July 24, 2025 • 31 mins
Your digital footprint reveals far more about you than you might realize. From vacation photos that pinpoint your exact hotel to scattered social media posts that unveil your daily routines, the breadcrumbs we leave across the internet create a comprehensive map of our lives for anyone who knows how to read them.
This week, we dive into the fascinating world of Open Source Intelligence (OSINT) – the practice of gathering and analyzing publicly available information to create insights that weren't obvious from any single source. Unlike classified intelligence methods that require special access or equipment, OSINT relies entirely on data that's freely accessible to anyone with an internet connection and the right analytical approach.
The power of OSINT becomes startlingly clear when our co-host recounts how she tracked down her twin sister's exact location in an Asian country using nothing but a Facebook photo and ChatGPT. Despite her sister turning off location services and not responding to messages, one seemingly innocuous photo provided enough clues to identify the specific hotel where she was staying – a demonstration of how our casual posts can unintentionally compromise our privacy.
We also explore how citizen journalists from Bellingcat used laptop computers and public data to investigate the downing of flight MH17 over Ukraine in 2014, piecing together evidence that identified the missile launcher responsible before official investigations could reach conclusions. Their work exemplifies how OSINT techniques have democratized intelligence gathering, empowering ordinary people to uncover truths previously accessible only to government agencies.
Whether you're concerned about your own digital privacy or curious about the investigative methods reshaping journalism, law enforcement, and everyday detective work, this episode offers essential insights into how your online presence speaks volumes when you're not listening. Join us to learn how the digital age has transformed information gathering and what it means for all of us navigating this interconnected world.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 2 (00:13):
All right, all right, here we go.
It is that time of the week forthe Global Bob Show.
The Global Bob Show.
We are the crossroad oftechnology and politics.
We're back again this week andbroadcasting from the Richard
(00:35):
Lowell Cook Broadcast Facility.
Now, in case some of y'alldon't know or don't remember,
richard Cook was my grandfatherand he was a pioneer in radio,
so I think that's where I gotthe gene from.
So here in studio with me iswait for it an official drum
(01:01):
roll.
Okay, she did her own drum roll.
Hello, shelly, hello, yay.
So y'all remember, when wereloaded the podcast, we said
that she would have to be onfive podcasts, which would be a
month plus one week, and this isepisode number 30.
(01:24):
So she has made it fiveconsecutive shows and so she is
an official co-host.
Speaker 1 (01:33):
Yay.
Speaker 2 (01:34):
Remember, it's still my show and you're not going to
take it over, but we kind of I'mstill planning it.
Yeah, I mean it's kind of likemilitary rank right.
Speaker 1 (01:42):
I mean.
Speaker 2 (01:43):
You know, it's just a natural progression, right.
You come in and then now you'reup to.
Speaker 1 (01:48):
Yeah, I'm just a cadet right now, but I'm working
my way up.
Speaker 2 (01:51):
Yeah well, you know what?
That's right, you're anofficial cadet.
Yeah Well, we are here inCentral Florida and had a little
thunderstorm move in, and wealso had this wicked ground loop
that we had to get settledbefore we could start
broadcasting.
So for y'all that don't know, aground loop is when you have
(02:14):
multiple paths to ground withaudio devices and mainly on
microphones.
So we do have a dual microphoneset up here, and so we had to
figure out where that dual pathcame from, and we figured it out
.
So here we go.
The other thing is is that wedid get a little bit of feedback
and her angelic voice.
(02:36):
We were told hello, shelly'sangelic voice was just a little
too low, and so now she is usingthe Heil P40 mic and we're
hoping that that in-firedmicrophone will help bring her
voice out some.
So, needless to say, we arerocking and rolling.
(02:57):
So what do we get for them thisweek, shelly?
Speaker 1 (03:04):
open source intelligence open source
intelligence.
Speaker 2 (03:08):
They call that ozent ozent ozent ocent ocent it
almost sounds like a derogatoryterm right when you like drop,
uh, drop your phone and you'relike ocent, but but it's really
O-O-O with some kind of Goshdang it.
Yeah, some kind of OSINT.
(03:29):
Yeah, osint, maybe that'sRussian OSINT.
Speaker 1 (03:34):
O-S-I-N-T.
For those who don't know.
Speaker 2 (03:38):
Yeah.
So, as we've been watching thenews this week, there seems to
be a lot of stuff in politicswhere the Russians have some
information on Hillary Clintonand they were going to release
it.
Hillary Clinton becamepresident, but she didn't become
president.
(03:58):
And so now, like I always say,no matter what side of the aisle
you're on, you know we talkabout technology and politics.
And so now the director, tulsiGabbard, has declassified some
of the intelligence, and this isall leading to what we're going
(04:18):
to talk about today.
There's different intelligence.
Now, it's no secret, you canGoogle, search me and find out
that I worked for one of thegovernment agencies, and so you
know we dealt in intelligence.
We would gather theintelligence and through
different means, and with thatwe had SIGINT, and I think on
(04:41):
some of the podcasts we'vetalked a little bit about SIGINT
.
Speaker 1 (04:45):
But signal intelligence, signal
Intelligence.
Speaker 2 (04:47):
Signal Intelligence.
That's exactly what it standsfor.
And then the CIA.
They're mostly into what theycall human.
Speaker 1 (04:56):
Human Intelligence.
Human Intelligence.
Speaker 2 (04:58):
So these are intelligent sources, either
through signals or through humansources, but today we want to
talk about OSINT, which is opensource intelligence.
Now, OSINT there's a linebetween the two.
(05:19):
Okay, OSINT is taking thingsthat people post out on the
Internet or companies post outon the Internet, and whereas
signal intelligence is usuallygathered through clandestine
means, which means if you arerunning a SIGINT collection at
(05:42):
your house, on your neighbor'shouse or at your office, on one
of your co -workers hello Shelly, welcome to jail.
You cannot do that right.
Speaker 1 (05:54):
Exactly.
Speaker 2 (05:55):
Because that is illegal.
Right and as we know, schumann,is the passing of secrets that
humans know is the passing ofsecrets that humans know, so
that's illegal also.
