Every image you post online leaks information about you. This is how anyone can find your location using Open Source Intelligence (OSINT).
Open Source Intelligence In Action – Geolocating a Photograph
Open Source Intelligence (OSINT) is the practice of using public or ‘open source’ information available on the internet to gather intelligence and gain insights on given targets. By combining data sources available online you can find answers to a variety of questions that most people wouldn’t think is possible.
For example, the sunset photo above is one I took a couple of years ago while travelling for work. It’s not an instantly recognisable location. It’s probably not even that recognisable to the people who live nearby. But a motivated investigator can find the exact spot where I was stood when I captured it using this one photograph and information freely available online.
For the rest of this walk-through, I’ll pretend that this is the first time I’ve seen this photograph. I’ll show you how I approach the challenge of finding where any camera stood on Earth when taking any photograph. While methods and results may vary, this is an example of what the OSINT process looks like for this type of scenario.
The Initial Assessment
The first thing I see when looking at this image is a photograph taken from an elevated position overlooking a water tower, a few buildings to the left and right, a couple of car parks or parking lots, and a very flat landscape. Given the elevation of the sun, the image has either been captured early in the morning or late in the evening. The position of the sun in shot indicates that camera looking either eastward or westward, depending on the time of day.
The first thing I’m looking for while examining the image is landmarks. Unique features which provide clues to where the location could be. The most obvious is the water tower with a fragment of text and a decal that looks like a cityscape. I’ll start my search with this.
I don’t recognise the cityscape but the letters are an excellent clue. Searching for ‘NERS GROVE’ on Google search brings back some interesting results.
Google assumes we’ve made a typing error and offers a correction.
Did you mean:
- downers grove
- myers grove
- runners grove
- meyers grove
The first three results all mention Downers Grove near Chicago in Illinois, USA. All four are worth exploring further but I’ll start with Downers Grove before coming back to those with less significance in the eyes of Google. This could lead nowhere and we’d need to start again with a different clue but so far this feels promising.
Digging Deeper with Google
Next, I run a Google image search for ‘Downers Grove water tower’ which gives me exactly what I’m looking for.
There are lots of images of different towers but all of the Downers Grove towers have branding which matches the original image. There also appears to be a big green tree icon at either side of the words ‘Downers Grove’ on all of the towers which can’t be seen in the original photograph. This may be another clue for later if this trail comes to an end.
The good news is that we’ve probably narrowed down the location to a specific country, state, city, and town. The bad news is that all of the water towers have the same decal painted on them. I still need to find the exact tower. The second image result links to a video of water towers in Downers Grove that someone has uploaded to YouTube.
Five seconds into the video, a water tower flashes into view for a split second.
The image shows a water tower with the correct branding next to a parking lot, a road, and based on the windows – an 8 or 9 story building. This building could be the location of the camera from which the original image was taken. Let’s have a look at the matches between our original photograph and this one.
The water tower is the same shape as our original image with matching extrusions on the front/left side. At the base of the tower is a line of trees with a gap for a lamp post in both. The corner of the parking lot has a cluster of trees beside a main road, and the lot itself is roughly the right size. (I’ve adjusted the brightness of the original image samples to make the comparison easier on the eyes.) We can say with a high degree of certainty that these are the same location. If this is true, this means that the building to the right almost certain to be our camera location.
We still don’t know where this building is though… back to Google image search!
Based on the appearance of the structure, it’s either an office building or a residential building. An office building is more likely in my opinion so I’ll start with that.
A search for ‘downers grove office buildings’ returns lots of different buildings in the area. Two of the returned images show a similar-looking structure to the one in our YouTube video. The bottom right image has the tag ‘3333 Finley Road’ which we can presume is the number and street name of the building.
A search for this address on Google images confirms we’ve found our building:
In the background, we can see the water tower and two of the buildings behind it in the original photograph. We also now know that the building to the left in our original is a Fry’s Electronics store (assuming you recognise the logo). Google maps confirms this:
Switching to the satellite view of Google maps we can see the building and surrounding area. It clearly shows the water tower, Frys electronics store, the trees with the gap at the base of the tower, and other recognisable nearby buildings.
To the left of the most recent Google image result shot from a drone, we can see a paved terrace area on the south-east side of the building (the left side in the photograph). From above we can see the same type of paved area in the south-west corner. This is likely to be our camera location given that it is designed for pedestrians and overlooks the landmarks in the original photograph.
Zooming in we can see the detail of the floor and what is possibly the white handrail/shadow of the handrail at the edge of the paving. By now I’m certain that this is the spot from which the photograph was taken.
By aligning the source image with the Google maps screenshot we can verify the location of landmarks within frame. The red lines show the approximate field of view of the camera. Note, some of the tower is blocked from view by the wall of the building, further verification that the viewing floor isn’t the highest point on the building.
What Does This Show Us?
Open Source Intelligence is incredibly powerful. I can track down the exact place on earth where a photograph was taken using data freely available online. Google search, Google images, YouTube, and Google maps were the only things used in this scenario. I can do this from thousands of miles away using nothing more than my laptop.
I can apply the same process to literally any photograph posted online. There are thousands of more data sources available for us to use. If we join enough pieces of information together we’ll eventually find what we’re looking for (more often than not).
What Does This Mean For Our Privacy?
We are not as anonymous as we may think online. Even a simple photograph taken outside our homes can be used to identify our home address using techniques such as those above. Scraps of information can be combined with huge datasets to follow trails of evidence that lead back to a specific location on Earth.
Fragments of road signs, car registration numbers, company-branded vehicles, and landmarks visible in the background of anonymous-looking photographs can all become personally identifiable when combined with the right sources online. While no one piece of information will enable me to say “that’s him”, a cluster of data points will give a match with a high degree of certainty.
If I can do this in 10 minutes with a laptop and web browser, what do you think the intelligence services can do with the tools available at their disposal?