Open in app

Sign in

Write

Sign in

Gralhix OSINT Exercise #014

Shaken, Not Stirred

Tomi McCluskey
Points Unknown
6 min readJul 4, 2024

--

Have you ever wondered how OSINT investigators can pinpoint the location of an event from just a video? In this post, we’ll explore a captivating challenge that demonstrates the power of open-source intelligence in action.

The Challenge: Decoding an Earthquake

Gralhix, our OSINT mentor, presented us with an interesting task. We were given a video of an earthquake and asked to uncover two key pieces of information:

1. What was the magnitude of this earthquake?
2. What are the coordinates of the camera that captured this event?

For those new to OSINT, Gralhix rated this as a medium to hard challenge. But don’t worry, we’ll break it down step by step.

Solution Overview

Here’s a quick summary of how I approached this challenge:

1. Began with a Google search for earthquakes on the date shown in the video.
2. Used Google Lens to analyze a screenshot from the video.
3. Narrowed down the search area using an Overpass Turbo query.
4. Confirmed the location using Google Street View.

After this investigation, I can confidently state:
- The earthquake had a magnitude of approximately 5.6 to 5.7.
- The camera was likely located at coordinates 47.017488° 28.852717°

Now, let’s dive into the details of how we arrived at these conclusions.

The Investigation: Step by Step

Step 1: Initial Research

The moment I saw the apartment building in the video, it reminded me of Eastern European architecture. This came from many an hour playing video games made by Polish, Russian, and Ukrainian studios that share a painful commitment to grim realism — an unexpected but useful connection.

With that hunch in mind, a Google and Wikipedia search for “September 24 2016 earthquake” drew my attention towards Romania. This was a good start, but we needed more specific information.

Step 2: Reverse Image Search

Next, I took a screenshot from the video and analyzed it with Google Lens. Among the results, one name stood out: Chișinău.

Initially, I thought this sounded Romanian, but it’s the capital of Moldova, Romania’s eastern neighbor.

Image from the US Geological Survey’s website (link)

This was an interesting development. While not exactly where I initially thought, it was still a valuable lead. After all, earthquakes can be felt across national borders.

Step 3: Geospatial Query

Chișinău is a sizable city, so manually searching it would be a chore. This is where more advanced OSINT techniques come into play.

I identified three key elements in the video that made it ideal for an Overpass Turbo query:

#1 is a six Lane highway #2, #3, and #4 are tall buildings

1. Three tall buildings (including our camera’s location)
2. A six-lane highway
3. The buildings were relatively close to each other

Here’s the Overpass Turbo query I used:

[out:json][timeout:25];

// gather roads with six lanes and store in a variable: six_lane_roads
nwr["lanes"="6"]({{bbox}}) -> .six_lane_roads;

// gather buildings taller than 25 meters within 
// 50 meters of six-lane roads and store in variable: tall_buildings
nwr(around.six_lane_roads:50)(if:t["height"] > 25)["building"] -> .tall_buildings;

// Output buildings on screen and for export to KML format
.tall_buildings;
out geom;

This query is like saying, “Hey, Overpass Turbo, show me all the tall buildings near six-lane roads in Chișinău.” And look what that delivered:

Since I was looking for a cluster with at least three buildings, the center location warranted a closer look. Overpass Turbo does something cool when we zoom in:

Blue building highlights from Overpass Turbo. Hot Pink Circle annotation was added to draw attention to the unusual building shape. That unusual shape is The Atrium shopping center (link).

That odd-shaped building that’s circled is the Atrium:

Well, that looks familiar!

Step 4: Tightening the Net

To refine our search area, I exported the Overpass Turbo results to a KML file and imported them into Google Earth Pro. Using the measure tool, I drew a circle with a 500-meter radius centered on the Atrium shopping center. This distance was estimated based on the Atrium’s appearance as the tall building in the distance of the video. The logic was that the camera location must be within this circle, given the relative size and position of the Atrium in the footage. This method significantly narrowed down the potential locations where the camera could have been positioned.

The yellow circle shows the area about 500 meters from the Atrium

Step 5: Confirmation

So our camera would have been set up on one of the tall buildings within the yellow circle. Time to wrap this up with Google Street View.

The view from the parking lot in front of the building where our camera was located. The Atrium is in the distance and the nearby building matches our exercise video.

There’s even a view from room 508, inside the building, which is pretty darn close to where the exercise camera would be.

V Continental Business Center, Room 508. The camera would be a bit higher and to the left

And that’s a lock: the camera was in the V Continental Business Center, not the exact spot pictured but probably another level or two up and closer to the main road to get a better view of the Atrium.

Having verified the camera’s geolocation, I wanted a better source for the magnitude of the quake, so I went to the Euro-Mediterranean Seismological Centre’s web page which had detailed information from multiple sensors about the event.

With seismological data from an official source, I went with a 5.6 to 5.7 magnitude earthquake in Romania that was felt in Chișinău, Moldova.

Gralhix Exercise 014 Solution

Lessons Learned: Sharpening Our OSINT Skills

  • Overpass Turbo is a powerhouse. I learned to write cleaner, more efficient queries that can save tons of time in future investigations.
  • Exporting data to KML and using it in Google Earth Pro opened up a whole new world of possibilities. The stories we can tell with this kind of data visualization excite the imagination.
  • Sometimes, the most unexpected skills come in handy. Who knew all those hours of gaming would pay off in OSINT work?

Conclusion

As I reach the halfway point of Gralhix’s OSINT challenges, I continue to be impressed by the diverse skills these exercises help develop. This earthquake adventure highlighted the power of combining different tools and techniques — from simple Google searches to specialized tools like Overpass Turbo and Google Earth Pro.

The moment when I realized there was a simpler path forward with Overpass Turbo queries gave me what the Germans call an “Aha-Erlebnis” — that moment when the way forward becomes clear which makes all the hard work worthwhile.

I’m excited to keep exploring the possibilities of data representation through mapping. The stories we can tell with this power are limitless.

Finally, a huge thank you to Gralhix for creating these challenges, and to the broader OSM community for their welcoming attitude and willingness to share knowledge. It’s thanks to their vision and hard work that newcomers like me can discover and pursue this fascinating field.

What about you? Have you tackled this exercise? I’d love to hear about your approach and any insights you gained along the way. And if you’re new to OSINT, I hope this walkthrough has given you some ideas for your own investigations. Remember, the key is to stay curious, be methodical, and never stop learning!

Until next time, keep shaking things up in the world of OSINT!

Geolocation
Osint
Openstreetmap
Overpass Turbo
Open Source Intelligence

--

--

Tomi McCluskey
Points Unknown

Written by Tomi McCluskey

14 Followers

USMC Veteran, Tech Enthusiast, Life long Learner and Teacher, current curiosities: AI and the Future of Society, OSINT Research, Python, and Bird Watching.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams