OSINT Tracking a Subject In a Crowd
OP Save Stitch, a favor for the University’s Student Union
So in April, while my Universities Student Union was at an event for all unions around the country, there was a competition held where all the mascots in our case it is a stitch, of each union was taken by one, and it was up to the other unions to locate the union that had taken the mascot and rescue them.
This was alerted to the union through a Twitter profile with a message and picture, which are bellow stating that the stitch teddy and
Of coursing being the CEO of the biggest society in the university, which also happens to be the Ethical Hacking Society aka HackerSoc or @HackerSoc on Twitter, I got a 10 pm call about this being asked for help by the union to help locate the person who had abducted the mascot Stitch.
The first stage for this was to check the Twitter for intel anywhere I could, Below you can see the Twitter profile of the missing person, this account is followed by the Major university student universities.
There was nothing on the main page other than REALLY BAD grammar so we know they weren’t from our university, the account was not following anyone, checking the followers only had other union presidents and vice presidents, all of who were themselves posting about having lost their mascots, but there was one University who wasn’t on the list, but we couldn’t go throwing accusations at their Students Union without some evidence.
So the next thing to do was look for metadata on the images or geodata of the tweets… no geodata and twitter strips the metadata anyway… this was a really tough one.
Hmmm ok next thing, let’s request a password reset so we can see information attached to the account, not a hard thing just copy the username and say you forgot your Twitter password and you get prompted with something like this. Lucky enough Twitter isn’t a service that will alert the owner if only a check is done.
Entering the account username gave us a message “Text a code to my phone ending in 59” so we known the phone number ends with a 59, get the President and VP to check all the known phone numbers they have for one that ends with 59… NONE… no one has anyone’s numbers, they just have them all on Facebook or Snapchat. Of course, we could try a password reset on Facebook but at this time we didn’t know if things were changed because they were removing the graphing features so to be safe we won’t.
so I instantly formed a plan with my friend who was there who goes by TallPanda, to stand in the center of the room on a video call to me, while I had a utility running on my desktop called Sonic Radar by a company called ROG “Republic of Gamers” who designed it for gamers to find shot directions via sound and mark the audio on a radar system, he would stand there and wait for me to say iv sent a reset text message, then he would listen for the notification. Of course, there was a lot of static noise but Sonic Radar was able to level out that and mark and sharp noises such as POP’s or Rings. and this only worked in the direction that it was facing,
TallPanda turned around in the direction it was heard, again we attempted
another Bring Bring, and BINGO it was marked on the overlay in the direction of a group. TallPanda large group he walked over close, I pressed the button again, 1, 2, 3 BRING BRING, boom center of the crowd. TallPanda got closer but couldn’t hear see anything.
One more try
1, 2, 3, BRING BRING. to which I and TallPanda both hear “That Sounds Important” and a single person pulls out their phone. Boom target ID’d.
That SOB from our rival Union was running the whole damn heist
TallPanda hung up the phone after verbally jumping with glee on the phone
The next stage was on TallPanda to track the guy out of the hall and back to his room to rescue the mascot, TallPanda had no issue with doing this, as the only people that knew each other at this point was the Presidents and Vice Presidents of each union.
I was then notified on Twitter with the following message, as was required with the challenge.