They're coached to stay beneath every statistical threshold. We know how; we ran insider recruitment before joining the defense side.
Unlimited travel on a major US airline and alliance partners, through a verified employee connection. Confirmed business and first-class seats.
A complete map of anyone's communications from a single phone number — every contact, every call, even unsaved numbers — delivered as a file.
SIM swaps through insiders working in carrier stores, on major US networks. Advertised at a 100% success rate, delivered in hours.
Short, generic, or high-value usernames claimed through a platform insider. Names of people, places, and common words.
Credentialed access to the world's most restricted invitation-only summit, arranged through an insider — secured zones, official hotels, proximity to heads of state and Fortune 500 leadership.
Targeted content removal or account reinstatement on a major platform, executed through an insider with moderation access. Used to silence critics or restore banned accounts.
Editorial coverage in a major business publication, placed through an insider — no sponsored mention, no contributor byline. Bylined articles, favorable features, or a full profile, published as legitimate journalism.
A tax-authority insider sold the home addresses of people who declared crypto holdings. Multiple home invasions and assaults followed.
Insiders validate fraudulent refunds, credit unauthorized rewards, allocate premium handles, approve impossible upgrades. The losses are quantifiable but the actors stay statistically invisible.
Account takeovers sold as a service. SIM swaps through carrier insiders. Lookups, address pulls, takedowns at price. The damage lands on your customers and partners; the exposure lands on you.
A single insider transaction reaches a journalist, a regulator, or a courtroom. By the time the story is named, the answer “we had no visibility into this market” is no longer one you can give.
Most threat intelligence is academic — researchers describing what they observe from the outside. Our methodology comes from having operated insider recruitment at scale, then spending three years in counter-intelligence investigations on the defense side. The same playbook, both directions.
How insiders are identified, approached, retained, paid, and coached to stay invisible. What's offered to compromise them. How the operations are structured to scale across multiple insiders without exposure.
How to identify recruitment markets, observe operations in progress, attribute specific individuals to specific accesses, and build evidence packages that hold up under HR procedures, civil litigation, and criminal referral.
Ten years of access to the channels where insiders are sold. Continuous monitoring. Identification delivered in days, by operators who built the same access on the other side of the line.
The specific insider or operator, identified — not a statistical anomaly or a risk score you can't act on.
A documented evidence chain built to stand up in HR proceedings, civil action, and law enforcement.
How the access was sourced, packaged, and sold — so the same vector can be closed for good, not just patched.
Ongoing visibility on your exposure across active recruitment channels — not a one-time snapshot of a market that moves daily.
Findings structured so your internal teams can act immediately on delivery. No further analysis required to begin response.
Every engagement handled under strict confidentiality, by a single accountable operator. No subcontracting, no data sprawl.
Wherever frontline employees hold access to functions with secondary-market value, the recruitment is happening. We cover the verticals where the loss is largest and the exposure is highest.
Every engagement operates under reciprocal NDA. Client identities are never disclosed without explicit consent.
Evidence is built to hold up in legal and HR proceedings, with documented chain of custody on every artifact.
Founder background in counter-intelligence within a Western European intelligence service. Discretion is the default, not a feature.
Findings are sourced through observation of openly traded offers — packaged for your own lawful action.
One operator owns each engagement end to end. No subcontracting, no data sprawl, no quiet handoffs.
Briefings under reciprocal NDA, conducted directly with the founding operator. We do not pitch; we walk you through what is being sold against your company today.
30 minutes. NDA in advance. We share what we observe about your platform in active recruitment channels — specific mentions, current threat actors, ongoing operations. No commercial obligation.
andreas@trustwreck.comWe're building the category of Insider Threat Intelligence. Selectively engaging with investors who have conviction in cybersecurity, trust & safety, and adversarial intelligence businesses.
andreas@trustwreck.com