A Q&A with Roelof Temmingh, Founder and Managing Director of Paterva
Roelof Temmingh, the founder and managing director of Paterva, engaged in a Q&A for this e-book (December 17, 2014). He wrote that he answers questions from the Paterva support mailbox more than he cares to admit...
Q1: How did Maltego start? What was the initial inspiration?
A: Doing many many network footprints and realizing that it's not only networks that are nicely connected, but people, organizations, documents, places, etc. as well. I wanted to build a framework that makes it easy to graphically link these together using small snippets of code so I can "change direction" at any given time (e.g. from the network domain into the people domain, into the corporation domain, back into the DNS or network).
Q2. What did it take to “stand up” Maltego as a tool? What were some challenges?
A: Initially we didn't really care too much about the terms of use of each data source. We just wanted it to work. Early on we received a cease and desist from a large social network. It was a big blow - and a wake-up call. We had to rethink a lot of things. Even now it's hard to get data into the tool without breaking terms of use. We always try to find an API (application programming interface), but it stays a challenge. Financially it was also tough - especially in the first few years. Development is not easy when you're trying to build something that's new.
Q3. Who was your early market? How has this market changed over time?
A: I think initially we got single individuals that were curious as to what they could find with the tool. It took a while to become more popular with corporate clients. All of us come from an IT security background - so our initial market was clearly the IT security crowd (and we still have a lot of clients from that section - it's also easier to relate to them). We were lucky to build a community and win the trust of our users. These days Maltego is used in a lot of different fields - in many cases we don't even know what the application really is.
Q4. Your software tool is one of those “dual use” ones. It seems like you have to walk a fine line between being licit and illicit. How do you go about ensuring that you’re on the right side of the law while appealing to the glamorous lawless part? How do you position your product?
A: :) This is a great question. It's really hard. As a start we don't dictate how the tool is used. You can use a knife to spread butter or to poke a hole into someone. Also - the line isn't always clear. In many cases LE (law enforcement) would use the exact same techniques that hackers use to gain intelligence. In the end Maltego cannot do something that you can't do manually - we don't have access to secret databases, we don't have transforms that you cannot follow by hand yourself. It makes it just a lot more efficient. I think a big reason that we've been able to walk the line is that our technology is available to everyone. We have a slightly crippled free edition (we call it the community edition), and our commercial client is not totally priced outside the budgets of individuals. We've also made all our transforms available to everyone - commercial and community editions runs the same set of transforms. So in a way it levels the playing field a bit - and the only limitation is how well you can use the tool. Still it's tough.
Q5. The server version of your tool seems to be used mostly for those engaging in open-source intelligence gathering. What are the most common uses of your tool in this sense?
A: We really only have two servers - the professional server is a perfect duplicate of what's available on the Internet with the only difference that we can't see what the users are looking up. Not that we actually do...but I understand the lack of trust. The TDS server (Transform Distribution Server) is for people that want to develop their own transforms and use it in an enterprise. It allows people to easily query their own internal data - in whatever way they want. In most cases we're totally hands-off with these installations and the enterprise is again only limited by their own coding resources. In these cases we actually don't really know what they use it for :)
Q6. There seems to be a small group of people using Maltego for educational research. What are some of the applications that you’re aware of?
A: Quite a few units are including Maltego in their training courses. They encourage the students to write their own transforms - we've seen some pretty cool stuff related to DNS, malware and OSINT (open-source intelligence). They also let the students do "Easter Egg" hunts to teach them how to use the tool to find and collect OSINT info.
Q7. Where do you get inspiration for the changes to your tool? You seem to be on top of technological advances and capabilities, particularly with your integration of social media.
A: Most of it comes from using the tool. We always try to make changes that *we* appreciate - and the thinking (and hope) is that other user suffer with the same problems and will also appreciate the changes and new features. Development is really split into two parts - one part is developing transforms - the other is developing the client and server components. In some cases the client would need changes because of limitation we've run into with transforms. A good example - the Twitter transforms were really using the same API key and you'd hit limits all the time. We had to enable Maltego to use OAUTH and let the user use his/her own tokens. It meant a lot plumbing and thinking. Social media really lends itself well to link analysis - every social media provider has the concept of friends or followers or circles or whatever .. in the end their data is really just a HUGE graph. We try to visualize a tiny portion of that graph - based on what the user wants to look at.
Q8. With any software tool, there are various encapsulated complexities. What are some ways that you ensure that users know what is going on with the tool and what it’s doing?
A: It's always tough to find the balance between the user that's really not interested in all the moving parts and the user that wants to control and monitor every detail of what's happening. We've spent hours and hours in meetings to debate whether to have a 'Maltego developer edition' or a 'Maltego Lite' and we always decide against it. (In a way CaseFile is Maltego Lite, I guess...). In the end we try to expose what the average user would want to see and make it easy to delve into the details for more advanced users. We'll soon be releasing (end of play 2014) a developer website for Maltego - where we document all the nitty gritty of the tool.
Q9. Your tool enables users to develop some of their own tools. How big is your open-source developer community? What is their level of expertise? What innovations have they come up with? Do you look to integrate any of their coding into your mainline product?
A: There are quite a few Maltego transform developers - the difference is really between individuals building transforms (and transform frameworks) and more uhmm .. commercial / corporate transform developers. We'll soon (Q1 2015) release a Maltego transform hub that sits right inside of the product. Note that I didn't call it a 'shop' or a 'store' - because we've decided that it will be totally up the transforms owners to decide if they want to monetize their transforms. Knowing our community of users we expect that most of these tranforms will be free. It will give transforms writers the ability to package their transforms nicely together and include help / registration / feedback /whatever URLs where the users of their transforms can contact them directly. This way all users of Maltego will be able to see when new 3rd party transforms are available. The only control that we'd want to have is to verify the quality and availability of transforms - this to try to ensure that users have a pleasant experience using the tool.
Q10. There are some who develop plug-ins for your product as well to extend its use as a penetration testing tool. Do you work with these teams as well? Are there any plug-ins for educational research applications?
A: Not that I am aware of.
A: Maybe is sounds a bit corny or pretentious - but without the support of the community, we wouldn't have been able to make Maltego into what it is today. There has been many attempts at imitations and our users have always stood by us. I think Maltego works because of them. In a way I guess it is because we represent the underdog - the 6 man team from (South) Africa that makes strange videos and gives their software made up names. Cue epic film music....;)
Q1: How did Maltego start? What was the initial inspiration?
A: Doing many many network footprints and realizing that it's not only networks that are nicely connected, but people, organizations, documents, places, etc. as well. I wanted to build a framework that makes it easy to graphically link these together using small snippets of code so I can "change direction" at any given time (e.g. from the network domain into the people domain, into the corporation domain, back into the DNS or network).
Q2. What did it take to “stand up” Maltego as a tool? What were some challenges?
A: Initially we didn't really care too much about the terms of use of each data source. We just wanted it to work. Early on we received a cease and desist from a large social network. It was a big blow - and a wake-up call. We had to rethink a lot of things. Even now it's hard to get data into the tool without breaking terms of use. We always try to find an API (application programming interface), but it stays a challenge. Financially it was also tough - especially in the first few years. Development is not easy when you're trying to build something that's new.
Q3. Who was your early market? How has this market changed over time?
A: I think initially we got single individuals that were curious as to what they could find with the tool. It took a while to become more popular with corporate clients. All of us come from an IT security background - so our initial market was clearly the IT security crowd (and we still have a lot of clients from that section - it's also easier to relate to them). We were lucky to build a community and win the trust of our users. These days Maltego is used in a lot of different fields - in many cases we don't even know what the application really is.
Q4. Your software tool is one of those “dual use” ones. It seems like you have to walk a fine line between being licit and illicit. How do you go about ensuring that you’re on the right side of the law while appealing to the glamorous lawless part? How do you position your product?
A: :) This is a great question. It's really hard. As a start we don't dictate how the tool is used. You can use a knife to spread butter or to poke a hole into someone. Also - the line isn't always clear. In many cases LE (law enforcement) would use the exact same techniques that hackers use to gain intelligence. In the end Maltego cannot do something that you can't do manually - we don't have access to secret databases, we don't have transforms that you cannot follow by hand yourself. It makes it just a lot more efficient. I think a big reason that we've been able to walk the line is that our technology is available to everyone. We have a slightly crippled free edition (we call it the community edition), and our commercial client is not totally priced outside the budgets of individuals. We've also made all our transforms available to everyone - commercial and community editions runs the same set of transforms. So in a way it levels the playing field a bit - and the only limitation is how well you can use the tool. Still it's tough.
