Key takeaways from today’s session: • Cybercrime is human before it’s technical. • HUMINT works when you show up as a real person, not a script. • Overt engagement builds trust (and better intel) when done right. • Ego, emotion & identity are powerful behavioral signals. •

Tim: ‘I worked more with felons under investigation, so… not really. Becoming friends isn’t my lane, that’s more of a Jon question.’ @Jon__DiMaggio: ‘Felons need friends too, Tim.’ 😄 #HUMINT #ThreatIntel

.@Jon__DiMaggio casually mentions he sends a Christmas card to Vasinsky in jail. Allan: ‘I’m gonna go commit some cybercrime so I can get a Christmas card too.’ 😂 #HUMINT #ThreatIntel #RansomwareDiaries

.@Jon__DiMaggio: ‘Yes - I’ve definitely become real friends with criminals. The key is knowing yourself. When the moment comes, will you still do the right thing?’ HUMINT isn’t just a skill; it’s self-awareness and boundaries. It's a discipline. #HUMINT #ThreatIntel

Audience question: ‘Have you ever found yourself almost becoming real friends with those “interesting” cybercriminals you talk to? And do you set personal or professional guardrails to prevent that from happening?’ Great question on boundaries in HUMINT. #HUMINT #ThreatIntel

.@Jon__DiMaggio on when engagement backfires, and he had to take a step back: - Lack of prep. - Not understanding the person. - Jumping straight into cybercrime questions. - And sometimes… discovering there are multiple people behind the same account. You have to be ready for

Tim: Cybercriminals often prefer talking to someone who isn’t deep in cybercrime. It makes them feel seen as a person, not just an incident. #HUMINT #ThreatIntel

Tim shared a great story: he once watched a researcher chat with a ransomware actor, and you could feel the criminal’s frustration. ‘All you want to talk about is cybercrime.’ The actor even sent links on how to smoke meat 😄 Another time, the actor hinted at the researcher's

.@Jon__DiMaggio: You won’t get far if every question is aimed at your goal. You have to actually talk to them - about life, interests, anything beyond their crimes. Real conversation builds the trust that leads to real intel. #HUMINT #ThreatIntel

Jon & Tim: Frameworks like MITRE Engage are great reference points; they provide structure and language for what we do. But taken together, all the frameworks can get overwhelming. Use them as guides, not gospel. #HUMINT #ThreatIntel #Cybersecurity

'Scan this QR code to see RASCALS & MICE.’ Allan: ‘This is, of course, malware.’ 😂 #Cybersecurity #ThreatIntel

Tim: One example of a key behavioral question is, ‘What’s this person’s attitude toward the country they live in?’ National identity, pride, resentment - these factors can shape how cybercriminals justify and express their actions. #HUMINT #ThreatIntel #CyberPsychology

Tim and Jon are breaking down the importance of frameworks - especially interdisciplinary ones. Blending HUMINT, behavioral science, criminology, and cyber intel gives a far clearer picture of how actors think and operate. That’s where the real insight lives. #HUMINT

Jon casually drops that a cybercriminal once called him on the phone. And the guy didn’t even bother changing his voice. Only @Jon__DiMaggio 😂 #HUMINT #ThreatIntel #RansomwareDiaries

.@Jon__DiMaggio adds that he genuinely likes talking to interesting people and hearing their stories, even the ones that never make it into his research. Those relationships often have real value: some of these actors have access to major targets. You never know which

Allan recalls a case of a North Korean cybercriminal posing as a researcher, tricking real researchers into clicking a malicious link. Social engineering isn’t always loud. Sometimes it looks like professional courtesy. #Cybersecurity #SocialEngineering #ThreatIntel

Tim notes that some in law enforcement avoid interacting with felons altogether; they don’t want that proximity. But he likes talking to them, hearing their stories, even when those stories make people uncomfortable. That discomfort is often where the insight lives. #HUMINT

Jon shared a great one: he once talked to a rival of a cybercriminal, who started trash-talking nonstop. Jon took screenshots, sent them over, and suddenly the actor went on a full rant, spilling tons of intel. When they’re emotional and off-balance, they slip. Sneaky

Allan: ‘Telling a cybercriminal their yacht isn’t real probably isn’t the best approach…’ Tim: ‘Actually, it could be, you learn a lot from their reaction.’ Even pushback becomes intel. #HUMINT #ThreatIntel