To start my OSINT journey, I’ve decided to go through the list of exercises created by Sofia Santos, a senior OSINT analyst. I’ve been trying to get into OSINT for a while, reading guides and intro’s and watching some tutorials, and now I think is time to start practicing for real! I want to document my progression, which means that I’ll write down how I approached each exercise, and if I managed to complete it I’ll share my method before comparing it to Sofia’s. Needless to say, I’ll always try figuring it out on my own first, before looking at the walkthrough/solution…
Exercise #001
For this first exercise, I didn’t manage to find the precise location, but I did open Google Earth Pro, look for Kiffa (in Mauritania) and scroll back to the 2013 imagery (since that was the year in the tweet’s date). Then I tried looking around for a place that’s at the edge of Kiffa and where there’s trees on both sides of a road that’s continuing as far as the eye – or rather the angle of that image – can see. What’s encouraging is that I wasn’t far away, and I really missed the last step (or couple of steps).
Exercise #002
The name of the station is in the image itself – Flinders Street – and it’s located in Melbourne, Australia as a quick search immediately reveals. I first looked at Open Street Map then in Google Earth Pro, in both cases after typing “Flinders Street” the first suggestion was for this railway station, as opposed to the results from other places. In Google Earth Pro, I found that the tallest building from the picture is the IBM Australia Centre. As for its height, I used the ruler in Google Earth Pro, which showed me about 200 meters in height. But I was skeptical since it’s the first time I’ve used this tool, which means I’m probably not doing it right. From a search to verify it, I found this page on structurae.net suggesting it’s height is 131 meters, which is also the height given on the website of “Council on Tall Buildings and Urban Habitat” (CTBUH), self-described as “the world’s leading nonprofit organization for all those interested in the future of cities” (the more you learn… TMZ)
In review after checking the video and others’ walkthroughs, I made the same mistake Sofia mentioned in the video, namely letting my eyes deceive me into thinking the IBM Australia Centre was the tallest building, whereas it’s in fact the Arts Centre, which stands at 162 meters. The better method would have been inspecting all the buildings that can be seen in the photo, and thus find which one was the tallest…
Lesson learned: Don’t be hasty, young hobbits!
Other notes:
- A potentially useful resource found in this walkthrough: “osmbuildings.org, which is a great resource for dense urban places if you need to get an overview of buildings and associated statistics like height or material, and don’t want to be overwhelmed by Google Maps”
- It seems like CTBUH’s website – skycrapercenter.com – might also be useful in the future when analyzing tall buildings/landmarks!
Exercise #003
Finding where this took place – the Presidential Palace in Ankara – wasn’t difficult, it was mentioned in this news report dated April 27, 2017. Then to double check, this high-res image of the palace’s entrance shows the same round symbols and the golden header (if that’s what it’s called??) around it.
Next up, I used Google Earth Pro to find the coordinates. To locate the specific building from the presidential building, I used a zoomed out picture of the palace entrance (see below), showing how the building looks and what’s in front of it (an large empty square area; this is where some of the ceremonies happen. as we can see in this 2014 photo from a Voice of America article on Erdogan’s Palace); there’s also this street-view-type website created by the Turkish regime.
The visual cue I used are the three big squared rooftops. Another piece of evidence that this is the right place (or right palace, dare I say!), is that after Googling the name of the building indicated in Google Earth (Cumhurbaşkanlığı Külliyesi), I found the aforementioned government-created website that depicts that same view. Even though it wasn’t possible to reproduce the front view of the entrance from Google Earth Pro, I simply noticed that one side had a big empty square area in front of it, whereas the other looked different. Here are the coordinates: 39°55’51.91″N, 32°47’59.25″E.
Exercise #004
Thanks to a Google reverse image search, I found the website of the Oan Resort. The website even has a video showing how to find its location in Google Earth, funnily enough… But finding the coordinates (7.362808022591808, 151.75625458340218) is easy enough by searching “Oan Resort” in Google Maps. In terms of cardinal directions, based on the Google Earth screenshot below, I think the camera was located to the North-West of the island (not fully confident about this though…).
Exercise #005
a) From a Google reverse image search with the key words “zoo polar bear live cam”, the only result (that wasn’t other people’s walkthroughs/solutions for this exercise #005!) that I found about a zoo that had a live polar bear cam, was from the San Diego zoo website.
b) To find the temperature, I used the computational tool Wolfram Alpha, according to which the temperature in San Diego on Sunday the 15th of January, 2023, at 2pm, was 13° C.
c) To find the location, I once again used Google Earth and went to the San Diego zoo. I then used this zoo map found on the official website to figure out where the polar bears are located inside the zoo (it’s called “polar bear plunge”). Although I didn’t know how to determine the exact spot where the polar bears were lying… Still, the coordinates (for the placemark below) are: 32°44’4.24″N, 117° 9’16.48″W.
