Gralhix OSINT Exercise #001

Welcome back to Points Unknown! If you’re just joining us, I recently embarked on a journey to sharpen my open-source intelligence (OSINT) skills by solving a series of challenges created by Gralhix. In this post, we’ll dive into the first exercise and explore how a structured approach can help us tackle even the most intimidating geolocation tasks.

To approach this, I’m going to make use of a simple but powerful framework that I’ve come across in Deep Dive: Exploring the Real-world Value of Open Source Intelligence by OSINT professional Rae Baker.

• Context: This refers to any information about the image that isn’t contained within the image itself, such as captions, timestamps, or other metadata. Paying attention to context can provide valuable clues about the location, time, or circumstances surrounding the photograph.
• Foreground: The foreground consists of the elements in the image that are closest to the viewer. These might include people, vehicles, buildings, or other objects near the photographer. Analyzing the foreground can help us identify unique features or landmarks that could be used to pinpoint the location.
• Background: The background encompasses the elements that are farthest away from the viewer, such as mountains, skylines, or distant structures. While these elements may be less detailed than those in the foreground, they can still provide useful information about the general setting or landscape.
• Map Markings: Map markings are specific features within the image that can be used to orient ourselves when comparing the photograph to satellite imagery or maps. These might include the shape of a building, the layout of a road, or the position of a distinctive tree or other landmark. By identifying map markings, you can more easily match the image to a specific location.

By working with each of these categories, we can gradually piece together the clues and narrow down the possible locations until we arrive at a precise answer. This structured approach to geolocation is invaluable for anyone looking to verify the authenticity of an image, investigate a mystery, or explore the world through open-source intelligence.

Let’s see this approach in action.

Contextual Clues: Trustworthy or Not?

Right off the bat, we have some context to consider by way of the caption and timestamp of the tweet:

In the morning, the cities display their beauty and present themselves to the newcomers.. The beautiful city of Kiffa has shown its virtues this morning!! 1:45PM Feb 20, 2013

Some potentially interesting information there, but can we trust it?

People can and do misrepresent where they’ve been for all sorts of reasons, and sometimes even the best of us get mixed up and make mistakes. To help navigate this question, I’m going to pull from another OSINT practitioner, Ryan McBeth who often references IDC 203 when he’s working through an OSINT task. IDC 203 is a document establishing analytic standards from the United States Director of National Intelligence. He regularly refers to it as a gold standard to guide and evaluate analysis, and I can see why it would be helpful to any intelligence analyst.

There’s a lot of good stuff in IDC 203, but I want to draw our attention to this helpful chart to assess how likely something is:

In intelligence analysis, there are rarely absolute certainties. While Gralhix’s tweet may contain misleading or inaccurate information, we need to assess the likelihood that it includes reliable details that can aid our search.

Based on the following considerations, I estimate that it’s likely (55–80%) that the information accompanying the image is accurate:

1. People often share their locations on social media. This particular caption reads like the kind of sharing people do to showcase their adventures off the beaten path.
2. We have no indication that the author might want to conceal their whereabouts.
3. Kiffa is not in a conflict zone or an area where people might be more inclined to misrepresent their location.

Let’s take a closer look at the context provided and identify the elements that might help us pinpoint the location for this exercise.

In the morning, the cities display their beauty and present themselves to the newcomers.. The beautiful city of Kiffa has shown its virtues this morning! 1:45PM Feb 20, 2013

While the mention of Kiffa is obviously a significant clue, you might be wondering how the time of day or date could matter when determining a location. The answer lies in a single word: shadows.

Shadows can provide a wealth of information, including the direction the photographer is facing. The length and orientation of shadows depend on the position of the sun in the sky, which varies based on the time of day and the time of year.

Kiffa, Mauritania image from Google Earth Pro

Context: A Closer Look at Kiffa

Since we’ve determined that the tweet’s caption is likely reliable, it’s worth taking a brief moment to familiarize ourselves with Kiffa. While it may not be a well-known location for many, a quick search on Google and Wikipedia reveals that Kiffa is a large town in the northwest African country of Mauritania.

A glance at the Google Images search results for “Kiffa Mauritania” further confirms that the buildings and terrain in our target image are consistent with what we see in other photographs of the town.

The single-story structures, sandy terrain, and traditional clothing all match the visual context of Kiffa. This consistency lends additional credibility to the tweet’s claim that the photo was indeed taken in this Mauritanian city.

