National Missing Persons Hackathon 2019 — Key Takeaways
On October 11th 2019, Australia held its inaugural National Missing Persons Hackathon. An event created in collaboration between the AustCyber Canberra Innovation Node, the Australian Federal Police (AFP), the National Missing Persons Coordination Centre and Trace Labs. The purpose of this event was to generate new leads on 12 real missing persons cases in Australia, using open source intelligence (OSINT) & online investigative techniques.
A total of 354 competitors and 97 teams participated in the crowd sourced event, creating almost 4,000 leads over a 6 hour period. Interesting finds included drone footage of an area where one of the subjects went missing as well as multiple aliases of missing persons uncovered along with secondary social media accounts.
The motivation for this article is to shed light on the OSINT industry within Australia and to assist future participants in finding leads efficiently in subsequent missing persons or Trace Labs events. This article is intended for first time CTF competitors and those that are new to OSINT.
While at the event I noticed a lot of people loading up fancy tools like Maltego which are not well suited for this type of time restricted scenario. Below I have listed a few helpful tips and takeaways from the event that will assist in gathering results & pivot points quickly.
Key Takeaways
- The first two tips have to do with selecting the best subjects that will yield you the most results. When attending such events participants will typically receive a handful of cases, in this instance 12, ranging from people going missing as recently as 2–4 months ago, to some as far back as 10+ years. Selecting individuals that have gone missing in the current year or as close as possible, means that their social media profiles (if they have any) and any other details, will be the most up-to-date as they can be. Meaning more relevant information is able to be pivoted off.
- When looking at a subject to investigate, selecting individuals with uncommon or unique names will make searching for them that much easier. For example Google dorking someone with a name like “Peter Alexander” is going to yield much fewer useful results and much more false positives than someone like “Gladys Berejiklian”. Secondly, the age of the subject greatly impacts the results and tactics going forward. Selecting subjects that are younger, such as late teens & early twenties, will yield better results due to these subjects typically oversharing information online in an attempt to keep up with the current trend eg. TikTok. However it should be noted that as we head further into the digital age this strategy will become less effective.
- Inspecting your selected subjects bio page thoroughly will divulge key information that can be pivoted off such as D.O.B and last seen location. This is something that is easily overlooked in the heat of the moment and is a mistake I myself made during the CTF. Typical OSINT investigations will start with only a targets first and last name, key information such as D.O.B and location are pieces of intel that need to be found.
- After taking in your subjects bio, looking up news articles and doing Google image searches with just their name as the keyword, will provide you with photos and names of family members. Again, a very quick and easy way to gain useful information that can be pivoted off.
- Assuming you have found your subjects social media pages, observing the comments and likes of posts will again provide valuable information. This also works for relatives, friends and charity groups of the subject. This particular step can test your patience, however is worth your while if you get a hit.
- For this particular event, information gathered on government websites was unable to be submitted for points, although it should be noted that this doesn't stop competitors pivoting off the information and also noting it down to look for it elsewhere.
- Factoring in search fatigue is essential for any CTF. Planning food and drink breaks during the event will ensure that you are working 100% while at your station.
While the above tips are general in nature and may seem very obvious to veteran analysts, these simple strategies and tactics will lay the foundation for a successful CTF.
As a full time OSINT analyst & investigator, I was very excited to take part in this competition and have the opportunity to use my unique skill set to make an impact on people and families across Australia. Hopefully this becomes an annual event which can help showcase the brilliant outcomes that can be achieved using OSINT.
I will be posting more helpful articles about OSINT, cyber security, threat intelligence and investigating on a weekly basis so make sure you follow me on here and on my twitter @CassiusXIII
(These are both fresh accounts solely for the purpose of helping the OSINT community hence the lack of content on both.)