So the Russians claim to havesome intelligence that they were
going to release on HillaryClinton, and they probably got
it through human sources, butthere's other ways that maybe
(06:19):
they could have got to thatinformation, using OSINT or open
source intelligence.
So, shelly, why don't you tellus a little bit about OSINT?
Speaker 1 (06:29):
So open source intelligence is gathering
information from public data sothat could be from the web or
from Facebook or Twitter andusing it to gather intelligence
on someone.
Speaker 2 (06:48):
So, exactly right, with OSINT, there's kind of four
pillars of it, there's fourprocesses of it, and this is
true really for any of theintelligence gathering.
There's collection right.
You're going to collect thisdata from a bunch of data
sources and then you're going toprocess this data and then,
(07:10):
after processing the data,you're going to analyze the data
and then you're going todisseminate the data and
essentially what you're doingwith OSINT data sources is like
each one by themselves reallyisn't that big of a deal, or
(07:33):
isn't earth shattering right.
But if you combine multipleOSINT sources, like some data
from Facebook, some data fromTwitter, it's like putting a
puzzle together.
Speaker 1 (07:48):
Exactly, it's like putting Of information, yeah.
Speaker 2 (07:51):
It's like putting a puzzle together with the
information to produce a storyor some kind of intel that would
not be known without puttingthese together.
We're going to dive into this alittle deeper, but before we do
that, I went out to some ofyour social media sites Insta,
(08:18):
that's what the kids say, by theway.
Now it's Insta, I guess it'stoo much to say Instagram.
Speaker 1 (08:23):
Insta.
Speaker 2 (08:24):
Your Facebook.
I, I think, has it your twitterbut you, you are the self
indoctrinated, educated oscentqueen.
I mean, I think it actuallysays that I'm I'm oscent queen
oh, I know that's bad.
Speaker 1 (08:43):
I shouldn't say that.
Speaker 2 (08:46):
So what she's saying is, ladies and gentlemen, is
that she's already profiled allof y'all and put some good
intelligence together, andshe'll be disseminating those
here very soon, unless you sendher some Bitcoin or something.
Speaker 1 (08:57):
Yeah, exactly.
Speaker 2 (09:18):
Hold on, let me get my wallet ready.
Yeah, so why don't you give usa real world example of how you
used OSINT, in a playful kind ofway, with a particular family
member that may or may not lookexactly like you?
What y'all don't know is HelloShelly.
There's a Hello Shelly also, Iguess.
Speaker 1 (09:25):
Yeah, there's a Hello Shey also, I guess.
Yeah, there's a hello.
Speaker 2 (09:26):
Shelly too hello shelly too.
Speaker 1 (09:27):
It's like yin and yang and thing one thing too I.
Speaker 2 (09:31):
I like the yin yang twins.
Isn't that like a rap?
Speaker 1 (09:34):
group that is right.
Speaker 2 (09:35):
So shelly is going to tell us all in the world how
she used oset to run a littleoperation against her twin
sister.
Speaker 1 (09:45):
Oh gosh, she's going to kill me for this.
By the way, that's okay, we gotenough.
We got enough.
My family already knows.
Speaker 2 (09:51):
Okay, it's all right, we have enough Oset dirt on her
.
We'll just put it out there onX.
Speaker 1 (09:57):
So my sister and her fiancé.
Speaker 2 (10:01):
Fiancé Is that.
Speaker 1 (10:02):
French Fiancé Fiancé.
Is that French Fiancé Fiancé?
Yes, and fiancé is the same,both male and female.
But it's spelled differently,but it's said the same in French
.
Speaker 2 (10:10):
Anyways, parlez-vous français.
Speaker 1 (10:12):
Yeah, parlez-vous français.
Speaker 2 (10:14):
Okay, tell us the story.
Speaker 1 (10:15):
So my sister and her fiancé went and traveled over to
a like Asian country, and so inthe middle of her travels she
had turned off her location onher phone.
Speaker 2 (10:38):
Oh, is this the story that coincided with a possible
engagement or something likethat?
Is that why they traveled there?
Speaker 1 (10:46):
I think yes, so I think that was supposed to
happen, but I'm not sure whythat didn't happen.
Oh my, gosh.
Speaker 2 (10:53):
Okay, we're off track here, but that's a good one.
We'll talk after we get donewith the podcast.
Speaker 1 (10:58):
So she turns off her location she's in an Asian
country.
Yeah, she's in an Asian countryand how I kind of knew that she
had turned off her location.
It says that last known wasfour hours ago.
So I'm like okay, but I'm onFacebook and I see a post that
(11:18):
she put on there and it was justa photo of some ornate
structural like I'm trying toremember how, like, how to
describe it.
Speaker 2 (11:32):
It's like those wooden structures they have.
Speaker 1 (11:34):
Yeah, kind of like when you walk in the Chinese
restaurant and it has likestatues on it, yeah, okay, and
vases and stuff.
So anyway, I'm like okay.
I'm like okay.
(12:04):
So she wasn't.
I tried texting and calling herand she wasn't texting me back
and wasn't calling me back.
So I thought, okay, well, I'mgoing to figure out where she's
at.
So remember, where in the worldis Carmen?
Speaker 2 (12:19):
San Diego, oh, yeah, I used to watch that all the
time, okay.
Speaker 1 (12:24):
So this is where in the world is Shelly's twin Yep?
So I'm like, okay, so I'm goingto figure out where she's at.
I know she's in an Asiancountry, so I took her photo and
put it into.
First I decided to put it intoan EXIF tool data tool.
Speaker 2 (12:46):
What is EXIF data tool?
Because that's an OSINT tool,right.
Speaker 1 (12:49):
Yes.
Speaker 2 (12:49):
So her location's off .
She posts something on Facebook.
Speaker 1 (12:53):
Right.
Speaker 2 (12:53):
And you're like, hey, let me see what all I can
figure out from this tool Right.
Speaker 1 (12:58):
So this tool gives you, like date and time, the
device, the photo was taken on,the location.
Speaker 2 (13:06):
All of this from a photo, right, right.
So my mom loves taking photos.
And so she does all this, soyou can basically process those
photos and find things.
Speaker 1 (13:15):
Yes.
Speaker 2 (13:15):
Okay.
Speaker 1 (13:17):
So, fun fact, I learned how to do this when I
took photography class.
