Trace Labs Global OSINT for Missing Persons CTF IV Debrief

On Saturday, April 11, 2020, Trace Labs successfully hosted its 4th Global OSINT CTF for Missing Persons. This was a fantastic event with teams coming in from all around the world. My apologies for those of you who stayed up all night for the event. We promise to try and accommodate your time zone next time.

New Records Set

With the global pandemic keeping everyone at home, Trace Labs felt this was the best time to launch our next global event. The event attracted a record number of contestants (over 500!) and broke previous records for intelligence gathered.

Trace Labs received a total of 8,344 submissions and of those accepted, 6,326 of these were packaging for deliver to law enforcement. Trace Labs volunteers take the collected data and pull actionable intelligence from it in order to provide law enforcement with reports that are quick to read and easy to action.

This event, had a larger than average number of high quality submissions which were accepted. We also noticed that higher scoring flags such as Day Last Seen were provided by contestants more than what we normally see.

In most CTF events, the first few moments are slow as teams get organized. In our 4th Global OSINT CTF this was not the case. As can be seen below, many teams started scoring points by submitting quality intel, right away.

It was interesting to see many familiar faces and teams, some of which had won before. With the increase in participation from around the world and the high quality of OSINT practitioners participating, this resulted not only high quality intelligence but a record number of submissions. Fantastic to see both quality and quantity going up.

Interesting Submissions

I always feel honoured to be on the admin side of these events and to see teams working hard for this good cause. It is amazing to see the creative techniques that contestants utilize to find information on the subjects.

Some of the more interesting submissions that I personally saw are listed below. I am sure there are many others so I encourage you to submit these in the comments below.

Gaming Handles: Gaming handles are excellent as it provides a lot of useful data. For instance, it provides a usename format. It also shows what games they like to play. It also often shows when they were online last and their current status. Gaming handles often also allow you to see an IP address (external gateway of their home router) which can be useful to get their provider and even general location.

Coloured Contact Lenses: While we always encourage contestants to report unique identifiers like scars, piercing and tattoos, it’s rare that we see the subtleties such coloured contact lenses being detected.

Spotify Playlist: With personalized content provided insights into state of mind. I thought this submission was very clever as it provided more than just a random playlist. The playlist had specific content that would provide law enforcement with useful insights. While normally the Spotify account might provide username and other profile data, this was the first time I had seen the actual playlist being submitted.

Death Certificate: Sadly this is not an unusual find for our subjects, it doesn’t always provide a lot of useful information that isn’t already known. In this event, the death certificate discovery did provide high value information. I find most government issued certificates often are worth looking for and yield useful information.

Google Street: I am a huge fan of Google Street view for reconnaissance. I really like the history feature so I can see what has changed in the environment over time. In this case, contestants provided a view showing the vehicles parked in the driveway over time.

Car Insurance: Another interesting submission was an online auto insurance quote system which will spit out the cars the subject owned. This was very cool.

Of course there are many others and I can’t list them all so please feel free to list your favourite in the comments below.

Contestant Guidance

In every event we learn from the community. As we learn, Trace Labs makes modifications to our process and the platform. We really appreciate your feedback in order to make the experience the best it can be for everyone.

We also try to provide guidance for our contestants to ensure they don’t get stuck and are able to get as many points as possible. In the spirit of increasing contestant enjoyment at our next event, here are some of the techniques we recommend:

Just the Facts: Don’t speculate. There are a lot of “theories” on the Internet however we only want to collect Open Source Intelligence. To maximize points, ensure you submit links to factual data and not speculation.

Submitting Friends: Don’t submit every Facebook friend. If you are submitting friends, ensure you say why this friend is important.

Good Submissions: When you are submitting flags, ensure you are completing all the fields properly and with details. You want to ensure you have a good link (not behind a paywall), detailed explanation for why they were submitting it and the relevancy to the case.

Blacklisted Sites: Since our mission is to provide law enforcement with an actionable intelligence report, we want to limit what we collect to information they don’t already have. In order to do this, we don’t accept any law enforcement, news or missing persons sites to be submitted.

Utilize Slack: Slack is a great way to get answers to questions and get help if you are having problems. If any of your submissions get rejected and there isn’t enough comments to understand the cause, feel free to use our Slack channel to get an update.

In Summary, it was a fantastic event that generated a record number of contestants and intelligence on these missing persons. The reports have been submitted to law enforcement and we are already planning our next event.

Here is a great contestant experience write up: https://paulcimino.com/2020-trace-labs-osint-ctf-for-missing-persons/


Leave a Reply