OSINT Amateur Hour
处理从公开来源收集到的情报爱好者的演出时间
What happens when two complete newcomers to the art of open-source intelligence try their hand at a geolocation challenge? Turns out that, with persistence and a few key resources, we were able to get pretty close! Here's how we did it and what we learned.
两个对公开情报来源艺术完全的新手,尝试一把定位挑战,会发生什么?结果是这样的,在些许努力与关键资源,可以处理得到非常接近的结果。下面有方法和一些想法。
I should say from the beginning that I have no formal training; however, when I came across the @quiztime account on Twitter, I was intrigued. I did a bit of reading about open-source intelligence (OSINT) analysis and techniques, and mentioned my interest to a like-minded friend who suggested tag-teaming some challenges one evening.
在这之前我并没有接触过系统训练,然而,当我在推上偶然发现 @quiztime,感兴趣极了,并越读了一些关于公开来源情报得分析与技巧。在一天晚上,一个道上的朋友提出的组队处理挑战邀请,我很感兴趣。
The initial challenge: to pinpoint where exactly this photo was taken.
起初的挑战是“查明拍这张照片的精确地址”。
Source: https://twitter.com/twone2/status/1222608171434496000?s=20
At first glance, this seemed really daunting. Some random rainy corner? How on earth were we supposed to narrow this down? But then I noticed a linked tweet from the previous week, with another photo taken on the same trip:
匆匆一瞥,这个任务十分困难。随便一个潮湿的街角?我们究竟可以做出多少关于这个街角的假设?然后我注意到在一个星期之前一个相关的推特链接,同一个行程之中的另一张照片。
Source: https://twitter.com/twone2/status/1220063422253015040?s=20
Okay, so now we had two photos taken in approximately the same place within a few days of each other. Still, one showed what could have been any street corner, and the other showed – what – some trees? A random window? A nondescript chair?!
现在好多了。我们有了接近于同一个地点,拍摄时间间隔仅仅有几天的两张照片。然而,一张可以是任何街角的照片,另一张展示了一些树?一个窗户,没有任何特点的椅子?!
I huffed out a breath and took a sip of beer, and leaned in. “Okay, so, what’s here?”
我叹了口气,又抿了一口啤酒,进一步说i到:这到底是哪?
We started by looking at the first photo. The newspapers on the post seemed like a good place to start; punching Die Son newspaper into Google popped up a bunch of results from a South African newspaper. Die Burger was another. Okay, so, South Africa.
我们从第一张照片开始找,柱子上的海报看上去是一个不错的切入点,将Die son newspaper google一下,可以发现结果指向的是南非的报纸。Die Burger也是如此。好了,南非。
ps:我是没找着照片上哪里有Die son,不过将海报里的内容google下,之想的都是南非。
We turned our attention to the second photo. Since the photo was hosted on Twitter, it was scrubbed of metadata that might have given additional clues. All that was in the photo was some trees and sky, and a chair, and - wait – buildings in the distance. A skyline.
我们开始看第二张照片,由于它在推上发布,已经清除了原始数据,所以也只是可能给我们提供线索。我们现在在这张图片所了解到的只有一些树、天空、一把椅子。等一下,远处的建筑物。还有天际线。
Enhance
Looking more closely at the skyline, a few buildings looked pretty distinctive. I focused my attention on a black and white skyscraper that stood out to me.
更近一点看天际线,有一些建筑看起来很显眼。我将注意力放在哪个黑白色的摩天大楼,那个对我来说很突出。
ENHANCE!
I cropped the photo and zoomed in and put it through a reverse-image search on Yandex, to see what other photos I could find with the same building in it.
我修剪和放大了图片,通过Yandex(俄罗斯的搜i索引擎|世界第五大)的reverse-image search来看看拥有此相似建筑的其他图片。
No dice, or rather so many dice that I couldn’t find the one I wanted. I was getting results from all over the place. Hmm.
不可能,或者说有太多的选项以至于我找不到我需要的。我找到含有这个类似建筑的各种照片。
Okay, so what else did we know? My friend brought the Twitter feed back up, musing out loud. The person who had posted it was a security researcher, right? And they’d said they were on a trip at the time? Maybe it was a work trip, or to a conference…? The first photo had a tree and what looked like might be a university administrative building...universities host conferences…?
好吧。我们了解了什么?我的一个朋友,接受了推的反馈,大声哔哔赖赖(?很怪),贴这张照片的是一个安全调查员对吧?他们说过当时还在旅途吧?没准是个工作途中,准备去参见一个会议?第一张图片有一颗树并且其看起来像一个大学的行政建筑...大学里举办的会议?
