2020 OSINT Quiz Writeup 2/6 – Video and Images

I continue with the 2020 OSINT quiz, this time doing questions for the Video and Images category.

Intro

At the start of the year I decided to do a writeup of the OSINT quiz 2020. If you’d like to know more about the challenge or want to find the first part of this writeup you can find part one here. Otherwise, thanks for sticking with this – unfortunately an unhealthy amount of packet tracer has come between me and this challenge.

SPOILER WARNING - this article will go over everything, so if you're currently playing the quiz or interested in doing so I would advise that you don't continue reading. Sorry, but knowing the answers spoils all the fun.

Question 4

So the ask in question 4 is to find the original version of a photo on a Wikipedia page, to trace the image back to its origins. Once we’ve found the URL of the original, that’ll be the key to unlock the next challenge.

(Also having only just seen the photo I love Funky Bones now for some reason. They’re a cool skeleton called Funky Bones, what’s not to love?)

Having used reverse image search before, I knew what to do pretty much straight away. If you’re new to reverse image search, you can access google reverse image search by just clicking the camera icon on the google images homepage. I personally use google image search, but there are other reverse image search engines out there such as Bing and TinEye. Just like standard search engines, your choice ultimately comes down to personal preference.

Anyway, after putting the URL of the funky bones image into google I decided that I might want to filter the search results to make it more relevant, so that I didn’t need to trawl though a whole lot of guff data. Then I looked at the first page of search results, and the result was there anyway, so I didn’t filter it at all.

Always nice when you have to do far less work than you expect! Anyway, we needed to find the original filename to get the hash. As I wasn’t overly familiar with getty images so I checked a couple of things like the file name in the image preview and the file name when you download with the comp licence, but it’s actually this thing in the details tab at the bottom. I’m not a photographer so IDK why Getty tracks the original filename of a file as a specific thing, but there you go. If you do know what the use case for this is, please comment and let me know, I’m genuinely interested.

 

With that found, all I needed to do was hash it, send it off, and I was done! Unfortunately this also means that we need to leave funky bones behind, but sometimes sacrifices need to be made in service of progress. I’ve set them in as the icon for this post to ensure that they are remembered.

Question 5

The next question requires us to get the exact timestamp of a YouTube video.

After clicking on the video, my first thought was to look at the date listed on YouTube, to see if there was any more information in the HTML. There wasn’t so my second thought was to google it.

The first result recommended something called amnesty international dataviewer. So I clicked the link, and put the video into the box.

That gives us the exact time that the video was posted, which ends up solving the puzzle for us!

Question 6

For our final question for this category, we need to use reverse image search to find the name of the person who first uploaded an image to a wiki site. So, I started how I normally would – by uploading the file into google reverse image search.

Oh dear, there doesn’t seem to be any other sizes that match this image or anything like that. I noticed that the image has a frame on it, so I decided the next step might be to remove the frame so that google can more easily recognise it.

I used the built in crop tool in the windows photos program (I’m sure there’s better programs available) to remove the text.

Aaaaand?

Oh well. I had a quick skim through some of the “visually similar images” but whilst most were graffiti themed none of them were of this building.

Next I tried a method mentioned in the description of the challenge – the “search by image” extension which lets you search multiple reverse image search engines at once. It was pretty easy to use, and once I used it on the image it opened up a whole load of search engines.

Google I’d already tried so I skipped it, Bing was actually pretty cool – it didn’t give me any useful results but as you can see below it actually tells you what the text is, and then I got onto Yandex.

If you haven’t heard of Yandex, it’s basically Russia's google for all intents and purposes. As such I was pretty impressed when Yandex gave a a couple of pretty good results. It gave me the  right image, and not only that, but unlike with google the similar images were actually quite similar.

This gives us a name, “Edward Goldobin” but the only results are him uploading the image to VK, a Russian social media platform. I tried to search for the full image, but no luck. I tried a couple different things, and nothing really seemed to be working. And then, in a flash of mediocrity, I thought “Hang on, this is probably the guy who’d have uploaded this image to a wiki in the first place.” If this were true then I’d probably be able to just put his name in and win. However, that did feel a bit cheap to me.

Good thing it did feel cheap too, because I googled “graffiti Epple haus” (We know that this is the Eppel Haus from the Yandex search results) to do things what felt like the correct way and  got the above, a clearly very similar image posted by someone called Olga Ernst.

Ok, so, comparison time! I lined up the image that started the challenge (left) and the new Wikipedia image (right) up as close as I could, and the images seemed exactly alike.

I think this specific part of both images is worth paying attention to, because on the electrical boxes is the type of graffiti and random detritus that changes all the time – stickers rub off, small bits of graffiti get added, poster get taken down and put up and all that. And yet despite this, these two parts are very clearly exactly the same, meaning that this is almost certainly the correct image.

For the funzies, let’s compare the image that started the challenge (still left) with the image from VK that we mistakenly thought was the correct one (right). As you can see above, they are at a glance very similar images. They both have similar angles and similar lighting.

Just focusing on the area we went in depth with, the first thing that jumps out is how the hell did I miss those bins? Seriously they’re actually a fairly major part of the image, and I didn’t even notice. Lesson learnt – actually check the details of the images before you assume that two images are the same. Luckily. I was right about one thing, the electricity box thing looks massively different, with no poster and an entirely different set of graffiti. If there wasn’t a stonking great bin making it obvious that this is a different photo, the electric box would have a pretty smart way of being able to tell.

With that, the second category was complete!

Conclusion

I really enjoyed this category, definitely more than the last one. The social media category felt very training wheels-y, and whilst those training wheels are necessary for beginners, I think I enjoyed this category more because it felt a fair bit more open ended. That’s the expense for making your challenge accessible to beginners, but it’s absolutely a worthwhile one if it gets more people into OSINT, and I’m sure there’s people out there who thought that this category was too straightforward for them. Admittedly, I did feel like I was kind of bodging my way along some of these challenges (especially the last one), but that’s my fault not the challenge’s, and I do find the wild flailing part of the fun. This was an interesting set of challenges and I’m interested to see where this goes, and how hard it’s going to get.