Advice #1: Profile Image Search
The presence of profile pictures is a common occurrence on social media accounts. Even if the page is private, there’s usually a main photo available for download and analysis.
In such cases, security researchers and law enforcement often use publicly available tools for facial recognition, such as a simple image search on Google. Often, this is sufficient to find other profiles (often public) of the person of interest and gather additional information about them.
Example of Use
Imagine we only have a Skype account with the name “Vasily Drozdov” and its avatar as leads in a case. To progress the investigation, finding at least one more profile on any social network belonging to this person is crucial.
In popular international social networks like LinkedIn, there’s a user search function based on face and name. Both elements are necessary for it to work correctly, although knowing the full name isn’t mandatory—just the name or surname in addition to the photo.
Similar functions might be available on some popular platforms in the CIS (Commonwealth of Independent States) territory or through free third-party tools like the aforementioned Google image search or similar solutions from other companies.
Finding just one profile can yield a wealth of useful information about the subject. For instance, their country and city of residence, recent locations, and links to other social networks with potentially new unique information.
Advice #2: Alias Search
Many individuals prefer using aliases (nicknames) online. The good news is, a person rarely uses different aliases for various social networks and platforms.
With a specific nickname from one platform, it’s possible to find their profiles on Google, Skype, Steam, Instagram*, TikTok, Snapchat, Telegram, Twitter (X)**, etc. These profiles might contain unique information aiding in their identification.
Example of Use
Suppose there’s a private profile with the alias “jellybutton1337,” even without a profile picture, but it’s crucial to gather more information about this person. By using searches on other platforms, we can check if there’s a profile with the same alias elsewhere.
Once one or multiple matches are found, we can cross-verify if the discovered accounts align with the basic information about the wrongdoer, if available. Then, we can continue the search considering the freshly obtained data.
Advice #3: Search by Real Name from an Alias
Sometimes, experts discover closed profiles where the displayed nickname consists of presumed combinations of a person’s name and surname. Even with such limited data, investigators can dig deeper and find more information.
Example of Use
The nickname “vasyadrozdOFF228” obviously decodes to “Vasiliy Drozdov.” When coupled with any other information about the offender, the name and surname can quickly lead investigators to their other social media profiles, advancing the investigation.
Advice #4: Search by Biographical Information
A brief description or biography on a profile is a textual area in social networks and messengers where individuals can write about themselves or link to other platforms they use. Such data is often publicly accessible even if the account is private, expanding the scope of information available.
Example of Use
When needing detailed information about a specific subject with only their closed social media account, finding a link to their Instagram, for instance, in the profile description opens up numerous possibilities for the investigator.
By visiting this link, especially if the found account happens to be open, one might discover additional platform links in the same profile description. Analyzing information from posted photos might also lead to identifying acquaintances of the offender, their current residence, or recent locations visited. Visits to these locations by law enforcement often yield specific results in investigations.
OSINT Advice #5: Search by Recovery Information
Last but not least: if all other attempts to find information fail, there’s another option—recovery information from an account.
For instance, knowing the username of a wrongdoer on a particular platform, attempting to enter their account and resetting the password might yield some information about the victim, generously disclosed by the platform itself.
Example of Use
Let’s say we have a wrongdoer’s account on Skype with no personal information except the username “zhukovskiy_maas_1111.” As a first step, we try to access this profile using the available username and request a password reset. The result is two censored elements: an email address and a phone number.
Next, comparing the censored email version, e.g., “zh***[email protected],” with the username “zhukovskiy_maas_1983” on the platform, might help decrypt the real email address of the offender, allowing the investigation to continue using other methods, including those described earlier.
Conclusion
That concludes the advice for conducting OSINT investigations on the internet. As you may have gathered, open sources of information, when approached knowledgeably, can provide a wealth of valuable information about even highly secretive individuals using closed profiles.
However, it’s essential to remember that the methods described in the article might not always be considered ethical or legal for obtaining personal information. Targeted OSINT on a specific person without substantial grounds can intrude on privacy and may have legal consequences.
These methods should be considered tools primarily for professionals in cybersecurity, law enforcement, and related fields, possessing appropriate authorization for such searches.
Regular internet users are strongly advised against using such methods for personal curiosity or other unlawful purposes.