More than 350 ethical hackers got together in cities across Australia on Friday for a hackathon in which they worked to “cyber trace a missing face”, in the first-ever capture the flag event devoted to finding missing persons.
Organizers called the results “astounding,” ABC News reports.
During the six hours the competing teams hammered away at the task of searching for clues that could potentially solve 12 of the country’s most frustrating cold cases. 100 leads were generated every 10 minutes.
The National Missing Persons Hackathon was run by the AustCyber Canberra Innovation Node, which partnered with the Australian Federal Police, the National Missing Persons Coordination Centre and Trace Labs: a nonprofit with a mission of crowdsourcing open-source intelligence (OSINT) and training people on OSINT tradecraft.
OSINT is data collected from publicly available sources. That includes Google searches, for example. The missing persons hackathon is the sunny side of that coin. Last week, we saw a much darker side to OSINT when we heard about a Japanese pop star who was attacked by a stalker who zoomed in on the reflections in her eyes from selfies, then searched for matching images on Google Maps to find out where she lives.
ABC News mentioned another recent case of the use of OSINT: last month, Twitter user Nathan Ruser picked up on a video uploaded to YouTube that showed hundreds of detainees at a train station, handcuffed and blindfolded, and all with freshly shaven heads. They were allegedly members of the Uyghur Muslim community in western China.
Chinese officials had denied the mass detention. To verify the image, and to find out when and where it was taken, Ruser used elements in the imagery to geolocate the scene: buildings, a cell tower, a carpark, trees, and train tracks, for example, feeding the images into Google Earth. Other useful elements included a pole that acted like a sundial, casting a shadow that could be matched with other images that show the sun at a given azimuth, casting specific shadows, at a particular day, to get a rough idea of the day it was taken.
4 days ago a video showing 3-400 detainees handcuffed & blindfolded at a train station in Xinjiang was uploaded to… twitter.com/i/web/status/1…
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
Nathan Ruser (@Nrg8000) September 21, 2019
The participants in the Australian missing persons hackathon used similar search techniques to try to find previously uncovered hints at what could have happened to the missing persons focused on in the event. Those 12 cold cases were selected from what ABC News says is now more than 2,600 Australians listed as “long-term” disappearances.
At the start of the event, contestants were allowed to view the missing persons case details by logging into the capture-the-flag platform. The organizers haven’t released results of the mass gathering of OSINT. All leads generated on the missing person cases were handed over to the National Missing Persons Coordination Centre.
Technology Decisions quoted Minister for Industry, Science and Technology Karen Andrews, who said that an event like this shows the good that can come from hacking:
You can only imagine the great heartache when a loved one goes missing. Family and friends are often haunted by the experience for life. They never stop looking and trying to find answers.
This event is a great opportunity to use online investigative techniques and hacking skills in creative and socially useful ways.
Australian Federal Police Assistant Commissioner Debbie Platz said that crowdsourcing like this opens up a whole new way of policing that will hopefully lead to solving more of these heartbreaking cases:
Police often say that the community are our eyes and ears. We’re taking this concept to a new level. By involving the community, and in this case hackers, into the search for missing persons, we hope to solve more long-term missing person cases in a way that police could not do alone.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe