Interesting Search Tool: Tumbex

December 13, 2022

Interest in Open Source Intelligence has crossed what I call the Murdoch Wall Street Journal threshold. My MWSJ is that a topic, person, or idea bubbles along for a period of time, in this instance, decades. OSINT was a concept was discussed by a number of people in the 1980s. In fact, one advocate — a former Marine Corps. officer and government professional — organized open source intelligence conferences decades ago. That’s dinobaby history, and I know that few “real news” people remember Robert David Steele or his concepts about open source in general or OSINT in particular. (If you are curious about the history, email the Beyond Search team at benkent2020 @ yahoo dot com. Why? I participated in Mr. Steele’s conferences for many years, and we worked on a number of open source projects for a range of clients until shortly before his death in August 2021.) Yep, history. Sometimes knowing about events can be helpful.

Let’s talk about online information; specifically, an OSINT tool available since 2014 if my memory is working this morning. The tool is called Tumbex. With it, one can search Tumblr content.

image

Here’s what the Web site says:

Tumbex indexes only tumblr posts which have caption or tags. We analyse the content and define if tumblr or posts are nsfw/adult. If your tumblr was detected as nsfw by mistake, you can request a review and we will manually check your tumblr.

This is interesting. However, with a bit of query testing one can find some quite sporty content on the service.

The service, allegedly became available in 2014, is hosted by the French outfit OVH. According to StatShow, Tumbex has experienced a jump in traffic. The site is not particularly low profile because it has a user base of an estimated one million humans or bots. (Please, keep in mind that click data are often highly suspect regardless of source.) FYI: StatShow can be a useful OSINT resource as well.

If you are interested in some of the OSINT resources my team relies upon, navigate to www.osintfix.com. Click the image and a new window will open with an OSINT resource displayed. No ads, no trackers, no editorial. Just an old fashioned 1994 Web site which can be used fill an idle moment.

Now that the MWSJ threshold has been crossed, OSINT is a thing, an almost-overnight success with some youthful experts emphasizing that the US government has been asleep at the switch. I am not sure that assessment is one I can fully support.

Stephen E Arnold, December 13, 2022

OSINT: HandleFinder

November 22, 2022

If you are looking for a way to identify a user “handle” on various social networks, you may want to take a look at HandleFinder. The service appears to be offered without a fee. The developer does provide a “Buy Me a Coffee” link, so you can support the service. The service accepts a user name. We used our favorite ageing teen screen name ibabyrainbow or babyrainbow on some lower profile services. HandleFinder returned 31 results on our first query. (We ran the query a second time, and the system returned 30 results. We found this interesting.)

The services scanned included Patreon, TikTok, and YouTube, among others. The service did not scan the StreamGun video on demand service or NewRecs.

In order to examine the results, one clicks on service name which is underlined. Note that once one clicks the link, the result set is lost. We found that the link should be opened in a separate tab or window to eliminate the need to rerun the query after after each click. That’s how one of my team discovered the count variance.

When there is no result, the link in HandleFinder does not make this evident. Links to ibabyrainbow on Instagram returned “Page not found.” The result for Linktr.ee returned the Linktr.ee page of links, which means more clicking.

If one is interested in chasing down social media handles, you may want to check out this service. It is promising and hopefully will be refined.

Stephen E Arnold, November 22, 2022

Free and Useful OSINT Resource

November 8, 2022

For anyone interested in OSINT resources, here is a free eBook from low-profile intelware vendor Babel Street: Cybersecurity Insiders hosts “Open Source Intelligence (OSINT) Use Cases.” As the name implies, the volume describes practical applications of OSINT tools. The description reads:

“Businesses must be continually ready to mitigate all types of commercial and corporate risks. Some risks are known and easy to spot, but many are unknown and constantly evolving – your organization must be prepared to manage all of them or face serious consequences. A robust open-source intelligence (OSINT) platform is the answer. It combines publicly available information (PAI) data sources, with curated data streams, and filters to generate the actionable intelligence required to enhance protection or take action. This eBook includes twelve use cases exploring how OSINT tools help generate insights needed to drive improvements across:

  • Cyber risk management
  • Brand risk management
  • Operational risk management
  • Due diligence”

The book opens with a summary of how OSINT works and how it can be used. One notable use case is the very physical Event and Venue Protection under the otherwise BI-centered Brand Risk Management. One must provide some basic information before downloading the free resource, including name, company, email address, and phone number. Once registered with Cybersecurity Insiders, though, one has access to the site’s considerable roster of free cybersecurity resources. This includes another volume from Babel Street, “Best Practices for Using Publicly Available Information in Global Risk Management.” The firm’s clients include both government agencies and private enterprises. Not coincidentally, its AI analytics platform can assist organizations with the use cases described in the book. Based outside DC in Reston, Virginia, Babel Street was founded in 2009.

