02:25.840 --> 00:02:28.560 Wow, so he was able to trace the data back 50 00:02:28.599 --> 00:02:32.080 to the source just using public information. That's really impressive. 51 00:02:32.240 --> 00:02:35.560 And another compelling example is how he verified a data 52 00:02:35.560 --> 00:02:39.080 set that was leaked from a private wiki leak's Twitter group. 53 00:02:39.919 --> 00:02:42.400 He did this by saving the HTML of a Twitter 54 00:02:42.439 --> 00:02:46.080 direct message conversation. So by doing that, by preserving it 55 00:02:46.120 --> 00:02:48.439 in its original form, he could prove that it was genuine. 56 00:02:48.439 --> 00:02:50.800 So it's all about finding those digital breadcrumbs that lead 57 00:02:50.840 --> 00:02:53.439 back to the source. But we can't forget about protecting 58 00:02:53.439 --> 00:02:56.879 ourselves and our sources too, right, What does Lee recommend 59 00:02:56.879 --> 00:02:59.199 for staying safe in this digital landscape? 60 00:02:59.280 --> 00:03:02.960 Well, strong passwords and two factor authentication. He says those 61 00:03:02.960 --> 00:03:06.599 are non negotiables. You know, imagine your work on a 62 00:03:06.639 --> 00:03:10.759 sensitive investigation. Maybe you're uncovering corruption, right, you're exposing wrongdoing. 63 00:03:11.000 --> 00:03:12.879 You need to protect yourself and the people who trust 64 00:03:12.960 --> 00:03:16.439 you with information. A password manager like key PASSXC is 65 00:03:16.439 --> 00:03:19.280 a great option. It's like a digital vault for your passwords. 66 00:03:19.639 --> 00:03:22.840 It can generate really strong, unique passwords and keep them 67 00:03:22.840 --> 00:03:25.120 safe even if your device is compromised. 68 00:03:25.439 --> 00:03:28.560 Yeah, I can see how that would be essential, especially 69 00:03:28.599 --> 00:03:30.680 when the stakes are so high. What about disc encryption? 70 00:03:30.800 --> 00:03:32.560 Is that something I should be considering? 71 00:03:32.680 --> 00:03:36.400 Disc encryption? Absolutely, it's another really crucial layer of protection. 72 00:03:36.960 --> 00:03:39.680 Think about it. If you lose your laptop or say 73 00:03:39.680 --> 00:03:43.800 it's confiscated, and your disc isn't encrypted, anyone with access 74 00:03:44.039 --> 00:03:47.479 can read all your data. Encryption basically scrambles that data. 75 00:03:47.520 --> 00:03:50.680 It makes it unreadable without the correct key. And Lee 76 00:03:50.759 --> 00:03:54.039 even provides like step by step instructions for enabling disc 77 00:03:54.120 --> 00:03:56.759 encryption on Windows, so you know it's not as daunting 78 00:03:56.800 --> 00:03:57.520 as it might sound. 79 00:03:57.759 --> 00:04:02.639 Okay, I'm convinced disc encryption it is now shifting gears 80 00:04:02.639 --> 00:04:04.520 a little bit. You mentioned the book also delves into 81 00:04:04.719 --> 00:04:07.039 spearfishing and an election interference. 82 00:04:07.240 --> 00:04:09.719 Yeah, that's where things get really interesting and honestly a 83 00:04:09.759 --> 00:04:13.680 little unsettling. Lee details a spearfishing attack that targeted election 84 00:04:13.800 --> 00:04:17.120 workers in North Carolina. And these weren't just your random 85 00:04:17.199 --> 00:04:21.360 like spam emails. They were very carefully crafted messages. Designed 86 00:04:21.360 --> 00:04:25.560 to trick specific individuals to reveal sensitive information. And this 87 00:04:25.600 --> 00:04:28.600 particular attack was only brought to light because of reality Winner, 88 00:04:28.920 --> 00:04:31.959 the whistleblower who leaked the classified documents exposing it. 89 00:04:32.279 --> 00:04:35.279 So this league had major real world consequences. It wasn't 90 00:04:35.319 --> 00:04:37.920 just about exposing like a security flaw, it was about 91 00:04:38.000 --> 00:04:41.600 uncovering a threat to democracy. I'm curious does Lee offer 92 00:04:41.639 --> 00:04:44.120 any ways to protect ourselves from these kinds of attacks? 