In early 2016, Islamic State (IS) supporters published pictures in Telegram messenger channels containing handwritten pledges to the Islamic States’ cause. With this propaganda campaign, the terrorist organisation wanted to show the size and strength of its worldwide network.
Apparently some of the IS supporters were not aware of how much information regarding their actual location they had divulged in these pictures. Within hours of release, Twitter users had revealed these locations. IS was not really able to demonstrate global power with this propaganda campaign, however, I am quite sure that some of these supporters gained the attention of law enforcement and government security agencies afterwards.
How could this happen? First off, there is a large community of OSINT specialists, many of them with a journalistic background, specialized in the verifcation of information. One aspect of this is Geolocation Verification, in which pictures are dissected to receive individual clues that can be researched online using various different tools. The main goal is to pinpoint the exact location.
Geolocate This! is one of them and is very useful to find a location using two separate reference points.
Based on one the pictures posted by an IS supporter in 2016, I would like to demonstrate how this works.
Step 1: Dissecting the picture into individual clues
This picture contains several clues, which will help us along the way.
- The city of Paris is written on the note in Arabic (باريس). This indicates we are looking for a location in the capital of France.
- In the background we can see a Suzuki sign. It most likely belongs to a dealer or repair shop.
These clues alone would enable us to find the exact location. Looking up all Suzuki dealers or repair shops in Paris on Google Maps could be successful. However, it would take an unproportionate amount of time to view all results.
- The opposite side of the street depicts a sign of the beer brand Heineken. This likely indicates a bar.
Step 2: Using Geolocate This!
- I looked up the coordinates (latitude, longitude) for the center of Paris on latlong.net and entered these into the search mask.
- Next I set the search radius to 10.000m.
- The first keyword is Suzuki and I add a category as well. The second keyword is bar, which I also used as the category. The use of categories is optional.
- Based on the picture, the distance between both locations is approximately 20m, which I then add as the final input.
After clicking on Search, I receive ten results with possible locations for my picture.
Step 3: Verification with Google Street View
Luckily, Paris has an excellent Google Street View coverage. I check each result from Geolocate This! in Street View and compare this view with the IS supporter’s picture. As the picture clearly shows a smaller side street, I check these first.
Et voilà! Shortly afterwards I am able to identify the location from which the picture was taken. This Street View was captured in July 2016 and I can clearly see the Suzuki sign, the Heineken Bar and the scaffolding in the background.
Tilting Street View to the left, gives me a view of the house from which the initial picture was taken, probably in a room somewhere between the first and third floor.
We now have an address in which a probable IS supporter lives. This information might be relevant for law enforcement and government security agencies…
This is just one example of how OSINT techniques can lead to the exact location of a picture. There are many more used within Geolocation Verification.
In the following weeks, we’ll present more tools and techniques from the everyday life of an investigator. In the meantime, I advise you to practice your geolocation skills trying to solve the pop quizzes on Twitter at @Quiztime
Ingmar Heinrich / 07.09.2018