We use exit tools Anyway, soI'm like, okay, so I'm not
getting any information.
It's showing the date of thephoto when it was posted on
Facebook.
So, apparently, come to findout, facebook strips all the
(13:37):
data off the photo.
Speaker 2 (13:39):
Oh, to help with the privacy part.
Speaker 1 (13:42):
Yes, so I thought okay, so this is.
I need to dig further.
So I used one wonderful toolthat a lot of people know about.
It is actually ChatGPT.
Speaker 2 (13:58):
Oh, wow, yeah, I mean we've been teaching a couple of
classes on ChatGPT and yeah.
So tell us, what you did.
Speaker 1 (14:06):
So I put the photo into chat GBT and I kind of gave
it a story right.
So I set up my prompt saying Itook this photo overseas.
Can you give me a list ofhotels in Asian country that has
(14:28):
this identical or same ornatestructure?
Speaker 2 (14:34):
Wow, that's very interesting.
That's the first time I've everheard seriously and I know a
lot of hacker type people butI've never heard of taking that
picture and putting it, becauseusually you know, I mean I run
XF tools also and if it, youknow, a lot of times you know it
does get stripped down unlesssomeone sends it directly to you
.
So, so you take the picture ofHello Shelly too.
Speaker 1 (14:59):
Yes.
And you upload it and you tellchat, gpt where is this, or what
hotels and she mentioned notmalaysia, but I don't remember
the country at the top of myhead, but I did put in a
specific country in thatvicinity to narrow down my
(15:21):
search, and so it gave me top 10list of hotels, because I did
find out from her that they werestaying at a hotel somewhere
overseas, and so I kind of putthe pieces together.
Okay, she's over there, they'restaying at a hotel.
This photo to me looks likeit's in a hotel, cause you can
(15:42):
just kind of tell.
Maybe I could post the photo onmy website just for to give you
know an example.
So, anyways, I went througheach list or each item on that
list of hotels, and I got to the.
I got to the first one, andthis is funny.
I'll explain two things.
(16:02):
I did so with the first link Iwent to their website.
Some, some of the websites areduds, like they don't have
photos or they don't showanything.
So I went through the first one.
Not many photos.
I'm looking at the ceiling, thewall, the windows, anyways.
So the first one was a dud.
(16:24):
The second one was a dud.
The third one looked verysimilar.
I was like, ah, I think I knowwhere this is.
So I went to YouTube.
Here's another source for youguys.
I went to YouTube and looked upa tour video of the lobby and
the guy pans around and boom,there it is.
That's the ornate structuralstand thing in this photo.
Speaker 2 (16:50):
That is very scary to know that, just off of a photo
that was uploaded to Facebookand knowing that Facebook has
measures in place to keep that,you know, to keep that ex of
data out of there, you were ableto use AI and you knew she was
(17:11):
in an Asian country.
Speaker 1 (17:13):
I mean just those two together.
Speaker 2 (17:15):
Yeah, and you were able to track her down.
Yes, that's absolutely scaryand amazing.
Speaker 1 (17:22):
Yeah, and I just used open, open AI but chat, gpt and
youtube and the, the website tothat hotel to put all the
pieces together.
Speaker 2 (17:35):
wow, I think that the wife of the ceo at the coldplay
concert.
She didn't even have to use anyoscent because I mean, I was
just plastered right there.
But yes, but you know the samething.
Just a simple picture can cando that.
So the one thing that we wantto tell everybody is is that a
(17:59):
lot of times, folks think that,well, I don't give them my
credit card number, I don't givemy social security number, but
all of this information that wepost out there can be used to
create a dossier.
Right, and Speaking of that,while we were just here in the
(18:21):
middle of this podcast, I poppedup one of my favorite OSINT
tools, and I'm going to leavethis tool unnamed just because I
don't want to enable people touse this Because a lot of times,
I mean.
Speaker 1 (18:35):
There's a fine line between and you can't cross like
.
If you're using it for fun,like as in like a family member
or something, and they know whoyou are right, Then that makes
kind of a difference.
But if you're trying to stalksomeone or use it against
someone for very bad means, thatis not the right way to go
(18:57):
about it and that can get you introuble.
Speaker 2 (19:00):
Exactly so.
Everyone knows my older brother, which I will leave his name
anonymous, but I'm sure y'allcan track down who he is.
I think this guy is like theking of social media.
I think he's on social mediaplatforms that we don't even
know about yet.
And I just put in a piece ofopen source intelligence that I
(19:21):
know of him, which is his emailaddress, and from that I got 15
hits on him.
Right now I can tell you a lotof the platforms he's on, which
(19:43):
is Microsoft, and the last timethis tool got a hit on him was
7-23, which was yesterday, so Iknow he's using Microsoft.
I can see that some of hiscredentials have been breached
on some of these websites.
And because of that now we knowwhat other social media sites
(20:03):
he's on.
We also grab all of his screennames, because some of them he
uses.
Speaker 1 (20:10):
I don't want to give it out, but we know one of his
favorite swimwearers and that'sin his name.
But yeah, what else do I get?
Speaker 2 (20:18):
Just a lot of information on here.
Linkedin, there's a.
I'm just looking through all ofthis stuff.
I guess at one time he had AT&T.
Speaker 1 (20:26):
Wow.
Speaker 2 (20:27):
Because there was a breach that happened and his
email address has popped up inthere.
Now, what we can do now isstart putting this information
together and maybe we want totry to send him spear phishing
emails, or maybe we want to tryto get into those accounts.
Let's say we want to get intohis Facebook account.
(20:50):
Well, from this OSINT tool thatI'm using, I can see the
username and some of thepasswords that he's used in the
past, and these usernames andpasswords are on.
I would say they're not tierone sites like Facebook, and
(21:10):
that I mean some of these onesI've never even heard of.
But I guarantee you dollars todonuts because we all do it
besides us in the security world.
No, even us in the securityworld do this.
Speaker 1 (21:22):
Oh yeah.
Speaker 2 (21:23):
We reuse usernames and passwords.
Speaker 1 (21:26):
Yep.
Speaker 2 (21:27):
And now you can see this is where you start crossing
the line from OSINT intoactually compromising an account
, right, and this is where youwere talking about.
