Gralhix OSINT Exercise #021

Maps, Mistakes, and a Bar of Chocolate

Introduction

In the world of Open Source Intelligence (OSINT), exercises and challenges play a crucial role in honing our skills and pushing the boundaries of our investigative abilities. Gralhix’s OSINT exercises, in particular, offer a diverse range of scenarios that test and expand our capabilities. This blog post delves into my experience with Exercise 021, a seemingly straightforward task that turned into a valuable lesson in avoiding assumptions and maintaining humility in OSINT investigations.

Exercise Challenge

Gralhix’s Exercise 021 presented what should have been a simple task:

Task briefing: “Maps can appear in the most unusual places. The figure below contains a chocolate bar featuring a map. Next to it you will find the satellite view of the same location. Your task is to find the coordinates of the location seen in both images.”

Maybe not a piece of cake, but I’ll take a piece of chocolate any day!

Exercise level: For beginners: Easy For experts: Easy

Looking at the exercise level, I anticipated a quick and clean investigation. I even harbored ambitions of completing multiple exercises in one day. Little did I know that there is truth to the poet’s line “The best-laid plans of mice and men often go awry.” Exercise 021 ended up chasing a red herring down a rabbit hole, humbling me and offering some helpful lessons.

Solution Summary

A reverse image search focused on the branding on the chocolate bar revealed a Spanish manufacturer, Puchero. A basic Google search revealed their address, which matched the exercise images on Google Earth Pro (link to location). The correct location is at Latitude 41.3531, Longitude -4.6899 in Spain near the city of Valladolid.

Note: in this image, north is oriented towards the bottom of the map to match the orientation in the exercise images, rather than the typical north-up orientation.

But the solution isn’t the story for this exercise. Pull up a chair, and permit me to share. Feel free to laugh and, more importantly, learn at my expense.

Detailed Walk Through

Initial Thoughts

I immediately — and correctly — zeroed in on the delicious-looking chocolate bar. I’ve never come across a map on a piece of chocolate. And over the years, I’ve consumed a pretty good sample set. Why put a map on a chocolate bar?

My brainstorming on that question came up with a few possibilities:

1. Some sort of commemorative marketing campaign. Maybe a special event or anniversary commemorated with the map.
2. An attempt to appeal to the farm-to-table trend where value is placed on knowing where ingredients are sourced. Perhaps the map was of the area where the cacao was farmed?

And… that’s where I stopped. Do you see any errors? I encourage you to take a moment before reading further and see if you can spot any issues with my reasoning.

The Wrong Approach

Armed with what I thought were well-thought-out working theories, I went to work on the logo/branding in the top right of the chocolate bar. A reverse image search didn’t give me any matches (save one other Sofia Santos Exercise 021 solution which I avoided clicking on). No worries, there was some lettering I could zoom in on:

“Do it right”… 🤔

A slogan of “do it right” has a socially conscious tone to it, and I reasoned that if the manufacturer was going to make that part of their brand, they would likely go to some lengths sharing how their chocolate making was, in fact, concerned about justice and equity.

Testing that theory, I did a basic Google search for chocolate "do it right" (The quotation marks tell Google that the words within must be in that exact order) and... bingo! Hypothesis confirmed, I got a hit on a chocolate maker by the name of Puchero. Ready to close this case, I pulled up an image of one of their chocolate bars, and winner-winner chicken dinner: an exact match for our exercise.

And there you have it. Thanks to my amazing OSINT skills, this exercise was a walk in the park. Now it was just a matter of finding wherever Cuzco Qori Warmi was in Peru via Google Earth Pro, a quick write-up for such a trivial challenge, and rewarding myself with an adult beverage by the pool for a job well done.

Or so I hoped. It turned out I had made a huge mistake.

I’d like to say that I realized it right away, had a laugh, and then quickly corrected. But that’s not what happened.

Realization and Course Correction

In total, I spent a good 3–4 hours barking up the wrong tree, and I was ready to give up before thinking, “Did I get something wrong?”

See, I was never going to locate that map in Peru. And it’s not for a lack of trying. I learned a lot about the fascinating story of Qori Warmi, which I’ll share some of in the additional info section. Suffice it to say for now, they are a women’s collective in the business of cultivating cacao and they do supply Puchero.

But nothing was lining up between that map, whether in the clearly visible road network on the chocolate bar or the additional terrain context provided by the satellite imagery. Part of me was even confused that what I was seeing in possible locations in Peru looked nothing at all like the image Gralhix provided. I tried OverPass Turbo, Google deep dives, YouTube searches, and even began devising a way I could use QGIS to search for the road network geometries on the chocolate bar with half of the country of Peru.

Great looking Overpass Turbo Query I got there, but as we say in Spanish, no sirve para nada (in this case)

Thankfully, during my coffee break, defeated and exasperated, I said to myself, “There’s no way all this is needed for an easy level of difficulty exercise.”