Reviewing after checking Sofia’s walkthrough, the temperature was a bit off, she found 17° C by using the Weather Underground website. As for the location of the polar bears, Sofia found 32°44’4.2″N, 117° 9’16.5″W, which is very close to what I found. The trick was that as I’m doing this, the live polar bear cam wasn’t working (or it wasn’t showing the polar bears in that spot) so I couldn’t take a proper look at the layout of their area…
Note: I don’t like zoo’s at all (they’re basically prisons/torture for wildlife), so it’s a bit heartbreaking to see these polar bears in such a tiny living space…
Exercise #006
A reverse image search (based on the image only, cropped out of the tweet) led me to this Wiki Commons link with the original photograph taken by U.S. Navy’s Eli J. Medellin on the 27th of August, 2006. The description reads: “A Vehicle Born Improvised Explosive Devise (VBIED) after exploding on a street outside of the Al Sabah newspaper office in the Waziryia district of Baghdad, Iraq. The VBIED destroyed more than 20 cars, killing two people and wounding as many as 30.”
The events referred to in the tweet did actually happen on January 19 2023 (Reuters, RFE/RL’s Radio Mashaal), but the picture doesn’t match the event or location since it’s neither in Pakistan nor in 2023.
Exercise #007
Based on Sofia’s description, we’re looking at a recent (meaning not from 10+ years ago) photograph taken in a “beautiful city”, which I presume means it’s a popular tourist destination (this is just a guess/hypothesis, obviously!). A few things are clear based on the picture itself: there’s an artistic construction right in front of the location the pic was taken from; nearby there’s some kind of museum or exposition/convention/conference/etc about Ancient Egypt; there’s also a series of flags in the background, which might indicate some kind of international, diplomatic institution, commemoration or place.
I started with Google and Yandex reverse image searches, followed by checking Google Maps and other doing some other Google searches. This is the Parque das Nações neighbourhood in Lisbon, Portugal. The artistic figure is the Homem Sol, created by Jorge Vieira, and the name of the road/street is “Alameda dos Oceanos”.
The coordinates of the location the picture was taken from are approximately: 38.767687859380096, -9.096086040937662. Next, to find in which year the photo was taken, my first intuition was using the poster at the top right of the image. The building is the Pavilhão de Portugal which was originally created for the 1998 World Fair. The poster contains a picture and the title “Tutankamon”, which indicates that was an exhibition about 14th century BCE Egyptian pharaoh Tutankhamun; specifically about the archeological finds of Howard Carter in 1922. It wasn’t hard to find the exhibition’s official website, which tells us that it opened in April 2019. We therefore know for sure that the photo wasn’t taken before that date.
After watching Sofia’s video, I found a picture of the poster by using Sofia’s tip to translate the search words into Portuguese.
Jonny Ghizmo says that he found the same picture – but in better resolution – simply by searching “Tutankhamun Pavilhão de Portugal poster”, where he came across a Facebook profile that included it. However I couldn’t find it myself. While using street view, he also found an image dated October 2019, which is also a hint that the answer to question B) might be 2019.
Note: I will say that something is a bit ambiguous for me… On the website, it looks like the exhibition is still ongoing, and STARTED in April 2019. So I’m not sure how verify the picture is from 2019 rather than 2020 or a more recent year? (Google Earth Pro’s “timetravel” option isn’t helpful, based on my own attempts…)
Tips/notes/lessons learned:
- When it’s in famous/popular cities, tourism websites can be useful!
- To get better results, try doing searches in the language that’s most relevant (if results in English aren’t enough)
- For these cities and popular tourist destinations, there’ll be a lot of photos especially for commercial places, events and exhibitions, famous monuments or pieces of arts, and so on. Sites like Foursquare.com as well as Google Street View can provide “user-generated/uploaded” pictures that can contain useful information (specific names of things, dates, etc), or offer different angles or views of the same place…
Exercise #008
We can see from the newspaper’s date that this publication came out on January 12, 2023; I checked whether it was January or December by looking up the characters next to the numbers, via OCR then deepl.com (machine learning translator). This publication, as Sofia indicates, is the Epoch Times, essentially a US-based propaganda outlet of a far-right Chinese cult called Falun Gong (criminalized in China). Falung Gong are known for their extremely aggressive media and propaganda, most (in)famously because of Epoch Times, and for their ties to the conservative milieus, the far right, and military/governmental networks in the USA.
