“All the hope I had when I was young, I hope I wasn't wrong
That's why I'm out in the street tonight whistling wind out my teeth
'Cause somebody didn't fix them nice.
You know, some things just don't turn out right…”

Dream of Mickey Mantle by Bleachers

I’m working on a documentary project with some folks. Big time shit. I can’t say much, but it’s about a huge criminal case.

I was tapped to help with their research. Finding witnesses. Finding people to interview. Help gaining access to documents and records. Monitoring some online spaces where even Gods fear to tread. Punching through those investigative roadblocks that stymy cases, and something that Permanent Record Research is slowly but surely becoming known for—“unfucking” stuff, because we don’t view the world the way most cops and suits do.

But damn… I’ve hit something I can’t unfuck.

I’ve been monitoring a dark little online space of ill repute. I’ve run the usual gamut of domain analyses, WHOIS queries, archives, etc. They know what they are doing. So I go old school.

I do daily check-ins. I log in via a secure environment. I read posts. Comment. It’s an operation with some mild social engineering. For the record, this is not related to CSAM.

The folks I’m working with are interested in knowing who the administrator of the forum is. It has changed hands. Been shut down twice. Now it is back up under new leadership. We would love to secure an interview for the documentary.

While I can’t divulge her username here, we’ll go with “mylittlemystery” for the sake of ease.

There are basic facts that I’ve gleaned from her posts. I know she lives in a certain northern European country. Her English is impeccable, and she is incredibly clever and analytical. She is a fan of certain role-playing video games. Based on some math regarding a post she made a few years ago regarding the loss of a family member and her birthday, she’s about 29 or 30 years old. My hunch is that she was probably born in the United Kingdom and moved to the northern European country in question sometime in the last six or seven years.

Turning over rocks with my good pals at OSINT Industries, I found a Kik account that is probably hers. I also found two Twitter accounts, one with the mylittlemystery username and one with another username. Let’s go with “moderngirl999.” Now, I can confirm these two accounts belong to the target because of archived posts, bios, and general shit talk I found in some internet archives.

There is a broader narrative I can’t discuss, but suffice it to say, it’s her.

But that is where the trail went cold.

For a bit.

I began to dig around breach data via sources like Darkside and others, and I found a single hit that may have been viable. It was an old infostealer log from a ways back.

(Quick shout out to this cool little tool from Hudson Rock that helped locate the log in question.)

It hit on a 24-year-old British kid who we’ll call “Rochelle Smith.” She was younger than my target, but there were similarities. Chiefly, the infostealer log indicated she was a nerd. She played some video games. This was a possible hit, and in a situation where I had very little, it was hope.

The infostealer log contained a couple of email addresses, so I began to run them through all my various little tools (including Google search) and in Maltego.

Suffice it to say, there was a lot that popped up, and I was filled with immense hope. Was this her? Did I find mylittlemystery? I consumed a Coke Zero in celebration. I felt young. I felt alive. I have literally written in emails to colleagues that, and I’m quoting Princess Buttercup from The Princess Bride here, “I can track a falcon on a cloudy day.” I can find anyone.

I was feeling my sheer and powerful confident ego rising up! This was the taste of victory over my enemies.

(As a quick aside, I have actually written the falcon thing in an email regarding another case. Here’s proof.)

(Another quick aside, for what it’s worth, I did find him.)

The point is that, for a brief moment, I felt like I had her!

I didn’t.

Fuck.

As I went through the data Maltego provided, I bumped into a Strava data set that Maltego expertly extracted. Rochelle Smith was an avid runner.

I’ve redacted the coordinates for privacy reasons, but where that ol’ long black bar rests, well, that is the location of Rochelle. It puts her squarely in the suburbs of Liverpool in the UK as of a couple weeks ago.

I’m 100% confident my target lives in a Nordic northern European country, and based on posts and images I have, she’s been there for a few years. Rochelle was not mylittlemystery.

Now, I just need to note that apart from that, a lot about Rochelle fits. The data from Strava that Maltego yanked probably saved me hours of work where I would have, eventually, ended up figuring this out on my own. It’s a rabbit hole I was lucky to avoid.

I have suffered some kind of ego death. Currently, mylittlemystery AKA moderngirl999 is still an unknown to me.

Now, the lesson here is that you can’t always win.

Some things just don’t turn out right.

Some investigations are easy. Some investigations have roadblocks. Sometimes, you can punch through them. Sometimes, you meet a target that knows what they are doing, and while they have probably slipped up here or there, you just haven’t found it yet.

With all work in the investigation and OSINT field, you can only allocate a certain amount of time before other tasks the client needs completed start needing to get done. I’ve had to pivot away from mylittlemystery, but she still haunts me.

In these moments, you walk away. You take a breath. You work on another part of the project. There are a lot of falcons that need tracking, after all.

And when your brain is rested enough, you return to your notes, see where you left off, and look for any new clues. You try new tools. You ask friends (like Aidan at The OSINT Insider, check his stuff out). You try different search engines. You approach it differently.

She’s out there somewhere, and I’ll find her. I can track a falcon on a cloudy day. I can find anyone.