logo-unlock-security

OSINT Challenge #1 – Can you tell where it is?

OSINT Challenge #1 – Can you tell where it is?

How easily can someone find out where you have been?

In a world where we flood our social media with pictures, video and audio contents from our lives, privacy is lacking more and more. We are fine with it, though — all in all, we want everybody to see us... But are we truly aware of the information that we are posting? Is a picture really just a picture?

In this article, we will use Open Source INTelligence (OSINT) to show how it is possible to determine the exact location where this picture was taken:

Source image that we are using for our OSINT analysis, aiming to identify the exact location where it was taken

The resolution of the picture is low, and the angle from which it was taken shows just a white ceiling, hiding many details that would have been far more useful for us. For sure, the only elements that catch our attention and can help exclude some places from our assumptions are the structures in the background: spherical metallic cages covered with red lights. We don't know what they are, but they don't look so conventional.

Lacking information and details about the place, we can focus our OSINT research on the woman.

Identifying the individual

Improving the image resolution

The woman in the picture is not a public figure. So, first we must find out who she is. The picture is small and quite blurry, but we can try to improve its resolution to better see the facial traits of our individual.

To unblur the picture, these are the best tools that we found online:

  • Fotor, which is particularly effective when it comes to faces, thanks to its specific optimizations based on the use of AI.
  • PicWish, which strongly increases the resolution of pictures, but could deform some facial traits when, for example, image noise or spots are present.

In the pictures below we can see:

  1. Original face, without edits
  2. Face processed with Fotor, from the original picture
  3. Face processed with PicWish, from the original picture
  4. Face processed with PicWish, from the 2nd picture (i.e. the one from Fotor)

As said earlier, PicWish returns our pictures with a higher level of detail. Using the original photo as the source, however, we see how the application slightly distorts the eyes, the nose and the mouth. The best result is the one that combines both tools, as shown below in comparison with the original photo:

Image link

Finding other pictures of the individual

When you are trying to identify someone, having a picture of their face is a great advantage. In particular, we can use it to look for their social accounts, or for other pictures posted online that show the same person. In this case too, the introduction of AI significantly increased the number and the quality of the results, allowing us to not only to look for the source of the original picture, but for any photo portraying the same person. No matter if that someone is elsewhere, has a different facial expression, another haircut and so on.

These are the best OSINT sources that we have found to do it:

  • PimEyes, probably the solution that provides the most results. It features a huge database of pictures taken from open sources, including some CDNs. Social networks are excluded, in compliance with the policies against automated crawling.
  • Search4Faces, that features advanced filters such as age, nationality, city and gender. Being mainly limited to TikTok and VKontakte, it is particularly effective with individuals coming from Russia or other CIS countries.

Let’s now assume that the individual is not Russian, to show the approach that would be used in most cases. For our analysis, we will then use PimEyes, which looks like this:

PimEyes' Homepage, for searching face images

Just by clicking on "Upload a photo", we can upload one or more pictures of our individual. Automatically, the application will recognize the face and isolate it. At this point, we can filter our results — for example, we can exclude any explicit content, or set a time range for our research. When everything is set, we can click on "Start Search".

PimEyes' interface after uploading a picture to search for similar faces

Starting the research, we obtain impressive results in a few seconds. All the top results show our individual, except the statue... which has quite similar physiognomic features, though.

PimEyes' interface after uploading a picture to search for similar faces

Unless having a subscription plan or paying about 17€, PimEyes will not show the whole pictures, nor the link to the website from which they were taken. All that it shows us is the main domain from which the pictures were taken and how many times they occurred on different websites.

Observing the domains, we notice that they are mainly websites that leak private profiles on OnlyFans, Fansly, and other similar services. Based on this, we draw 3 fundamental conclusions:

  1. Our individual is likely to own a private channel for explicit content.
  2. Whoever sent us this picture may have subscribed to the private channel of our individual (alright, this may not be a fundamental conclusion).
  3. On one hand, it will be easier to get further information (e.g. social media like TikTok or Instagram for advertising the private channel). On the other hand, our research may get complicated, because several search engines limit explicit results, even when you disable the related filters.

