Last Saturday the Penn State World Campus Technology Club participated in our second Trace Labs Missing Person CTF. This CTF had close to 200 contestants across 100+ teams and Penn State took 26th place!
Each team is made up of 4 people who work simultaneously over 8 hours using open-source intelligence to help locate missing people. All information gathered in these events is then turned over to law enforcement. This specific event was a global virtual event, however, they do hold in-person events at conferences and other locations.
The night before the CTF, the Tech Club held a virtual meeting to discuss strategy and inform new players about the platform and rules. Many of our club members are new to OSINT techniques so we tried to stick to traditional methods of intelligence gathering over the use of programs such as Maltego.
The CTF platform itself is rather simple to use, and on the day of the event, an email is sent out that allows users to onboard into it. Once logged into the platform, you will find a list of all the missing people for the event, specific details about them and their disappearance, and your pending, approved, and rejected flags. Points are awarded when information is submitted and approved by the volunteer judges. Information falls into several categories that are weighted by difficulty (Friend info 10pts, Employment 15pts, Family 20pts, Dark Web 1000pts, and so on).
As a club, we decided to start with the OSINT Framework. The framework is an excellent place for beginners to start because it illustrates how to pivot from information gathered. Another great source for information pivoting is Michael Bazzell’s OSINT Flowcharts. For example, one of the subjects was a young female with zero social media presence. Our best hope, in that case, was to find her chatty relatives. From her name, we were able to pivot and find her family, her email, her address, and all sorts of relevant information. Learning to pivot is key when doing an OSINT investigation.
Within our team, we decided to split up the subjects and work on finding information separately until hitting a wall. This strategy allowed us to focus for long periods of time and follow clues further than if we had to jump back and forth between subjects. Toward the end, however, we began to fill in information wherever we could to garner points.
Because this CTF was global, several of the missing people were located in other countries. The team had some trouble finding information on the subjects located outside the country. I ended up using specific people searches within the country of origin to help locate some pieces of information.
On the other hand, some subjects had very supportive family or well-known cases which muddied the water so-to-speak. For example, one subject’s disappearance was outlined in several podcasts as well as Reddit theory boards and WebSleuths. While this is great for publicizing a cold case, it does not make it easy to wade through for CTF points.
While the Tech Club placed 26th in this CTF, as you can see by the scoreboard, TheManyHatsClub took the prize! They were followed by Shandyman & The Three Half-Pints in a close second. I am eagerly awaiting the write-ups on their team strategies.
The true winners in this game, however, are the families and Law Enforcement that have hopefully received pieces of new information that can help bring these people home. The investigation is gamified but there is a real family looking for answers behind each subject. I hope that we made even a slight dent in these cases and look forward to updates on the subjects.
If you are interested in helping Trace Labs locate missing people, you don’t need to wait for a CTF event, you can join their slack channel and Trello board to participate in ongoing cases and help all year round.