airline? piracy? No, only the exploitation of freely accessible digital data, done by Epieos, the young company of Sylvain Hejri, who was invited this week to the International Forum on Cybersecurity (FIC) in Lille in northern France, with the French open source flower. Intelligence (OSINT).
Epieos is an example of this whole group of digital investigators, for their jobs or on a volunteer basis, who are constantly searching the bowels of the Internet to gather information, for a variety of purposes.
Very diverse use of this research
Among my clients, I have many law enforcement, intelligence and insurance companiesexplains Sylvain Hejri.
But I also had a client who specialized in planting artificial turf who wanted to identify who, among his potential clients, used to post negative reviews, to avoid being hired…
Artus Huot of Saint-Albin is using open source investigation for clients of his economic intelligence firm, Axis & Co.
Look for the perpetrators of fraud
To identify the person guilty of text message fraud, start from the phone number in the fake message.
He found many nicknames related to phone numbers on WhatsApp, Telegram, and Facebook, then bounced back to other apps like Roblox (video games).
One thing leads to another, which is that photos made it possible to identify relatives, thanks in particular to the formidable facial recognition app PimEyes.
The scammer ended up being completely identified, with his address in Bulgaria and his Italian passport number, thanks to the company registry.
You must have a methodology Not to get lost in this maze, explains Arthus Huot of Saint-Albin, who used the equivalent of a day’s work to accomplish his task.
This open source information is so rich that the Israeli company Cellebrite decided to market a service to automate this research.
This service is aimed specifically at police and intelligence services, and is able to automatically compare data from a variety of sources, in particular, posts on social networks, to conduct research on a topic or person.
Our platform comes with hundreds of sources, but you can add additional sources if you wish.Explained by Ari Ben Dayan from Clipright.
Others use web mining for civilian purposes. OpenFacto is a young French NGO that today has nearly 400 volunteers.
To his credit, for example, a report in 2020 on violations of the arms embargo in Libya by people in Turkey, carried out only in public sources.
The investigation used all publicly available databases: MarineTraffic (ship tracking), FlightRadar (air traffic tracking), Equasis (ship ownership information), SentinelHub (satellite images), company records and many others. Of course, photos posted on social networks.
We try to identify people who put themselves on stage, and we bet a lot on human stupidityExplained Hervé Litoko, one of the founders of the association.
So, can we find everything online? No, of course not, I answer all those people, who stress in the chorus the need to corroborate information obtained somewhere other than the web.
Be careful, you are going into a very slippery area, because you are very prone to all kinds of manipulationGeneral Serge Cholle, former director of French military intelligence (DRM) and current director of security at Eutelsat (satellite communications), warned.
I was the witness and I was the actorHe said.
ISIS [acronyme arabe pour l’État islamique]They were not partridges of the year, yet they were treated well With the false digital effects left by the French services.