Cyber Security training from QA

Crowdsourcing Open Source Intelligence

QA Cyber Security Trainer, Mark Martin, looks at the use of crowdsourcing as a method to aid in criminal investigations by police forces around the world.
#newrules #futureproof #SkillsfortheDigitalAge


Mark Martin | 22 February 2018

The term crowdsourcing has been with us for a few years and put simply it means engaging with the public to get whatever it is you need. It was born out of the digital age and some police forces around the world have been quick to embrace it as a method to aid in their criminal investigations.

The term may be new, but the concept is far from unknown to UK police forces, all of which are highly-skilled at engaging the media to reach out to the public for information and evidence. In fact, go back to 1962 when Shaw Taylor hosted the weekly five-minute show - Police 5, or 1984 when the first ever episode of CrimeWatch UK was aired on the BBC. Televised appeals would attempt to jog the memory of a passer-by who may have noticed something relevant to the investigation, but thanks to the advent of social media and internet enabled technology. Twitter, Facebook and other social media platforms are often used to call on public assistance, and there are even Apps for smartphone users to report crimes or respond to any calls for witnesses, information etc.

 

Fighting Car Theft in Seattle

In the US, the Seattle Police Department already have their own Twitter account with over 7,000 followers keeping track of the goings on in their city as well as tweeting vital information to help police in their investigations. They have now established a new initiative to tackle car crime, called 'Get Your Car Back'. All reports of stolen cars are posted to this account, including full details of the vehicle's registration, colour, make and model. Followers who receive the tweet alerts call 911 when they recognise a stolen vehicle.

 

Neighbourhood Watch – Online

Many platforms use crowdsourcing to receive information from the public to help police map criminal activity in the area. The most useful tool is the smartphone with its ability to upload photographs, video and audio recordings, with GPS locators providing accurate location details. Sites such as Postacrime.com, Spotcrime.com, and CrimeReports all rely on tips from the public for information on all types of crimes committed, although Postacrime only focuses on instances of property loss and damage.

The information provided not only helps the police catch criminals but also allows for the sharing and analysing of data on crimes committed. All this is carried and shared in conjunction with thousands of law enforcement agencies. They also help form an online version of neighbourhood watch schemes.

 

Ushahidi Fights Crime in Kenya

Built on the crowdsource reporting platform called Ushahidi (https://www.ushahidi.com/), enabled citizens of Nairobi to submit and share reports on locations of criminal activity and corruption. Visitors to the site can openly, or anonymously share their own experiences as victims of crime, in addition to the reporting of incidents and receive alerts to crimes committed in their area. All information is shared via text messaging, as well as web postings and messages via social media such as Twitter.

 

Finding a Killer with Facebook

Police in Bristol, England used Facebook and Twitter and the internet to track down the killer of 25 year old architect Joanna Yeates who went missing on Friday 17th December 2010. Joanna's body was found on Christmas Day. The Avon and Somerset Constabulary's website and Facebook page contained a map of Joanna's movements prior to her disappearance, a video plea from her family as well as contact information and links to related news items. This led to the arrest of the killer.

 

Reddit Bureau of Investigation (reddit.com/r/rbi)

Reddit the social media platform has number of Investigation Sub-Reddits. This active community helps other Reddit users solve crimes and other problems. These internet experts will help find missing parents; computer specialists will aid in tracking stolen devices and private investigators will assist with investigation techniques. Most notable successes involved a fatal hit and run accident in 2013. The offender fled the scene. Three small pieces of the vehicle were left at the scene. After posting information on RBI within minutes several body shop mechanics had tracked down the parts to specific year and model of a 10-year-old vehicle. This information led to the arrest of the suspect.

Another victim of an unrelated hit and run accident, posted a blurry photo of the suspect vehicle and asked for assistance. Within hours, a Reddit user had identified the vehicle registration number through digital correction techniques.

