How OSINT Cracks Cases: OSINT Investigation on the Frontline

Small PDs are beating the odds on complex crimes with cutting-edge OSINT tools.

OSINT is solving cases now, with high-profile results. With the attention afforded to its forensic genetic genealogy aspect, few realise the Golden State Killer case – one of the most infamous serial crime sprees in U.S. history – was in fact solved using a groundbreaking application of Open-Source Intelligence (OSINT).

‘In the end, it wasn’t stakeouts or fingerprints or cell phone records that got him. It was a genealogy website.’ - Science Writer Morgan Molteni, Wired [Source: WIRED]

Joseph James DeAngelo had been responsible for at least 13 historic murders, over 50 rapes, and countless burglaries – but evaded capture for decades. This was until investigators uploaded DNA from ‘GSK’ crime scenes to GEDmatch, a worldwide public genealogy database. Here, police grew up a family tree for their suspect, branching between distant relatives who had willingly submitted their DNA to trace their family origins. It may seem hi-tech, but the data officers drew on was open-source, public and freely accessible; a textbook case of OSINT investigation. 

DeAngelo, ironically a former police officer, pled guilty to multiple counts of murder and kidnapping, avoiding the death penalty in a plea agreement. This justice for his victims felt like a miracle; but with OSINT allowing a small PD to make such a big impact, it wasn’t the only miracle to take place in this investigation.

A multi-agency team worked together, from massive federal institutions like the FBI to local organs like the Contra Costa County District Attorney's Office. In a breakthrough for OSINT’s collaborative power, a retired county-level forensic investigator played a pivotal role: Paul Holes, who had initially connected the crimes of the ‘East Area Rapist’ in Northern California to the ‘Original Night Stalker’ cases in Southern California in 2001. Through the accessibility of OSINT, this local cold-case investigator could have a national impact in resolving a complex crime. 

This should draw America’s attention to an uncomfortable truth. Small-town and county-level law enforcement struggle against limitations in their missions to keep communities safe. Big metropolitan agencies can rely on a steady flow of resources, specialized units and dedicated support. Meanwhile, small PDs confront tight budgets and thin-stretched personnel – while case loads are anything but small.

These hurdles give small-town officers remarkable ingenuity and determination, leveraging every resource available to solve cases that matter. This is where OSINT platforms, like OSINT Industries, come into play. As digital and physical crime continues to rise, OSINT can be a local-level game-changer, empowering even the most resource-constrained departments to uncover critical evidence – and close cases they never thought they could.

Meet Scott, a Police Detective and OSINT Analyst

Set amongst the parks and greenery of Wisconsin, Greenfield Police Department serves around 12 square miles bordering Milwaukee, Greendale, Franklin, Hales Corners and West Allis. With only 36,000 residents, this leafy suburban area seems an unlikely place to see OSINT on the frontline. But thanks to Scott*, a Police Detective and OSINT Industries user, Greenfield PD has become an exemplar of OSINT innovation.

Before coming to Greenfield, Detective Scott spent 10 years with a federal agency. As a result, he was shocked by the comparative scarcity of resources, funding and manpower on the local level. Officers at Greenfield were faced with little to no access to some of the most technologically advanced approaches that were commonplace in ‘higher’ strata of law enforcement. Meanwhile, though its jurisdiction may be small, this department was far from sleepy. According to Scott, the local caseload was nothing short of ‘enormous’. 

‘It doesn't matter what kind of crime people commit these days…. they always need a phone.’ - Scott, Greenfield PD Detective [Source: OSINT Industries]

Scott discovered OSINT Industries through his work on a cross-level anti-cybercrime initiative. Reaching out for law enforcement access, he acquired our tooling for use in his casework. The effect was immediate. Scott found he could make use of selectors across the board in his searches: phone numbers, emails, and usernames. As he reached out to tell us in this OSINT Case Study, these searches could be key in shaping the future of local-level policing - helping small PDs to punch far above their weight.

A Puzzle Solved in Minutes: OSINT Accelerates an Investigation

‘While we’ll never prosecute our way out of this crisis, today marks an important first step toward justice…’  - Mark Totten, U.S. Attorney for the Western District of Michigan [Source: DoJ]

One particularly successful application for OSINT investigation is tracing narcotics and their origins. OSINT mapping of supply chains excels in identifying distributors and distribution tactics, as drug trafficking becomes an increasingly digitised industry. 

