Connect with us

Featured

How Advanced search can make difference in open source investigation

Published

on

Estimated Reading Time: 7

Open Source Intelligence is the process of collecting and analysing publicly accessible information whether as data from available sources on the internet or news media content. It can also be information made available to the public through request, purchase, or subscription. Information shared at a public event such as town hall meetings and symposiums and first-hand information by a casual observer also qualify as open source information. 

The internet serves as a collection point for all this information which could lead an investigator or fact-checker down a rabbit hole of information that is not helpful to address specific queries. The degree of information available on the internet is staggering; this can make a random search for something interesting or valuable eventually lead nowhere. To avoid information overload, it is important to have a clear strategy in approaching information gathering.

The term open source is specific to easily accessible information and knowledge of advanced searching skills on some of the most common information sites available to us can achieve a more targeted result while streamlining our efforts.

In an interview with First Draft, Nick Waters, an open-source intelligence (OSINT) expert, says that knowing where to find open-source information is just part of it; however, using search functions to their fullest extent is vital. 

Twitter and Google have tools and tricks that perform more advanced searches to unlock certain information. According to Waters, Google is a powerful tool that is used at the barest minimum of its functionality. Many of the search engines including Google, Bing, and Yahoo access less than one percent of the internet. 

The internet is estimated to consist of approximately five million terabytes of data, according to Eric Schmidt, Google’s former CEO. Google searches comprise 0.004 percent of the internet totalling just 200 terabytes of data. It barely scratches the surface. The rest of the internet is the “deep web”. This deep web consists of websites, databases and files that can not be indexed by search engines. Nonetheless, information on the deep web is free and considered public, which means that it is available for investigative and even for malicious purposes.

In Nigeria, the use of OSINT proved valuable in the fight against Boko Haram. In 2014, right after the abduction of the Chibok girls, rumors of attacks mixed up with real Boko Haram attacks, making it hard to decipher what was real and what wasn’t to the extent of making a mockery of the government’s claim that it successfully suppressed the terror group. Using visual mapping data within the Armed Conflict Location & Event Database (ACLED), a visualisation of the trend of attacks was established, thus determining a pattern of movement and strikes by Boko Haram.

In 2018, the BBC Africa Eye Investigation, Anatomy of A Killing, which won a Peabody award in the same year, used open source intelligence to investigate a viral video of two African women and their children being murdered by uniformed men. In partnership with Bellingcat network, Amnesty International and independent analysts on Twitter, they were able to identify these men as soldiers of the Cameroonian army and they were eventually prosecuted for these crimes. 

In his essay, “Google Maps Is A Better Spy Than James Bond ”, Nick Waters considers OSINT crucial for democracy. According to Waters, “One of the primary strengths of open-source investigation is that the sources and methodology are exactly that-open. Anyone with a computer and internet connection can follow the reasoning of analysts, interrogate the same sources, and critique the techniques used.”

Social media is good for open source information. It can provide valuable detail which otherwise would be hidden or inconclusive.  By definition, anything posted on social media is available for use unless it is shared on a closed network. Closed networks on generally open social sites like Facebook and Twitter are direct messages (DM) shared within such networks. It is considered closed because it requires permission or invitation to have access to information shared within a DM. There are social sites like WhatApp which already operate as a closed network.The guiding principle is that any information that does not require permission to access is open source and free to use. Otherwise, you need to be granted permission either through an invitation or direct, preferably, written permission from the owner of the information.  

Facebook is arguably the most daunting of social sites to track in an investigation. It has billions of active users each month and it allows users to change their username once every 60 days, but there are tools to work around these complications. These tools change quite often and become inoperational like the Facebook Advanced Graph Search.  Regardless, there is a vast range of tools introduced and updated regularly. These are well documented in Michael Edison Hayden’s  A Guide to Open Source Intelligence (OSINT). Here are some recommended tools to navigate a social media investigation.

Twitter Advanced Search: The myriad of on-the-minute information on twitter can be overwhelming and difficult to reference. They are in the form of likes, retweets, impressions and trends. Twitter’s advanced search narrows down these tweets into actionable columns based on a particular phrase, location, date, language, group of accounts and hashtag.

This means that a meticulous tracking of information on twitter should be done to avoid a random inconclusive search. This can be done by bookmarking a particularly interesting tweet or adding a handle to your lists to enable recall of particular phrases, dates and even location of the said tweet. Another search tool is the whotweeteditfirst or first tweet webpage which helps to narrow down and locate the first time information contained in a tweet was first shared on Twitter. 

Then there is Tweetdeck, a valuable Twitter search tool that allows a multiple view of the timelines, commands, and search results.

Google Dorks: These refer to a specific language that can be used on google to recover results that are not possible to find with simple search queries. Results from these queries are more precise than simple google search results. In 2014, the US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the National Counterterrorism Center (NCTC) released a bulletin listing these “google dorks” as advanced search techniques that malicious cyber actors use to discover vulnerabilities in websites. This bulletin, titled “Malicious Cyber Actors Use Advanced Search Techniques” was issued as an advisory to law enforcement and other security personnel to help them identify a set of techniques referred to as “Google Dorking” or “Google hacking” that use “advanced operators” to refine search queries. Advanced search operators are unique commands that narrow down searches to provide extensive and specific results.

Here are examples of google dorks provided in the bulletin:

Facebook: Facebook operates as an open and closed website but there are ways to get more information from the publicly available trails already provided especially when investigating a breaking news situation. Every facebook profile has a unique numerical ID which is accessible if they are set to public use of these tools: Findmyfbid.com, Commentpicker.com, SmallSEOtools.com. Once a numerical ID is found you can search for targeted information using specific search options such as /photos-uploaded/ , /photos-tagged/, /stories-media-tagged/, /reshare-stories-by/ and more. The  /reshare-stories-by/ option helps to place a unique identity to the character of the user as well as how many shared a particular viral post. Other websites that provide deep searches on Facebook are Stalkscan.com which is a paid site, and Stalkface.com

Another situation where the numerical ID comes handy is a change of username. Trolls do this as often as are allowed by Facebook to avoid being blocked or to resurface after a while. You can also bookmark the facebook page which allows the profile resurface even after a name change.

YouTube: Tools like the Amnesty International’s Youtube DataViewer make video authentication processes on Youtube much easier. However* to conduct a direct search on youtube whether for transcripts or specific information add the “+” and “-” command to words you want added or removed. For example, if you are looking for Wizkid’s music videos and interviews by MTVbase, keep coming up in your search, applying the “-” command to the query like “Wizkid – MTVbase,” eliminates  interviews in your results. If you apply “Wizkid+MTVbase” it includes MTVbase interviews in the search results.

Another helpful function on Youtube are the “Report”, “Open Transcript” and “Show Translation”. These functions can search for transcripts on videos posted to YouTube. Here’s how to find them; on your screen click the icon with three dots in the lower right hand corner of the menu options. It is immediately below the icon to expand to full screen.

Image: CJR

Open-source intelligence is a valuable source of information to journalists and investigators. It can also be useful to anyone interested in authenticating the veracity of the information they consume. These tools are vast and often decommissioned; you can find more of these on Bellingcat and the Verification Handbook.


kindly donate to the work we do using our interim PAYPAL  https://www.paypal.me/NewsWireNGR

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *