Unraveling the Where: A Deep Dive into Geolocation (GEOINT) for OSINT
Geolocation, a subset of Geospatial Intelligence (GEOINT), is a fascinating field for Open-Source Intelligence (OSINT) researchers. By using geolocation techniques, researchers can determine the 'where' from photos, videos, and other pieces of information. This post provides an introduction to geolocation (GEOINT), why it's valuable for OSINT research, how to conduct it, and what tools are available to help you along the way.
What is Geolocation (GEOINT)?
Geolocation, in the context of GEOINT, refers to the practice of discerning the geographical location of an object, event, or individual based on various types of data, such as images or metadata. For instance, researchers may use geolocation to determine the exact location where a photo was taken or a video was filmed, providing crucial context to the information at hand.
Why a Researcher May Want to Use GEOINT?
For an OSINT researcher, geolocation can provide a deeper understanding of an event, a person, or a group. It adds an essential layer of context to the data, helping to confirm or refute information from other sources. Whether you're verifying the location of a social media post, tracking the movement of a person of interest, or piecing together events in a conflict zone, geolocation can provide valuable context and insights.
Like other types of OSINT, conducting GEOINT research is a meticulous and multidimensional process that involves the identification, collection, analysis, and validation of data (specifically geospatial data). Geospatial data could come from a variety of sources: it could be the embedded metadata in a digital image or video, distinct physical landmarks that can be discerned from a photo's backdrop, environmental cues such as flora and fauna, or even the shadow direction that might hint at the time of day and, by extension, the geographical latitude.
Step 1: Identifying the Source
Every GEOINT investigation begins with source identification. This step involves determining the origin of the image or video in question. Is it a social media post? An anonymous email attachment? A frame from a surveillance camera? Identifying the source can sometimes provide immediate geographical hints, such as the time zone metadata from a tweet or the GPS coordinates sometimes embedded in a photo's EXIF data (for more discussion on EXIF data and how it can be used, check out this post on identifying fake images and videos).
Step 2: Geospatial Data Gathering
Once the source is established, the next step is gathering as much geospatial data as possible. This might involve scrutinizing the image or video for visible landmarks, like identifiable buildings, natural formations, street signs, or license plates. It could also include analyzing the language or dialect heard in a video, the clothing styles of people, the makes and models of cars, or even the types of plants or animals visible. All of these elements can help to narrow the potential area where the video or image was taken.
Step 3: Data Analysis & Information Gathering
After gathering all the relevant geospatial data, the next step is to analyze it. This might involve mapping out potential locations based on the identified landmarks, using language or cultural clues to narrow down a region, or cross-referencing the visible flora and fauna with known geographical distributions. During this stage, researchers must apply a great deal of critical thinking, as the smallest details can sometimes provide the most significant clues about a location.
Step 4: Location Validation
The final step in conducting geolocation research is validation. This involves taking the potential locations identified during the analysis phase and verifying them using additional sources or techniques. This might involve checking street view images on mapping services, looking for additional images or videos from the same location, or even reaching out to local sources or experts for confirmation.
Tools for GEOINT
There are a rich array of open-source tools which can be used for GEOINT. These tools, ranging from simple mapping platforms to complex geographic information systems, cater to a variety of research needs and skill levels.
Mapping and Imagery Platforms
Google Maps and Google Earth stand out as two of the most popular choices for GEOINT. They offer a user-friendly interface, high-resolution satellite imagery, and detailed street-view images. Google Maps is particularly useful for basic location lookups, route planning, and terrain viewing, while Google Earth excels at providing 3D views of locations and allowing users to explore historical imagery, a feature that can be instrumental in dating an image.
Reverse Image Search Engines
When it comes to identifying the origin of a picture, reverse image search engines are invaluable. Google's Reverse Image Search and TinEye stand out in this field. Both allow users to upload an image and scour the internet for visually similar images. Google's offering benefits from its vast search database, while TinEye is appreciated for its ability to track an image's spread and modification over time.
More Specialized Tools
For more complex analyses or when the standard tools fall short, Yandex's reverse image search capabilities and QGIS come into play. Yandex's, reverse image search feature is especially powerful; often uncovering image matches that other search engines fail to identify.
QGIS is an open-source geographic information system that allows for advanced geospatial analyses. With QGIS, researchers can overlay different data sets, conduct spatial queries, and carry out geoprocessing tasks. It's a more complex tool that requires some learning, but it opens up a wealth of possibilities for in-depth geolocation research.