The exploitation of digital technologies in America’s fentanyl crisis is a case-in-point. By enabling faster, borderless transactions, the digitisation of drugs leaves traditional investigation and regulatory enforcement increasingly challenging. Drugs can flow into small towns and big cities with equal efficacy. As social media, encrypted messaging, and e-commerce websites become key channels for suppliers to reach buyers, the days of officers facing just the ‘dealer on the street corner’ seem numbered. 

OSINT investigators can use SOCMINT to identify drug transactions or promotions, or DarkINT to uncover darkweb forums and marketplaces where substances are traded; analyzing shipping patterns and intercepted communications or precursor chemicals can geolocate drug cultivation. Then, link analysis between suspects, locations, and transactions can visualize relationships, hierarchies and distribution networks within trafficking organizations. 

‘It’s not really a lot of drugs here… but it’s a lot of drug users here… so once the big man comes down here, it’s done, it’s everybody… know what I mean, and they’re young…’ - Theo, resident in a small town in Ohio after living in larger cities. [Source: NIH/PMC]

Disrupting the online-to-offline pipeline, however, was not Scott’s aim in this case. The OSINT anti-narcotic advantage – speed, cost-effectiveness and cross-jurisdictional scope – was needed to trace one transaction: a deal that amounted to murder.

Drug overdose deaths were once treated as accidental products of misadventure. That was before 107,000 Americans (including 2,826 Michiganians) a year died needlessly due to opioid-related causes. Today, almost one in three Americans have lost somebody they know to overdose. Overdoses are often viewed as prosecutable homicides, with charges laid on those who sell and distribute killer substances.  

Officers at Greenfield Police Department reached out for assistance because they had phone number data related to a suspect in an overdose case, but had no method of linking it to any other data they possessed – in particular, a CashApp account. Without proof of transaction, the wheels of justice were halted. 

"The first question was asked to 1,217 millennials… 'Have you used Venmo to pay for drugs (ex. Marijuana, adderall, cocaine, etc.)?' Nearly a third of respondents, 32.6 percent, claimed that they have..." - Jack Morse, Crypto Reporter [Source: Mashable]

Encrypted platforms like Venmo, CashApp and Zelle are notorious as popular places to buy and sell drugs, but there’s no way of approaching these companies to extract vital data. Entire trafficking rings have been exposed as operating via CashApp alone. However, Greenfield PD – like many other forces – learned that CashApp’s lax due diligence and encryption promises practically amount to a ‘no-snitching’ clause. 

There had to be another way - OSINT Industries. 

CashApp Cashes Out with OSINT Industries Username Lookup

Scott immediately inputted the phone number into our platform. Thanks to our CashApp module, Scott’s OSINT Industries search instantly uncovered the much-needed CashApp account. He unearthed a plethora of other data too. As an experienced analyst and detective, Scott immediately noticed a lead in the spread of accounts displayed in his subject’s search profile: a specific username. 

The suspect had used this same username for CashApp, Venmo, and most importantly, social media platforms like Facebook. Scott ran a username lookup for this specific username, and found not only a full suite of personal information and contact details, but a profile photo. He shared these details with another local investigator, who began using our username lookup tool to dig further. 

From just a phone number, Scott was able to identify a woman as a suspect in this narcotics homicide investigation.** Within a few minutes’ searching, Greenfield PD’s suspect was in the bag. When Scott relayed his findings with OSINT Industries back to his fellow officers, he remembers one colleague’s shocked response:

‘How did you do this? I’ve been taking five days to identify a Facebook account…’

Small-Town Game Changer: OSINT Industries Could Keep Americans Safe 

If they’re looking for a suspect’s profile, local police departments can’t just call up Mark Zuckerberg for information.

Extracting the data needed from different sources – and famously opaque social media platforms – is a painful and time consuming process, often concluding with dead ends. Possessing just a phone number for their suspect, officers faced approaching phone providers one-by-one, followed by companies like CashApp that resist legal intervention to build those all-important investigative links.