Cynthia Murrell, November 8, 2022

DYOR and OSINT Vigilantes

November 7, 2022

DYOR is an acronym used by some online investigators for “do your own research.” The idea is that open source intelligence tools provide information that can be used to identify bad actors. Obviously once an alleged bad actor has been identified, that individual can be tracked down. The body of information gathered can be remarkably comprehensive. For this reason, some law enforcement, criminal analysts, and intelligence professionals have embraced OSINT or open source intelligence as a replacement for the human-centric methods used for many years. Professionals understand the limitations of OSINT, the intelware tools widely available on GitHub and other open source software repositories, and from vendors. The most effective method for compiling information and doing data analysis requires subject matter experts, sophisticated software, and access to information from Web sites, third-party data providers, and proprietary information such as institutional knowledge.

If you are curious about representative OSINT resources used by some professionals, you can navigate to www.osintfix.com and click. The site will display one of my research team’s OSINT resources. The database the site pulls from contains more than 3,000 items which we update periodically. New, useful OSINT tools and services become available frequently. For example, in the work for one of our projects, we came across a useful open source tool related to Tor relays. It is called OrNetStats. I mention the significance of OSINT because I have been doing lectures about online research. Much of the content in those lectures focuses on open source and what I call OSINT blind spots, a subject few discuss.

The article “The Disturbing Rise of Amateur Predator=Hunting Stings: How the Search for Men Who Prey on Underage Victims Became a YouTube Craze” unintentionally showcases another facet of OSINT. Now anyone can use OSINT tools and resources to examine an alleged bad actor, gather data about an alleged crime, and pursue that individual. The cheerleading for OSINT has created a boom in online investigations. I want to point out that OSINT is not universally accurate. Errors can creep into data intentionally and unintentionally. Examples range from geo-spoofing, identifying the ultimate owner of an online business, and content posted by an individual to discredit a person or business. Soft fraud (that is, criminal type actions which are on the edge of legality like selling bogus fashion handbags on eBay) is often supported by open source information which has been weaponized. One example is fake reviews of restaurants, merchants, products, and services.

I urge you to work through the cited article to get a sense of what “vigilantes” can do with open source information and mostly unfiltered videos and content on social media. I want to call attention to four facets of OSINT in the context of what the cited article calls “predator-hunting stings”:

First, errors and false conclusions are easy to reach. One example is identifying the place of business for an online service facilitating alleged online crime. Some services displace the place of business for some online actors in the middle of the Atlantic Ocean or on obscure islands with minimal technical infrastructure.

Second, information can be weaponized to make it appear that an individual is an alleged bad actor. Gig work sites allow anyone to spend a few dollars to have social media posts created and published. Verification checks are essentially non-existent. One doesn’t need a Russia- or China-system intelligence agency; one needs a way to hire part time workers usually at quite low rates. How does $5 sound.

Third, the buzz being generated about OSINT tools and techniques is equipping more people than ever before to become Sherlock Holmes in today’s datasphere. Some government entities are not open to vigilante inputs; others are. Nevertheless, hype makes it seems that anything found online is usable. Verification and understanding legal guidelines remain important. Even the most scrupulous vigilante may have difficulty getting the attention of some professionals, particularly government employees.

Fourth, YouTube itself has a wide range of educational and propagandistic videos about OSINT. Some of these are okay; others are less okay. Cyber investigators undergo regular, quite specific training in tools, sources, systems, and methods. The programs to which I have been exposed include references to legal requirements and policies which must be followed. Furthermore, OSINT – including vigilante-type inputs – have to be verified. In my lectures, I emphasize that OSINT information should be considered background until those data or the items of information have been corroborated.

