A (Goofy) Initial Descent into OSINT

A few months ago, I found out about open-source research. It was an odd, stumbling path via hearing about a podcaster who wrote an article for Bellingcat, surfing the Bellingcat site in class, and my world getting up-ended a bit. I’d seen open-source investigation before, in the form of internet sleuths from various mediocre true crime or Vice documentaries, but this stuff was professional, serious, and political. Since so much of it is self-taught, I decided to teach myself a few OSINT skills to see if it had potential application for future projects. I’ve even applied a few of them, though the circumstances might not hold the same weight as identifying Navalny’s poisoners or tracking architectural destruction in war zones. I wanted to document these attempts in all their mediocrity to help encourage other non-technical people to explore this style of research.

My first real application was for a school project. I’m a master’s student in political theory, so I don’t have a lot of coursework that requires digging around online, but I do have general politics courses. My group mates and I were writing about an imam in Mali who had quite a love/hate relationship with the various regimes Mali has had in the last fifteen years. I was in charge of gathering information on media discussions as well as his online presence. The media discussions were pretty straightforward, using a mix of Google’s advanced search functions and simply trolling through articles until I found what I needed. 

The online presence was a bit more complicated. We were considering using interviews for qualitative data, which meant finding Malians aware of this imam and speaking to them. One of my group mates expressed concern that using a personal Facebook account could be a dangerous move. So as someone with no training in finding or giving interviews, I did what made sense logically to me. I made a sock puppet Facebook account using my school email, an AI-generated photo of a man who did not exist, and a made-up name. I cold-messaged probably thirty people on Facebook who were listed as admins of fan groups for this imam.

Predictably, I got no responses. It was a good learning process though. Future sock puppets probably need more information than just a name, a face, and a university affiliation.

The second application is somehow more embarrassing than the terrible sock puppet that yielded nothing. One of my buddies texted asking if I knew our mutual friend’s birthdate. I did not, and they didn’t use any social media that would list the birthday front and center. What I did have was their profile on Co-Star, a popular astrology app, their age, and, deep in the recesses of our WhatsApp messages, their birth time. To be clear, this method would not work without all of this information. So, armed with his birth time and year, I found a different free birth chart website and began plugging in dates within the range of his sun sign. The sun sign, which is the zodiac sign you probably know, changes about once a month. The birth time helped with checking my work. Some of the other signs in a birth chart change every two hours, so by having the full chart, I was able to be pretty much certain that I had the right birthday once everything pretty much lined up.

We verified with a second mutual friend that this was the right birthday, but, unfortunately, it did make me look a bit nuts. Pro tip: maybe don’t do this outside of a joke.

The final test I have done so far involved family Christmas ornaments. My grandmother’s tree has a wide variety of ornaments that range from cute to odd to downright mysterious. The ornaments I was concerned with were in the mysterious category. My dad and his brothers had a rough idea of when and where they were bought, but no one knew what they were. The ornaments are two cylindrical blobs in red and yellow with glitter accents. I started with ornaments that were from the same department store in the same era: two oblong clowns. I reverse-image searched them just using the Google search app. They turned out to be mercury glass from a workshop in West Germany that must have been imported to the US. With that in mind, I could reverse-image search the red and yellow cylinders with added keywords of “mercury glass.” From what I could find, the cylinders were actually lighthouses and also produced in West Germany in the 1950s.

Unfortunately, why my grandparents bought clowns and lighthouses for Christmas decorations is a mystery that may never be solved.

So what’s next? For one, I need to figure out how to do stuff that isn’t just fancy googling which relies on me picking a path in OSINT. I’m still trying to figure out all that it can do and how that might line up with my current interests. Obviously, it’s a great way to gather primary sources for analysis, but I’m also very curious about the ways open-source tools might help us do that analysis.