Suspect - User Guide
🔍 Suspects Feature - Profile Analysis Tool
The Suspects feature provides deep analysis of social media profiles to detect signs of North Korean hacking activity. It combines automated analysis with AI-powered detection to generate comprehensive threat assessments.
Supported Platforms & API Status
Currently Available (Real-time Analysis):
- GitHub: Full API integration with live data
- Fiverr: Profile analysis available
Limited Analysis (Mock Data):
- LinkedIn: API unavailable, simulated analysis
- Telegram: API unavailable, simulated analysis
Step-by-Step Analysis Process
Step 1: Select Platform
- Platform Dropdown:
- Choose from available platforms
- Green indicators show real API access
- Gray indicators show limited/simulated analysis
- Platform selection updates URL placeholder
Step 2: Enter Profile URL
-
URL Input Requirements:
- GitHub:
https://github.com/usernameorgithub.com/username - LinkedIn:
https://linkedin.com/in/usernameorlinkedin.com/in/username - Telegram:
https://t.me/usernameort.me/username - Fiverr:
https://fiverr.com/usernameorfiverr.com/username
- GitHub:
-
Auto-Preview:
- Profile data loads automatically as you type
- Real-time validation of URL format
- Preview shows basic profile information
- Suspicious indicators highlighted
Step 3: Analyze Profile
- Click "Analyze Profile":
- Comprehensive analysis begins
- Multiple data sources examined
- AI-powered pattern detection
- Cross-platform correlation analysis
Step 4: Review Analysis Results
Understanding Analysis Results
Suspicious Score (0-100)
- 0-39: Low Risk (Green)
- 40-69: Medium Risk (Yellow)
- 70-100: High Risk (Red)
Profile Information Panel
- Basic Details: Name, username, platform, bio
- Account Metrics: Followers, following, creation date
- Visual Indicators: Avatar analysis, verification status
- Risk Assessment: Color-coded threat level
Key Analysis Components
-
Profile Analysis Section:
- Platform: Source platform identification
- AI Content Detection: Identifies artificially generated content
- IP Origin: Geographic location analysis
- Activity Pattern: Regular vs. irregular behavior assessment
- Account Age: Creation date vs. activity correlation
-
Detection Clues:
- Account Inconsistencies: New accounts with extensive claimed experience
- Geographic Anomalies: Activity patterns vs. claimed location
- Technical Indicators: IP tracing and proxy detection
- Behavioral Analysis: Writing style and interaction patterns
- Cross-Platform Verification: Profile consistency across platforms
-
IP Geolocation Data:
- IP Address: When traceable, shows origin IP
- Country/Region: Geographic location identification
- ISP Information: Internet service provider details
- Proxy/VPN Detection: Hidden location indicators
- High-Risk Locations: North Korea, suspicious proxy networks
Related Accounts Analysis
- Username Variations: Similar handles across platforms
- Account Clustering: Connected suspicious profiles
- Cross-Platform Presence: Multi-platform coordination
- Suspicious Network: Related high-risk accounts
- Access Status: Available vs. private/hidden profiles
Advanced Analysis Features
Real-time GitHub Analysis
For GitHub profiles, additional metrics include:
- Repository Analysis: Code quality, commit patterns, contribution timing
- Account Age vs. Activity: New accounts with extensive repositories
- Follower/Following Ratios: Unusual social network patterns
- Contribution Patterns: Activity timing vs. claimed timezone
- Code Style Analysis: Programming patterns and consistency
AI-Powered Detection
- Content Generation: Identifies AI-generated profile content
- Writing Style Analysis: Language pattern inconsistencies
- Image Analysis: Avatar and profile photo authenticity
- Behavioral Modeling: Activity pattern recognition
- Cross-Reference Validation: Multi-source verification
Interpreting Results
High-Risk Indicators (70-100 Score)
- IP traced to North Korea or suspicious regions
- Profile information inconsistencies across platforms
- New account with claimed extensive experience
- Activity patterns inconsistent with claimed location
- Use of proxy/VPN to hide true location
- AI-generated content detected
Medium-Risk Indicators (40-69 Score)
- Some profile inconsistencies detected
- Unusual activity timing patterns
- Limited cross-platform verification
- Moderate geographic location concerns
- Mixed legitimate and suspicious indicators
Low-Risk Indicators (0-39 Score)
- Consistent profile information across platforms
- Normal account creation and activity patterns
- Geographic consistency with claimed location
- No AI-generated content detected
- Regular, predictable activity patterns
Action Items After Analysis
-
High-Risk Profiles:
- Consider submitting to Catch feature with evidence
- Document findings for further investigation
- Cross-reference with known threat databases
- Monitor for continued suspicious activity
-
Medium-Risk Profiles:
- Conduct additional verification
- Monitor activity patterns over time
- Gather additional evidence before reporting
- Cross-check with other analysis tools
-
Low-Risk Profiles:
- Profile appears legitimate
- Continue normal interaction protocols
- Maintain standard security practices
- No immediate action required
Analysis Limitations
- API Availability: Some platforms have limited real-time data access
- Privacy Settings: Private profiles may have incomplete analysis
- Dynamic Content: Profile information may change after analysis
- False Positives: Legitimate users may sometimes show suspicious patterns
- Regional Variations: Different regions may have different normal patterns
Best Practices
- Use Multiple Sources: Don't rely solely on automated analysis
- Document Everything: Keep records of your analysis process
- Cross-Reference: Verify findings across multiple platforms
- Stay Updated: Regularly re-analyze profiles of interest
- Report Responsibly: Only submit high-confidence catches with solid evidence