What’s the OSINT blind spot in the cited article’s report? My answer is, “Verification and knowledge of legal guideless is less thrilling than chasing down an alleged bad actor.” The thrill of the hunt is one thing; hunting the right thing is another. And hunting in the appropriate way is yet another.

DYOR is a hot concept. It is easy to be burned.

Stephen E Arnold, November 7, 2022

OSINT Is Popular. Just Exercise Caution

November 2, 2022

Many have embraced open source intelligence as the solution to competitive intelligence, law enforcement investigations, and “real” journalists’ data gathering tasks.

For many situations, OSINT as open source intelligence is called, most of those disciplines can benefit. However, as we work on my follow up to monograph to CyberOSINT and the Dark Web Notebook, we have identified some potential blind spots for OSINT enthusiasts.

I want to mention one example of what happens when clever technologists mesh hungry OSINT investigators with some online trickery.

Navigate to privtik.com  (78.142.29.185). At this site you will find:

image

But there is a catch, and a not too subtle one:

image

The site includes mandatory choices in order to access the “secret” TikTok profile.

How many OSINT investigators use this service? Not too many at this time. However, we have identified other, similar services. Many of these reside on what we call “ghost ISPs.” If you are not aware of these services, that’s not surprising. As the frenzy about the “value” of open source investigations increases, geotag spoofing, fake data, and scams will escalate. What happens if those doing research do not verify what’s provided and the behind the scenes data gathering?

That’s a good question and one that gets little attention in much OSINT training. If you want to see useful OSINT resources, check www.osintfix.com. Each click displays one of the OSINT resources we find interesting.

Stephen E Arnold, November 2, 2022

Wonderful Statement about Baked In Search Bias

October 12, 2022

I was scanning the comments related to the HackerNews’ post for this article: “Google’s Million’s of Search Results Are Not Being Served in the Later Pages Search Results.”

Sailfast made this comment at this link:

Yeah – as someone that has run production search clusters before on technologies like Elastic / open search, deep pagination is rarely used and an extremely annoying edge case that takes your cluster memory to zero. I found it best to optimize for whatever is a reasonable but useful for users while also preventing any really seriously resource intensive but low value queries (mostly bots / folks trying to mess with your site) to some number that will work with your server main node memory limits.

The comment outlines a facet of search which is not often discussed.

First, the search plumbing imposes certain constraints. The idea of “all” information is one that many carry around like a trusted portmanteau. What are the constraints of the actual search system available or in use?

Second, optimization is a fancy word that translates to one or more engineers deciding what to do; for example, change a Bayesian prior assumption, trim content based on server latency, filter results by domain, etc.

Third, manipulation of the search system itself by software scripts or “bots” force engineers to figure out what signals are okay and which are not okay. It is possible to inject poisoned numerical strings or phrases into a content stream and manipulate the search system. (Hey, thank you, search engine optimization researchers and information warfare professionals. Great work.)

When I meet a younger person who says, “I am a search expert”, I just shake my head. Even open source intelligence experts display that they live in a cloud of unknowing about search. Most of these professionals are unaware that their “research” comes from Google search and maps.

Net net: Search and retrieval systems manifest bias, from the engineers, from the content itself, from the algorithms, and from user interfaces themselves. That’s why I say in my lectures, “Life is easier if one just believes everything one encounters online.” Thinking in a different way is difficult, requires specialist knowledge, and a willingness to verify… everything.

Stephen E Arnold, October 12, 2022

US Federally Funded Research: Open Access, Folks

September 7, 2022

In a surprise announcement, reports Ars Technica, “US Government to Make All Research it Funds Open Access on Publication.” The new policy was issued by the Office of Science and Technology Policy (OSTP) at the end of August. We expect this will be a windfall for researchers—in and outside the US. Though the US government is believed to be the world’s largest funder of scientific research, only those paying for subscriptions to academic journals have had access to many (most?) publicly funded studies. Writer John Timmer notes this constraint has loosened in recent years as a result of increased open-access journals and, especially with COVID-19 research, a trend toward preprints. We learn:

“Some people involved in scientific publishing worried that these trends would undercut the finances of the entire publishing industry, while others hoped to push them to open up all scientific publishing. This tension played out in the halls of Congress, where competing legislation would mandate or block open access to federal research. A truce of sorts was reached during the Obama administration. For federally funded research, publishers had two choices: either make the publication open access from the start or have subscription-only access for a year before opening things up. Government-sponsored repositories were opened to host copies of papers that weren’t made open access on the publisher’s site. In the intervening time, there has been a lot of growth in open access journals, and many subscription journals allowed authors to pay a fee to immediately open published papers. Most subscription journals also offered COVID-related papers as open access without any additional fees. OSTP has apparently decided that these adjustments have prepared the industry to survive even greater access levels.”