You know, there's a fine lineand there is a very fine line.
And anybody that uses thiscould well.
Actually they would be breakingthe law.
But what's even reallyinteresting is that now, from my
(21:49):
open source intelligence, hehas a Yelp account.
Wow, and now I can look at hisYelp account and see what
reviews and stuff, whatrestaurants?
maybe he put not even that part,but like restaurants and stuff.
You know if you can get intothis thing and you know what's
scary?
Speaker 1 (22:05):
You can learn someone's pattern of life that
way as well, if they're using itlike all the time.
Speaker 2 (22:12):
Yeah, definitely, and so what we're trying to explain
to folks is one is this wholething with OSINT right Lots of
data sources from all thesedifferent sources that get fused
together to create somethingthat he may not want the public
to know.
Now, moving right along withthis, when you see things that
(22:37):
get leaked by journalistsbecause journalists use OSINT,
your employer uses OSINT.
Whenever I worked for anothersecurity company, they had a
whole product that its only jobwas to scrape and search the
internet for this, and sothere's ramifications that you
(22:58):
can have by putting yourinformation out there.
So journalist, your employerAlso too.
We've seen it on the news herelately the guy that was throwing
rocks but he had his facecovered.
At the ICE vehicles they used abunch of OSINT and different
intelligence, but mainly goingout to his socials and stuff,
(23:19):
and this person was hiding inMexico and they were able to
track him down and go get himout of Mexico.
Here locally, the Polk CountySheriff's Department they had a
person that was wanted forsomething I don't know.
Speaker 1 (23:34):
Yeah.
Speaker 2 (23:34):
And they were actually taunting online the
Polk Sheriff posting stuffsaying hey, come find me, and
stuff.
And these folks that are inthis OSINT world, whether it's
the HR person for a companyyou're applying for or law
enforcement, they are very good.
The tools that we've talkedabout and some of the examples
(23:55):
that we've given here today, Imean this is like just scraping
the kind of like the surface.
Speaker 1 (24:01):
Yeah, the surface Theirs is more into a deeper
dive of specific things.
Speaker 2 (24:08):
Yeah, so one of those professional I guess.
I don't know if they callthemselves professional, because
it's a bunch of citizens thatdo it, but it's a billing cat or
be Belling cat.
Belling cat.
Okay, well, everyone knows thatI'm a math guy ones and zeros
(24:29):
and I would probably spell catwith a K.
But can you tell our audiencehow to get to that website?
Like the spelling?
Speaker 1 (24:34):
Yes, it's a B-E-L-L-I-N-G cat C-A-T, and
that's all together.
Speaker 2 (24:42):
Bellingcat.
Okay, so what they are is acollection of citizens and
journalists, and they have ontheir site, bellingcatcom, some
of the stuff that they havediscovered through open source
intelligence, and one of theones is MH17.
(25:02):
And for those that don'tremember, mh17 was the flight
that took off July, the 17th2014.
And it was shot down overUkraine and it killed 250, 300
people, something like that.
(25:23):
And you know there was a lot ofmisinformation that was out on
the news and most of it was likethe intelligence agencies
supposedly were struggling topiece together exactly what
happened to the jet.
Now we understand it's flyingover a conflict zone or
(25:43):
potential conflict zone, and itjust got shot down, but nothing
was really definitive.
So why they struggled?
There was a small group ofcitizen journalists and they had
their laptops and internetaccess and they were able to
basically crack the case, andthey did it by using Google
(26:05):
Earth and social media.
Part of the reason they weretrying to put all this together
was to say, did it actually getshot down or not?
And you know, traditionalinvestigations like this, they
could take years, if not longer,you know, just to come out with
something, even though you know, we know things are plainly
(26:28):
obvious.
So there was a British bloggerby the name of Elliot Higgins
and he started putting togethersome of the social media
different things and they wereable to look at YouTube and
Twitter at the time before UncleElon bought it and various
social Russian social networks.
(26:51):
You know they have their ownflavors of things over in Russia
and they were able to find avideo that showed a buck missile
launcher driving through thetown and I'm probably going to
mess up this name like Shazin,something like that.
But anyways a town but wasn'treally there.
(27:11):
So what they did was is thatthey used just one photograph
that one of the folks on theteam found and they were able to
confirm the missile launcherdid go through multiple towns
and I believe that one was oneof them.
So they took and knew, becauseeverybody has these phones in
(27:33):
your pocket.
And anyone that's ever workedaround military installations.
That is like a no-no Whetheryou got a clearance or not, they
tell you do not take picturesof anything unless it's
authorized and stuff.
But some of these Russians gota little sloppy.
They're taking pictures of thismissile launcher that was
(27:54):
rolling through town and thenthey started looking at various
timestamps and said that hey,this missile launcher was in the
right spot to do this.
They also saw that this buckyou said the buck's a missile
launcher right B-U-K missile.
Right, they had some reallyidentified markings on there and
(28:19):
they were able to identify thetruck that pulled the missile
launcher.
So that was pretty good.
But the main breakthrough camewhen they found some satellite
imagery showing fresh burn marks.
And so it just so happens thatthe time the missile launched
(28:40):
and it went and did its bit,well, maybe a day or so or hour,
don't know, but a satellitecame overhead and there were
some open source pictures thatcame of that and they could zoom
in because they knew aboutwhere the missile launcher could
be and they found you know, notto be cliche, but the smoking
(29:00):
gun.
They found these burn marksaround that and so they started
chaining all this together.
They had a Russian bucklauncher.
It was in Ukrainian territory.
There's a missing missile, soone had to be launched and they
put it all together.
And what's really interestingis is that probably the
(29:21):
intelligence agencies alreadyknew all of this.
I mean, there's things likeDeafSmack and other
organizations that monitormissile launches and things, but
you know, these folks, usingjust the internet and their
laptops, were able to just showhow powerful this is.
So that is a very good exampleof how you can use open source
(29:47):
intelligence to actually derivemilitary intelligence.
All right, we are at the bottomof the half hour and we
appreciate everybody ridingalong with us and, as always, if
you have any comments orquestions, please send them in,
either through the website.
(30:08):
If you know myself orHelloShelly personally, then you
can always ping us and, ofcourse, always give us feedback.