93 00:04:44.399 --> 00:04:47.319 Well, he definitely highlights the importance of being aware of 94 00:04:47.360 --> 00:04:50.680 these fishing tactics and being really cautious about opening emails 95 00:04:50.680 --> 00:04:53.879 that look suspicious or clicking on links you don't recognize. 96 00:04:54.000 --> 00:04:57.439 But on broader level, this example really underscores the importance 97 00:04:57.480 --> 00:05:03.800 of robust cybersecurity measures, especially for critical infrastructure like collection systems. 98 00:05:04.319 --> 00:05:06.279 Yeah, it makes you wonder just how much we don't 99 00:05:06.319 --> 00:05:08.279 know about, right, It's almost like an iceberg what we 100 00:05:08.319 --> 00:05:11.800 see as just the tip. Now BitTorrent, Lee explains how 101 00:05:11.839 --> 00:05:15.560 this file sharing technology can be used to resist data sensorship. 102 00:05:15.839 --> 00:05:19.800 Yeah. BitTorrent is fascinating because it's decentralized, so instead of 103 00:05:19.800 --> 00:05:22.560 relying on a single server to host a file, it's 104 00:05:22.600 --> 00:05:25.800 distributed across a whole network of users, and this makes 105 00:05:25.839 --> 00:05:28.360 it really difficult to censor. Even if one user is 106 00:05:28.399 --> 00:05:30.959 shut down, others can still share the data. And it 107 00:05:31.000 --> 00:05:33.360 was actually used to distribute the blood Leaks data set, 108 00:05:33.399 --> 00:05:36.759 you know, that massive trove of law enforcement documents, making 109 00:05:36.800 --> 00:05:39.079 it accessible even when people try to censor it. 110 00:05:39.160 --> 00:05:41.639 That's incredible. It's like a digital hydra. You cut off 111 00:05:41.680 --> 00:05:44.920 one head and two more growback. Sounds like a powerful 112 00:05:44.959 --> 00:05:47.480 tool for whistleblowers and activists who want to bring information 113 00:05:47.519 --> 00:05:51.480 to light. But what about everyday communication with sources. Surely 114 00:05:51.560 --> 00:05:53.399 we're not using BitTorrent for that. 115 00:05:53.800 --> 00:05:57.800 Not exactly. For secure day to day communication, Lee strongly 116 00:05:57.839 --> 00:06:03.279 recommends Signal, encrypted messaging app that prioritizes user privacy and 117 00:06:03.399 --> 00:06:06.800 it uses end to end encryption, meaning that only the 118 00:06:06.879 --> 00:06:09.240 sender and the recipient can read those messages. 119 00:06:09.399 --> 00:06:11.680 Okay, I've heard of Signal, but can you explain how 120 00:06:11.680 --> 00:06:14.639 this encryption actually works? It sounds really complex. 121 00:06:14.800 --> 00:06:17.480 It's actually a pretty simple concept. Think about like sending 122 00:06:17.480 --> 00:06:20.560 a postcard through the mail right, anyone who handles it 123 00:06:20.600 --> 00:06:23.639 can read your message with end to end encryption. It's 124 00:06:23.639 --> 00:06:26.240 like you're sending that postcard in a locked box and 125 00:06:26.279 --> 00:06:28.920 only the recipient has the key to open it. Even 126 00:06:28.959 --> 00:06:31.279 signal itself can't access your messages. 127 00:06:31.360 --> 00:06:33.800 That's a great analogy. So it's like having a private 128 00:06:33.839 --> 00:06:37.240 conversation in a crowded room, but digitally. Does Lee mention 129 00:06:37.360 --> 00:06:39.040 any other tools for secure communication? 130 00:06:39.360 --> 00:06:42.560 He does. He also talks about tour which anonymizes your 131 00:06:42.560 --> 00:06:46.879 Internet traffic, onion share, which allows for secure file sharing, 132 00:06:47.399 --> 00:06:50.399 and PGP, which is an email encryption standard. It's like 133 00:06:50.439 --> 00:06:53.879 a whole arsenal of tools for protecting communication in the 134 00:06:53.920 --> 00:06:54.639 digital age. 135 00:06:54.920 --> 00:06:57.360 It sounds like staying ahead of surveillance is a full 136 00:06:57.399 --> 00:06:59.959 time job. But what happens when we're actually dealing with 137 00:07:00.199 --> 00:07:03.519 like massive data sets. Does Lee offer any guidance on 138 00:07:03.560 --> 00:07:05.759 how to manage those securely? 