A Practical Example: Solving a Geolocation Puzzle
To highlight the effectiveness of GEOINT tools and methodologies, I will share the process for how I identified the location where a specific photo was taken. The photo was initially shared via the Verif!cation Quiz Bot Twitter account (@quiztime) by master OSINTer, Sector035 (@sector035) 04 MAY 2022. As an aside, I highly recommend reading through Sector035's Week in OSINT posts on their website, as they are a wealth of knowledge!
Step 1: Download the Image
The first thing I did was to download the image. This is a good practice in OSINT, as it ensures you have a hard copy of the evidence in case it is removed or altered online.
Step 2: Initial Assessment
I loaded the image into a magnifying tool (the Fake News Debunker by InVID and WeVerify is excellent), hoping to identify any signs, recognizable landmarks, or other visual data that could help narrow down the location. I was particularly on the lookout for things like signage, distinct architectural styles, the layout of the streets, or even specific flora that could hint at a particular geographical region. Unfortunately, no immediate clues jumped out at me.
Step 3: Reverse Image Search with Google
With no immediate leads from the image itself, I turned to reverse image searches on popular search engines, starting with Google. Reverse image searches can often reveal if the same or similar images have been posted elsewhere on the internet, which might provide location details.
Step 4: Trying Different Reverse Image Search Engines
Google's reverse image search didn't yield any useful results, so I turned to Yandex. Yandex, a Russian search engine, is often praised for its superior reverse image search capabilities, so it seemed a good choice for a second attempt.
Step 5: Identifying Similar Images
While my search didn't find any exact matches for the image (aside from those posted by other OSINTers and the Verification Quiz Bot), it did identify an image that shared some similar features (architecture, stairs, glass, shape of the building) but from a different angle. This image was found on the website https://chronicletechno.com/21301-25-cities-of-the-future/.
Step 6: Finding a Potential Location
Scouring through the website, I came across a location that seemed to match: Brussels, Belgium. It was by no means a confirmed match, but it was a start.
Step 7: Verifying the New Lead
To verify this lead, I took the newly-found photo and ran it through another reverse image search, starting again with Google. This search yielded more promising results.
Step 8: Identifying the Building
The results from this search pointed to the potential building being the SQUARE Brussels Meeting Centre, a conference center located at Mont des Arts, 1000 Bruxelles, Belgium.
Step 9: Using Google Earth to Verify the Location
While the building from the new photo seemed to match the one in the initial photo, the angle, and color differences made it difficult to be certain. I needed to dig deeper.
I used the address of the SQUARE Brussels Meeting Centre to look at the area on Google Maps. By exploring the surrounding area with the "street view" feature, I was able to find an angle that matched the initial image. This allowed me to identify several points of comparison between the initial image and the "street view," further solidifying my confidence in the location.
Step 10: Conclusions
After thoroughly examining all the evidence and cross-referencing the details, I was able to confidently say that the initial photo was taken outside the SQUARE Brussels Meeting Centre in Brussels, Belgium.
In the images below, I outlined the similarities that helped to confirm the location. The first similarity (1) was the building with its windows near the roof in the background of the initial photo. In both images, the building is located on the left in the background of the building. The second similarity was the distinctive nonvertical frames of the windows on the primary glass building (2). The third similarity was the staircase, which had a similar angle, and handrail (3). Following the advice suggested by OSINTer extraordinaire Micah Hoffman (@WebBreacher) to make our intelligence more accessible (especially to those who may be colorblind), I used high-contrast arrows and labeled numbers rather than the more traditional colored boxes.
As an aside, if you aren't following Micah on his blog or Twitter, you are missing out on a wealth of knowledge. Starting out in OSINT, his tips, tricks, and instructions were invaluable.
Conclusion and Upcoming Walk-Throughs
This introduction provides just a taste of what geolocation (GEOINT) can offer to OSINT researchers. In future posts, I'll be sharing other walkthroughs showcasing GEOINT techniques.
As part of my ongoing work as a researcher and OSINT instructor with the International Institute for Counter-Terrorism I regularly conduct training sessions with interns. As I was working on a presentation to introduce interns to geolocation and geospatial intelligence (GEOINT) for OSINT research, I decided that it may be worthwhile to write it up and share my insights/examples here. I would like to give special thanks to @Sector035, @WebBreacher, and @Gralhix. By carefully following their work, I have been able to build my GEOINT skills.
While the primary author of this article is fully human, some sections were sprinkled with a dash of AI magic, courtesy of a popular, friendly AI assistant. But don't worry, we haven't reached the level of "Skynet" yet. No computers were harmed, no rogue AIs took control, and the author still had to do the heavy lifting of thinking, researching, and typing out the majority of the article.
So, if you found a particular turn of phrase charming or a sentence structure intriguing, there's a chance it was born from a harmonious collaboration of human and artificial intelligence. However, if you spot any typos or grammatical errors, those are all human.