In 2019 I led a team of students from the University of Adelaide in the first-ever Missing Persons Hackathon. Adelaide-Uni-3 placed second in South Australia against the national winners from SAAB and 10th overall in the country. We had an efficiency of 76 points per submission verses the winners efficiency of 62, arguably making our intel more valuable and accurate.
While we divided the work up evenly towards our strengths, we would have never achieved as high a score as we did without the efficiencies of the tools we used.
Here are the tools I guided my students through to gain a cyber advantage.
While strictly not a tool we used, this is an online version of a script that works almost identically to something we rolled ourselves. By typing a username it quickly searches 255 different sites for a user account that contains this username. While this generates many leads, not all of them will be valid if the username is common.
Google maps, and in particular street view, was really useful to understand the geographic layout of an area. This allowed our team to pinpoint interactions and corroborate stories and facts as they come up during our investigations. It also provided an ability to pivot to other areas of information and allowed us to cross check photos we found for location.
While similar to Google Maps, Google Earth has the additional ability to go back and forwards in time, casting shadows across buildings and terrain. This can be extremely useful in finding when something happened.
While better suited to real time investigations, Snapmap does serve a purpose in the workflow for missing persons investigations trying to leverage the power of OSINT. Much like the tools discussed above from Google, Snapmap can be used to show the lay of the land in real time. This can assist when trying to geolocate images or video.
OSINT Intel used to host a variety of tools based on Facebooks graph search. Unfortunately, due to legal issues, these were dumped. However, I’ve found that many of the same tools have been found on OSINT TECHNIQUES which replicate many of the same job functions. The site also includes tools to find tweets, Instagram posts
Austlii is a database of court proceedings and legal literature which is searchable similar to Google. This can be useful when trying to find reports about possible criminal history. Other countries have similar databases.
We also used tools to examine metadata in media. Unlike other teams, we didn’t bother with locating username and password breaches. This was because password breaches are not a legal source of intel. While it might be open source, the data can’t be used by law enforcement to access someone’s profile. Accessing someone’s account with their password can be illegal. As a result we didn’t waste our time.
While these aren’t the only tools we used, they were a selection of the most useful. For this year’s hackathon I won’t be participating in a hands-on role. I’ll be leading the University of Adelaide teams along with my old PhD supervisor Dr Matthew Sorell. While accuracy is important, the learning I’ll be taking away will be to make sure teams are submitting more often to gain the low value point within the CTF exercise.