Eventually, I managed (via OCR online tools and Yandex) to extract the characters 美歐7城同演全爆滿 to find (Google search with specified time) some relevant links/results for the month of January 2023. Using Deepl, I found a rough translation of the headline (in red) -「神韻造福全世界」 美歐7城同演全爆滿 : ‘Rhythm of the World’ Sold Out in 7 Cities in US and Europe. The two main (and first) websites found in the results were epochtimes.com and shenyuncreations.com. The latter is one of the websites of the Shen Yun Performing Arts (神韻藝術團 is translated literally as “divine melody art ensemble”, or “divine rhythm arts troupe”), a dance/performance company tied to the Falung Gong and Epoch Times (they apparently present themselves as non-profits, and fund each other). Although clearly some of the deepl-based translations are a bit off – there doesn’t seem to be something called “rhythm of the world” that’s connected to this context – based on these pieces of info we can say that the picture depicts an audience applauding one of Shen Yun’s performances, which have been named “China Before Communism” since 2021.
For a bit of context and background about Falun Gong, Epoch Times and Shen Yun, here’s a helpful summary by investigative journalist Samuel Braslow:
Both Shen Yun and Epoch Times are funded and operated by members of Falun Gong, a controversial spiritual group that was banned by China’s government in 1999 […] Falun Gong melds traditional Taoist principles with occasionally bizarre pronouncements from its Chinese-born founder and leader, Li Hongzhi. Among other pronouncements, Li has claimed that aliens started invading human minds in the beginning of the 20th century, leading to mass corruption and the invention of computers. He has also denounced feminism and homosexuality and claimed he can walk through walls and levitate. But the central tenet of the group’s wide-ranging belief system is its fierce opposition to communism. In 2000, Li founded Epoch Times to disseminate Falun Gong talking points to American readers. Six years later he launched Shen Yun as another vehicle to promote his teachings to mainstream Western audiences. Over the years Shen Yun and Epoch Times, while nominally separate organizations, have operated in tandem in Falun Gong’s ongoing PR campaign against the Chinese government, taking directions from Li
In order to find the specific venue, I looked up (again with Deepl) some of the words and phrases in this Epoch Times article from January 8, 2023: it mentions the Chrysler Hall in Norfolk, Virginia. I searched for pictures of it and it seems to match the imaged included in the newspaper…
Here are pictures of Chrysler Hall:
Lastly, the main sources from the search results included above weren’t from January 12 but from the 8th, and mentioned the performance from the 7th, so this is my guess/answer regarding the date of the photo. (there was one article from the 15th, which mentioned another show on the 14th, but that’s after the published newspaper issue in the exercise’s picture)
Notes:
- It’s always interesting to read others’ walkthroughts/solutions/methods, e.g. walnut explored the dajiyuan.co.uk domain with the dig command, and found through Google Lense that there was the same picture as the one in the print newspaper, in this article. This confirms that this photo was taken at the Chrysler Hall on January 7!
Exercise #009
The exercise description already contains multiple pieces of information:
- The video comes from the Visit Tirana Twitter account on February 16, 2023.
- The tweet was posted at 10:07 pm on that day, and claims that the video shows the sunset of the Albanian capital city, Tirana.
In the Facebook post with the same video, and posted on the same day (found by searching for “Eriseld Myrto”, the name mentioned in the tweet), it’s also indicated that this video was filmed on Kavaja Street (the time of the post is 11:09pm). I located the buildings on the right with Google Earth Pro and Google Street View, and here are my estimated coordinates of where the person was walking at the time of the recording: 41.327011112059424, 19.807527012250087.
But I’m not sure how to determine at what time the video was recorded, because the posting times are probably not the same as the actual walk/recording, so we’d probably need to figure out the time based on the sky or something…
Note after watching Sofia’s walkthrough:
- Searching for when the sun sets at a particular place (e.g. with sites like timeanddate.come or sunrise-and-sunset.com) isn’t necessarily the best strategy…
- Go back to the source of a video or photo, to make sure when it was first uploaded online
- After finding Eriseld Myrto’s Instagram post on the same day, the trick is simply to use the web inspector (and look up for the year 2023 then find the upload time, here 4:48pm)
Exercise #010
Before getting into the details, the methods/tools for completing this exercise were simply Google Lense which led me to links/info about the context (this was probably easy to find because these are such unique visuals), as well as the personal websites of both photographers which included details and descriptions. I started with the left picture, I focused on tracking that specific image (rather than other photos of the same event/”Zangbetto”, and found the original (and hence the author) in the results for “voodoo festival Benin” on the Getty Images website. I then found Dan Kitwood’s website, and specifically this page which shows his album containing two of the three pictures in the tweet. Likewise, I found the source/author of the third picture via Google Lense.
These three pictures show scenes/moments of the annual Voodoo festival/ceremony in Benin, specifically in the village of Ouidah where Dan Kitwood and Gina Morello travelled to in 2012 and 2019 respectively.
Through simple searches (“Dan Kitwood Benin 2012”), I found here that before attending the ceremony in Ouidah, Dan Kitwood had been to Cotonou (on January 6, i.e. a couple of days before).