OSINT all the things!

I was on Twitter the other day (when am I not? 😉) and a post caught me eye, an industry friend’s post caught my eye, challenging the audience to identify their location (specifically which station they are at!), this I thought might be a cool challenge. The first post below is from Paul (Gaming Works) which gives a limited amount of information and a nice image:

The game is on!

I wondered to myself, even without the top descriptive text and using only the image could I locate exactly where they are? And as Sherlock says, the game, (Mr Paul) is on!

So off I set, armed with a cup of tea, to try and identify where Paul is sitting. In this post I’m going to explain what actions I took to find Paul (he kindly agreed that I could write this experiment up), so without further ado, let’s delve into the process:

The first course of action was to take note of the interesting details:

• Paul is running Windows 10 (username: Paul Wilkison) and appears to have a web cam cover (well done Paul!)
• We can see this is a station from the platform numbers, 13, 14 and 16
  • We can see the orientation of the platforms and the esclators
  • We can see that the escalator controls have a specific look, the language of the word elevator (in Dutch) and the location of the emergency stop button and key ock
  • We notice that there is a company name/logo of a Mobile phone store named: Lebara
  • We can see the style of signage (yellow and blue)

Straight away we have a good idea that Paul is in the Netherlands based on language and that the station he is sitting in likely has a Lebara store:

A quick use of the Lebara store finder we search for addresses that include a station (or Stationsplein to be exact). This gives us a range of targets.

We also need to look at station floor plans, so we serach for these and bingo, we have more intel:

We investigate the platform diagrams from these stations, as we know this station has at least 16 platforms and specially has no additional designation (e.g. a or b etc.):

The floor plan image below is from Amsterdam Central

So that’s one target off the list, next we check the airport:

This station is far too small and doesn’t have the right number of platforms so that’s off the list. Next up we check is Rotterdam:

As you can see from my mouse scrawl we think this is a likely candidate. We know from our intelligence gathering the following:

• There are enough platforms
• The escalator patter could match
• There is a store based on Lebara’s store finder

We now want to really nail it… the part that really caught me eye were the escalators:

So I started to search you images/videos of station escalators at Rotterdam and here we have it!

We not only have a highly likely match on the escalator control panel style, but we also have the same font style for platform numbers, we also can see a similar shop front logo in the top left!

Target Located

Armed with some Yorkshire tea, a single picture from a smartphone (with no metadata) and the power of the internet, we were able to successfully locate Paul, almost to the exact spot on the map. Not only has this been a good example of using open source intelligence gathering to locate a person, it was also great some great fun to be had to kick off the 2019 (where I’m sure this won’t be the only OSINT I conduct!), and finally here are snippets of the reactions!

Well I hope that provides an insight into some of the thought process that can be used to identify target data from only limited sources and provides a few smiles along the way. As with all these tools, tactics and techniques, use them for good! Paul was a great sport! Remember to be careful what you post on social media! Something which may appear harmless can hold the keys to far greater levels of information!