Some quick Googling revealed several universities in Pretoria, and I decided to wing it and take a closer look at the Pretoria skyline.
很快,googling,找到了一些在Pretoria的大学,我打算随便的找一些里Pretoria更近的天际线照片。
Source: https://www.123rf.com/photo_39033576_city-of-pretoria-skyline-south-africa.html
Gotcha! There was the black and white building! Maybe now we could find where the second photo was taken.
bang!找到了。没准我们可以找到第二张照片的拍摄地点。
A few more Google searches confirmed that this was the ABSA building in Pretoria, South Africa. But we didn't want just the city: we wanted to know exactly which building it was; which window, if possible. How could we narrow it down further from here? We looked at the map and did some Google street views of the area around the University of South Africa and it didn’t look quite right. Shouldn’t it be further out…? But where?
几次的google,我们可以确定这就是巴克萊非洲集團的大楼,但是我们不想止步于此,仅仅是城市,我们想知道那个建筑的精确地址,到底是那块窗户。如何过可能的话,要怎样才能得到更进一步的答案。不能跟进一步么?
It felt like we were shooting in the dark.
看起来像是大海捞针。
At this point, we took a figurative step back.
在这个节点,我们显然是回撤了。
"There are some hills in the background there," my friend pointed out after a moment, and pulled up a topographical map of the area. "There are some hills here, and here… "
在背景里有些山。
"Good thinking. You look at the hills, I’m going to keep looking at the skyline," I decided. I zoomed in on another building that stood a bit apart from the others and identified it with the help of Google: the Agricultural Union Centre. I thought that if I could find out on a map where the ABSA building and the Agricultural Union Centre were in relation to each other, I could then compare the line between them to the angle they appeared in the photo. Unfortunately, I’ve never been great at reading maps, and I’d been staring at the screen for quite a while already.
好想法,从照片里确定角度,再从地图里重新定位
Seriously, I could probably get lost walking between these two if I was the one holding the map.
严肃的讲,如果拿地图的是我,那么走在这两个建筑之间,我大概率会lost。
I leaned back and squeezed my eyes shut, and, having finished my second beer at this point, I decided it was time for a break anyway. I stood up. "I'll be right back," I said. "I think the photo was taken somewhere to the south, though. Probably." I showed my friend the map and the skyline and headed to the bathroom.
Away from the table, I kept trying to think of what to do next. “South of Pretoria” wasn’t much to go on, but it was something, at any rate. Maybe we could look at the first photo again, compare the angles of the street intersection with a map to see if there were any likely matches on the university campus… it looked like there was a wide stretch of green area or forest in the second photo, so maybe we could find some kind of park?
第二张照片拍摄角度南向。
When I returned, still mulling all this, my friend had a wide grin, and turned the tablet towards me. "The Freedom Park museum."
Sure enough, we were now looking at a view of the exact same window in the second photo, now from a slightly different angle.
"How did you…?!" I sputtered. "I was gone for three minutes!"
"You said south, and I thought about what kind of places to the south of the city might have funky windows like that. Cultural museum. Bam."
He quickly switched to another tab that had a map of the museum and its relation to Pretoria’s downtown; perfect match! We high-fived.
“I think we can call that one a win.”
“Yeah!”
We never did figure out exactly where the first photo was taken, but chalked the whole experience up to a victory nonetheless. Not bad for a first time!
So what did we learn from this experience?
-
A surprising amount can be gleaned from a photo itself, even without metadata.
-
Asking yourself what you can actually see is a good place to start. Making a list helps.
-
Sometimes using a sort of cultural knowledge (like window shapes and where you might find unusual ones!) can provide a breakthrough, as opposed to anything specific to the data.
-
It helps to tackle the problem with a friend to bounce ideas off of, and to split efforts. It helps keep you both from falling down a rabbit hole, and keeps things fun. Who knows how long I might have stared at intersections on a map? (Or how soon I might have given up?)
-
Beer doesn't hurt, either.
文章来源:
OSINT Amateur Hour
tab 标签,突出物
no dice 不可能没门不存在
pinpoint 查明,精确轰炸
huff 愤怒生气,气喘吁吁的
skyscraper 摩天大厦
stand out to sb. 对某人来说很突出
crop-cropped 修剪剪裁种植
zoom in 放大
zoom out 缩小