App-solute Insight: Harnessing Everyday Apps for Open Source Intelligence

Written By Chris Brenner

We investigators and security professionals are often tasked with finding the who, what, when, where and why when it comes to persons of interest. Whether it’s a subject under surveillance, subject of an asset search or non-compete investigation, potential threat actor, or someone we have one chance at interviewing, the where is often one of the hardest to ascertain. Based on my experience earlier in my career while having worked for several years in the surveillance field before transitioning to other roles, preliminary workups on subjects often involved a “best guess” as to where they may be living, working, or spending time. Investigative databases can provide generally accurate residential addresses and sometimes report employers, but what happens in those cases when there is no good database lead to follow? Maybe the neighborhood is not conducive to conducting surveillance due to parking restrictions, nosy neighbors, or other circumstances. With a bit of open-source research and some luck, often you can establish a few good data points that may yield information about a subject’s daily habits or background if the usual sources like commercial databases, court records, tax bills, vehicle registration, and other avenues come up short. 

Mapping Reviews

While the days of Twitter, Instagram, Facebook, and Foursquare check-ins and geolocation tags seem to be largely over for many users thanks to private profiles and changes in user behavior, there are other apps that can provide insight into similar activities that are a bit lesser known but potentially just as valuable.

Used by millions daily, Google Maps is a potential treasure trove of information related to places people have visited. The trick is knowing how to access it. If a subject of interest has a Google account - which is a predicate to having a Gmail account - there may be useful information waiting to be uncovered. Using the free version of the Epieos search tool (https://epieos.com/) you can search a user’s email address and discover whether that email is connected to a Google Maps contributor account. Like many apps, users of Google Maps can leave reviews of places they have visited. These are not immediately available unless you stumble across the user in a review, but through Epieos you can visit the user’s collection of reviewed locations. This might not only give you clues about places frequented but also dates that might be relevant to your investigation. 

Similarly, the review site Yelp has a built-in search. As reviewer profiles only display first name and a last initial, it’s often difficult to track down users on the site. However, if you are signed into the platform, you can use the “Find Friends” function to search for users by email address. From there, you can view the user’s profile and see reviews that they have left for businesses and any media that they have uploaded publicly. 

Keeping Fit

Ever wanted to know where secret military bases are around the globe? Just take a look at the fitness tracking app Strava’s global heatmap and look for signs of people running laps in the middle of otherwise unoccupied areas. As reported by numerous news outlets in 2018, the app had unknowingly mapped and reported exercise routes of soldiers stationed in both public and secret military installations around the world as they recorded their daily jogs or other exercise activities. While that type of information may not be of particular interest in the vast majority of investigations, and has been mitigated with GPS and smartwatch policies for soldiers, there is still information to be potentially gathered. 

If your subject of interest is an avid cyclist, runner, hiker, or other exercise aficionado, it’s possible they may be on the platform. If their profile (searchable by name only) is public, you may be able to glean such information about how frequently they bike, run, or go to the gym; specific routes they take (frequently starting and ending in their own driveway); or specific areas they often recreate in. Additionally, there may be information recorded in activities that include the type of device that was used to record the activity and the bike they ride. Working on an asset search? A user on Strava recording a bike ride on a Specialized S-Works Roubaix SL8 indicates that they are likely a serious rider, with serious cash to buy a $14,000 bicycle - potentially useful information for an asset search. 

Money Talks

Speaking of finances, the proliferation of app-based banking apps has resulted in several commonly used platforms to transfer funds to and from friends, family, consumers, and businesses. CashApp allows the searching of profiles by email address or phone number which will result in a username that is often a good pivot point to locate accounts on other platforms. The same holds true for Venmo, with the added bonus of potentially public transaction details. While you can’t see the dollar amounts of transactions, you can often glean useful insights from the frequency of transactions, other party names, and often amusing and frequently emoji-based transaction memos. Perhaps a subject is transferring money to another individual every month with a house emoji in the memo field - it’s possible that they are living together and the other individual’s name can help identify a new address of interest. Maybe there are references to poker games or other gambling that are relevant to an investigation. A large number of transactions for a subject may signify that they are operating a business of some sort. 

Putting it all together

Why is any of this important? Beyond the obvious use case of finding specific locations that a subject may frequent to either conduct surveillance or pinpoint a residence, there is other value in some of this information. For example, in a threat investigation, if you are able to determine that a potential threat actor left reviews at gun shops or shooting ranges on Google Maps or Yelp, that would elevate the level of risk significantly. Conversely, if you are able to establish that an unknown threat actor went for a run that very day at a location far from your client, that may provide a bit of comfort. If you are on an executive protection or corporate security team, it’s valuable to know what potentially sensitive information the person you’re protecting may be inadvertently broadcasting to the public and bad actors. 

Other scenarios that these types of platforms have been valuable in include:

  • A subject reviewing a medical provider and discussing treatment that they received

  • A review of a coffee shop that the subject stated they stop into “nearly every morning on their way to work” 

  • A negative review of a car dealership in which the subject detailed the year, make and model of the vehicle they purchased recently

  • A review of a law firm in which a subject discussed having received counsel related to a criminal case 

  • A subject posted dozens of cycling and running activities leading up to a triathlon they were training for, while receiving worker’s compensation

  • Venmo transactions and multiple CashApp accounts tied to a subject corroborated allegations of illegal gambling

As with many areas of this industry, often you don’t know what you don’t know, but perhaps with these tips on some often-overlooked platforms and search techniques, you can fill in one, if not more, of the five Ws.

This article was published in the July/August 2024 issue of PI Magazine.

Chris Brenner
Previous

Take a Dip in the Internet’s Hot Tub Time Machine
Next

It’s World Social Media Day! How are you celebrating?