Practical Open Source Intelligence For the Everyday Person
Open-source Intelligence (OSINT) is an investigative skill based on collecting and analyzing open or publicly available information. Having investigative skills of this nature is crucial in profiling persons of interest and companies, and even mapping out computer systems.
Think of this as a reconnaissance mission, where the goal is to gather as much data on a subject as possible from public resources and tools. Most of all, it is legal.
In the right hands, and without nefarious intentions, OSINT skills can be used to dig deeper into matters of identity, such as locating a lost or missing person, uncovering the identity of threat actors, solving crimes, and generally learning more about an individual, organization, or computer network.
A practical application to OSINT is to use identity-confirming techniques, especially for individuals we are considering hiring remotely. Since anyone can be impersonated, or appear authentic, only appropriate methods will confirm the facts versus fiction.
Needless to say, even rudimentary OSINT skills will broaden the scope of seemingly obscure information, to help users get to the bottom of things. Interestingly, the same methods can be quite devastating in the wrong hands.
In this day and age, pretty much all of our interactions on the web leave a digital fingerprint somewhere.
Any decent cyber sleuth can find that my digital fingerprints can be traced all the way back to 2007. That is because nearly all of my web interactions were done in old IRC chatrooms, and not public forum threads. On the contrary, my public records are a different story.
The following examples are only a few techniques any OSINT enthusiast can use in their quest for collecting information from public sources, including some inspecting techniques for uncovering fraudulent, or manipulated images. Whatever the reason may be, OSINT is so multi-faceted that this article hardly penetrates the surface. Nevertheless, if you are new to OSINT, then this article may yet do some justice.
Reverse Image Searches: Uncovering Fakes, Filters, and Alterations
A couple of years ago I was in Dallas at a St. Patrick's Day event and came across an extremely vulnerable, inebriated young lady. People were flocking to her, seeing an advantage. I did what I could by keeping her out of harm's way, but I didn’t know her, and I could only do so much.
I was making a video blog that night, and she was briefly featured in it. Eventually, she got kicked out and climbed into an Uber with a strange man, and I immediately regretted not offering to bring her somewhere safe.
I went home, took a still of her face from the video, and, uploaded it to PimEyes. It uses advanced facial geometry and recognition technology to perform reverse image searches. But in this case, I hoped to find her face in other pictures, perhaps on social media so I could check and make sure she got home safe. You can also use the free, search feature.
PimEyes matched her facial symmetry with other images on social media, one of which happened to be her. That’s how I discovered her name and using White Pages, I was able to find her phone number and send a courtesy text.
Even if you suspect a person is catfishing you with altered photos, PimEyes can compare the image to the original. Say, if an individual is using advanced photo filtering apps to swap genders in a photo, or superimpose a face on another person’s body, if the original image is on the net, performing a reverse Image search can locate it, and expose the differences.
This same technology can help users locate lost or missing persons, as well as track and identify online sexual predators. It can even be used to discover whether your spouse or significant other is posting pictures on public platforms you might not be privy to. If there is geolocation data embedded in an image, you can also extract that data to see exactly where the photo was taken.
Photographic & Audio-graphic Artifacts
A photographic artifact can be something that appears in a picture that gives clues to things you would rather keep private. This is extremely beneficial when you are trying to de-anonymize an individual. Often a subject might be very careful about what they share online with others. However, contained in their photos are certain “tells” that help fill in the gaps in the missing picture.
This can include street signs, the names of stores shown in the picture, literally anything. That is because anything can trace anything to something, everything comes from somewhere. Artifacts reveal a lot about the photo, the person and objects in it, and where it was taken.
Most hackers are privy to this. But not everyone. If a threat actor posts pictures of themselves online, it’s the artifacts that often tell you things about the attacker that they didn’t want you to know.
The same goes for video-graphic artifacts. Accents also expose localities. Also, most threat actors use commercial voice-changing software. This means that the recording can be taken and run through an audio analyzer. By adjusting the audio levels, de-anonymizing a voice changer is child's play.
Highly filtered photos can appear authentic at first glance. But a closer look at specific tells, and you will be able to ascertain the authentic from fabricated. There are three major artifacts even in state-of-the-art filtered photos.
One, the shape of the irises might not be entirely elliptical. They can also appear visibly blurred, which otherwise wouldn’t exist in a non-filtered image. Second, the visual texture of the hair might appear unrealistically wispy, and appear uncharacteristically detached from the rest of the hair. This can occur when photo filtering apps incorrectly attempt to superimpose hair volume in an image. Third, the face may appear in higher contrast to the rest of the body.
Breach Report Databases
Whenever a data breach occurs, the data dump is usually collected by security companies that can provide a pay-for-access to their breach report search engine, which can be searched by journalists, security analysts, data sleuths, and everyday people wanting to learn whether their accounts have been compromised.
This can provide IP addresses, phone numbers, addresses, and passwords used in the data breach. The information contained in the reports is often furnished with a wealth of detailed information useful to threat actors, as well as those curious inquisitors wanting to search their own email addresses and hope that it hasn’t been reported in a data breach. This online resource is very useful for hunting threat actors that have left some sort of data fingerprint.
If an attacker has left an email published somewhere on the web, or a user name to an account, searching that email or username in a breach report database could provide a clue, if not outright reveal who the attacker is, where they’re from, and past IP addresses they used. Any leaked passwords can be searched, and cross-examined with other accounts, which will reveal additional clues about the person who used or still uses those breached accounts.
You might be surprised by what the web has on you.
An article by