Open-Source Intelligence (OSINT) and Investigating Cybercrime
Scammers, phishers, and other cybercriminals are much more organized than we think. But it doesn’t take a hacking expert or a criminal mastermind to learn their schemes. Open-source intelligence, or OSINT, lets investigators peer into the world of cybercrime. One investigator in particular has made some interesting discoveries.
See Investigating Cybercrime with Anthony van der Meer for a complete transcript of the Easy Prey podcast episode.
Anthony van der Meer has been an investigative journalist for over seven years, focusing exclusively on cybersecurity, cybercrime, and privacy. In addition, he is a filmmaker producing documentary films on cybercrime and privacy, is an open-source intelligence researcher for one of the biggest news corporations in the Netherlands, and is a visiting trainer for the Clingendael Institute, one of the biggest think thanks in the Netherlands. In his investigations, he dives into the world of cybercrime by infiltrating criminal networks using OSINT and ethical hacking.
How a Film Student Turned to Investigating Cybercrime
Anthony didn’t start out dreaming about hacking and OSINT. He studied film with the goal of making fictional movies. During his studies, though, he was forced to do some documentary work. He discovered that he quite liked it, especially the investigative kind. He enjoyed investigating as he filmed and not knowing what he would have at the end of production.
Because he was interested in film and fiction, he also considered studying psychology. His school didn’t offer a minor in psychology, but there was an exchange program where he could do it at a different institution. Unfortunately, his paperwork was late and he couldn’t apply. He had to choose a minor from his current school.
There were only a couple of minors available, one of which is hacking. It wasn’t specifically about computer hacking, but hacking as a mindset. Hacking isn’t just using tech skills to crack encryptionand install malware. It’s using something in a way other than what it was designed for. Using a coffee machine to cook pasta may be called a “life hack,” but it’s using the coffee machine in a way it’s not intended just like hacking a webcam to spy on someone is using it in a way it’s not intended.
I would define hacking as doing something different with a product than it’s originally designed or intended for.Anthony van der Meer
A Stolen iPhone
Anthony was in Amsterdam having lunch with a friend in a café. A pretty girl came up to him holding a paper covered with nonsense text. She had tears in her eyes, pointing to the paper and asking for help.
Anthony and his friend were confused, and also suspicious. A waitress sent the girl away and apologized for the interruption. She asked if they still had everything. Anthony still had his wallet and bag, but his iPhone, which had been sitting on the table, was gone. The girl had covered his phone with the paper while pointing and used one finger to lift it away.
Find My iPhone was a new feature at the time. Anthony tracked his phone and saw the little dot moving on the map. He and his friend followed it, but as they got close, it went offline. The girl had taken out the SIM card, removing the internet connection so it couldn’t be tracked.
Anthony began to wonder. What happened to a stolen phone in the end? TV shows ended with catching the thief, but didn’t say what came after. And he had been taking notes on his phone at the café. When the girl took his phone, it was unlocked. Could she get to know him through his phone? And what if he could turn that around on a thief?
Putting It All Together
Anthony made a bait phone for the express purpose of getting stolen. It was an Android phone, and he infected it with spyware. He wanted it set up so that even if the thieves did a factory reset, the spyware would still be there.
IT specialists told him it was impossible. Once it was factory reset, they said, everything is gone. But Anthony dug deeper. On the dark web, he found it that it was possible. Not only was it possible, it was easy once you knew how. This sparked his interest even further.
Anthony turned this stolen phone experiment into a film called Find My Phone. It went viral. Since he wanted to emphasize the privacy-focused message of the film, Anthony accepted every interview and media opportunity. It grew, and eventually gave him the opportunity to make more films.
Choosing OSINT Methods
For his first film, Anthony did everything himself. He didn’t have a budget to hire anyone. He learned mostly by online research and doing things himself. The research gave him even more subjects to work on. Research for one film led him to the idea of remote access Trojans. He ended up making a film about how you can buy access to random computers for $0.40 each.
Anthony also did a little hacking. He wanted to demonstrate how easy it was. The hacking experience helped him come up with the concept for Bait, his latest TV show. In Bait, Anthony intentionally falls for scams. He lets cybercriminals, phishing gangs, dating fraudsters, and all kinds of scammers think they’ve caught the perfect victim. Then learns how they operate. Once he knows their process, then he can try to reverse engineer a way into their system and hack them back.
Every time you try to interview a victim, you don’t really get a clear picture of what actually happened. You only get a picture of what they think happened.Anthony van der Meer
Anthony uses a lot of OSINT and open-source research because of legality. A lot of hacking, even ethical hacking, is in a legal gray area. If he doesn’t have to hack, he won’t. Since it’s such a gray area, he does his best to minimize impact. If he can use phishing to find a dating scammer, that’s enough. But sometimes he does have to go further.
The Criminals Uncovered by Investigation and OSINT
In his investigations and OSINT research, almost every scammer he encountered was part of an organized scamming ring. That surprised Anthony. In general, they all used the same methods. And many of them used sophisticated networks of money laundering, which Anthony calls “picker networks.”
One romance scammer he interacted with wasn’t falling for the technical tricks. Anthony tried to get him to download a fake banking app to get an exact location and a picture of him, but he wouldn’t download it. In the end, all they got was a general location from an IP grabber. He wasn’t using a VPN – very few scammers do. Not many people are trying to go after them. So Anthony could see that this scammer was in Ghana.
This location isn’t unusual. In fact, all of the scammers Anthony has investigated have been based in West Africa – mainly Togo, Ghana, and Nigeria. Those areas have some organized criminals, but also a strong youth culture. They would write films and make music videos about it. They often sell their methods online through Telegram channels or dark web forums. Many even add voodoo rituals into scamming. They pay voodoo doctors to help them catch and trap victims.
OSINT reveals that West Africa is also a fairly safe location for scammers. There was some pressure from the G7 to do something about scammers, and Nigeria started a task force to work on the issue. But in the end, all the victims are in the West, or at least not in Africa. They don’t see a point in hunting down people who, in the end, are bringing money into the country.
How Scammer Organizations Work
Running a successful scam is intense work. Some scams, like romance scams and to a lesser extent business email compromise, require a lot of time. And an integral part of any scam is the picker network who launders the money they manage to steal. They all work together.
How a Romance Scammer Targets Your Money
The scammers always start by screening potential victims. They want to know if you have kids. If you do, that’s a risk for them. They might tell you to keep the relationship secret from them. Another question is what kind of house you have and whether you own it or rent it. This is a good way for them to estimate your income.
After the screening questions, they don’t ask about money for a bit. The first few weeks are spent making the connections as solid as possible. They’ll talk to you all the time, asking what you’re doing, how your day was, if you’re home for the evening, and other normal relationship things. One scammer even wanted to have cybersex. They work in groups so it seems like they’re always available.
Once they have that connection, they’ll ask for money. That money will go through a picker network. The picker networks look believable. They have good fronts and genuine-looking websites. And they’ll always have a great excuse for why they need money. It might not even be a story about why the scammer themselves needs money. Some scammers try to get your money by presenting a great-sounding investment opportunity.
How Picker Networks Target Your Money
The first banking account a picker network sent to Anthony was from Turkey. Curious, he wanted to find out how far the network went. He told them if they wanted the money quickly, he could only send through a Dutch account. They sent a new account from a Dutch banking company.
Anthony got six different banking accounts from the same picker network before they got fed up. Eventually they told him it was taking too long and they were going to send someone to get the money in cash. Then he got calls from Belgium and France. There really were people there willing to drive ten or twelve hours to the Netherlands to collect cash.
It Isn’t a Complex Crime
Anthony strung one scammer along for more than three months. Every time he came up with an excuse for why he needed money, Anthony had a new excuse for why he couldn’t send it. At first, he tried to talk the scammer into downloading a fake banking app. It was in the App Store and looked like a real app, but it would have gotten the scammer’s location and taken a picture of him. He did eventually download it, but was too suspicious to use it.
In the end, Anthony bluffed. He told the scammer he knew everything about him and he had one chance to confess. The scammer did. He was twenty-seven years old – the same age as Anthony at the time – and had dropped out of school because COVID had closed them. He didn’t have any way to make money, and his friends helped set him up with this side business of scamming.
This kind of crime isn’t complicated, and often isn’t that technologically sophisticated. Even money laundering isn’t difficult. A little investigation and some OSINT research is enough to find out its’ secrets. Current scammers are selling their methods online. Picker networks are available for hire. And you don’t even have to go on the dark web to do it. Almost any part of the scam you might need can be found on Telegram channels.
All the little things … for instance, buying potential victim leads, renting out a phishing panel, or getting the money mules are all different businesses that you can just find on Telegram channels.Anthony van der Meer
Surprises from OSINT Research
Baiting scammers isn’t the only thing Anthony did to learn about scammers. He also does a lot of research and digging through OSINT resources.
In researching Indian call centers, he discovered how profitable scamming is. He gained access to the systems of three different companies. They made over $15,000 per employee every month. Some of them are smart about it. They get people to sign contracts saying they’re happy with their service and the amount they paid. If the victim tries to dispute the losses, the organization can just show the signed contracts. Anthony even found traces of identity theft and Bitcoin addresses. It’s crime run as a business.
These guys don’t feel any pressure from their law enforcement because they were not even hiding. They were really, really hiding in plain sight.Anthony van der Meer
OSINT in Journalism
Bellingcat is a news organization based on OSINT. Anthony uses many of their OSINT methods. As a journalist, he uses OSINT techniques on images all the time to find and verify stories. Right now, the big story where he uses OSINT to learn what’s happening is the conflict in Ukraine.
Anthony goes into Telegram channels, Facebook groups, and VKontakte (Russian Facebook). The best Telegram groups are ones for small towns or villages, where people talk about what’s happening, and military channels where soldiers like to boast. When he finds images, he uses OSINT techniques to verify if they are real, where they were shot, and when. In longer investigations, satellite imagery is also useful.
Educational institutions teaching journalism are already starting to introduce more OSINT techniques. Journalists can find new stories by checking images. OSINT also offers opportunities to disprove things. In the past, it was hard to disprove something the government said. Now journalists can demand explanations when the official statement doesn’t match what happened in the investigation.
Using OSINT Techniques
OSINT techniques are not difficult to use. Anthony’s favorite method is with Telegram, which is common in Russia and Ukraine. The key is to be familiar with the terminology and slang and be able to search for the right terms. Sometimes Anthony gets lucky in finding one group and learns the vocabulary from there. With scammers especially, he acts like he’s new and they are eager to help because they want to make money off him.
Don’t pay anyone for the information. You can learn a lot by just watching what other people say in the group. Or you can start a conversation and try to get information through social engineering. It’s just a matter of finding the right words, dropping them into Telegram, and joining an open group. Maybe someone links to another group, and you get further. Anthony is in approximately 500 groups right now. If he’s trying to verify an event, he can just type in a date or some keywords and find verification or someone calling it fake almost immediately.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
You’re swiping on an online dating site when you come across someone attractive. You immediately swipe right,…[Read More]
The world’s most anticipated football event is here, and it doesn’t matter where you live – if…[Read More]