If you like the show, share theshow.
If you didn't like the show,share the show.
So that's what we need.
We need folks to share the show.
(30:29):
Uh, looking at some of the stats, it's kind of neat seeing where
everybody's listening in from.
Uh, one of our highestcountries outside of the united
states I think this is thesecond highest country that
streams us is German.
That's awesome.
That's really cool.
Yeah, so I don't know a lot ofGerman, even though I am German
(30:50):
descent.
So there's a little piece ofOSINT.
I've leaked to you in mypodcast all kinds of stuff so
you can paint a picture of me.
But, yeah, I'm going to have tolearn to speak a little german
so I can say hello in germany to, uh, some of our listeners.
All right, well, we'll see youall here next week.
(31:11):
Be safe, thank you.
All right, all right, here we go.
It is that time of the week forthe Global Bob Show.
The Global Bob Show.
We are the crossroad oftechnology and politics.
We're back again this week andbroadcasting from the Richard
(00:35):
Lowell Cook Broadcast Facility.
Now, in case some of y'alldon't know or don't remember,
richard Cook was my grandfatherand he was a pioneer in radio,
so I think that's where I gotthe gene from.
So here in studio with me iswait for it an official drum
(01:01):
roll.
Okay, she did her own drum roll.
Hello, shelly, hello, yay.
So y'all remember, when wereloaded the podcast, we said
that she would have to be onfive podcasts, which would be a
month plus one week, and this isepisode number 30.
(01:24):
So she has made it fiveconsecutive shows and so she is
an official co-host.
Speaker 1 (01:33):
Yay.
Speaker 2 (01:34):
Remember, it's still my show and you're not going to
take it over, but we kind of I'mstill planning it.
Yeah, I mean it's kind of likemilitary rank right.
Speaker 1 (01:42):
I mean.
Speaker 2 (01:43):
You know, it's just a natural progression, right.
You come in and then now you'reup to.
Speaker 1 (01:48):
Yeah, I'm just a cadet right now, but I'm working
my way up.
Speaker 2 (01:51):
Yeah well, you know what?
That's right, you're anofficial cadet.
Yeah Well, we are here inCentral Florida and had a little
thunderstorm move in, and wealso had this wicked ground loop
that we had to get settledbefore we could start
broadcasting.
So for y'all that don't know, aground loop is when you have
(02:14):
multiple paths to ground withaudio devices and mainly on
microphones.
So we do have a dual microphoneset up here, and so we had to
figure out where that dual pathcame from, and we figured it out
.
So here we go.
The other thing is is that wedid get a little bit of feedback
and her angelic voice.
(02:36):
We were told hello, shelly'sangelic voice was just a little
too low, and so now she is usingthe Heil P40 mic and we're
hoping that that in-firedmicrophone will help bring her
voice out some.
So, needless to say, we arerocking and rolling.
(02:57):
So what do we get for them thisweek, shelly?
Speaker 1 (03:04):
open source intelligence open source
intelligence.
Speaker 2 (03:08):
They call that ozent ozent ozent ocent ocent it
almost sounds like a derogatoryterm right when you like drop,
uh, drop your phone and you'relike ocent, but but it's really
O-O-O with some kind of Goshdang it.
Yeah, some kind of OSINT.
(03:29):
Yeah, osint, maybe that'sRussian OSINT.
Speaker 1 (03:34):
O-S-I-N-T.
For those who don't know.
Speaker 2 (03:38):
Yeah.
So, as we've been watching thenews this week, there seems to
be a lot of stuff in politicswhere the Russians have some
information on Hillary Clintonand they were going to release
it.
Hillary Clinton becamepresident, but she didn't become
president.
(03:58):
And so now, like I always say,no matter what side of the aisle
you're on, you know we talkabout technology and politics.
And so now the director, tulsiGabbard, has declassified some
of the intelligence, and this isall leading to what we're going
(04:18):
to talk about today.
There's different intelligence.
Now, it's no secret, you canGoogle, search me and find out
that I worked for one of thegovernment agencies, and so you
know we dealt in intelligence.
We would gather theintelligence and through
different means, and with thatwe had SIGINT, and I think on
(04:41):
some of the podcasts we'vetalked a little bit about SIGINT
.
Speaker 1 (04:45):
But signal intelligence, signal
Intelligence.
Speaker 2 (04:47):
Signal Intelligence.
That's exactly what it standsfor.
And then the CIA.
They're mostly into what theycall human.
Speaker 1 (04:56):
Human Intelligence.
Human Intelligence.
Speaker 2 (04:58):
So these are intelligent sources, either
through signals or through humansources, but today we want to
talk about OSINT, which is opensource intelligence.
Now, OSINT there's a linebetween the two.
(05:19):
Okay, OSINT is taking thingsthat people post out on the
Internet or companies post outon the Internet, and whereas
signal intelligence is usuallygathered through clandestine
means, which means if you arerunning a SIGINT collection at
(05:42):
your house, on your neighbor'shouse or at your office, on one
of your co -workers hello Shelly, welcome to jail.
You cannot do that right.
Speaker 1 (05:54):
Exactly.
Speaker 2 (05:55):
Because that is illegal.
Right and as we know, schumann,is the passing of secrets that
humans know is the passing ofsecrets that humans know, so
that's illegal also.
So the Russians claim to havesome intelligence that they were
going to release on HillaryClinton, and they probably got
it through human sources, butthere's other ways that maybe
(06:19):
they could have got to thatinformation, using OSINT or open
source intelligence.
So, shelly, why don't you tellus a little bit about OSINT?
Speaker 1 (06:29):
So open source intelligence is gathering
information from public data sothat could be from the web or
from Facebook or Twitter andusing it to gather intelligence
on someone.
Speaker 2 (06:48):
So, exactly right, with OSINT, there's kind of four
pillars of it, there's fourprocesses of it, and this is
true really for any of theintelligence gathering.
There's collection right.
You're going to collect thisdata from a bunch of data
sources and then you're going toprocess this data and then,
(07:10):
after processing the data,you're going to analyze the data
and then you're going todisseminate the data and
essentially what you're doingwith OSINT data sources is like
each one by themselves reallyisn't that big of a deal, or
(07:33):
isn't earth shattering right.
But if you combine multipleOSINT sources, like some data
from Facebook, some data fromTwitter, it's like putting a
puzzle together.
Speaker 1 (07:48):
Exactly, it's like putting Of information, yeah.
Speaker 2 (07:51):
It's like putting a puzzle together with the
information to produce a storyor some kind of intel that would
not be known without puttingthese together.
We're going to dive into this alittle deeper, but before we do
that, I went out to some ofyour social media sites Insta,
(08:18):
that's what the kids say, by theway.
Now it's Insta, I guess it'stoo much to say Instagram.
Speaker 1 (08:23):
Insta.
Speaker 2 (08:24):
Your Facebook.
I, I think, has it your twitterbut you, you are the self
indoctrinated, educated oscentqueen.
I mean, I think it actuallysays that I'm I'm oscent queen
oh, I know that's bad.
Speaker 1 (08:43):
I shouldn't say that.
Speaker 2 (08:46):
So what she's saying is, ladies and gentlemen, is
that she's already profiled allof y'all and put some good
intelligence together, andshe'll be disseminating those
here very soon, unless you sendher some Bitcoin or something.
Speaker 1 (08:57):
Yeah, exactly.
Speaker 2 (09:18):
Hold on, let me get my wallet ready.
Yeah, so why don't you give usa real world example of how you
used OSINT, in a playful kind ofway, with a particular family
member that may or may not lookexactly like you?
What y'all don't know is HelloShelly.
There's a Hello Shelly also, Iguess.
Speaker 1 (09:25):
Yeah, there's a Hello Shey also, I guess.
Yeah, there's a hello.
Speaker 2 (09:26):
Shelly too hello shelly too.
Speaker 1 (09:27):
It's like yin and yang and thing one thing too I.
Speaker 2 (09:31):
I like the yin yang twins.
Isn't that like a rap?
Speaker 1 (09:34):
group that is right.
Speaker 2 (09:35):
So shelly is going to tell us all in the world how
she used oset to run a littleoperation against her twin
sister.
Speaker 1 (09:45):
Oh gosh, she's going to kill me for this.
By the way, that's okay, we gotenough.
We got enough.
My family already knows.
Speaker 2 (09:51):
Okay, it's all right, we have enough Oset dirt on her
.
We'll just put it out there onX.
Speaker 1 (09:57):
So my sister and her fiancé.
Speaker 2 (10:01):
Fiancé Is that.
Speaker 1 (10:02):
French Fiancé Fiancé.
Is that French Fiancé Fiancé?
Yes, and fiancé is the same,both male and female.
But it's spelled differently,but it's said the same in French
.
Speaker 2 (10:10):
Anyways, parlez-vous français.
Speaker 1 (10:12):
Yeah, parlez-vous français.
Speaker 2 (10:14):
Okay, tell us the story.
Speaker 1 (10:15):
So my sister and her fiancé went and traveled over to
a like Asian country, and so inthe middle of her travels she
had turned off her location onher phone.
Speaker 2 (10:38):
Oh, is this the story that coincided with a possible
engagement or something likethat?
Is that why they traveled there?
Speaker 1 (10:46):
I think yes, so I think that was supposed to
happen, but I'm not sure whythat didn't happen.
Oh my, gosh.
Speaker 2 (10:53):
Okay, we're off track here, but that's a good one.
We'll talk after we get donewith the podcast.
Speaker 1 (10:58):
So she turns off her location she's in an Asian
country.
Yeah, she's in an Asian countryand how I kind of knew that she
had turned off her location.
It says that last known wasfour hours ago.
So I'm like okay, but I'm onFacebook and I see a post that
(11:18):
she put on there and it was justa photo of some ornate
structural like I'm trying toremember how, like, how to
describe it.
Speaker 2 (11:32):
It's like those wooden structures they have.
Speaker 1 (11:34):
Yeah, kind of like when you walk in the Chinese
restaurant and it has likestatues on it, yeah, okay, and
vases and stuff.
So anyway, I'm like okay.
I'm like okay.
(12:04):
So she wasn't.
I tried texting and calling herand she wasn't texting me back
and wasn't calling me back.
So I thought, okay, well, I'mgoing to figure out where she's
at.
So remember, where in the worldis Carmen?
Speaker 2 (12:19):
San Diego, oh, yeah, I used to watch that all the
time, okay.
Speaker 1 (12:24):
So this is where in the world is Shelly's twin Yep?
So I'm like, okay, so I'm goingto figure out where she's at.
I know she's in an Asiancountry, so I took her photo and
put it into.
First I decided to put it intoan EXIF tool data tool.
Speaker 2 (12:46):
What is EXIF data tool?
Because that's an OSINT tool,right.
Speaker 1 (12:49):
Yes.
Speaker 2 (12:49):
So her location's off .
She posts something on Facebook.
Speaker 1 (12:53):
Right.
Speaker 2 (12:53):
And you're like, hey, let me see what all I can
figure out from this tool Right.
Speaker 1 (12:58):
So this tool gives you, like date and time, the
device, the photo was taken on,the location.
Speaker 2 (13:06):
All of this from a photo, right, right.
So my mom loves taking photos.
And so she does all this, soyou can basically process those
photos and find things.
Speaker 1 (13:15):
Yes.
Speaker 2 (13:15):
Okay.
Speaker 1 (13:17):
So, fun fact, I learned how to do this when I
took photography class.
We use exit tools Anyway, soI'm like, okay, so I'm not
getting any information.
It's showing the date of thephoto when it was posted on
Facebook.
So, apparently, come to findout, facebook strips all the
(13:37):
data off the photo.
Speaker 2 (13:39):
Oh, to help with the privacy part.
Speaker 1 (13:42):
Yes, so I thought okay, so this is.
I need to dig further.
So I used one wonderful toolthat a lot of people know about.
It is actually ChatGPT.
Speaker 2 (13:58):
Oh, wow, yeah, I mean we've been teaching a couple of
classes on ChatGPT and yeah.
So tell us, what you did.
Speaker 1 (14:06):
So I put the photo into chat GBT and I kind of gave
it a story right.
So I set up my prompt saying Itook this photo overseas.
