Hackers helping communities: Leveraging OSINT to find missing persons
People, in general, like helping other people, no matter their degree of connection. And then there are people who go even further: they find a way to help people help people. Robert Sell, the founder and president of Trace Labs, is one of those individuals.
For the last ten years, Sell has been helping track down missing persons in the wilderness of British Columbia, Canada. But people don’t go missing just in the wilderness, and his background in IT and information security spurred him to explore the possibility of widening searches to encompass the online world.
“As a volunteer in Search & Rescue, I have seen families destroyed when a loved one goes missing. The agony this causes is beyond words to describe. I have also been lucky enough to see families reunited, which the best feeling in the world. I created Trace Labs so we could have more of the later and reduce the suffering,” he told Help Net Security.
OSINT CTFs and more
Trace Labs is a not-for-profit organization that crowdsources open source intelligence (OSINT) to help authorities find missing persons.
Comprised of and led by volunteers, Trace Labs partners with other organizations and law enforcement agencies to set up Capture-The-Flag-type contests during which computer enthusiasts, infosec pros, first responders, hackers and private investigators compete by unearthing open source information that can provide leads for law enforcement to pursue.
“Trace Labs started off by doing OSINT CTFs at infosec conferences, but quickly grew beyond that,” Sell explained.
“In 2019 we crowdsourced open source intelligence with several companies where their staff participated in the event. We also worked with several colleges and universities to add our event to their infosec program curriculum. The feedback on these school events has been extremely positive: students appreciate the non-theoretical nature of the effort and are also very keen on providing assistance to the local community.”
Trace Labs has also recently concluded the National Australian Missing Persons Hackaton 2019, which was set up in partnership with the Australian police and government and marked the first time participants across a country took part in the CTF.
But CTFs are just one part of the story. The organization accepts requests for search operations. They, of course, validate each case before providing assistance, to ensure they don’t go looking for someone who shouldn’t be searched for. They will only work on cases where the police have asked for the public’s assistance, or have directly come to them for help.
Through the organization’s website, those interested in volunteering their OSINT skills can join Trace Labs’ Slack workspace and get advice on how to contribute and where to start. (The “general” channel has a steady influx of new visitors saying “Hi, I would like to help find missing people and bring them home.”)
“Something we are looking to expand into is larger-scale ongoing operations where law enforcement can provide us a consistent stream of cases for our community to work on. In 2020 we plan to expand our service offering with special surprises for our members,” Sell shared.
In general, though, Trace Labs is an environment where everyone can find value, he believes.
“We designed the system so beginners can learn and experts can excel and we often see teams with mixed levels of experience have the most success. Also, Trace Labs is growing quickly and always looking for people who want to get more involved in the mission. This includes people who want to help support our events by being a CTF judge (a great way to meet the team and see what it’s all about), helping out with one of our many committees or even being an event partner.”
Why OSINT?
Trace Labs limits itself and its volunteers to strictly OSINT operations.
“OSINT was an obvious choice as it keeps our contestants on the right side of the law. We do not permit any illegal activity and to ensure this is not occurring we review all incoming submissions. OSINT allows us to conduct this sort of verification,” he explained.
“When you are dealing with people’s lives and possible criminal activity you need to be careful. Our strict rules not only keep our contestants safe but also protect the families of the missing persons from any interference. The passive reconnaissance that is conducted by our contestants ensures we don’t get in the way of a criminal investigation.”
The leads gathered through OSINT efforts are shared (safely) only with law enforcement. The reason why they’ve had so much success to date is because they’ve been listening carefully to all the feedback they get from law enforcement and made sure to adapt to fit their needs.
Successful operations
Each event results in a huge amount of raw data that they format into a report containing actionable intelligence, and every single CTF event brings value to contestants, hosting organizer, families of the missing persons and local law enforcement.
For the families, the reports mean that law enforcement will take another look at the case. “Worst case scenario, we verify what law enforcement already found and provide peace of mind. Best case scenario, we provide new leads on which law enforcement can act upon,” Sell noted.
Contestants improve their OSINT skills, have the possibility to win prizes (access to online courses/OSINT programs, tickets to security conferences, software licenses, the chance to chat to an OSINT expert/instruction, etc.), and get to deliver real value to their local community.
The CTFs also bring together information security professionals and law enforcement, opening the possibility of future collaboration: the cyber intelligence job market is growing and needs these professionals.
The most recent success stories are Toronto and Australia. In both cases, they had law enforcement onsite during their CTF event to provide real time support.
“In Toronto, contestants found new data on an active case, the police validated it and immediately acted upon it by sending a squad car to follow up on a lead obtained from a new license plate linking to a previously unknown address. Everyone was very excited about this,” he shared.
“In Australia, we worked directly with the Australian Federal Police (AFP) in 10 different cities and 350 contestants. This resulted in 4000 submissions. The AFP sat with contestants as many teams found high quality intelligence. I was personally fascinated with a team that found online advertising on the subject’s website which would indicate an online revenue stream that could be traced.”
Learning, changing, adapting
When used properly, crowdsourcing can be a powerful tool for law enforcement to call upon. Their increasingly larger events have proven that this particular approach works and is helpful, as law enforcement around the world is dealing with limited budgets and missing persons cases are rarely a priority.
That said, the challenges vary from country to country and from one type of law enforcement agency to another. But Trace Labs is introducing a common element with their global presence, by helping to standardize and share information.
“We are introducing a working model to all law enforcement agencies which should accelerate the evolution of the industry,” Sell noted. “We are a tool in their tool belt that they can call upon as needed.”
Trace Labs has been organizing CTFs for over a year. They take guidance very seriously and they are continually learning, improving and adapting. Also, their Slack channel allows them to keep very close to the community and this helps them to move in the right direction, he says.
They’ve also formalized a lot of their communications over the last year so that they can ensure expectations are met and there are no misunderstandings.
“Now we are at the point where we feel very comfortable when a new government entity, law enforcement group or event organizer approaches us as we have a well-documented step by step process with checklists and artifacts for each stage,” Sell concluded.