An anonymous financial research firm had been publishing short-selling reports under a protected identity. A professional investigation firm spent two weeks trying to unmask the founder. The task came to us. It was solved in under 24 hours.
Culper Research was a financial short-selling firm publishing research reports under a fully anonymous identity. The site, culperresearch.com, offered no identifying information about its operators — no names, no company registration, no contact details beyond a generic email.
A client engaged a professional corporate investigation firm to unmask the person behind it. After two weeks of trying, they came back empty-handed. The task was then passed to our team at ISECOM through a trusted intermediary.
"See if we can learn anything about Culper Research — technical analysis and research regarding their website, email address, and any other known virtual footprint."
The site was operating under deliberate anonymity. Standard lookup methods — WHOIS, domain registration, corporate registries — had already been exhausted by the prior investigators. A different approach was needed.
Rather than focusing on the website's infrastructure — which had been deliberately obscured — the investigation turned to the site's published content. Culper Research had published multiple PDF research reports, freely available for download.
PDFs created with standard office software embed metadata invisibly inside the file: author name, creation tool, creation date, modification date, and unique document identifiers. This metadata is often forgotten — or never considered — by people who believe their identity is protected.
The domain was anonymous. But the documents published on that domain were not. Every PDF told a story its author didn't intend to share.
A script was written to automate the process: download all available PDF files from the site, then run ExifTool across each one to extract every available metadata field.
File Name : Culper_PUMP_11-14-2019.pdf File Size : 940 kB PDF Version : 1.7 Producer : Microsoft® Word for Office 365 Creator : Christian Lamarco Author : Christian Lamarco Creator Tool : Microsoft® Word for Office 365 Create Date : 2019:10:30 22:22:57-04:00 Document ID : uuid:644B0DDD-82BD-4926-A023-EBF83F5780DF # Creator and Author fields present in two separate documents # Eastern timezone offset confirms US-based authorship
The name Christian Lamarco appeared as both Creator and Author in the metadata of two separate documents. This was the first concrete lead — a real name attached to the anonymous operation.
A name alone isn't confirmation. The next phase involved building a chain of corroborating evidence to validate that the Christian Lamarco found in the metadata was the same person operating Culper Research.
ExifTool script run across all PDFs downloaded from culperresearch.com. Two documents returned "Christian Lamarco" as Creator and Author. Eastern US timezone confirmed in the creation timestamp.
A government FOIA log (FCC records, publicly available) listed a Christian Lamarco filing from the same time period, confirming the name was associated with regulatory activity consistent with financial research work.
A public blog attributed to Christian Lamarco — covering stock analysis and corporate intelligence topics — was identified. Manual comparison of writing style, terminology, and subject matter between the blog and Culper Research reports showed strong consistent patterns.
The metadata also confirmed the use of Microsoft Office 365 and Outlook — consistent with the email infrastructure identified from the Culper Research domain. Multiple independent signals pointed to the same individual.
All findings were compiled and reported. The client engaged a federal contact to perform final verification through writing style analysis and criminal records cross-reference. The identification was confirmed. The client was satisfied.
The Creator and Author fields embedded in two Culper Research PDF reports directly named the individual, providing the primary identification vector that all other evidence supported.
Microsoft Word for Office 365 confirmed as the document creation tool, with Outlook used for email — creating a consistent digital fingerprint across multiple independent data points.
Public writing attributed to the identified individual showed consistent style, vocabulary, and subject matter patterns when compared to Culper Research reports — corroborating the technical findings.
Government FOIA records independently corroborated the individual's name and activity in domains consistent with the Culper Research operation, adding a layer of official record to the findings.
A professional investigation firm had already spent two weeks on the same task without result. The identification was made in under 24 hours using open-source intelligence and document metadata forensics.
The finding was later independently validated when the identified individual was publicly named in a formal defamation lawsuit in September 2021 — confirming the accuracy of the investigation. The case subsequently received coverage in Bloomberg Businessweek.
"The client is really happy with our work. BTW, the client first paid a big investigation company to do the job and they failed after 2 weeks of trying. We did it in less than 24 hours."
Most anonymity efforts focus on domain registration and network-level concealment. Document-level metadata is frequently forgotten and can be a decisive investigation vector.
A single data point is a lead. Multiple independent signals pointing to the same conclusion is evidence. The investigation built a chain, not a single finding.
The 24-hour result wasn't luck — it came from applying a structured OSINT approach systematically, starting with the content the target had already published.
Every piece of content published online carries traces of its origin. Understanding where those traces live is the core skill of digital investigation.