This newsletter was pretty much done on Sunday morning around 9AM, but the last feature had to wait since I was waiting for the 'Pandoras Papers' to drop. So while enjoying my weekend off, I was checking the news, waiting for some possible hints to show up online. You'll find more on the leak of financial documents at the end of this week's newsletter, but first I have some other tips, tricks and links for you to have a look at. From investigative journalism, to lots of sources for data hoarders:
If you've missed Ben Heubl on Twitter, that's correct. His account was blocked by some Twitter algorithm after he moved out of the country, but he's back online with a different account: @Techjournalisto. Ben, together with Max Bernhard, Jordan Wildon, Tom Jarvis and Brecht Castel are collecting news articles that use open sources to verify or investigate a story, and save those links in a Google Sheet. Dive in, and have a look what techniques have been used to investigate, debunk, or verify news stories!
Link: Google Sheet
Twitter user Odint - OSINT shared a niftly little trick last week on Twitter. Let's say you have've enumerated a bunch of email addresses, and you want to check which one might be real or not. You can dump them in a Google Sheet, and with a simple hover of your mouse cursor, you can spot which ones are active or not. If the avatar is different from the one in the standard 'Google blue', and if the chat option is active, then it seems it's an active email address. A handy little function by Google Sheets. Nice find, thanks for the tip!
The title is "awesome open directories", but it's actually a list of resources for data hoarders, or investigators that have a use for publicly available data. And there are some nice tools in there, like FileChef, that offers some Google CSE's to find public documents in Google Docs for instance. A really nice collection of links, subreddits and websites. Thanks for sharing this David Chorváth!
Link: GitHub repo
Last week I featured a little Twitter thread by Jordan Wildon on verification. He expanded that threat, and wrote an article over at Logically. Despite the fact it was shared last week already, I'm sharing his views again! Simply because it's of utmost importance to keep in mind that innocent lives can be destroyed by one Reddit post, a single tweet, or a YouTube video with content that hasn't properly been verified.
Considering law and ethics is not exactly the sexiest part of conducting digital investigations, but too often people forget to practice due diligence.
— Jordan Wildon (@JordanWildon) September 30, 2021
I expanded on my thread from last week to explore the issues around internet sleuthing.https://t.co/Y5g5fkfX0f
Link: Internet Sleuthing Is a Safeguarding Issue
Maciej Makowski, known as osintme on Twitter, has written a nice little introduction into what is called URL manipulation. This is a technique not uncommon for pentesters, to find pages of interest or even things that usually stay hidden for the normal public. It shows you techniques that might let you find larger images of an avatar, find interesting subdomains, or content that isn't indexed. And some real-world application can be found in this article I wrote back in 2018, or check this old article about the now defunct open API's of Jira, where pertty much the same techniques where used by me. It's a slippery slope though, and a thin line between finding "open information", and finding an actual bug in the configuration of a website, so stay ethical and act responsible.
Link: Osint Me on URL manipulation
The International Consortium of Investigative Journalists, ICIJ for short, together with 600 reporters, have been working for months on a new project. Close to 12 million leaked documents about known tax havens have been studied, shedding a new light on financial wrong doings by earth's most powerful people and companies. From Danish banks harbouring foreign money, to Chinese politicians with a stack of offshore companies. And it's massive! We're talking about Panama Papers large, and only a bit smaller than the Paradise Papers when it comes to the amount of documents. Let's put that in perspective in a little infograph for you, and then you can head over to your nearest news outlet to read what's ging on in the world of offshore companies:
Link: Pandora Papers
Learn a bit more about our precious ocean life, with this Ocean Tracker by SeaWorld. It currently tracks different species of sharks, alligators, dolphins, seals and turtles.
Link: Ocean Tracker
Have a good week and have a good search!