information security – Paul Cimino https://paulcimino.com My story behind the scenes in IT Thu, 16 Apr 2020 14:53:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 https://i0.wp.com/paulcimino.com/wp-content/uploads/2020/04/cropped-LockIO_Security_App_Lock_HD_Icon.jpg?fit=32%2C32&ssl=1 information security – Paul Cimino https://paulcimino.com 32 32 148657413 2020 Trace Labs OSINT CTF for missing persons https://paulcimino.com/2020-trace-labs-osint-ctf-for-missing-persons/ Thu, 16 Apr 2020 17:00:00 +0000 https://paulcimino.com/?p=266

Every 40 seconds, a child goes missing in the United States of America.

https://www.factretriever.com/missing-people-facts

I need to start off by thanking @TraceLabs, all of their volunteers, and the judges for creating and running this event. Up until a month ago I had never heard of them or this CTF and feel they need to get more exposure for the great things they do. Go check out their website and support them. #OSINTforGood

About Trace Labs

This global capture the flag event took place on April 11, 2020 and is a bunch of hackers using their unique skills to find information and leads on missing persons around the world. Teams of up to four people compete against each other and the clock for points with the top three teams winning some pretty sweet prizes. All of the information collected is then compiled and turned over to law enforcement.

The Event

This year had 174 teams and over 550 people participating in the six hour event. My team, Super Sleuthers, was comprised of me, @KH, @edm0nd, and @loopbandit. My mindset going into this was primarily to help law enforcement. Having fun and learning a few things was second. Getting points and winning was a distant third. With so many teams signed up, I didn’t have high expectations on how we would place anyway, plus three of us were new to this. We had a variety of backgrounds and experience levels, so at least we had that going for us.

Points are achieved based on the category of the information we found. We had to give the URL to the data, what it was, why we felt it was relevant, and other optional things like screenshots, pictures, or files. Points were valued starting at 10 for friends up to 5000 for information on their current location.

Categories for the CTF

We had no idea who our subjects would be until the event started with one exception this year. With the popularity of the Tiger King documentary, they included Carol Baskin’s husband Don Lewis who has been missing for almost 23 years. The event started right on time, we logged into the CTF website, and we were able to see our 15 subjects selected for the event. I scanned the list and surprisingly they were all from the US this year. I was happy about that because doing OSINT on people outside the US is exponentially more difficult.

The Process

We had decided ahead of time to use a Slack channel to share resources and communicate during the event. Our plan was to pick a subject, work on it for an hour, and then switch to another subject. This way we could cover everyone, and if we got stuck we knew someone else could pick up where we left off and maybe find a new lead. That is where the mind map software coggle.it came into play. I created a base diagram and we filled in information as we found it. When we switched, we could see what had already been found, links to that info, and what still needed to be researched.

All four of us dove in and it was pretty quite for about the first 45 minutes. Once everyone found their groove we started chatting more, asking questions, and offering help. I think we came together as a team within that first hour. Time was going by very quickly. So fast that I didn’t switch to a new subject after an hour because the one I picked had so many good leads. I had already submitted eight flags and all but one had been accepted.

The Unexpected

After about 3 hours I needed a break just to decompress a bit. This is a good time to bring up one important thing that I was not prepared for, and that is the emotional aspect of this. We hear about missing people all the time in the news, online, and in social media. Probably to the point that a lot of us are desensitized to it. Spending hours on end digging through the social media posts of a devastated family that has lost a child or a close family member takes its toll on you. One of my subjects was a 15 year old girl that had taken her phone and laptop, walked out the door, and was never seen or heard from again. That was 3 years ago. Her phone was never turned on, her laptop had never connected to the Internet, she just vanished. A ghost. From what I could tell, law enforcement had no leads. I found her mother’s Facebook account and it consisted of non-stop posts looking for her daughter. I read through every comment, looked at every picture, and watched every video looking for clues and it was gut wrenching. You could feel the desperation in her posts as time went by, just begging and pleading for her to come home. The county sheriff had several posts and videos asking her to come home, come to the sheriff’s office, reach out to anyone and let them know she was ok. That was tough.

The Struggle

After a short break to clear my head and refocus I got back into it. We had periodically checked the main scoreboard to see how we were doing as a team. Surprisingly we had peaked as high as 20th place during the first half, but we were slipping back now. It didn’t take long for the frustration to return. I felt like I kept hitting dead ends, I couldn’t find new leads, my lack of experience was showing, and I kept getting stuck. I would stare at the screen not knowing what to do, what to try, how to proceed. I kept telling myself this was just caused by inexperience. Go back to the basics. What did I miss? What did I learn in the OSINT class that I hadn’t tried yet? I switched to a new subject to mix it up and started finding clues and submitting flags. I got my groove back.

The Finish

The event only lasted six hours and it was flying by. It was close to midnight and I couldn’t believe we had been at this for almost six straight hours already. We were cheering each other on, helping each other, and submitting everything we could find right up until the last second.

Wow, that was exhilarating. We chatted in the Slack channel while we watched the scoreboard jump around. Wow, we are in 15th place. How the hell did that happen? Then we dropped to 16th….then 17th… An hour after the event ended, I was beat and told my team I was signing off. I didn’t know how long it would be before the final results were in, so I went to bed exhausted.

The Results

I woke up about five hours later. My eyes felt like I had sand in them from lack of sleep, but I had to know. I jumped on my laptop to see if the final results were posted. I rubbed my eyes as I focused on the scoreboard. Is that right? That can’t be right. Holy shit, that is right!

12th place. Made the top 20 the first time, less than 200 points from making the top 10. Wow, total disbelief. But more than that, the four of us had managed 116 submissions that had been accepted by the judges that were going to hopefully benefit some of these families. Not bad for a bunch of newbs.

The Conclusion

This was a really fun event and pushed me well outside my comfort zone. I am so glad I made the choice to do this and would do it again in a heartbeat. Trace Labs has ongoing monthly challenges on their Trello board where you can continue searching for information on newly selected subjects, honing those skills. They also have an active Slack channel to hang out with other OSINT hackers. As you can see from the image above, there is a ton of information that will be delivered to law enforcement. I hope it does some good and returns a loved one.

Next year team Super Sleuthers will be back, and this time we’re going to make the top 10. Just watch us.

]]>
266