TraceLabs – OSINT to find missing people

Capteurs Ouverts is launching a new serie of articles in between open-source research pieces called The Interview.

Because we strongly believe the OSINT community is in fast expansion and made of very different people, different approaches, we are giving the floor to those who fell into the rabbit hole to understand what they are doing and how.



Could you please introduce yourself for Capteurs Ouverts audience? Can you tell us more about your background? Are you coming from an information security background?

 My day job is IT management with a large focus on information security. I am well integrated with the info sec community. I also volunteer for our local search and rescue organization which is where I originally came up with the idea. I have been doing search and rescue for about ten years.

You created Trace Labs some time ago which aims at finding missing people using OSINT resources. How was that project born, can you tell us more about its inception?

During some of our search and rescue tasks I often wondered why we didn’t do more open source intelligence for the subjects we were looking for. It didn’t make sense to me the little we did in this regard. I was also confused why we only looked for a very small percentage of missing persons. There seemed to be a huge gap here and trace labs was created to help remove that gap. Much like I volunteer for Search and Rescue, Trace Labs is a non-profit that is designed to extend to those search capabilities into the digital with the scale of crowdsourcing.

What are the main objectives of TraceLabs for this first year?

I have had to keep changing the goals I want the organization to meet every few weeks due to the dramatic growth and demand. At first I thought it would be great to have at least one event and then it happened. Then I thought it would be good if we could be seen as a positive value to society. We achieved this by finding two people on the first event. Then I thought it might be great if we could actually get a relationship with law enforcement and days later we had a series of conference calls with law enforcement to further develop a partnership.

Now we have events happening around the world. 3 last month with more signing up all the time.  A major TV station even wants to make a reality TV show about us. I guess the new goal for this year is to expand the core Trace Labs team.

Your main launch was at DefCon this summer through a real CTF event – how was it received and what were the results?

As has been the case with all our events, it’s overwhelming but also super positive. Defcon Vegas has resulted in hundreds of data points collected for police. While we didn’t locate any of the subjects on that event, we did manage to collect a lot of intel and submit it to those law enforcement agencies. The feedback from the hacker and information security community was super positive.

How do you get to know someone is missing?

The police now advertise on the Internet. We use this public request for assistance from the police as our invitation to get involved. This helps us to ensure we are looking for an actual missing person. We refuse to look for anyone who has not been classified as missing by law enforcement.

What does qualify as a missing person?

It differs by country but normally there is some short length of time in most. The one commonality for all however is the police element. The police must qualify the person as missing.

How do you organize a dedicated search? What’s the methodology you are using?

Right now we have two formats:

  1. The first format is a Capture the Flag (CTF) event where we run an OSINT style CTF event at an information security conference. This is excellent as it allows a very large amount of people to focus on a few cases. We are currently looking at introducing this to universities.
  2. The second format is an open and ongoing operation anyone can start an operation which focuses on any missing person. This can stay open a lot longer but is often not as active.

What are the key tools you are using to perform these searches?

Everyone uses different tools. Most people start with the basic online tools such as pipl and others. There is also a lot manual searching through social media channels. Our more advanced members use dedicated platforms with automated tools.

What tools do you use to collect and conserve information?

Again this differs for everyone but those who need to preserve information for evidence purposes wil often have dedicated virtual machines for each operation that can be easily archived. This can be done a number of ways but the simplest is to have a local hyper visor with Kali Linux setup with all your tools. The other tool that is used is called Hunchly. This is a Canadian company that provides a great product to help an OSINT operative keep all the intel organized and preserved.

What are the main challenges linked to the investigations you are encountering? What are the limits of Trace Labs?

There are a few challenges. None of these challenges are technical however. There are challenges with law enforcement as they are not sure how to work with us. To date, it has been surprisingly good to work with most police agencies but some choose to ignore us and don’t want to even reply. It’s a work in progress and we need to continue to prove we are a value to them and not vigilantes like some other groups. There are also challenges with contestants wanting to go too far. We have a strict zero touch mandate which means we don’t log in as the missing person or do any other sort of hacking engagement. We often need to ensure everyone is aware of these rules. It’s easy to get excited about this sort of thing but in order to stay on the right side of the law and be of value, we must have rules. We sometimes get investigators as us for the intel we collected and we refuse. We submit to the police only. We also get people asking us to search for people and again we have to refuse as we need the police to send out the public request before we can do that. Finally we have the challenge with the media. Mostly this hasn’t been an issue and instead they have been great however we have ended interviews where the newspaper was looking for the drama and dirt which we aren’t interested in providing.

Europol is more and more calling for support through identification of objects in photos for child abuse cases. How do you coordinate with law enforcement? Is your initiative welcome by them?

It’s a mixed reaction right now but mostly it has been pretty good. We continue to be extremely careful and work hard to ensure any law enforcement agency we are working with is happy with us. We are always open to any special requirements they might have. It’s a mixed reaction right now but mostly it has been pretty good. We continue to be extremely careful and work hard to ensure any law enforcement agency we are working with is happy with us. We are always open to any special requirements they might have.

We recognize that these are real people with real families and we stress this to the members of Trace Labs. I see a trend of us getting more and more attention from police (in a positive way). It’s still early stages but it’s my hope that eventually they see us a very cost effective solution that allows them to be even more effective.

Today your initiative is mainly in North America – how to spread best practices you are going to create?

We just did an event in Australia (October 2018) which we are really excited about. We are currently discussing with several organizations in Europe about events in 2019. this takes a bit more work as we need to find people in those locations to help us. 

What are the next steps for Trace Lab?

Trace Labs is growing faster than we can keep up. It’s pretty astonishing really. There are two big steps that we really need to accomplish in 2019 however. The first is to create a larger core international team to help with strategy and operations. The second is to improve the CTF platform. Our CTF isn’t theoritical so it’s more difficult to score. We never know what people will find, so we have to validate all incoming data. This is labour intensive and time consuming. Therefor we are always looking to streamline this system to be as fast as possible. 

How can people help? Who can join?

Well first step is to sign up at

Then reach out to me on twitter at @tracelabs and let me know how you would like to assist.

Anyone can join

What would you recommend to a beginner in OSINT researches?

For a beginner I would recommend to start with some free resources such as podcasts. Michael Bazzell has an excellent book and podcast. Then I would download some audio books on osint.  Finally there are some good courses out there online that can be helpful. If you want to get hands on osint right away, simply register for Trace Labs and then look for Missing Persons in your area and begin an operation on our Slack channel. Ask for members help and learn as you go.

Laisser un commentaire