Can you give me a list ofhotels in Asian country that has
(14:28):
this identical or same ornatestructure?
Speaker 2 (14:34):
Wow, that's very interesting.
That's the first time I've everheard seriously and I know a
lot of hacker type people butI've never heard of taking that
picture and putting it, becauseusually you know, I mean I run
XF tools also and if it, youknow, a lot of times you know it
does get stripped down unlesssomeone sends it directly to you
.
So, so you take the picture ofHello Shelly too.
Speaker 1 (14:59):
Yes.
And you upload it and you tellchat, gpt where is this, or what
hotels and she mentioned notmalaysia, but I don't remember
the country at the top of myhead, but I did put in a
specific country in thatvicinity to narrow down my
(15:21):
search, and so it gave me top 10list of hotels, because I did
find out from her that they werestaying at a hotel somewhere
overseas, and so I kind of putthe pieces together.
Okay, she's over there, they'restaying at a hotel.
This photo to me looks likeit's in a hotel, cause you can
(15:42):
just kind of tell.
Maybe I could post the photo onmy website just for to give you
know an example.
So, anyways, I went througheach list or each item on that
list of hotels, and I got to the.
I got to the first one, andthis is funny.
I'll explain two things.
(16:02):
I did so with the first link Iwent to their website.
Some, some of the websites areduds, like they don't have
photos or they don't showanything.
So I went through the first one.
Not many photos.
I'm looking at the ceiling, thewall, the windows, anyways.
So the first one was a dud.
(16:24):
The second one was a dud.
The third one looked verysimilar.
I was like, ah, I think I knowwhere this is.
So I went to YouTube.
Here's another source for youguys.
I went to YouTube and looked upa tour video of the lobby and
the guy pans around and boom,there it is.
That's the ornate structuralstand thing in this photo.
Speaker 2 (16:50):
That is very scary to know that, just off of a photo
that was uploaded to Facebookand knowing that Facebook has
measures in place to keep that,you know, to keep that ex of
data out of there, you were ableto use AI and you knew she was
(17:11):
in an Asian country.
Speaker 1 (17:13):
I mean just those two together.
Speaker 2 (17:15):
Yeah, and you were able to track her down.
Yes, that's absolutely scaryand amazing.
Speaker 1 (17:22):
Yeah, and I just used open, open AI but chat, gpt and
youtube and the, the website tothat hotel to put all the
pieces together.
Speaker 2 (17:35):
wow, I think that the wife of the ceo at the coldplay
concert.
She didn't even have to use anyoscent because I mean, I was
just plastered right there.
But yes, but you know the samething.
Just a simple picture can cando that.
So the one thing that we wantto tell everybody is is that a
(17:59):
lot of times, folks think that,well, I don't give them my
credit card number, I don't givemy social security number, but
all of this information that wepost out there can be used to
create a dossier.
Right, and Speaking of that,while we were just here in the
(18:21):
middle of this podcast, I poppedup one of my favorite OSINT
tools, and I'm going to leavethis tool unnamed just because I
don't want to enable people touse this Because a lot of times,
I mean.
Speaker 1 (18:35):
There's a fine line between and you can't cross like
.
If you're using it for fun,like as in like a family member
or something, and they know whoyou are right, Then that makes
kind of a difference.
But if you're trying to stalksomeone or use it against
someone for very bad means, thatis not the right way to go
(18:57):
about it and that can get you introuble.
Speaker 2 (19:00):
Exactly so.
Everyone knows my older brother, which I will leave his name
anonymous, but I'm sure y'allcan track down who he is.
I think this guy is like theking of social media.
I think he's on social mediaplatforms that we don't even
know about yet.
And I just put in a piece ofopen source intelligence that I
(19:21):
know of him, which is his emailaddress, and from that I got 15
hits on him.
Right now I can tell you a lotof the platforms he's on, which
(19:43):
is Microsoft, and the last timethis tool got a hit on him was
7-23, which was yesterday, so Iknow he's using Microsoft.
I can see that some of hiscredentials have been breached
on some of these websites.
And because of that now we knowwhat other social media sites
(20:03):
he's on.
We also grab all of his screennames, because some of them he
uses.
Speaker 1 (20:10):
I don't want to give it out, but we know one of his
favorite swimwearers and that'sin his name.
But yeah, what else do I get?
Speaker 2 (20:18):
Just a lot of information on here.
Linkedin, there's a.
I'm just looking through all ofthis stuff.
I guess at one time he had AT&T.
Speaker 1 (20:26):
Wow.
Speaker 2 (20:27):
Because there was a breach that happened and his
email address has popped up inthere.
Now, what we can do now isstart putting this information
together and maybe we want totry to send him spear phishing
emails, or maybe we want to tryto get into those accounts.
Let's say we want to get intohis Facebook account.
(20:50):
Well, from this OSINT tool thatI'm using, I can see the
username and some of thepasswords that he's used in the
past, and these usernames andpasswords are on.
I would say they're not tierone sites like Facebook, and
(21:10):
that I mean some of these onesI've never even heard of.
But I guarantee you dollars todonuts because we all do it
besides us in the security world.
No, even us in the securityworld do this.
Speaker 1 (21:22):
Oh yeah.
Speaker 2 (21:23):
We reuse usernames and passwords.
Speaker 1 (21:26):
Yep.
Speaker 2 (21:27):
And now you can see this is where you start crossing
the line from OSINT intoactually compromising an account
, right, and this is where youwere talking about.
You know, there's a fine lineand there is a very fine line.
And anybody that uses thiscould well.
Actually they would be breakingthe law.
But what's even reallyinteresting is that now, from my
(21:49):
open source intelligence, hehas a Yelp account.
Wow, and now I can look at hisYelp account and see what
reviews and stuff, whatrestaurants?
maybe he put not even that part,but like restaurants and stuff.
You know if you can get intothis thing and you know what's
scary?
Speaker 1 (22:05):
You can learn someone's pattern of life that
way as well, if they're using itlike all the time.
Speaker 2 (22:12):
Yeah, definitely, and so what we're trying to explain
to folks is one is this wholething with OSINT right Lots of
data sources from all thesedifferent sources that get fused
together to create somethingthat he may not want the public
to know.
