Indice
ToggleIntroduction
How easily can someone find out where you have been?
In a world where we flood our social media with pictures, video and audio contents from our lives, privacy is lacking more and more. We are fine with it, though — all in all, we want everybody to see us... But are we truly aware of the information that we are posting? Is a picture really just a picture?
In this article, we will use Open Source INTelligence (OSINT) to show how it is possible to determine the exact location where this picture was taken:
We have been given this picture as a starting point for this analysis, without any context, nor information of any kind. We don't know where this picture comes from or when it was taken, nor any details about the woman or the other people in it. All we have is just the picture.
The resolution of the picture is low, and the angle from which it was taken shows just a white ceiling, hiding many details that would have been far more useful for us. For sure, the only elements that catch our attention and can help exclude some places from our assumptions are the structures in the background: spherical metallic cages covered with red lights. We don't know what they are, but they don't look so conventional.
Lacking information and details about the place, we can focus our OSINT research on the woman.
Identifying the individual
Improving the image resolution
The woman in the picture is not a public figure. So, first we must find out who she is. The picture is small and quite blurry, but we can try to improve its resolution to better see the facial traits of our individual.
To unblur the picture, these are the best tools that we found online:
- Fotor, which is particularly effective when it comes to faces, thanks to its specific optimizations based on the use of AI.
- PicWish, which strongly increases the resolution of pictures, but could deform some facial traits when, for example, image noise or spots are present.
In the pictures below we can see:
- Original face, without edits
- Face processed with Fotor, from the original picture
- Face processed with PicWish, from the original picture
- Face processed with PicWish, from the 2nd picture (i.e. the one from Fotor)
As said earlier, PicWish returns our pictures with a higher level of detail. Using the original photo as the source, however, we see how the application slightly distorts the eyes, the nose and the mouth. The best result is the one that combines both tools, as shown below in comparison with the original photo:
Finding other pictures of the individual
When you are trying to identify someone, having a picture of their face is a great advantage. In particular, we can use it to look for their social accounts, or for other pictures posted online that show the same person. In this case too, the introduction of AI significantly increased the number and the quality of the results, allowing us to not only to look for the source of the original picture, but for any photo portraying the same person. No matter if that someone is elsewhere, has a different facial expression, another haircut and so on.
These are the best OSINT sources that we have found to do it:
- PimEyes, probably the solution that provides the most results. It features a huge database of pictures taken from open sources, including some CDNs. Social networks are excluded, in compliance with the policies against automated crawling.
- Search4Faces, that features advanced filters such as age, nationality, city and gender. Being mainly limited to TikTok and VKontakte, it is particularly effective with individuals coming from Russia or other CIS countries.
Let’s now assume that the individual is not Russian, to show the approach that would be used in most cases. For our analysis, we will then use PimEyes, which looks like this:
Just by clicking on "Upload a photo", we can upload one or more pictures of our individual. Automatically, the application will recognize the face and isolate it. At this point, we can filter our results — for example, we can exclude any explicit content, or set a time range for our research. When everything is set, we can click on "Start Search".
As you have surely noticed from the image above, we did not use the improved picture for our research, but the original one. That is because the improved picture gave no results. It is probably due to two factors: on one hand, the AI that runs the optimization can add facial traits or manipulate them, making the face look different in the eyes of the search engine. On the other hand, the other pictures online may be blurry as well, so they could look more like the original photo.
Despite this, having a higher-resolution picture will help us recognize our individual among the search possible results.
Starting the research, we obtain impressive results in a few seconds. All the top results show our individual, except the statue... which has quite similar physiognomic features, though.
Unless having a subscription plan or paying about 17€, PimEyes will not show the whole pictures, nor the link to the website from which they were taken. All that it shows us is the main domain from which the pictures were taken and how many times they occurred on different websites.
Observing the domains, we notice that they are mainly websites that leak private profiles on OnlyFans, Fansly, and other similar services. Based on this, we draw 3 fundamental conclusions:
- Our individual is likely to own a private channel for explicit content.
- Whoever sent us this picture may have subscribed to the private channel of our individual (alright, this may not be a fundamental conclusion).
- On one hand, it will be easier to get further information (e.g. social media like TikTok or Instagram for advertising the private channel). On the other hand, our research may get complicated, because several search engines limit explicit results, even when you disable the related filters.
Finding out the identity of our individual
At this point, we have enough pictures to carry out further researches. Among them, we select those without explicit content, and that were found more than one time. Among the previous results, we see plenty of selfies "phone in hand", so we take them as a reference for our research because they are more likely to give us results.
For our OSINT research, we will rely on the Reverse Image Search from Yandex (the Russian counterpart of Google), because it filters less explicit content compared to the other search engines. Taking into account the considerations that we made before, this path will probably lead to more results.
We open Yandex Images, click on the camera icon and upload a picture from the results of PimEyes. To this end, we chose the second picture in the first row.
In this case, we find a perfect match that leads us to the original picture, the exact link from which it was taken and the identity of our individual: Ekaterina Martynova a.k.a. kat3martynova or katmartynova1.
Identifying the place
To identify the place or other information that could lead us to the place, we move to Google and take advantage of all its limitations in relation to explicit content, focusing on photos and videos that could contain more details.
We soon notice that the individual is very active on almost every social media platform. That’s probably what she does for a living.
Scrolling through her Instagram, TikTok, VKontakte and various accounts, there are no hints concerning the place we are looking for, or other details. Unfortunately, we don’t know when the picture was taken and how long we should scroll down to find it. So, we take a quick glance at all her other social media too.
Entering her YouTube channel, there is a detail that soon catches our eye:
In the last video in the bottom-right corner, the dress worn by our individual looks like the one in the original picture. We open the video to check it:
It is the same dress, quite obviously. In particular, we deduce it from:
- The same color
- The same wrinkles on the sleeves, due to their length
- The same side slits
- The same white detail on the left flank, above the slit
Reading the description of the video, we acknowledge two fundamental details:
First of all, we have a date: April 22nd, 2023. So, we can limit our research to a specific time frame, moving from a range of several years to a couple of months at most.
Secondly, according to the description, this dress is meant for an event that she attends every year, hosted by the club of an adults-only hotel.
So, we can assume that there must be several contents shot in the same place, also from previous years. On one hand, we enlarge our research range again. On the other hand, we highly improve our chances of success.
At this stage, the first thing we try to do is an advanced search on Google with the following query: "kat3martynova adult hotel".
The first result is the video that we have already analyzed. The second one, however, has the same keywords and was posted in the same period. Definitely, it is worth a look. And yes...
Fast-forwarding the video to minute 03:40, we recognize the structures in the background of the original picture, and the description of the video reveals the name of the hotel: Adam and Eve.
It is worth noting that, in this video, the individual mentions having lived in this hotel for one month. As a matter of fact, the date of this video and the date of the previous video differ by one month, more or less. So, this confirms not only that this is the right hotel, but also the right time period.
Now we just have to make a simple research on Booking (or any other online travel agency) to acknowledge the exact location where the picture was taken. So, the Adam & Eve hotel in Iskele Mevkii Antalya, 07500 Belek, Turkey.
Conclusions
The purpose of this analysis is demonstrating that even the smallest, blurriest and apparently most insignificant picture without context can be used by attackers proficient at using OSINT to gain much more information.
Of course we will not tell anybody to stop posting on social media, or using them. Just be aware that a picture is not just a picture, and every detail can turn into valuable information for those who can seize it.