OODA, Inc.

Matt Devost

Ghost in the Breach: Using breach intelligence to hunt hidden Russian assets

Following the invasion of Ukraine, increased sanctions against Russian individuals and entities led to an increase in large-scale, fully litigated judgments and the creation of international task forces focused on seizing assets from Russian oligarchs.

Russian individuals and entities have repeatedly employed extensive obfuscation techniques and utilized shell corporations in multiple jurisdictions globally, to successfully hide or transfer assets – this is, until their data got leaked. The ever growing amount of data leaks has proven to be a valuable tool for additional researcher context, as well as novel information sourcing, theory confirmation, and new asset discovery.

We will delve into two real-world use cases where breach data provided crucial insights, uncovering additional US assets belonging to a sanctioned oligarch, as well as another entity’s coordinated efforts to control assets based on insider knowledge of the Russian invasion, in a preemptive attempt to remain a beneficiary while avoiding impending sanctions.

There is a growing importance of data leaks in augmenting OSINT investigations, and participants will leave aware of potential data leaks that can be used as invaluable resources, as well as best practices when sorting through the data.

Matt began his career in 1995 hacking into systems for the US Department of Defense and Intelligence Community and over the past twenty-five years has emerged as an established leader in the cyber, global security, and intelligence domains. A successful entrepreneur, he has founded several companies including FusionX & the Terrorism Research Center, played a key leadership role in a handful of successful start-ups, and served as an advisor to DoD, a professor at Georgetown and Columbia universities, and is a member of the Black Hat review board.