Week in OSINT #2022-12

A small selection of news from the world of OSINT, ranging from deep fake detection to satellite imagery.

Sometimes a new tool comes out that makes me eager to try it out, like the 'Fake Profile Detector' by v7labs that's featured in this episode. But while testing that with a variety of AI generated pictures, it showed what it is: Just a tool that can do one thing fairly okay. And like any other tool, it's important to know what it was designed for, how it operates, and that one should have a good understanding of how to manually verify its results. Because if a tool breaks, gives inconclusive or incorrect results, it's up to the investigator to disregard the findings and take over. Don't ever forget that when you, as a reader, go over my newsletter and start using the tools discussed here, without verification. With that out of the way, let's have a look at this week's overview:

  • Fake Profile Detector
  • Using Tools
  • Scrcpy
  • Downloading YouTube Videos
  • Farearth Observer
  • Satellite Imagery
  • Python Tools

Tool: Fake Profile Detector

Last week Micah Hoffman shared a link to a Chrome extension, that helps to verify the authenticity of a profile photo. The extension sends the URL of the photo that needs to be checked to v7labs, after which a small pop-up will tell you whether the photo seems to be generated, or real. Import to notice that the extension only works on StyleGAN generated photo. I quote:

"DISCLAIMER: This AI model only works with StyleGAN images used to generate fake human faces of people who don't really exist. It does not detect video deepfakes or face swaps."

Photos from ThisPersonDoesNotExist are detected fine, but with photos from Face Generator, claiming to also use StyleGAN, it had some issues. I tested 5 male and 5 female faces, and it only detected a generated face twice. So remember that it's not perfect, so make sure to take the results with a grain of salt. It might improve over time, but don't depend on it.

Fooling the AI with... AI!
Fooling the AI with... AI!

Link: Chrome Web Store

Tip: Using Tools

TL;DR version: When you work with anything that automate tasks, it's important to know what it does and how it does it. Is it a simple command or tool to retrieve data in situ, and stores it in a solid and verifiable way? No problem there. But when a tool or service is providing analysis or even intelligence, without showing you how certain conclusions where reached, then there are basically two options. You find a second source to back up the original findings, or take the necessary steps to verify it manually. If for some reason it's impossible to verify, then you need to think about whether you want to add it to your report or not. But always make sure you treat it for what it is: Corroborating evidence at best, or when it's for a court case it'll probably be seen as insufficient evidence.

This section is something completely different in my newsletter, because I think it's important to discuss it after writing the previous section on Fake Profile Detector. I wanted to write something on using tools in general, and my personal advice on it. Whether it's an open source Python script, a web based tool of some kind, or even an online service or platform that you use. Whatever you use: Verify everything! This is also one of the reasons why I mainly use tools to capture and save content, while more than 70 to 90 percent of my work involves manual investigations and verification.

The reason I bring this up is that I've seen it more than once that people put more faith in a tool and its outcome, than the verdict of experts or other people's contradicting findings. Don't make that mistake, but make sure to verify things that you come across. Let's have a look at what the Oxford Dictionary says about the meaning of the word 'verification':

"The process of establishing the truth, accuracy, or validity of something."

If you aren't looking for the truth, accuracy or the validity of a certain claim, what are you looking for then? Without verification an important step in the whole investigative process has been skipped. And it doesn't matter whether you want to show off your skills on Twitter, you are a research journalist working on a piece, or are working in this field in some legal capacity. When you are conducting an investigation, make sure to verify everything. Since it usually involves people, it's simply NOT your call to make and judge those people with claims that are unfounded! Because you can't turn it back once the findings are published, and the effects can be devastating. Just watch Don't F*** With Cats again, and pay attention to how an innocent man from South Africa was doxxed and committed suicide.

Let's close off with an example or a real world boo-boo that I've seen way too often. People often use online tools like Namecheckr or Instantusername to check whether a user can be found on multiple platforms. Even a tool like WhatsMyName, that does a good job verifying account existence, isn't completely foolproof. If a tool like that comes up with a list of websites where a specific username is found, never just copy-paste those lists into a report. Because those sites don't offer any proof that accounts exist, but only use the quickest shortcut imaginable to point you in the direction of a possible hit.

If you want to give it a try, then I'd welcome you to go to those two sites, and bang your head on the keyboard to generate a completely random and ridiculous username like jad724tuqevadksty77. Are you absolutely sure there's a Reddit account with that name? Or one on Foursquare? Managed to find the 500px one? The answer is no. The 'tool' says yes, but within 10 seconds you can see that those accounts don't exist. Simply because these tools were never meant to provide accurate results, merely a fancy way of plotting a maybe on your monitor.

Don't take results of tools or sites at face value, but verify everything. And even if an account exist, go the extra mile to verify it's actually the same person you are looking for. Else you'll end up chasing dozens of different people using some generic nickname.

Verification is key!

Tool: Scrcpy

Some time ago someone asked me about virtual phones, and how I work with them. Even though I do have some virtual phones, I sometimes have the challenge of running apps like Snapchat. So I've been using several physical phones since day 1. And one of the most simple tools to use for me so far has been 'scrcpy' by Genymotion. It can capture and control any connected Android device, and enables me to capture anything that is shown on the screen as it is.

Capturing your Android phone and recording movies
Capturing your Android phone and recording movies

Link: https://github.com/Genymobile/scrcpy

Site: Downloading YouTube Videos

Zewen shared a tip on how to download high quality videos from YouTube. By adding the letters pp in the URL, thus changing youtube.com to youtubepp.com, you are being redirected to the website y2mate, where you can immediately download the video in any quality you want, or only extract the sound and download it as an MP3. Thanks for the tip!

Downloading videos for archiving purposes
Downloading videos for archiving purposes

Link: https://www.y2mate.com/

Site: Farearth Observer

Someone called 'wisdom' shared an awesome link on the OSINTCurious Discord. The site Farearth Observer tracks satellites in real-time, but also has links to recordings of their flights. You can select any recording, and see the image build up on your screen, including population information on cities that pop up. It doesn't have the highest resolution out there, but it's an awesome resource for people that needs near-realtime imagery intelligence, or just as an awesome way to kill some time!

Watching Denmark being captured by Landsat 8
Watching Denmark being captured by Landsat 8

Link: http://observer.farearth.com/observer/

Tip: Satellite Imagery

Talking about satellite imagery, Julia Bayer shared some knowledge and tips on this. In this Twitter thread she explains the differences between optical and radar satellites, and shares some sites and sources where anyone can dive into the world of satellite imagery. Thanks for sharing!

Link: Twitter Thread

Links: Python Tools

Ritu Gill gives trainings over at Cyber Training International, and they share some Start.me pages online. One of them is a list of Python tools. It's actually called 'Linux Tools', but a very quick look learned that most of these are simply Python based tools, and most of these will probably run within Windows without problems. It's a collection of all kinds of scripts, ranging from social media to digital assets.

Collection of scripts on GitHub and tutorials
Collection of scripts on GitHub and tutorials

Link: https://start.me/p/9E2mea/linux-tools

Have a good week and have a good search!

Previous Post Next Post