IMINT/GEOINT: Image and Geospatial Intelligence
OSINT — short for Open Source Intelligence, is not just random information in cyberspace: It is publicly and legally available, information that does not require payment to access, or involve direct communication with a primary source, such as a person of interest, to obtain information. OSINT relies fully on passive reconnaissance — information fully accessible to the public. This information is then used to help meet certain goals, objectives, and/or answer questions.
With so much information on the Internet, an investigation of any kind could seem daunting. But with the appropriate resources, it’s less overwhelming. Without having some idea of what methods to use, it would be easy to work hard, but not work smart. OSINT skills are valuable in cybersecurity, because we’re able to locate answers to help solve a problem (or find a problem).
OSINT is used for a range of purposes and intentions. Threat actors love to take advantage of OSINT, because the more public-facing information they can obtain on an organization, the better “profile” they can build of their target. Security professionals also take advantage of OSINT to gather details on threat groups and indicators of compromise, or to obtain information on potential exploits. Different OSINT websites specialize in different types of information, so it’s not one-size-fits-all.
TryHackMe has a great room called Searchlight, which introduces IMINT (Image Intelligence) and GEOINT (Geospatial Intelligence) to one’s OSINT research tools. The objective is to answer questions pertaining to the exact location of an image, just by going off the clues given in the image.
One of the TryHackMe challenges in particular is called Coffee and a light lunch. Two images are provided, as well as a brief description of the scenario:
“A friend of mine contacted me asking if I could help them locate a coffee shop that is supposed to serve the best lunch there is. They told me the coffee shop is somewhere in Scotland, and he sent me these two pictures. Do you think you could locate it and answer the questions below for me?”
Based the images and the information provided above, we do have enough to go on. Is it a serious situation? Not really. But the focus is on the process.
Analyzing the first image, I take note of a couple of characteristics:
- In the background, the storefront sign reads The Edinburgh Woolen Mill (you may need to zoom in to see it more clearly).
- The store is on the corner of the block, across the street from the coffee shop. I also take note of the steps leading up to the storefront, and the blue sign with the white arrow.
Being a geographical search, one of the most obvious resources to utilize is a map. So I open up GoogleMaps. Two key pieces of information we are provided is the store that’s across the street from the coffee shop (The Edinburgh Woolen Mill), and it’s general location (Scotland).
Searching for The Edinburgh Woolen Mill in Scotland, a handful of results turn up. It is clearly a chain business, but there aren’t enough store locations to justify taking a more efficient approach.
In this case, there are only so many possibilities, so I zoom in on each location, and click on the Street View (small yellow figure in bottom right hand corner of map) icon, to get a better idea of what is around the store. One by one, I check off each location by process of elimination, until I find the correct location.
This looks identical to the photo provided:
I move around the street in Street View, and I see a coffee shop across the street from the store. I look towards the store from the perspective of the coffee shop. This is clearly it.
GoogleMaps, by default, provides some of the coffee shop’s business information. From this, I’m able to answer a couple of questions:
Which city is this coffee shop located in? Blairgowrie
Which street is this coffee shop located in? Allan Street
What is their phone number? +447878 839128
A visit to their Facebook page (via GoogleMaps) reveals their email address:
What is their email address? theweecoffeeshop@aol.com
And a quick Google search reveals the owners’ surname:
What is the surname of the owners? Cochrane
Another challenge from the same room, called …and justice for all involves identifying the name and details surrounding this particular statue.
I didn’t have to do any research to know that it’s a statue of Lady Justice, which is the first question:
What is the name of the character that the statue depicts? Lady Justice
However, there are many statues of Lady Justice. Plus, news websites often use a photo of Lady Justice in political articles, because of its symbolism.
The questions pertain to this particular statue. One way of identifying an image is to perform a reverse image search. Yandex, a Russian-owned search engine, is one of the highest-rated reverse image search engines.
The next question I need answered is the location of this statue. I reverse image search it on Yandex, and it returns many results.
I click on one of the images under Similar Images, and it takes me to another page. I hover over one of the images, and the location (the city and state) is identified.
Where is this statue located? Alexandria, Virginia
I’m now asked:
What is the name of the building opposite from this statue?
I have to first identify the building where the statue is located, before I can name the building that is opposite it. A quick Google search returns the name of the building where the statue is located.
I then search on GoogleMaps:
From Street View, the see that the entrance to the courthouse is Eastward-facing. The building directly opposite is The Westin Alexandria Old Town.
As you can see, answers can be found with the right tools, and with the right mindset, just by learning how to search effectively. OSINT skills certainly cannot be honed overnight. I’m always grateful for every chance I get to apply what I learn.
Thanks for reading!