So I revisited my main assumptions. Two in particular:

• Depicting a map on a chocolate bar must be a farm-to-table way of highlighting the supplier.
• Puchero must have a different map for each bar made from different suppliers.

Both of these assumptions were wrong. They were possible and worth jotting down as candidates, but there was another, far simpler explanation that I skipped over:

• The map could indicate where the chocolate bars were manufactured.

That is to say, the map could be of Puchero’s location.

And to my chagrin, that was indeed the case. Clicking on a few other Puchero chocolate images (link) revealed that many of their chocolates have a map etched on the bar. Most of them, in fact.

I could go on, but at some point, I’m just beating myself up

Sheepishly, I googled Puchero’s address, and then plugged the address into Google Earth Pro, knowing what I was going to find: The same area depicted within the exercise images, without a shadow of a doubt.

Annotations highlight shared map features for Left: map of chocolate bar from exercise image, Center: Satellite imagery from exercise image, Right: Solution Image from May 2024 via Goole Earth Pro

Three to Four hours in total. Almost giving up. If that’s not a heap of a humbling experience, I don’t know what is. Although it wasn’t all bad; even defeated as I was, I knew this would make a good story one day.

Lessons Learned

So what did I learn? Well, I imagine more will come to me as I reflect on this experience, but I already have a laundry list to start with:

• Check assumptions before committing too deeply to an approach.
• Remember the philosophical principle of Occam’s Razor.

Ockham’s Razor states that the simplest explanation is usually the correct one. In OSINT investigations, this principle reminds us to consider straightforward explanations before diving into complex theories. In this case, the simpler explanation — that the map represented the chocolate manufacturer’s location — was correct, rather than my more elaborate theories about supplier locations or marketing campaigns. Officer's Notes writing publishing with OSINT TEAM has a great write up on this principleas it pertains to OSINT:

OSINT Lesson №2: Occam’s Razor & Intuition

Beware of confirmation bias. In this case, I jumped on one piece of questionable evidence to guide my investigation because it supported my first theory. This is a significant danger in the analyst community with real-world consequences.

• Maintain an investigation log: Keep a detailed record of search queries, methods attempted, and reasoning behind each step. This practice helps avoid repetition, aids in identifying where an investigation might have gone off track, and proves invaluable for report writing and methodology refinement.
• Stay humble. Having complete 20 of Gralhix’s exercises, I thought that an “easy” exercise was beneath my abilities and “guaranteed” a quick solve. That encourages shortcuts and sloppiness that allow for critical mistakes and missed opportunities.

Additional Considerations

While my investigation led me down an unintended path, it did reveal some interesting information about ethical coffee and chocolate production. Puchero does value social justice in its business practices, and I encourage you to explore how they attempt to uphold those values.

Since I spent so much time looking for Qori Warmi, I’d like to say something brief about them. They’re a collective of women farmers in the Valle de los Ríos Apurímac, Ene y Mantaro of Peru who strive to create opportunity and alternatives through the cultivation of cacao (the plant used to make chocolate) by offering stability from price fluctuations. The terrain is also ideal for the far more profitable farming of the coca plant, which is used to produce cocaine. The region has suffered greatly from violence related to this aspect of the international narcotics trade. Many of the men have been killed, wounded, or incarcerated, and initiatives like Qori Warmi strive to create a sustainable women-led community for the region’s recovery by focusing on ethical cacao production instead of coca.

Conclusion

This exercise, while seemingly simple, proved to be a valuable lesson in the importance of questioning assumptions and maintaining humility in OSINT investigations. The ease with which I fell into confirmation bias and overlooked simpler explanations serves as a stark reminder of the pitfalls that can plague even experienced investigators.

The value of OSINT exercises like this one cannot be overstated. They provide a safe environment to make mistakes and learn from them without real-world consequences. In professional settings or when investigating issues of social justice, such errors could lead to misidentification of involved parties, complications in decision-making processes, or misinformation of the public.

Moreover, this experience highlights the unexpected benefits that can arise from our mistakes. Although my investigation initially led me astray, it allowed me to discover the inspiring work of Qori Warmi, demonstrating how OSINT skills can be applied to uncover and support important social initiatives.

As we continue to develop our OSINT skills, let us remember that every investigation, successful or not, is an opportunity for growth. By maintaining a mindset of constant learning, questioning our assumptions, and staying open to simpler explanations, we can enhance the accuracy and effectiveness of our investigations.

Acknowledgments

Thanks to Gralhix for the variety of exercises. The number and types of challenges mean that it’s very likely that anyone who attempts them will fail at something, and that’s not a bad thing. It’s through these failures that we truly learn and grow as OSINT practitioners. Gralhix, herself, has a great article and video on the value, importance, and even necessity of failure for the successful OSINT practitioner:

Embracing failure: The Importance of making mistakes in OSINT

I invite readers to share their own experiences with OSINT challenges and the lessons they’ve learned. Together, we can build a community of skilled, ethical, and humble investigators ready to tackle the complex issues of our world.