139 00:07:06.000 --> 00:07:08.160 Yeah, he suggests a few things, setting up like a 140 00:07:08.199 --> 00:07:11.839 tips page on your website to encourage submissions, using secure 141 00:07:11.920 --> 00:07:15.319 drop for anonymous communication, and setting up a cloud server 142 00:07:15.439 --> 00:07:18.360 specifically for data processing. You know, it's about creating a 143 00:07:18.360 --> 00:07:21.519 secure pipeline for receiving and analyzing information. 144 00:07:22.120 --> 00:07:24.040 Okay, so it's not just about getting the data, it's 145 00:07:24.040 --> 00:07:27.199 about having the infrastructure to handle it. And speaking of infrastructure, 146 00:07:27.319 --> 00:07:29.920 Lee's a big advocate for using the command line interface 147 00:07:30.079 --> 00:07:34.279 or CLI for navigating and manipulating this data. Why is that? 148 00:07:34.639 --> 00:07:37.120 The command line might seem kind of intimidating at first, 149 00:07:37.480 --> 00:07:41.279 but Lee argues that it's incredibly powerful and efficient. It's 150 00:07:41.279 --> 00:07:44.279 almost like speaking directly to your computer, giving it these 151 00:07:44.319 --> 00:07:47.920 precise instructions, you know, without all the graphical distractions. So 152 00:07:48.040 --> 00:07:52.439 like basic commands like to clear your screen, or PWD 153 00:07:52.639 --> 00:07:54.439 to see like where you are in the file system, 154 00:07:54.800 --> 00:07:57.399 and LS to list the files in a directory. Those 155 00:07:57.439 --> 00:07:59.920 are kind of the foundation of navigating the command line. 156 00:08:00.079 --> 00:08:02.279 It does sound like learning a new language. Are there 157 00:08:02.319 --> 00:08:04.720 other commands he recommends for working with data? 158 00:08:04.839 --> 00:08:08.639 Oh yeah, definitely. He goes through commands for like creating, deleting, moving, 159 00:08:08.680 --> 00:08:12.120 and copying files and directories, and even viewing the contents 160 00:08:12.120 --> 00:08:14.639 of files. All these commands can be combined to do 161 00:08:14.680 --> 00:08:16.079 these really powerful tasks. 162 00:08:16.279 --> 00:08:18.759 So it's about building up your vocabulary of commands to 163 00:08:18.800 --> 00:08:23.240 do increasingly complex tasks. But what about actually editing those files? 164 00:08:23.279 --> 00:08:25.079 Are we using the command line for that too? 165 00:08:25.399 --> 00:08:28.759 For that, we need text editors. Lee differentiates between what 166 00:08:28.800 --> 00:08:32.840 are called text files, which contain readable characters, and binary files, 167 00:08:32.879 --> 00:08:34.840 which are not meant to be read by humans. He 168 00:08:34.879 --> 00:08:38.519 recommends using visual Studio code. It's free and it's really user. 169 00:08:38.320 --> 00:08:40.240 Friendly, makes sense. I mean a lot of the data 170 00:08:40.240 --> 00:08:42.600 from leaks comes in text based format, so having a 171 00:08:42.639 --> 00:08:44.840 good text editor is essential, exactly. 172 00:08:45.159 --> 00:08:47.519 And because we often end up doing the same tasks 173 00:08:47.600 --> 00:08:50.360 over and over again when we're analyzing data, Lee introduces 174 00:08:50.399 --> 00:08:52.759 what's called shell scripting. And what this does is it 175 00:08:52.799 --> 00:08:56.240 allows you to automate those repetitive tasks. Yeah yeah, saving 176 00:08:56.320 --> 00:08:57.399 you time and effort. 177 00:08:57.799 --> 00:09:00.360 It's like having a digital assistant that takes scare of 178 00:09:00.399 --> 00:09:02.440 all the boring stuff so you can focus on the 179 00:09:02.480 --> 00:09:05.519 bigger picture. But what about when our own computers just 180 00:09:05.519 --> 00:09:08.720 aren't powerful enough to handle these massive data sets. What 181 00:09:08.759 --> 00:09:09.600 does Lise adjust? 182 00:09:09.639 --> 00:09:13.639 Then that's where cloud servers come in, and Lee specifically 183 00:09:13.639 --> 00:09:17.200 recommends a company called Digital Ocean. These servers can be 184 00:09:17.279 --> 00:09:20.360 much more powerful than your average laptop, and they offer 185 00:09:20.360 --> 00:09:24.519 a lot of advantages like scalability, remote access, and better 186 00:09:24.600 --> 00:09:26.639 bandwidth for large file transfers. 187 00:09:26.799 --> 00:09:29.960 So it's like upgrading your computer's brain and its Internet 188 00:09:30.000 --> 00:09:34.120 connection all at once for those heavy duty data crunching sessions. 189 00:09:34.200 --> 00:09:37.200 Yeah exactly. And Lee actually guides us through the process 190 00:09:37.240 --> 00:09:40.200 of setting up a server on digital Ocean, connecting to 191 00:09:40.279 --> 00:09:45.000 it securely using SSH, and even installing software updates. It's 192 00:09:45.039 --> 00:09:47.360 like a step by step guide that makes this world 193 00:09:47.360 --> 00:09:49.879 of cloud computing much less mysterious. 194 00:09:50.399 --> 00:09:53.399 This is all starting to feel very James Bond. You know, 195 00:09:54.080 --> 00:09:58.240 secret servers, remote access encrypted files. But how do we 196 00:09:58.320 --> 00:10:00.679 keep those servers organized and secure? 197 00:10:00.840 --> 00:10:03.279 Well, that's where Docker comes in. Docker allows you to 198 00:10:03.360 --> 00:10:07.279 isolate applications and their dependencies within these things called containers. 199 00:10:07.360 --> 00:10:11.960 They're like miniature virtual environments. This ensures that your applications 200 00:10:12.039 --> 00:10:15.240 run consistently no matter what operating system you're using, and 201 00:10:15.279 --> 00:10:17.559 it makes the whole process of setting up software a 202 00:10:17.559 --> 00:10:18.240 lot simpler. 203 00:10:18.399 --> 00:10:21.000 So it's like having tiny little compartments for your applications, 204 00:10:21.080 --> 00:10:23.759 keeping everything nice and tidy and preventing them from interfering 205 00:10:23.799 --> 00:10:24.360 with each other. 206 00:10:24.559 --> 00:10:27.240 Yeah, exactly. And Lee doesn't just tell us what docer is. 207 00:10:27.279 --> 00:10:29.759 He actually shows us how to use it. He walks 208 00:10:29.799 --> 00:10:34.679 us through installing Docker, running containers, managing storage, even using 209 00:10:34.720 --> 00:10:38.399 Docker Compose, which is for more complex applications that use 210 00:10:38.480 --> 00:10:39.440 multiple containers. 211 00:10:39.679 --> 00:10:42.080 It sounds like we're getting a crash course in Docker. 212 00:10:42.519 --> 00:10:44.639 But once we have our data on that cloud server 213 00:10:44.840 --> 00:10:48.000 and it's safely tucked away in its Docker container. How 214 00:10:48.039 --> 00:10:49.840 do we actually start analyzing it? 215 00:10:50.200 --> 00:10:55.000 Well? For interactive data analysis and visualization, Lee recommends Jupiter Notebook. 216 00:10:55.759 --> 00:10:58.120 It's a very powerful tool that lets you write code, 217 00:10:58.440 --> 00:11:01.240 execute it, and see the results all in one place. 218 00:11:01.399 --> 00:11:05.120 So it's like a digital laboratory for experimenting with data exactly. 219 00:11:05.799 --> 00:11:08.559 And Lee explains how to run Jupiter Notebook inside of 220 00:11:08.559 --> 00:11:10.840 a Docker container so you can access it remotely from 221 00:11:10.840 --> 00:11:11.519 your own computer. 