Investigator interview: Rae Baker
We talk OSINT training, the value of Google Dorks, and what to do about the decline of Twitter/X
Rae Baker is a maritime OSINT analyst working for Deloitte. She’s also a prolific contributor to the open source investigative community. Baker has an email newsletter, is part of the OSINT Curious crew, wrote a recent book about getting into maritime OSINT and, along with Espen Ringstad, she co-founded Kase Scenarios, an innovative training platform.
In the second edition of the Investigator Interview series, Rae and I talked about how she became an analyst, why she loves charts, and what the downward spiral of Twitter/X means for all of us. (BTW I’m on threads here, Bluesky here and Mastodon here.)
This conversation was edited for clarity and length, and Rae reviewed the edited transcript to ensure accuracy.
I would love to start by hearing a little bit of your journey of how you ended up doing what you do. Were you watching ships pulling into harbours when you were young?
No, I have zero ship background. There's zero ships in my history. I still have not been on a ship.
My background is graphic design. I did that for about 15 years. And I love design. I love art. I hated school so it was the easy way out. It was something I was good at so I could just kind of skate by. And then I had kids and I was like, “I should do something else.”
I started going back to school for cybersecurity at Penn State because I had a friend who was dating someone who was doing it and they really liked it. I was like, “Sure, that sounds technical enough.”
When you're in cybersecurity — or trying to get into it — there's so many facets, like you don't know where to go. I started exploring and I was in the Penn State Tech Club. I started that up, I was the president. And I wanted to learn more about other people's fields and things like that.
Patrick Laverty was running the Layer 8 conference and he had spoken to the Tech Club. And he was like, “Oh, I have some free tickets. Do you want to come?” When I went there, a person that I went with said, “You’ve got to play in Trace Labs, you have to do it, we're gonna do it.”
She forced me to play and I was like, “This is the information I wanted, this is it.” It kind of hit that true crime stuff that I'm really into. I have spreadsheets of true crime that I've listened to and watched so I don't rewatch them. It just scratched that itch really good.
I always love hearing people's stories of how they fell into things. I have to say, I really note the fact that you're not just watching true crime — you're tracking it in a spreadsheet. If I'm trying to spot characteristics that might make somebody a good investigator, that’s one.
I do feel like my personality fits it very well. And now I can spot people that I feel like would do very well as an analyst.
What do you think those traits are?
I think the biggest one for me is curiosity and wanting to know more. There's some people who will just see something and go, “Oh, okay, that's it.” And then there's other people who go “Why? Why is it like that? And who's doing that? And I want to know more and more.”
I started working through my first Kase and I should say I have zero experience with CTF stuff. I’ve never done Trace or anything like that. It is totally foreign to me. I don't really go looking for people's SSIDs in my daily work. And so I'm like, “Oh, this is not the sort of thing that I think about regularly.” So it's great, because it puts me in other areas. But there's also a strong storytelling aspect to it, which I identify with. Is the storytelling aspect something that is one of the unique pieces of Kase?
Yeah, most CTFs don't have any sort of story. And if they do, they're very thin and they go maybe three questions long. The purpose behind Kase was to give people a way to practise. There's not many ways to practise OSINT techniques safely. The idea was to come up with scenarios where the things you're learning are applicable to that career that you're playing in, in the scenario. So if you want to be an OSINT analyst, or investigative reporter, detective, whatever, there's going to be a scenario for each one of those where you can go and you can play through.
I'm curious, what’s the planning process? Do you have a conspiracy theorist's type of map somewhere in your house where you’re trying to map it out?
I told Espen that we should do some behind the scenes video and set something like that up. People think that's what we do. But in reality it's just a Google Doc. Usually, the process is one of us comes up with a story and then we align it to a real career. And then we write out a paragraph storyline of the beginning, middle, and end. Then we start fitting in questions to get you from the beginning to the end.
One of the things that you hear a lot, and I think it's totally true, is the mindset of doing this work is way more important than any tools or any technical abilities you have. And that's something that I feel like everybody will agree with. It's a very accepted thing. I think everyone also has a sort of personal connection to that or a personal view of it. I'm curious about your reaction when you think about the mindset piece of it?
Well, maritime is a little weird because you need tools for it. But in traditional OSINT I am a big tool agnostic, I think. And it was funny because the last time I played Trace Labs our team won first place. The team that lost, the first thing they said was, “All they used was Google.” That was a slight, like “They're not real analysts.”
