I love cars and I love OSINT. Sometimes I get to combine these passions. Not only for work, but also in little exercises that help sharpen my research skills.
A while back I posted a blog about using car spotting sites to find and track vehicles. The sites I discussed in that article where only the tip of the iceberg when it comes to finding information about specific vehicles online. Today, I want to walk you through other means of finding cars using unique identifiers such as license plates or VINs (vehicle identification numbers). There’s nothing fancy about what I’m going to show here. I’ll just follow the digital breadcrumbs using simple OSINT techniques.
For some reason I stumbled upon a Youtube video showing an Italian soccer player’s Ferrari. We’ve all been down that rabbit hole before. You start watching Youtube videos about cooking and end up somewhere completely different. Oh, the joys of the internet…
This video had a visible license plate and I was curious to see other places the car was spotted. My usual car spotter websites actually came up empty handed, no matter how I tried to enter the license plate number. So I took my search back to Google. Search engines actually OCR some of the images they index, so I entered the plate number and instantly received some results:
Next to the Youtube video that got me started, I found a blog in which the author posted multiple pictures of the car I was looking for. The plate number wasn’t listed anywhere as text on the website (checked through the developer tools as well: nothing came up), so Google must have OCRed it. Thumbs up to Google for this!
But wait, it gets even better. Google is not the only platform to OCR images, Facebook does so as well. So, I decided to take my search to Facebook and see if I could find further images of the vehicle there. Using the standard Facebook search, I entered the plate number. Keep in mind, throughout each search you might have to use different variations, adding spaces between characters or writing everything together.
The picture results are shown right away, as I have a direct hit in this query. Sometimes the picture results will not be shown in your main search results and you may have to click on the tab to the left to get to the image filter. Some guy on Facebook posted the Ferrari as his profile pic in April this year and this picture looks like it had the car at a repair shop or possibly a dealer.
Now, if this theory was right, the vehicle might not even belong to Leonardo Bonucci anymore. I could go looking for sales ads for such a vehicle and hope to find it. A lot of this would just be Googling and browsing through sales sites and would require a lot of tenacity and also a little bit of luck. Although, I still have an ace up my sleeve when it comes to Italian vehicles. This ace would allow me to find out more details on the Ferrari I was searching for.
I have a little app on my phone called iTarga. With this app, I can enter any Italian license plate and will receive further information on the vehicle. Here in Italy, vehicles are assigned license plates for life. Even if the car is sold, it keeps the plate numbers. Let’s see what iTarga tells me about Leonardo Bonucci’s Ferrari.
First date of registration, a VIN, insurance information (including insurance company and policy number) and the residence of the owner are among the things that can be found in the app. In our case, no insurance is listed. It is likely that the vehicle is not insured at the moment, adding to my suspicion that it is/was for sale. The owner’s residence is Milan, which happens to be the city Bonucci played in at the time most of the previously seen images were taken (he’s moved on to Juventus Turin now). These details give me further pivot points for my search. I could narrow down the results of sales ads to 2013 models and look in and around Milan or Turin (assuming it would be sold there). Or I could just simply Google the VIN.
Et voilà, I do receive results for sales ads. However, the vehicle offered here is a red Ferrari. I thought I was looking for a black one. And nowhere on the website can I find the VIN. See, zero results:
Yet again, a simple OSINT technique will help clear this up. Looking into the developer tools will enable you to search within parts of the website that aren’t directly visible to users. When checking the VIN there, I found that all uploaded images actually have the VIN in the file name.
Not only that, the URL also contains the VIN:
A little more research and everything makes sense. Bonucci originally drove the red Ferrari and had it wrapped in black foil. For the current sale, the black foil was apparently taken off again.
While this example utilized an Italian app, there are many similar sites for countries throughout the world (except in Germany…). The lesson to be learned here is to follow the digital bread crumbs. Sometimes seemingly simple OSINT techniques will lead you to your goal if you know how to combine them. And now you get an idea of how I spend my time when sitting in the passenger seat while my wife is driving. Googling license plates, checking car spotting sites and tracking the history of random exotic cars I see.
Matthias Wilson / 16.10.2020