222 00:11:11.720 --> 00:11:14.399 It's all about bringing those data analysis tools to where 223 00:11:14.399 --> 00:11:16.919 the data lives. Now, what happens when you have a 224 00:11:17.000 --> 00:11:19.279 really huge data set and you want to make it searchable? 225 00:11:19.320 --> 00:11:20.240 Is there a tool for that? 226 00:11:20.399 --> 00:11:22.679 There is. It's called a LEFT, and it's an open 227 00:11:22.720 --> 00:11:27.720 source intelligence platform specifically for searching and analyzing large data sets. 228 00:11:28.360 --> 00:11:30.399 You can think of it like having your own personal Google, 229 00:11:30.480 --> 00:11:31.480 but for your data. 230 00:11:31.879 --> 00:11:34.639 That sounds incredibly useful. But how do we even begin 231 00:11:34.840 --> 00:11:36.120 to set something like that up? 232 00:11:36.200 --> 00:11:39.080 Well, don't worry. Lee walks us through the entire process, 233 00:11:39.240 --> 00:11:42.799 from setting up a LEFT using Docker Compose, to importing 234 00:11:42.879 --> 00:11:46.919 data sets and then exploring that data using ls web interface. 235 00:11:46.960 --> 00:11:49.960 Wow, it's amazing how many tools are available for investigative journalists. 236 00:11:50.000 --> 00:11:52.320 These days, it seems like you need a whole toolbox 237 00:11:52.480 --> 00:11:55.440 just to get started. But let's not forget that sometimes 238 00:11:55.480 --> 00:11:58.720 the most revealing information comes from the most I guess 239 00:11:58.759 --> 00:12:03.000 you could say mundane, like email dumps. What does Lee 240 00:12:03.080 --> 00:12:03.759 say about those? 241 00:12:03.879 --> 00:12:06.440 You're absolutely right. Email dumps might seem like a relic 242 00:12:06.480 --> 00:12:09.240 of the past, but they can still be incredibly valuable. 243 00:12:09.799 --> 00:12:12.879 Lee takes us into this world of leaked emails, explaining 244 00:12:12.919 --> 00:12:16.240 the common formats like EML and mbox, the structure of 245 00:12:16.279 --> 00:12:19.320 those messages, and even how to analyze them using tools 246 00:12:19.360 --> 00:12:21.279 like Thunderbird and Microsoft Outlook. 247 00:12:21.360 --> 00:12:24.759 Makes you wonder what secrets are hidden within those seemingly 248 00:12:24.919 --> 00:12:26.600 ordinary inboxes, doesn't it? 249 00:12:26.600 --> 00:12:28.960 It really does, And when you're dealing with a really 250 00:12:29.039 --> 00:12:33.080 large volume of emails, traditional email clients might not be enough, 251 00:12:33.600 --> 00:12:35.679 and that's where Python programming can really come in. 252 00:12:35.639 --> 00:12:38.159 Handy Ah, Python, I knew it would make an appearance. 253 00:12:38.600 --> 00:12:41.679 Why is Python so important for investigative journalism. 254 00:12:42.159 --> 00:12:45.840 Well, Python's incredibly versatile. It's used in a wide variety 255 00:12:45.840 --> 00:12:49.840 of applications, from web development to data science, and for 256 00:12:49.879 --> 00:12:53.639 investigative journalists, it's a really powerful tool for automating tasks, 257 00:12:54.240 --> 00:12:58.320 analyzing data and just generally extracting insights from these large 258 00:12:58.360 --> 00:12:58.960 data sets. 259 00:12:59.000 --> 00:13:02.519 So it's like our digital'ss army knife for working with data. 260 00:13:02.159 --> 00:13:05.200 Precisely, and Lee doesn't assume that you have any prior 261 00:13:05.240 --> 00:13:10.440 programming experience. He introduces the basics like variables, lists, strings, 262 00:13:10.519 --> 00:13:14.639 conditional statements, loops, functions. He even walks you through writing 263 00:13:14.679 --> 00:13:18.960 simple Python scripts for text manipulation, data extraction, and analysis. 264 00:13:19.120 --> 00:13:21.200 So even if you're a complete coding newbie, you can 265 00:13:21.279 --> 00:13:24.240 still follow along and learn the ropes. But what about 266 00:13:24.240 --> 00:13:26.919 people who are already familiar with Python? Is there anything 267 00:13:26.960 --> 00:13:27.840 for them in this book? 268 00:13:28.200 --> 00:13:31.399 Definitely? Lee dives into more advanced techniques too. He talks 269 00:13:31.399 --> 00:13:36.679 about modules, functions, and these data structures called dictionaries. For example, 270 00:13:36.679 --> 00:13:39.879 he covers using the click module for creating command line interfaces, 271 00:13:40.399 --> 00:13:44.720 the OS module for filesystem operations, and the CSV module 272 00:13:44.919 --> 00:13:46.519 for processing CSV files. 273 00:13:46.679 --> 00:13:49.039 So it's all about expanding your Python toolkit for more 274 00:13:49.039 --> 00:13:52.080 efficient and sophisticated data analysis. But before we get two 275 00:13:52.159 --> 00:13:55.519 carried away with Python, let's not forget about the humble spreadsheet, 276 00:13:55.679 --> 00:13:57.440 a mainstay of investigative journalism. 277 00:13:57.519 --> 00:14:00.759 Oh absolutely, Lee reminds us that CSV files, which are 278 00:14:00.799 --> 00:14:03.360 often used to store what we call structured data can 279 00:14:03.399 --> 00:14:07.720 be easily viewed and analyzed using spreadsheet software like Librofice, Calc, 280 00:14:07.919 --> 00:14:09.080 or Microsoft Excel. 281 00:14:09.320 --> 00:14:11.480 So it's all about choosing the right tool for the job, 282 00:14:11.600 --> 00:14:15.159 whether it's command line wizardry, Python scripting, or good old 283 00:14:15.200 --> 00:14:18.879 fashioned spreadsheet analysis. But it seems like Lee takes it 284 00:14:18.879 --> 00:14:22.600 a step further, right He actually guides readers through building 285 00:14:22.600 --> 00:14:26.240 a Blue Leaks Explore app using Python and these web 286 00:14:26.279 --> 00:14:29.440 development frameworks like Flask and Schololcamy. 287 00:14:28.919 --> 00:14:32.240 You're right, and this app provides a really user friendly 288 00:14:32.279 --> 00:14:36.600 interface for browsing and searching that massive Blue Leaks data set, 289 00:14:37.039 --> 00:14:40.200 even generating reports based on the data. It's a practical 290 00:14:40.240 --> 00:14:42.879 example of how Python can be used to unlock the 291 00:14:42.919 --> 00:14:44.559 secrets hidden within these leaks. 292 00:14:44.720 --> 00:14:47.360 Wow, it's like we're building our own digital command center 293 00:14:47.399 --> 00:14:51.399 for investigative journalism. But speaking of really interesting data sets, 294 00:14:51.519 --> 00:14:55.240 Lee also analyzes the Parlor data set, which contained millions 295 00:14:55.279 --> 00:14:58.000 of videos and metadata from that social media platform. What 296 00:14:58.120 --> 00:14:59.960 kind of insights was he able to get from that data. 297 00:15:00.360 --> 00:15:02.039 One of the most interesting things he did was actually 298 00:15:02.159 --> 00:15:06.480 use Python to extract GPS coordinates from that video metadata. 299 00:15:06.559 --> 00:15:10.000 GPS coordinates that's next level digital detective work. 300 00:15:10.000 --> 00:15:13.320 It is, and by extracting those coordinates, Lee was actually 301 00:15:13.360 --> 00:15:16.759 able to pinpoint the exact locations where those videos were filmed. 302 00:15:17.240 --> 00:15:20.440 And then he even converted that data into KML files, 303 00:15:20.519 --> 00:15:21.519 which can be viewed. 304 00:15:21.279 --> 00:15:23.360 In Google Earth, so he was basically able to put 305 00:15:23.360 --> 00:15:25.799 those parlor videos on a map exactly. 306 00:15:26.639 --> 00:15:30.440 This technique is incredibly powerful. Imagine being able to see 307 00:15:30.519 --> 00:15:33.240 where people were gathering during a protest or a rally. 308 00:15:34.039 --> 00:15:36.960 You could potentially even identify individuals who were present. 