Q5. The server version of your tool seems to be used mostly for those engaging in open-source intelligence gathering. What are the most common uses of your tool in this sense?
A: We really only have two servers - the professional server is a perfect duplicate of what's available on the Internet with the only difference that we can't see what the users are looking up. Not that we actually do...but I understand the lack of trust. The TDS server (Transform Distribution Server) is for people that want to develop their own transforms and use it in an enterprise. It allows people to easily query their own internal data - in whatever way they want. In most cases we're totally hands-off with these installations and the enterprise is again only limited by their own coding resources. In these cases we actually don't really know what they use it for :)
Q6. There seems to be a small group of people using Maltego for educational research. What are some of the applications that you’re aware of?
A: Quite a few units are including Maltego in their training courses. They encourage the students to write their own transforms - we've seen some pretty cool stuff related to DNS, malware and OSINT (open-source intelligence). They also let the students do "Easter Egg" hunts to teach them how to use the tool to find and collect OSINT info.
Q7. Where do you get inspiration for the changes to your tool? You seem to be on top of technological advances and capabilities, particularly with your integration of social media.
A: Most of it comes from using the tool. We always try to make changes that *we* appreciate - and the thinking (and hope) is that other user suffer with the same problems and will also appreciate the changes and new features. Development is really split into two parts - one part is developing transforms - the other is developing the client and server components. In some cases the client would need changes because of limitation we've run into with transforms. A good example - the Twitter transforms were really using the same API key and you'd hit limits all the time. We had to enable Maltego to use OAUTH and let the user use his/her own tokens. It meant a lot plumbing and thinking. Social media really lends itself well to link analysis - every social media provider has the concept of friends or followers or circles or whatever .. in the end their data is really just a HUGE graph. We try to visualize a tiny portion of that graph - based on what the user wants to look at.
Q8. With any software tool, there are various encapsulated complexities. What are some ways that you ensure that users know what is going on with the tool and what it’s doing?
A: It's always tough to find the balance between the user that's really not interested in all the moving parts and the user that wants to control and monitor every detail of what's happening. We've spent hours and hours in meetings to debate whether to have a 'Maltego developer edition' or a 'Maltego Lite' and we always decide against it. (In a way CaseFile is Maltego Lite, I guess...). In the end we try to expose what the average user would want to see and make it easy to delve into the details for more advanced users. We'll soon be releasing (end of play 2014) a developer website for Maltego - where we document all the nitty gritty of the tool.
Q9. Your tool enables users to develop some of their own tools. How big is your open-source developer community? What is their level of expertise? What innovations have they come up with? Do you look to integrate any of their coding into your mainline product?
A: There are quite a few Maltego transform developers - the difference is really between individuals building transforms (and transform frameworks) and more uhmm .. commercial / corporate transform developers. We'll soon (Q1 2015) release a Maltego transform hub that sits right inside of the product. Note that I didn't call it a 'shop' or a 'store' - because we've decided that it will be totally up the transforms owners to decide if they want to monetize their transforms. Knowing our community of users we expect that most of these tranforms will be free. It will give transforms writers the ability to package their transforms nicely together and include help / registration / feedback /whatever URLs where the users of their transforms can contact them directly. This way all users of Maltego will be able to see when new 3rd party transforms are available. The only control that we'd want to have is to verify the quality and availability of transforms - this to try to ensure that users have a pleasant experience using the tool.
Q10. There are some who develop plug-ins for your product as well to extend its use as a penetration testing tool. Do you work with these teams as well? Are there any plug-ins for educational research applications?
A: Not that I am aware of.
Q11. Any other comments or insights?
A: Maybe is sounds a bit corny or pretentious - but without the support of the community, we wouldn't have been able to make Maltego into what it is today. There has been many attempts at imitations and our users have always stood by us. I think Maltego works because of them. In a way I guess it is because we represent the underdog - the 6 man team from (South) Africa that makes strange videos and gives their software made up names. Cue epic film music....;)
(Note: The two screenshots were provided by Roelof Temmingh. The author is very grateful for Mr. Temmingh's insights and time. A few parenthetical explanations were included, but everything ran verbatim.)
Previous page on path | Cover: Conducting Surface Web-Based Research with Maltego Carbon(TM), page 14 of 17 | Next page on path |
Discussion of "A Q&A with Roelof Temmingh, Founder and Managing Director of Paterva"
Add your voice to this discussion.
Checking your signed in status ...