Finding out the identity of our individual

At this point, we have enough pictures to carry out further researches. Among them, we select those without explicit content, and that were found more than one time. Among the previous results, we see plenty of selfies "phone in hand", so we take them as a reference for our research because they are more likely to give us results.

For our OSINT research, we will rely on the Reverse Image Search from Yandex (the Russian counterpart of Google), because it filters less explicit content compared to the other search engines. Taking into account the considerations that we made before, this path will probably lead to more results.

We open Yandex Images, click on the camera icon and upload a picture from the results of PimEyes. To this end, we chose the second picture in the first row.

Results from Yandex's Reverse Image Search

In this case, we find a perfect match that leads us to the original picture, the exact link from which it was taken and the identity of our individual: Ekaterina Martynova a.k.a. kat3martynova or katmartynova1.

Identifying the place

To identify the place or other information that could lead us to the place, we move to Google and take advantage of all its limitations in relation to explicit content, focusing on photos and videos that could contain more details.

We soon notice that the individual is very active on almost every social media platform. That’s probably what she does for a living.

Scrolling through her Instagram, TikTok, VKontakte and various accounts, there are no hints concerning the place we are looking for, or other details. Unfortunately, we don’t know when the picture was taken and how long we should scroll down to find it. So, we take a quick glance at all her other social media too.

Entering her YouTube channel, there is a detail that soon catches our eye:

YouTube channel of the individual

In the last video in the bottom-right corner, the dress worn by our individual looks like the one in the original picture. We open the video to check it:

Comparing the dresses worn by the individual in the original photo and in the spotted video

It is the same dress, quite obviously. In particular, we deduce it from:

  • The same color
  • The same wrinkles on the sleeves, due to their length
  • The same side slits
  • The same white detail on the left flank, above the slit

Reading the description of the video, we acknowledge two fundamental details:

Date and description of the video that features the individual with the same dress as in the original photo

First of all, we have a date: April 22nd, 2023. So, we can limit our research to a specific time frame, moving from a range of several years to a couple of months at most.

Secondly, according to the description, this dress is meant for an event that she attends every year, hosted by the club of an adults-only hotel.

So, we can assume that there must be several contents shot in the same place, also from previous years. On one hand, we enlarge our research range again. On the other hand, we highly improve our chances of success.

At this stage, the first thing we try to do is an advanced search on Google with the following query: "kat3martynova adult hotel".

Google's results based on the research of the terms obtained from the video on YouTube

The first result is the video that we have already analyzed. The second one, however, has the same keywords and was posted in the same period. Definitely, it is worth a look. And yes...

YouTube video in which it is revealed the name of the hotel in the picture

Fast-forwarding the video to minute 03:40, we recognize the structures in the background of the original picture, and the description of the video reveals the name of the hotel: Adam and Eve.

Now we just have to make a simple research on Booking (or any other online travel agency) to acknowledge the exact location where the picture was taken. So, the Adam & Eve hotel in Iskele Mevkii Antalya, 07500 Belek, Turkey.

Hotel where the picture was taken
Picture of the hotel club, obtained by OSINT analysis

Conclusions

The purpose of this analysis is demonstrating that even the smallest, blurriest and apparently most insignificant picture without context can be used by attackers proficient at using OSINT to gain much more information.

Of course we will not tell anybody to stop posting on social media, or using them. Just be aware that a picture is not just a picture, and every detail can turn into valuable information for those who can seize it.

Francesco Marano
Francesco Marano
Founder | Cyber Security Consultant
www.unlock-security.it

I'm an offensive cyber security expert with several years of experience as penetration tester and team leader.I love making software do things other than what they were designed to do!I do security research to find new bugs and new ways to get access to IT assets. I'm a speaker at events talking about my research to share my findings and improve the awareness about cyber security issues.

Related Posts