309 00:15:37.200 --> 00:15:41.120 It's like creating a digital breadcrumb trail. Now, Lee also 310 00:15:41.159 --> 00:15:44.120 investigated the Epic data breach. Didn't he what was so 311 00:15:44.159 --> 00:15:45.440 significant about that one? 312 00:15:45.639 --> 00:15:47.879 Well, the Epic data breach is really important because it 313 00:15:47.960 --> 00:15:51.919 involved SQL databases, which are basically a fundamental part of 314 00:15:51.960 --> 00:15:55.159 how many websites and online services store their data. 315 00:15:55.279 --> 00:15:57.559 SQL databases. Can you remind me what those are? 316 00:15:57.639 --> 00:16:00.600 Sure? Think of a database like a really organized collection 317 00:16:00.639 --> 00:16:04.200 of data. And SQL, which stands for a structured query language, 318 00:16:04.399 --> 00:16:07.480 is basically a special language that's used to interact with 319 00:16:07.519 --> 00:16:10.279 those databases. It's how you ask questions and get answers 320 00:16:10.279 --> 00:16:10.919 from that data. 321 00:16:11.000 --> 00:16:14.799 So it's like Python, but specifically for talking to databases. 322 00:16:14.480 --> 00:16:17.759 Right, and there are different types of SQL databases. Epic 323 00:16:17.879 --> 00:16:20.840 use something called Mysequel, which is a popular open source 324 00:16:20.879 --> 00:16:23.559 database system. And Lee explains all of this and even 325 00:16:23.559 --> 00:16:25.519 shows you how to use a free tool called Maria 326 00:16:25.600 --> 00:16:28.600 dB to explore that leaked EPIC data. 327 00:16:28.799 --> 00:16:31.039 So it's like he's giving us a crash course in 328 00:16:31.120 --> 00:16:33.039 SQL database management in a way. 329 00:16:33.120 --> 00:16:35.799 Yes, And by doing so, he's kind of empowering us 330 00:16:35.879 --> 00:16:38.679 to investigate these types of leaks ourselves. You know, we're 331 00:16:38.720 --> 00:16:41.559 not just passively reading about his findings. We're learning the 332 00:16:41.559 --> 00:16:43.360 skills to make our own discoveries. 333 00:16:43.559 --> 00:16:46.279 It's amazing how he takes these complex topics and breaks 334 00:16:46.279 --> 00:16:50.480 them down. But Lee also explored the AFLDS healthcare data leak, 335 00:16:50.679 --> 00:16:53.120 and this one actually involved patient records. What did he 336 00:16:53.200 --> 00:16:53.679 find there? 337 00:16:53.840 --> 00:16:57.200 Yeah, this leak was particular concerning because it contained really 338 00:16:57.240 --> 00:17:02.360 sensitive patient information like medical condition, treatments, even credit card details. 339 00:17:02.960 --> 00:17:06.200 Lee used Python to analyze this data, look for patterns, 340 00:17:06.279 --> 00:17:09.759 and create visualizations to support investigative reporting. 341 00:17:10.039 --> 00:17:12.839 It sounds like a story with very real world consequences, 342 00:17:12.960 --> 00:17:17.680 especially considering that AFLDS was promoting unproven medical treatments exactly. 343 00:17:18.160 --> 00:17:23.240 Lee's analysis really highlights the potential dangers of misinformation, especially 344 00:17:23.240 --> 00:17:24.240 when it comes to healthcare. 345 00:17:24.480 --> 00:17:27.359 It's a stark reminder that data breaches can have really 346 00:17:27.400 --> 00:17:31.480 serious implications that go far beyond just the digital world. 347 00:17:31.759 --> 00:17:33.960 But before we wrap up this part of our deep dive, 348 00:17:34.000 --> 00:17:37.680 I want to talk about one last data set, Discord chatlogs. 349 00:17:38.200 --> 00:17:41.000 I imagine those can provide a wealth of information, especially 350 00:17:41.039 --> 00:17:43.759 when it comes to investigating online groups in their activities. 351 00:17:43.880 --> 00:17:48.920 Absolutely leaked discord chat logs can be incredibly resealing, and 352 00:17:49.000 --> 00:17:51.359 Lee describes how these logs are structured. He uses tools 353 00:17:51.400 --> 00:17:53.880 to explore them, and even builds a custom web app 354 00:17:53.880 --> 00:17:54.759 for analyzing them. 355 00:17:54.920 --> 00:17:57.319 Wow, this is all so much to take in, and 356 00:17:57.359 --> 00:17:59.839 I know we're only scratching the surface of Mica Leese Hacks, 357 00:17:59.880 --> 00:18:02.599 Leeks and Revelations, But we'll have to continue our deep 358 00:18:02.599 --> 00:18:04.160 dive in part two. Stay tuned. 