I use Google 95% of my day. It's targeted Google searching. It's not as easy as it sounds. You have to know what you're looking for. You have to know how to target it. Tools have their place, I think. But I also think it's a way to gatekeep, right?
I recently saw a message from Paul Myers, a really great researcher who works for BBC News and gives amazing trainings. He posted on Twitter basically saying, “There's so many wonderful OSINT tools in Python. But not everybody knows how to clone a repo and not everybody knows how to code. Make things accessible.”
It was an interesting point. On one hand, I've been saying to myself that I need to learn how to run these tools and I've been teaching myself how to do that. But I also see Paul's point of view, of making things more accessible. Where do you come down on that?
I think it's valuable to increase your skills over time. But I also think that for a lot of people who are not very skilled in analysis yet and are new to OSINT, these tools just become like mass collection points. They're collecting all of this data, and then they store it. And like, what do you do with that?
It's better to find two important things on Google that you can make actionable.
In some videos and interviews you've talked about the monitoring process, and how that's a key piece, especially for your work in maritime because you're watching a specific port or ship. When I teach journalists, I talk about how they need to set up monitoring because you can't just dive in and suddenly expect to find something interesting. You need to think about what you want to be looking at over time. What's your approach to monitoring?
To me, that's a lot where tools come in because it's very hard to monitor Telegram groups and things over time without some sort of program to do it. I do use tools for that, whether with vessels or with people. You're monitoring the baseline and then looking for what's changing. To me it's super valuable to be able to monitor whatever you're looking at over time.
What else is in your core tools stack that you like using?
My absolute favorite tool is i2 Analyst's Notebook. I manually make these giant charts. I do a lot of corporate searching so that's where the charts come in. Maritime is kind of hand in hand with corporate records. Once you find the ships, you need to know who owns them, who's benefiting, where the money's going. Making the charts and making the corporate connections is very valuable. I use a lot of free tools like OpenCorporates, and you know, LittleSis and things like that, that provide those details.
What is the state of play in terms of beneficial ownership? Are there still the dark corners of the world where once you see that something is registered there it's like, “We're not going any further than that.” Are we getting more access or is it closing off even more?
I feel like it's more access. But at the same time it's like a race because they're getting better at hiding it. We're like neck and neck. I love the hunt. I love digging that stuff out. I can spend hours looking for who owns a ship. I'll use Twitter, I'll use Google and I'll look all over the place for mentions of a vessel, who might own it, and who owns them and who owns them and try and just make a connection. That's why I make the charts because I can visually see everything connecting.
What’s your approach for dealing with a dead end?
Well, my approach is usually shutting down my computer. I shut it down and I walk away and then the next day, I usually find something. I feel like you get so deep in what you're looking at that you miss the easy stuff that's on the periphery. Sometimes I'll just say, “Alright, I'm done with this.” I'll move to another project or I'll shut down entirely and just go outside or play with my kids. When I come back I'm more open to seeing new connections and things.
It doesn't always work. Sometimes you're just at a dead end. I mean, that is a finding in itself — that you can't find anything.
Who are the core people that you're always paying attention to?
I’m always paying attention to the OSINT Curious people. I have a Twitter or X group of core people I follow, and I follow a lot of journalists. I kind of spread it out. I want a broad view of everything from ransomware gangs to what journalists are interested in. I just roam the internet and save it all. I used to use TweetDeck but I don't think I'm gonna be able to anymore.
Journalists love Twitter and it's also where the OSINT community had congregated. I'm a little bit anxious about what's going to be lost as Twitter seems to continue to degrade. What are you seeing or thinking might happen?
It is making me very nervous. I spend a lot of time on Twitter, because you have analysts all over the world who are posting about flights and ships and all these news stories and things and that. I've seen a lot of people move to Bluesky, but it's segregated. Some people are still there. Some people aren't. Some people are talking about both. A lot of them migrated to Discord.
It's a bit meta because it's sort of like, “Do you have the OSINT skills needed to find where the OSINT communities are on all of these other platforms?”
Right, and it makes it difficult because I don't want to go to 10 platforms to find out the information I used to be able to find out on one.
That’s it for this edition of Digital Investigations! Thanks for reading.