“It’s all about people,” a pastor once repeated over and over in a multipart series on the Sermon on the Mount. In cybersecurity, we sometimes lose sight of this amid all the cool gadgets and gizmos. Although the other things we do are important, we must always remember why we do them. For me, the reason is to protect vulnerable people as a practical demonstration of personal faith.
Unfortunately, the love of money often comes before people, and profits rule the world. That’s why it’s encouraging when organizations like Trace Labs subscribe to the idea of OSINT for good (#osintforgood). If you’re unfamiliar with OSINT, there are many resources available to explain open-source intelligence, like The Ultimate Guide to OSINT.
Trace Labs crowdsources OSINT investigations to help locate missing persons. The best part is that you can participate from anywhere in the world! Trace Labs provides helpful resources on their YouTube Trace Labs Search Party CTF playlist. [What? Reluctant to click the link after the last one. Good! Your learning.] Despite the available resources, there are a few things to keep in mind.
First, come up with a plan. Even though I watched all the videos and thought I knew what to do, our team went into every creature for itself mode when the four profiles were released, and some of the tips I thought I knew were forgotten. Organizing with tools like Maltego could have helped identify connections between relevant information and playbooks should be used to quickly acquire the obvious submissions for later pivoting.
The winning teams attributed their success to teamwork. I’m proud of our team’s performance, considering it was our first time competing, and we didn’t know each other beforehand. However, knowing the team’s strengths and weaknesses could have improved our overall performance in the long run. For example, one member be able to find relevant submissions, but struggled to present them in the proper format to the judges for points while another cannot find relevant evidence but has no problem writing up the results for submission. This is particularly true since the CTF is in English but the participants may be all over the globe depending on who your team members are.
From a competition standpoint, don’t get stuck on one missing person profile. If you’re struggling to find submissions for a particular individual, move on to someone else and make a note of it. Some people leave a larger footprint on the internet, so don’t miss out on easy points. There’s nothing to stop anyone from going back to look for more evidence on a missing person, regardless of whether the competition has ended.
My last bit of advice is to be prepared to feel the weight of the event. Coping with stress differs from person to person. In a gamified form like a CTF, some may use humor to make light of the situation, but when reality sets in, remember that these are real people. Know what you can and can’t control. You can’t save everyone, but hopefully, you can rest easier knowing you used your cyber reconnaissance skills to help bring someone home. After all, “it’s all about people.”