359 00:18:04.440 --> 00:18:06.359 One thing that really stood out to me in Hacks, 360 00:18:06.440 --> 00:18:10.119 Leaks and Revelations was how Michae Lee really emphasizes working 361 00:18:10.119 --> 00:18:13.200 with structured data, especially in spreadsheets. 362 00:18:13.440 --> 00:18:16.039 Yeah, it feels like we're getting like a master class 363 00:18:16.039 --> 00:18:19.519 in data analysis, but you know, without that stuffy classroom setting. 364 00:18:19.880 --> 00:18:22.880 And he even reminds us that sometimes the simplest tools 365 00:18:23.000 --> 00:18:24.200 can be the most effective. 366 00:18:24.400 --> 00:18:29.799 Absolutely, he really highlights how valuable CSV files are. They're 367 00:18:29.880 --> 00:18:33.759 basically spreadsheets without all the fancy formatting. 368 00:18:33.359 --> 00:18:35.759 So they're like the raw ingredients of a spreadsheet, just 369 00:18:35.799 --> 00:18:37.480 waiting to be analyzed exactly. 370 00:18:37.839 --> 00:18:40.519 And even though we have these powerful tools like Python 371 00:18:40.559 --> 00:18:44.400 and SQL databases, sometimes good old fashioned spreadsheets software is 372 00:18:44.400 --> 00:18:47.039 the best way to go for viewing and working with 373 00:18:47.119 --> 00:18:48.039 CSV files. 374 00:18:48.240 --> 00:18:50.200 It's like choosing the right tool for the job right. 375 00:18:50.279 --> 00:18:52.319 Sometimes you need a blender and sometimes you just need 376 00:18:52.319 --> 00:18:55.759 a good knife. But does he give any specific examples 377 00:18:55.799 --> 00:18:57.559 of how this works in practice? 378 00:18:57.680 --> 00:18:59.680 He does. He uses the Blue Leaks data set as 379 00:18:59.680 --> 00:19:02.720 an egis, and specifically he focuses on what are called 380 00:19:03.000 --> 00:19:08.000 Suspicious Activity Reports or sars from the Northern California Regional 381 00:19:08.079 --> 00:19:09.480 Intelligence Center SARS. 382 00:19:09.519 --> 00:19:12.200 That sounds intreasing. What kind of information do they contain? 383 00:19:12.559 --> 00:19:16.880 Stars are basically reports filed by law enforcement agencies about 384 00:19:16.880 --> 00:19:20.400 individuals or activities that they consider suspicious. They can include 385 00:19:20.400 --> 00:19:24.240 a wide range of information, from physical descriptions to observed 386 00:19:24.319 --> 00:19:28.240 behaviors to allege connections to criminal activity. 387 00:19:28.599 --> 00:19:31.240 Sounds like a window into the world of surveillance. What 388 00:19:31.319 --> 00:19:33.039 did Lee uncover from these reports. 389 00:19:33.240 --> 00:19:36.119 Well, he used Python to extract and format the data 390 00:19:36.359 --> 00:19:39.319 from the blue Leaks CSV file, making it easier to 391 00:19:39.359 --> 00:19:42.200 read and analyze, and then he showed how to search 392 00:19:42.240 --> 00:19:45.519 for specific keywords and uncover patterns in the data. 393 00:19:45.599 --> 00:19:48.480 So he's not just passively reading these stars, he's actively 394 00:19:48.519 --> 00:19:50.839 interrogating them using Python exactly. 395 00:19:51.319 --> 00:19:53.240 And this technique can be applied to other data sets 396 00:19:53.279 --> 00:19:56.319 as well. It's about using Python to transform that data 397 00:19:56.400 --> 00:19:58.799 into a more useful and insightful format. 398 00:19:59.039 --> 00:20:02.279 This is fascinating stuff. Did Lee analyze any other parts 399 00:20:02.279 --> 00:20:03.640 of the Blue Leak's data set? 400 00:20:03.920 --> 00:20:06.319 He did. He also looked at the bulk emails sent 401 00:20:06.359 --> 00:20:07.559