Now, moving right along withthis, when you see things that
(22:37):
get leaked by journalistsbecause journalists use OSINT,
your employer uses OSINT.
Whenever I worked for anothersecurity company, they had a
whole product that its only jobwas to scrape and search the
internet for this, and sothere's ramifications that you
(22:58):
can have by putting yourinformation out there.
So journalist, your employerAlso too.
We've seen it on the news herelately the guy that was throwing
rocks but he had his facecovered.
At the ICE vehicles they used abunch of OSINT and different
intelligence, but mainly goingout to his socials and stuff,
(23:19):
and this person was hiding inMexico and they were able to
track him down and go get himout of Mexico.
Here locally, the Polk CountySheriff's Department they had a
person that was wanted forsomething I don't know.
Speaker 1 (23:34):
Yeah.
Speaker 2 (23:34):
And they were actually taunting online the
Polk Sheriff posting stuffsaying hey, come find me, and
stuff.
And these folks that are inthis OSINT world, whether it's
the HR person for a companyyou're applying for or law
enforcement, they are very good.
The tools that we've talkedabout and some of the examples
(23:55):
that we've given here today, Imean this is like just scraping
the kind of like the surface.
Speaker 1 (24:01):
Yeah, the surface Theirs is more into a deeper
dive of specific things.
Speaker 2 (24:08):
Yeah, so one of those professional I guess.
I don't know if they callthemselves professional, because
it's a bunch of citizens thatdo it, but it's a billing cat or
be Belling cat.
Belling cat.
Okay, well, everyone knows thatI'm a math guy ones and zeros
(24:29):
and I would probably spell catwith a K.
But can you tell our audiencehow to get to that website?
Like the spelling?
Speaker 1 (24:34):
Yes, it's a B-E-L-L-I-N-G cat C-A-T, and
that's all together.
Speaker 2 (24:42):
Bellingcat.
Okay, so what they are is acollection of citizens and
journalists, and they have ontheir site, bellingcatcom, some
of the stuff that they havediscovered through open source
intelligence, and one of theones is MH17.
(25:02):
And for those that don'tremember, mh17 was the flight
that took off July, the 17th2014.
And it was shot down overUkraine and it killed 250, 300
people, something like that.
(25:23):
And you know there was a lot ofmisinformation that was out on
the news and most of it was likethe intelligence agencies
supposedly were struggling topiece together exactly what
happened to the jet.
Now we understand it's flyingover a conflict zone or
(25:43):
potential conflict zone, and itjust got shot down, but nothing
was really definitive.
So why they struggled?
There was a small group ofcitizen journalists and they had
their laptops and internetaccess and they were able to
basically crack the case, andthey did it by using Google
(26:05):
Earth and social media.
Part of the reason they weretrying to put all this together
was to say, did it actually getshot down or not?
And you know, traditionalinvestigations like this, they
could take years, if not longer,you know, just to come out with
something, even though you know, we know things are plainly
(26:28):
obvious.
So there was a British bloggerby the name of Elliot Higgins
and he started putting togethersome of the social media
different things and they wereable to look at YouTube and
Twitter at the time before UncleElon bought it and various
social Russian social networks.
(26:51):
You know they have their ownflavors of things over in Russia
and they were able to find avideo that showed a buck missile
launcher driving through thetown and I'm probably going to
mess up this name like Shazin,something like that.
But anyways a town but wasn'treally there.
(27:11):
So what they did was is thatthey used just one photograph
that one of the folks on theteam found and they were able to
confirm the missile launcherdid go through multiple towns
and I believe that one was oneof them.
So they took and knew, becauseeverybody has these phones in
(27:33):
your pocket.
And anyone that's ever workedaround military installations.
That is like a no-no Whetheryou got a clearance or not, they
tell you do not take picturesof anything unless it's
authorized and stuff.
But some of these Russians gota little sloppy.
They're taking pictures of thismissile launcher that was
(27:54):
rolling through town and thenthey started looking at various
timestamps and said that hey,this missile launcher was in the
right spot to do this.
They also saw that this buckyou said the buck's a missile
launcher right B-U-K missile.
Right, they had some reallyidentified markings on there and
(28:19):
they were able to identify thetruck that pulled the missile
launcher.
So that was pretty good.
But the main breakthrough camewhen they found some satellite
imagery showing fresh burn marks.
And so it just so happens thatthe time the missile launched
(28:40):
and it went and did its bit,well, maybe a day or so or hour,
don't know, but a satellitecame overhead and there were
some open source pictures thatcame of that and they could zoom
in because they knew aboutwhere the missile launcher could
be and they found you know, notto be cliche, but the smoking
(29:00):
gun.
They found these burn marksaround that and so they started
chaining all this together.
They had a Russian bucklauncher.
It was in Ukrainian territory.
There's a missing missile, soone had to be launched and they
put it all together.
And what's really interestingis is that probably the
(29:21):
intelligence agencies alreadyknew all of this.
I mean, there's things likeDeafSmack and other
organizations that monitormissile launches and things, but
you know, these folks, usingjust the internet and their
laptops, were able to just showhow powerful this is.
So that is a very good exampleof how you can use open source
(29:47):
intelligence to actually derivemilitary intelligence.
All right, we are at the bottomof the half hour and we
appreciate everybody ridingalong with us and, as always, if
you have any comments orquestions, please send them in,
either through the website.
(30:08):
If you know myself orHelloShelly personally, then you
can always ping us and, ofcourse, always give us feedback.
If you like the show, share theshow.
If you didn't like the show,share the show.
So that's what we need.
We need folks to share the show.
(30:29):
Uh, looking at some of the stats, it's kind of neat seeing where
everybody's listening in from.
Uh, one of our highestcountries outside of the united
states I think this is thesecond highest country that
streams us is German.
That's awesome.
That's really cool.
Yeah, so I don't know a lot ofGerman, even though I am German
(30:50):
descent.
So there's a little piece ofOSINT.
I've leaked to you in mypodcast all kinds of stuff so
you can paint a picture of me.
But, yeah, I'm going to have tolearn to speak a little german
so I can say hello in germany to, uh, some of our listeners.
All right, well, we'll see youall here next week.
(31:11):
Be safe, thank you.
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com