What is Open Source Intelligence (OSINT) ?
OSINT is a collective term for intelligence collected from publicly available sources. That could be anything from the specific social media accounts of an individual, to a list of financial transactions performed by a company. The goal of OSINT is to collect non-personal data about someone or something, allowing analysts to build a more thorough picture of someone or something.
Trace Labs is a non-profit organization whose mission is to accelerate the family reunification of missing persons while training members in the tradecraft of open source intelligence (OSINT). It is playing a vital role in response to the epidemic of missing persons and children around the world and supplies law enforcement with actionable intelligence that they likely do not have the time or expertise to create.
Preperation, whenever I signed up for the CTF I was given access to an OSINT course and some great information from Trace Labs website and YouTube channel. It was important to get everything ready before the event started. This included setting up Trace Labs OSINT Virtual Machine which has all the tools I needed for this investigation. I had also created sock puppet accounts for Facebook, Instagram and Twitter as well as an email. This just makes everything run smoother and helps get the work done more efficient whilst looking through social media and apps.
Finally joining the Trace Labs Slack community, this was great for keeping up with announcements and learning from other members from all over the world. I also reached out and found my team members on Slack and would of been lost without them. We worked very well together, splitting up the cases and then bringing our individual information together so everyone can have a look over it, especially if you got stuck down a rabbit hole.
CTF, once the 6hr time clock starts you are assigned to perform OSINT investigation on 4 missing persons from all over the world with maybe just a photo, name or email. If you know how to really use google and the internet you will get off to a good start, finding names on social media and using reverse image search. The main part of the CTF is finding information that is relevant to the investigation. The info then had to be submitted to the judge’s along with the supporting evidence, for their approval. There was a lot of submissions that were rejected even though they seemed relevant to us. This is an important part of the process and learning of the CTF. The judges feedback helped you understand why the information was accepted or rejected. The rejections were often due to lacking supporting evidence. So you had to go back research for more intelligence and create stronger reasons why it was relevant. You also need your supporting evidence such as screenshots and URLs. Over time I got used to gathering intelligence and piecing together various breadcrumbs of information to create a strong submission whilst using supporting evidence.
Conclusion, the experience I had working and learning in a OSINT team was priceless. Meeting so many great people from Trace Labs community and having the same desire to investigate and help find missing people. We can not forget that these investigations are to help find real missing people, whom family members are still searching for clues and answers as to where their loved ones have gone. The whole process can have an effect on you and can be difficult to get your head around, as you become engrossed with all the personal information you are faced with or discover, and there maybe no finish line in site. I would like to thank Trace Labs for their amazing community and how well it is run, they are definitely making a difference. I would also hope that as you are reading this blog you may want to get involved with the next CTF. If so please check out Trace Labs website and YouTube channel for starters, you can then dive into the world of OSINT.