Welcome, everybody, and welcome to What's the Problem, the show that explores problems that buyers and practitioners in the security space face in today's world. Today, we are lucky to have Matthew Buhler joining us.
Mike Krass: Matt, say hello to our listeners.
Matthew Buhler: Hey, Mike, it's great to be here. Thank you for having me.
Mike Krass: Happy to have you, man. So let's get into it. Why are you qualified to talk about security?
Matthew Buhler: Well, I got my start in mining and construction, and beginning of August last year, I made a switch into cybersecurity. I studied at the University of Pennsylvania through one of their boot camps, and I graduated this February in it. I participated in some trace lab CTS. Trace labs assist law enforcement globally in finding missing persons who have disappeared, so we hold events where we look to help them find open-source intelligence to locate those persons and return them to their families. There's one coming up that I will be judging here, and at the end of the month, I've also participated in Metta CTF with my team; we placed and the top couple 100 out of over 1000. And in December, I participated in a Darkwebathon through the anti-human trafficking intelligence initiative, where we assisted them in tracking down child sexual assault materials on the dark web for them to turn over to law enforcement for further action, and that's what kind of led me here to this point.
Mike Krass: Well, first of all, Matt, thank you for all the work you're doing in assisting the process of finding missing persons. That's really incredible work. So I just wanted to thank you there, and I think that leads us to the second question of the problem's name. You've worked in these different, and now you're judging not only participated in, but now you're judging some of these exercises, name a problem when it comes to security and missing persons and is working with law enforcement.
Matthew Buhler: So I would definitely say a problem is certainly awareness, awareness to what can actually be done by the everyday person. For something like this, a lot of our work is all open source which means that if it's on the clear web, meaning it's not behind a paywall, or it's not behind a password-protected site, we have access to it. So this means looking through social media accounts, any open information on government websites, like articles of incorporation for a company, etc. All of this open information can be found, and it can be explored. And when people hear of missing persons and things, they think it's only something that law enforcement can do. But I mean, you can really, if law enforcement asks for help for it, you can go on social media and passively, meaning you're not interacting with the victim or the victim's family or any of their family members, you're just looking for a piece of information that you might be able to relate to law enforcement. And I can stress again passively because it gets into some legal territories when you do any active investigation, just awareness that there are many people that go missing. There are a lot of children that have been exploited, that they're on those images and information is located on the dark web. And just awareness that this is a problem that together as the human race, we need to solve and end these atrocities towards children and do our best to return those who are missing to their loving families.
Mike Krass: Tell me what success looks like. Yeah, I think. Let me reframe the question we're talking about missing persons if you're assisting law enforcement or feeding them information or Intel. I think that one is probably pretty easy, right? Like success looks like that person is found and returned to their family. Is that right? Or am I missing? What is a success like when you actually start and engage in these activities?
Matthew Buhler: Certainly, that can be a form of success. I would also say some other forms of success would be just finding a small kernel of information that you may never see the result of you finding that kernel during the investigation, but law enforcement will be able to track that down and act on it and do what they need to do. So just knowing that you are contributing or doing some good in the world, that's what success looks like. Unfortunately, some people may never be found, and there may always be some form of CSAM on the dark web, but hopefully not. Hopefully, we'll be able to eradicate it.
Mike Krass: Can you define CSAM for our listeners, I know we're familiar, but for our listeners.
Matthew Buhler: Absolutely. So child sexual assault material. So that would be images related, videos, and media that exploits children in a sexual manner.
Mike Krass: Got it. So if I can repeat back to it's always helpful for me to kind of speak back to people make sure I hear you correctly. Yes, you can be actively involved in a missing person coming home, that's a measure of success, for sure. That being said, not every exercise ends that way, and going in with the mindset that that's the problem you have to solve, like, it's your responsibility to bring this person home, actually is not. It's helpful ideologically, but you can help and not actually see the end result by doing those little pieces, those kernels of information, like you mentioned, like that is also incredibly helpful, even though you don't get to see the big family reunion at the end of that.
Matthew Buhler: 100%, and it can be very touching emotionally even if you have the right goals in mind. It can be very touching to see that information day in and day out. I just want to clarify something. The event that we relate it to CSAM, we weren't exposed to the CCM videos in the CCM content because we used up something called Project Haydes, which blocks the images from being able to be seen by us who are investigating, but even still, the gravity of the topic can weigh on you. So it's just important to look after your own mental health, and I do not recommend it. I will not condone anybody going on the dark web and specifically looking at child imagery, even if it's to help law enforcement because it's just jarring material.
Mike Krass: Tell us a little bit more about Project Haydes. Is this something that you started using when you were at UPenn? Or where did this come from?
Matthew Buhler: No project Haydes was developed by the anti-human trafficking intelligence initiative. I believe the website would be followmoneyfightslavery.org or.com. But essentially, it allows you to browse the dark web without being exposed to the content. So you can search using email addresses. If there's an email address leaked onto the dark web, you can put in an onion address. An onion address is just like a Google; it's like you put in a Google address. Onion address is what it's called for, or e tags, email, or any personal identifiers you might have for someone that can be email addresses, names, etc. It scrapes the dark web and ingests information, and that information can then be used to dive further using open source intelligence.
Mike Krass: Perfect, Matt. Well, again, I know I mentioned this at the beginning of you sharing this problem. Thank you for the work you're doing, not just you but other folks on your team. It’s really awesome work, working to make the world a better place. We just dove into a pretty intense problem there, and I'd like to bring us back up and ask our third and final question of the episode. So Matt, tell us about your worst haircut.
Matthew Buhler: Oh, my worst haircut that would be the one that I'm recovering from right now. I went to get a haircut at a place where I am recovering, so I got a haircut at a place I don't normally get a haircut at because other places are booked. I had an event and went in, and I got just a fade cut, a classic cut meaning with scissors textured. And this individual that cut my hair absolutely butchered it when you see some of those cartoons where somebody's 60 finger in a light socket and the hair stands up.
Mike Krass: Oh yeah.
Matthew Buhler: Imagine that, and then it went through a shredder. I'm in the process of growing it out and fixing it. So I've been wearing a lot of hats lately. But that was by far the worst and in very recent memory.
Mike Krass: Matt Well, I appreciate you being brave, being a little vulnerable there sharing about your light socket haircut. We've definitely had some good answers and good responses to that question on this show and yours is up there towards the top in terms of a visual. I can see what happened to your hair, even though we're on a podcast. So with that being said, that was What's the Problem. Thank you, everybody, for listening, and Matt, thank you for attending our show and being a guest expert.
Matthew Buhler: Thank you, Mike. I really appreciate you for having me.
Matthew Buhler just broke into the world of cybersecurity by earning a certificate in cybersecurity through the University of Pennsylvania. Since then, he’s participated in the ATII Darkwebathon (placed 2nd in the world), won an MVP award for using Maltego to track down missing persons, and competed in the MetaCTF and Trace Labs CTF. He is currently studying for the Security Plus Exam.