This is a collection of articles and stories where open source investigative techniques were used in real life to solve a crime, identify a suspect, help someone in need, exonerate a suspect, or just generally demonstrate the impressive power of what can be done through digital investigations.
I make absolutely no judgement of anyone’s innocence or guilt for the stories related to criminal investigations, adjudicated or not!
The Story of Marcus Hutchins
I’m starting this off with some brilliant research done by Brian Krebs of KrebsonSecurity into the early life of a young hacker named Marucs Hutchins. Now, Hutchins experienced some fairly well publicized scrutiny for the events explained here, but also drew considerable support from the online community due to the fact that he basically single-handedly saved the entire internet. No, I’m not exaggerating. I’ve also included a link to a very in-depth personal interview of Marcus, done by Wired, that helps you see another side of this really fascinating story. I make no judgments here, I am simply sharing the impressive work of Krebs but felt Hutchins’ story was a necessary and compelling component.
How the FBI Tracked Down an Alleged Arsonist Lore-Elisabeth
This story focuses on the use of open source information to lead the FBI to a suspected arsonist. The trail could be followed by anyone, the pivoting used here is an excellent example of making the connections necessary to trace back an object, in this case, a T-shirt being worn by the suspect.
The Great Twitter Hack
Using a combination of social engineering and technical know-how, several suspects were accused of breaching twitter and posting a bitcoin scam from some of the most recognizable names in the world. Once again, the Brian Krebs of KrebsonSecurity with an in-depth write up of how the suspects were identified and a follow up article on the arrest.
DNS/Whois of a Phishing & Malware Campaign
An excellent write up by Etienne Maynier, a research fellow of Citizen Lab and published on Amnesty International via the citizenevidence.org website in June 2020. The article begins with a simple explanation of DNS, IP, and Whois before launching into a real world example of how these data points were used to help expose a nefarious campaign against Human Rights Defenders from Uzbekistan in 2019. If you’re looking for a clearly written and easy to understand explanation of these terms and how they can be used during an investigation, this is it!
InformNapalm OSINT Investigations Archives
This page could keep you busy for the rest of your life. The folks contributing to InformNapalm have pieced together some 2000+ fantastic OSINT investigations as a “volunteer intelligence community presents its interactive database, mapping Russian aggression against Ukraine as well as Georgia and Syria.” Some really great stuff here covering a variety of OSINT disciplines. Click away!
Unravelling a Tech Support Scam Network
This in-depth write up is brought to you by 2 OSINT heavyweights, MW-OSINT & Sector035. Both have provided tons of great learning content to the OSINT community over the years and their skills are on full display in this breakdown of a very extensive campaign to unravel a network of sites masquerading as technology help services, waiting for the chance to remotely hijack unwitting user’s machines. Plenty of links and explanations, but not one for the tl:dr crowd, you’ll want to settle in with a mug of something warm when you read this masterpiece.
Finding McAfee – The Hardest Free Beer You’ve Ever (almost) Gotten
This is a master class in geolocation techniques, demonstrated by none other than THE Benjamin Strick. If Ben isn’t familiar to you, definitely do yourself a favor and research. This is someone who has forgotten more about OSINT than many of us will ever know.
In this write-up, he covers how he and the rest of the world were challenged by the enigmatic John McAfee (yes, that McAfee) to try and track him down. The reward? Of course it’s the one thing that gets everyone off the couch and running… a beer! At last check, this debt has not been paid, so with interest, we’re talking at least a pitcher now.