I’ll be the first to admit that I’m prone to falling down research rabbit holes. It’s easy to get lost in the fascinating details and stories that surround a place like Kiffa. However, as tempting as it may be to dive deep into the town’s history and culture, I have to remind myself that our primary goal is to efficiently geolocate the image at hand.

So with that in mind, and some context at hand, let’s return to our image and plan of analysis.

Gralhix Excercise 001 Image without Twitter Borders

Foreground and Background

Closest to the photographer, we observe one-story buildings on either side of a paved road. There are some utility poles on the left side of the road. The left-most utility pole and buildings close to it suggest a side road. Behind the buildings on the right, there is a cluster of what looks to be 2–3 trees.

Further away, we see that the road has an incline. There is vegetation in the distance and no structures.

Map Markings

Here, we recall that we’re looking for anything that might help place our picture on a map or with the bird’s eye view we get from satellite imagery:

• A paved road. If we go back to our gallery of Kiffa images, not all roads are paved. Paved roads stand out in satellite imagery.
• The cluster of trees. As anyone who has looked up their own home on Google Earth knows, trees can be seen by satellites. Our contextual research informed us that Kiffa is located in a desert, so trees are few and far between. In other words, any trees may be significant.
• The photographer is facing south. We know this because the caption gives us the time of day as morning when the sun rises in the East. Since the shadows are long, as they would be in the early morning, and stretching out rightward, we can conclude that East is to the left of the photographer, South is straight ahead, West is to the right, and North is behind the photographer. (A helpful primer on using the sun to determine direction can be found here)
• In the distance, there is vegetation but no buildings.

Putting the Pieces Together

I’m going to start with the paved road. Thanks to our context, we know that not all roads are paved in Kiffa, and by looks of our satellite imagery, few roads are paved.

First, I’m going to use Google Earth Pro, which will allow me to go back in time for imagery. This is important because the tweet was posted in February 2013. Much could have happened since then that would impact our geolocation efforts. In the desktop version, the ability to select time can be found towards the top left, which I’ve circled in yellow.

We can make out some paved roads in the image, but Google Earth Pro makes it even easier for us if we select the road layer in the left sidebar:

That narrows things down quite a bit, but we’re not done yet! Thanks to our morning shadows, we know that the photographer is facing south on a road that is traveling in a north-south direction, which excludes the paved roads that go from east to west.

We’ve narrowed it down to three candidates, which is great, but can we do even better? We can, thanks to the notes we made regarding the image’s background:

Notice the striking green in the distance and the absence of buildings

The photo has a fair amount of greenery and no buildings in the distance. This rules out the roads labeled one and three above, as there are no open stretches when facing south. That leaves us with location two. Let’s zoom in:

Let’s see how things line up so far:

✅ Paved Road

✅ Photographer facing south

✅ Greenery/no structures in the distance

And we have one other note from our analysis: a cluster of trees to the photographer’s right (west side of the Road).

With that, we have enough for our location. First, our original image with observations:

and our geolocation:

Latitude 16°36'33.99"N Longitude 11°23'52.14"

For further confirmation, we can see if we can confirm that the utility poles are where we would expect them. This is tricky, as utility poles are quite a bit smaller than trees and not always visible from satellite imagery. However, I believe we do have confirmation in more recent (2018) imagery:

A Harmless Speculation before the Next Challenge

There’s no way of knowing for sure, but I like to imagine (with the help of Google Earth Pro’s places layer) that our photographer enjoyed a restful night at the nearby hotel and a tasty breakfast at the cafe near the thumbtack that indicates where they took the photo. As they stood on that dusty street, capturing a moment in time, little did they know that over a decade later, their simple tweet would become a launchpad for learning and discovery.

In the grand scheme of things, this photograph might seem insignificant — just another snapshot shared on social media. But to aspiring OSINT practitioners, it represents a treasure trove of clues and a chance to hone their skills. By piecing together the context, analyzing the details, and leveraging the power of geospatial tools, we’ve been able to trace the photographer’s footsteps and pinpoint the exact location where they stood on that morning in February 2013.

It’s a testament to the enduring value of open-source intelligence and the endless possibilities that emerge when curiosity, persistence, and a keen eye for detail converge. Who knows what other secrets and stories lie hidden in the vast landscape of digital breadcrumbs left behind by unsuspecting travelers and casual social media users?

As we conclude this geolocation adventure, I can’t help but feel a sense of gratitude for the photographer who shared this moment with the world and for Gralhix, who recognized its potential as a learning tool. Their small actions have rippled across time and space, inspiring us to ask questions, seek answers, and push the boundaries of what’s possible with OSINT.