Many people have been using some of the most common OSINT tools and techniques unwittingly. Actually, most people probably don’t even know what OSINT is and what this acronym stands for.
Today I want to go over a tool that everyone with an internet connection has used — on a daily basis — throughout their online life. You guessed it: I am talking about Google and search engines in general. In this article I would like to go over a few cases in which good ol’, regular Google search queries proved to be more effective and efficient than all the fancy reverse image searches together.
I will give you a few examples. Let’s start with Julia Bayer’s March 11, 2019 Quiztime quiz.
It´s @quiztime 🥳!
Easy question, tricky answer 🧐👉 Where did I take this picture?
🥂Reply to just me with your answer
🤝Reply to all for collaboration
🔁Invite others
🤸🏼♂️Good luck with the #MondayQuiz pic.twitter.com/eUkiMxXMQk— Julia Bayer (@bayer_julia) March 11, 2019
Simple Question, Tricky Answer
She warns us that the question might seem easy at first, but once you are at it, it can prove much more tricky than it initially seemed.
The question: “Where did I take this picture?”
Doing a reverse image search with Google or Yandex proved to be fruitless in this particular case. Maybe you — reader, who reads this in the future — will have much better results as reverse image searches keep improving and, sometimes, just give us different results at different times.
My results, however, were rather disappointing. Here you have Yandex:
And here, Google:
Analyzing the Image and Filtering Information
Now, what can you do to find the answer? First, analyze the picture to see if there are any hints where this could be. There is a very obvious one in this picture. I added :orig to the picture’s suffix, so that I could see the picture in its original resolution. Once you do this and have a look at the number plates of the cars, you will notice they all have German license plates and they all start with B or BAR. A quick look online, e.g. on Wikipedia, hints at the Berlin area. This made me focus on Berlin first.
We also see that the apartments are a bit atypical, that is, wood has a very prominent presence in these apartments. This is where I thought, why not just describe to Google what I see in this image?
“Wooden Apartment Berlin”
Wooden apartment Berlin — that’s what I told Google to look for. I opened a new tab and typed that phrase. I went over to the image results and scrolled down a little bit, and that’s when I saw this picture:
It was obviously the same apartment block. Furthermore, Alamy specified they were being built in the Berlin borough of Wedding.
These are two useful hints: Not only have we confirmed that this is Berlin, we also figured out roughly where in Berlin.
We can now try another Google search. Let’s translate the search query to German and add Wedding to the query as well. The query will be berlin weddig holzwohnung (thank you, Google Translate). In which holzwohnung means a wooden apartment.
After this I got the exact street address, as seen below:
Now you might have to do more or fewer steps; this all varies on a case-by-case basis and even if you search for what you found a day or a month ago, results can be different.
Case #2: “Cumhuriyeti ve …”
In a previous article I used a scene from a movie as an example to teach how you can narrow down results. I will use a scene from the same movie, “Kader” (2006). In one scene, the protagonist picks someone up in his cab and drives off. Later on he drives through a tunnel or viaduct. Below you see a video of the scene.
Perhaps it isn’t very clear, but something is written on the viaduct or bridge.
It looks like there is “cumhuriyeti ve …” written on it. You can use Google Translate to find out the meaning. It translates to “republic and …” The final words that were written below this weren’t legible.
How Can We Find It Using a Google Search Query?
You can of course try to do a reverse image search, but I doubt you will have any useful results.
I did the exact same thing as I did with the previous case; I described what I saw in the screenshot.
What do I see? I see a viaduct, a tunnel or a bridge with the words cumhuriyet ve written on it that’s located somewhere in Istanbul on an avenue/street with lots of trees. Now let’s describe this and tell Google what to look for. Please note that you will need quite a bit of patience and you’ll need to try different keywords to find the place in question.
You can try to use the phrase on the bridge/viaduct to find the place. If you do this, I advise you to use advanced search operators. For people who are new to this, a short explanation: You can find exact matches with Google if you place any text between quotation marks, e.g. “I ate a tuna sandwich today.”
As you will see, this will only return exact matches; it will exclude phrases like “today I ate a tuna sandwich” because it’s not exactly the same. This is useful for when you have too many results. Let’s try searching for the same sentence without quotation marks.
As you see, the query above produces too many results. Therefore let’s try with quotation marks.
Now we have far fewer results, just 198.
The problem here is that the sentence is too short and incomplete, so you will still get too many (useless) results.
Therefore let’s try a different approach. E.g. “istanbul viaduct historical.”
This gives us many pictures of the aqueduct in Istanbul, so let’s add -aqueduct to it. The minus operator will filter all results that contain the word “aqueduct” and remove it.
Now there is a structure that looks a lot like it. Some other queries that returned the correct place:
• istanbul arch bridge
• istanbul arch -university -mosque -aqueduct
• istanbul historical bridge -galata -bosphorus
And many more. I only included the English ones but you could have tried in different languages as well.
Bonus: Complete the Sentence
If you click on that picture, you will notice that those letters aren’t there anymore. As a bonus question, you can try to find out what was written there before. You can do a reverse image search with Yandex now that you have a better picture of this viaduct/pedestrian bridge.
It was:
“Cumhuriyeti ve demokrasiyi seviyoruz.”
“We love democracy and the Republic.” But it appears that it has been removed. All we know is that by 2011, it had already been removed.
Conclusion
Tools and reverse image searches are fun, but you really should start learning Google search operators if you haven’t done so already. Some people call this “Google dorking” and it goes much further than what I’ve showed you, but these are the most basic search operators and arguably the ones you will use the most. A combination of reverse image search and search operators complement each other when trying to geolocate something with Google.
For people new to these search operators, here is a comprehensive list.
This post first appeared on the Quiztime blog and is reproduced here with permission.
Youri van der Weide is an independent open source investigator and trainer. He contributes to Quiztime, a Twitter community that seeks to spread knowledge about open source tools and techniques. His work includes investigations for the BBC and other news media outlets.