One provision requires a digital identifier, like a DOI, for all data and documentation. The policy memorandum argues the benefits of open access became apparent during the pandemic, when it accelerated researchers’ understanding of the virus and the development of a vaccine. Acting head of the OSTP Alondra Nelson expects the change will lead to gains across society. She stated:

“When research is widely available to other researchers and the public, it can save lives, provide policymakers with the tools to make critical decisions, and drive more equitable outcomes across every sector of society.”

Publishers have some time to pivot—the policy goes fully into effect in 2026. The article notes they could still make a buck from these papers by creating versions with added features like integrated graphics / videos or cross-references to other studies. Will that be enough to sooth ruffled feathers?

Cynthia Murrell, September 7, 2022

Deep Fakes: Alarming Predictions Made Real

August 25, 2022

Here is one disturbing way deep fakes can provide bad actors with a new money-making opportunity. Reporting on a growing, Google-play enabled problem, Rest of World tells us “Mexican Scam Loan Apps Will Edit Your Face onto X-Rated Photos and Send Them to Your Family.” Yes, at least one victim had such faked images sent to her contacts, including her minor daughter, along with the claim she had turned to prostitution to pay off her loan. In their odious efforts to collect more funds than they lent in the first place, these outfits will also dox victims and harass with ceaseless threatening phone calls. Reporter Erika Lilian Contreras writes:

Rest of World identified 94 loan apps listed as possibly related to doxxing activities across various Mexican cyber police departments; 35 of these are available on Google’s Play store, the app store on Android devices, which account for 80.87% of mobile internet traffic in Mexico. According to victims, government officials, digital rights activists, and platforms, gaps in Mexican law allow these lenders to continue to push scams on app stores and leave victims with no clear avenue to restitution or justice. Consumer education and criminal investigations that come after a crime has occurred are the only ways to currently combat this new type of digital financial fraud, but none of these efforts has stopped the apps from appearing in app stores, according to digital security experts who spoke to Rest of World.”

Mexico’s financial services regulators say it is not their problem since these loan apps are not registered financial institutions. This leaves the national and local cybersecurity agents who, so far, have been unable to keep the problem from growing. Bad actors know a good opportunity when they see one. The article notes:

“While the Mexican government can do little and the tech companies platforming scam loan apps won’t take responsibility, the onus has fallen onto civil society. … However, most activism is limited to educating Mexicans about the risks posed by scam loan apps.”

It would be nice if Google would supply even an ounce of prevention here as it finally did in India. That, however, was only after the Reserve Bank of India forcefully drew about 600 scam-credit apps to its attention.

We wonder: where will deep fake technology be weaponized next? We think we know one knock on effect: Open source intelligence will be eroded or poisoned.

Cynthia Murrell, August 25, 2022

TikTok: Is Joe Rogan the Person to Blow the Whistle on Chinese Surveillance?

August 3, 2022

TikTok has been around since 2015 as A.me and Douyin. If you want to scrape below the shiny surface of the TikTok rags-to-riches story, there something called Musical.ly which surfaced in 2014. In 2018, the Musical.ly management team decided that selling to ByteDance was a super great idea. Then TikTok was created to entertain and log data. Few talk about the link to certain entities in the Chinese political structure. Even fewer think that short videos were bad. Sure, there were allegations of self harm, addiction, erosion of self worth, and students who preferred watching vids pumped at them by a magical algorithm. Nobody, including some Silicon Valley real news people with an inflated view of their intellectual capabilities said, “Yo, TikTok is a weaponized content delivery and surveillance system.” Nope. Just cute videos. What’s the problemo?

Who is now concerned about TikTok? The NSA? The CIA? The badge-and-gun entities in the US Federal government? Well, maybe. But the big voice is now a semi-real sports event announcer. “Joe Rogan Warns Americans about TikTok: China Knows Every … Thing You type.” Hey, Joe, don’t forget psychographic profiling to identify future insider operators, please.

The article reports:

Rogan listed the other data being collected by the popular platform. “‘User agent, mobile carrier, time zone settings, identifiers for advertising purpose, model of your device, the device system, network type, device IDs, your screen resolution and operating system, app and file names and types,’” he said. “So all your apps and all your file names, all the things you have filed away on your phone, they have access to that.” He continued: “‘File names and types, keystroke patterns or rhythms.’”

Hot intel, Mr. Rogan.

Where did this major news originate? From Mr. Rogan’s wellness infused research?

Nope. He read the terms of service.

The estimable newspaper pointed out:

… the tech news site Gizmodo reported that leaked internal documents from TikTok showed the extent to which the app sought to “downplay the China association.” The documents, labeled “TikTok Master Messaging” and “TikTok Key Messages,” detail the social media giant’s public relations strategy during a period of mounting scrutiny from regulators and lawmakers over its parent company ByteDance and its ties to the Chinese Community Party.

Gizmodo? Is this Silicon Valley type “real news” outlet emulating Cryptome.org?

According to the cited New York Post story:

TikTok has pledged to “publish insights about the covert influence operations we identify and remove from our platform globally to show how seriously we take attempts to mislead our community.”

That sounds good just like a cyber security firm’s PowerPoint deck. Talk, however, is not action.

Maybe Mr. Rogan can use his ring announcer voice to catch people’s attention? I am not sure some of the TikTok lovers will listen or believe what Mr. Rogan discovered in the super stealthy terms of service for TikTok.

That’s real open source intel. Put Mr. Rogan on a panel at the next OSINT conference, please. I mean TikTok has a 10 year history and it seems to be quite new to some folks.

Stephen E Arnold, August 3, 2022

UK Organization to Harness Open Source Intelligence

June 30, 2022

Technical innovations over the last decade or so have empowered civilians with tools and information once the strict purview of government agencies. Now the war in Ukraine has prompted a new effort to harness that tech, we learn from the BBC article, “New UK Centre Will Help Fight Information War.” Those behind The Centre for Emerging Technology and Security (CETaS), based at the Alan Turing Institute, have noticed the efforts of Open Source Intelligence (OSINT) enthusiasts are proving effective against Russia’s disinformation campaign (outside of Russia anyway). The new center hopes to develop and channel this expertise. Reporter Gordon Corera writes:

“US and UK governments have been active in using open-source information to be able to talk publicly about what their secret sources are indicating. But this type of information is most powerfully used by those outside government to reveal what is really happening on the ground. On the evening of 23 February, graduate students in Monterey, California, who had been using publicly available satellite imagery to watch Russian tanks on the border with Ukraine, saw Google Maps showing a traffic jam inching towards the Ukrainian border. They tweeted that a war seemed to have started, long before any official announcement.”

Since the invasion, others have used OSINT to illuminate possible war crimes and counter Russian propaganda. For several years, many have considered Russia to be ahead of the tech information game with its weaponization of social media and hacking prowess. According to a pair of anonymous UK officials, however, the balance has shifted since the war began thanks to the skilled use of OSINT resources. Imagine what could be achieved if only such efforts were focused by a dedicated organization. The article continues:

“Harnessing new technology to maintain an edge is part of the new center’s mission. This could include fields like automated recognition of military vehicles from satellite imagery or social media, allowing human experts to spend their time on trickier problems. Tools are already allowing greater translation and interpretation of foreign language material. Artificial Intelligence can also be used to reveal patterns in behavior or language that indicate the presence of an organized disinformation network on social media. Dealing with these challenges at speed is one of the ambitions for the center which aims to build a community that can keep pace with the growing amount of data and tools to exploit it.”

But will the center be able to overcome the barriers? Intelligence agencies face not only regulatory and technical restrictions on what data they can use, but also a bias against information from beyond their institutions. We wonder whether the trend toward pay-to-play OSINT resources help or hurt the cause.

Cynthia Murrell, June 30, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta