Finding fake news networks with Dataprovider.com Transforms
One of the reasons that investigators love working with Maltego is the ability to integrate and connect all kinds of data in one place. Via the Transform Hub, you can connect data from a variety of public sources (OSINT), over 30 partners, as well as your own data.
Dataprovider.com Transforms in the Transform Hub provide you with access to one of the largest databases of public website data in the world. And best of all, you can try them out for free, using our free-tier functionality. The Dataprovider.com directory contains 280 million domains, 30 to 50 pages deep, and holds over 200 data variables for each website. You can use this data to discover new pathways through networks of websites and gather unique insights into online domains.
Without WHOIS data it is difficult to find detailed information on who owns a website. The Dataprovider.com Transforms in the Maltego Transform Hub give you the tools to find incoming links, companies, IP addresses, phone numbers, e-mail addresses and social profiles of all Entities within a network. Take a look at the full list of Dataprovider.com Transforms here.
To get you started on working with Dataprovider.com’s Transforms, let’s look at one example of how we unravel the global network of fake news website.
The sprawling number of fake news networks propagating and spreading false information have gotten a lot of attention lately. And as with all things online, it’s not easy to discover just how deep the rabbit hole goes.
Let’s start by investigating the infamous website, www [dot] infowars [dot] com
Our first step is to run the Transform ‘To Incoming Links’ on the Website Entity. This immediately presents us with 971 websites. We can view the properties of these websites in the Detail View and discover more about them individually, but right now, we’re interested to see which of these websites also link back to one another. We’ll run incoming links on the entire Collection of Website Entities. The results are quite staggering.
However, we don’t want things to get too complex just yet. Simply running incoming links on every single domain will only generate a larger and larger graph which might not give you any promising leads at all.
A useful feature in Maltego is the ability to “trim the leaves” off your graph as it grows. In the Investigate tab, there is an option called ‘Select Leaves’. When we click it, we see that 29.875 out of 39.796 Entities do not have any outgoing links. We can remove these (hit ‘delete’) to get a better idea of the extent that the networks are interconnected. Let’s give it a try:
You’ll notice that the various clusters and links have become much more discernible. Investigating one of these clusters, we find an interesting collection of websites. Virtualbegging [dot] com - a website dedicated to genealogy – strangely has links to websites of the Obamas, Bryon Hefner, conservative travelers org, and more inside the body of the text, with seemingly no relation to the content of the paragraphs or the sentences in which they appear.
Or donaldpeltier [dot] org, a mostly text-based website that opens with this landing page:
And then, endoftheamericandream [dot] com, a website that posts articles like this one:
As you can see there are interesting discoveries to be made here. There are many more tricks to broaden and deepen your investigation here, such as running reverse ISP and DNS lookups, as well as IP2Company Transforms to find out even more about these websites.
If you’ve found an interesting website you’d like to investigate within these results, you can isolate it and related websites in its network by highlighting the Entity and choosing Copy ► To New Graph ► With Neighbors.
… which gives you a result such as this:
Play around with these Transforms on your own and see what you can discover. With the Dataprovider.com Transforms, you can explore even further and uncover subdomains and social profiles that may be linked to particular websites.