 

Pic Requests (reddit.com/r/picrequests) & What Is This Thing (reddit.com/r/whatisthisthing)

These are used to identify tattoo meanings, graffiti, vehicle parts etc.

In 2012, death investigation into unknown person. A sanitised picture of tattoo on the victim on her back appeared to be Chinese symbols. Within 5 minutes, a Reddit user identified the symbols, their meaning and references to location in China. A reverse image search of information provided led to identify a human trafficking ring with which the victim was associated. This all occurred over one-hour period.

 

Findbostonbombers subreddit

In April 2013, the month of the Boston bombing, the Boston phone hotline received 333 text messages. And those 333 texted tips paled in comparison to the activity happening on Reddit. In the days after the Boston Bombing over 870 subscribers and 1,600 visitors contributed to, voted on, and analysed information published on the Findbostonbombers subreddit. They created mass photo dumps, analysed photos and videos, conducted amateur forensics, and identified suspects. The subsequent investigation process involved 500 officers trawling through more than 200,000 hours of CCTV footage. The Reddit content was also laced with racial and religious bias, incorrect information paraded as facts, and, tragically, horrendous witch-hunts of innocent bystanders. The real culprits were never successfully identified by the subreddit.

 

Other examples

In March 2013, crowdsourced commenters on Gawker, online blog, successfully identified and helped to capture a brutal mugger in New York City. "Don't wear a sweatshirt emblazoned with your fraternity's name, and your pledge name, when you mug someone. And if you do, hope that video of the crime never gets posted online." (http://gawker.com/5993500/internet-catches-idiot-subway-mugger-who-wore-his-frat-sweats-to-the-crime)

In October 2017, CBS American drama series 'Wisdom of The Crowd' based on original Israeli TV series, Silicon Valley tech innovator Jeffrey Tanner (Jeremy Piven) takes crowdsourcing to a new level, creating a digital platform for people around the world to publicly share and evaluate evidence for criminal investigations. He uses the software as the foundation to launch a new company with a staff of passionate specialists to search for his daughter's killer.

Crowdsourcing Open Source Intelligence managing crowdsourced information can be challenging but trawling through the mass of data to find what's relevant to the case, and putting it in proper context, can be equally difficult, it is important we avoid vigilantism and objectively review the information which can lead to successful prosecution.

 

Cyber Security training from QA

QA have uniquely positioned themselves to help solve the Cyber skills gap from our CyberFirst and Cyber Apprenticeship programmes and Cyber Academies to Cyber Challenges, Training and Certifications and Consultancy for Cyber Security.

They offer end-to-end Cyber training and certifications from Cyber Awareness to deep dive Cyber Programmes and solutions; from Cyber Investigations, Cyber Crisis Management, Proactive Security to Offensive Defence. QA only employ world leading Cyber trainers who have the expertise to deliver bespoke Cyber solutions, GCHQ accredited courses and proudly the CyberFirst programme. This is all to support in tackling the UK's National Cyber Security skills shortage.

QA also have state-of-the-art CyberLabs, where companies can simulate real-life Cyber-attacks on their infrastructure, helping them to prevent & combat breaches without risking their own network.

Take a look at QA's CyberLabs

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Mark Martin

Mark Martin

Cyber Security Technical Consultant

Mark was a Senior Investigating Officer working in Law Enforcement with over 31 years’ experience of working in the various government agencies including the National Crime Agency. He has handled numerous cases involving drug trafficking, money laundering, endangered species, fraud, tackling child abuse online, extortion, hacking, and various other computer crimes. Mark is an advanced mobile and digital Forensics practitioner. Mark has utilised his open source intelligence skills to locate and identify individuals and criminal organisations online. Mark was one of the founding members of the elite team called the National Hi-Tech Crime Unit, set up in 2001 to tackle with online threats. He also worked in partnership with Europol and Interpol and was instrumental in dismantling a highly sophisticated international online paedophile organisation. He has also delivered training in Europol on child abuse online Open Source intelligence. Mark is also GCT certified to deliver GCHQ certified courses.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.