Scott’s OSINT Industries search used his phone number query to pull from over 500 data sources instantaneously, requiring only one officer. Finding a Facebook account took seconds, as opposed to a five-day struggle that could put strain on Greenfield’s resources and personnel. With free access for law enforcement, OSINT Industries is an advanced technological solution that also puts no burden on budget. 

Scott told us that for some forces, the search our platform accelerated would be in itself impossible. In even smaller or less-resourced jurisdictions than Greenfield, local heroes have no means of approaching these challenges. In cases like Scott’s, OSINT Industries is ‘providing information we wouldn't have had’, and could be the key to keeping communities safer. 

Cheap, effective and advanced, OSINT can present a game-changing helping hand to the frontline local-level police departments that form the backbone and bedrock of American law enforcement.

Stopping the Slaughter: Insights on OSINT and ‘Pig Butchering’ 

Alongside his commitment to justice as a Greenfield PD Detective, Scott is participating in a country-wide initiative – bringing local PDs together with federal officers, diplomats and more – to combat the rise of cybercrime.  It’s here that he was first introduced to OSINT Industries.

‍OSINT Industries is already playing a role in combating the tyranny of online and crypto fraud, reporting on intrepid OSINT investigations that use our tool to do their part in stopping the scams. It’s important to remember that as of 2023, more than 80% of Americans targeted by cryptocurrency fraud lost money, making crypto scams the most devastating subset of cyber-scam by far. This crisis was born from a collision of factors: the COVID-19 pandemic, a signature lack of market regulation, and dubious yet high-profile phenomena like FTX or Dogecoin.

The most virulent strain of crypto scam is ‘Pig Butchering’, a crypto-specific form of investment fraud originating in China. First a romance scam, its bloody moniker translates to ‘Sha Zhu Pan’(杀猪盘) – literally translated as ‘Killing Pig Plate’ – and refers to the mechanism of ‘fattening up’ their victim-investors with promised returns, before ‘slaughtering’ them for profit.

The scam begins with a WhatsApp message, Telegram message, or email, with a seemingly innocent proposal for crypto investment - or even friendship. Still, perpetrators are difficult to trace. Victims will usually have no way of contacting the scammer and no way of recovering their life savings once they have been ‘butchered’. The resulting pain and loss has even claimed lives.

Scott shared with us the specific properties that make the OSINT Industries platform the best weapon to combat ‘butchers’.

‘I can move crypto to Singapore just as fast as to someone in the same room as me…’ - Scott, Greenfield PD Detective [Source: OSINT Industries]

Local Cases, International Modules

The first of these is our international modules. Cryptocurrencies like Bitcoin, Ethereum or Solana are distinct from FIAT currencies like the U.S. Dollar, Euro or Japanese Yen in that the latter is inherently bordered. FIAT currency, the money you might carry around in your pocket, is geographically-tied, and difficult to move overseas. Banks and countries have checks and balances; for example, more than 10k in funds will be checked on departing the US, and takes several days to transfer. This is to prevent the very activity that crypto scammers are trying to engage in - fraud.

Crypto, meanwhile, can be moved instantly, with no oversight. This means that the primarily overseas scammers Scott confronts can transfer borderless currency covertly across the globe, even passing through innocent wallets to conceal their identities. 

The traditional process of financial investigation relies on old FIAT models. OSINT takes into account a faster, global reality. Crypto scamming is an international industry, and this makes OSINT Industries unique overseas search modules (like OKRU, Weibo and more) essential in Scott’s hunt to track the ‘butchers’ down. 

Breaking the Scammers’ Spell

Although the practical mechanism of crypto scams is vital to understand, Scott possesses frontline insights into the sophisticated psychological operations behind this type of fraud. ‘Pig Butchering’ affects victims’ wallets, but their minds too. 

‘Over weeks or even months, the scammer works to gain the victim’s trust. They may send daily “good morning” messages, ask about the victim’s day, and gradually bring up their “successful” background in finance or investments…’ - Lars Daniel, Practice Leader of Digital Forensics at Envista Forensics [Source: Forbes]

Scott works with the awareness that crypto fraudsters and cybercriminals commit a crime that is designed to be emotionally exploitative and ultimately destructive to the individual. He observes that scammers ‘study human psychology’, and from their method of approach it becomes clear that ‘they know exactly how to exploit insecurities.’  

These scams have consequences that a local police officer will contact in his line of duty. Scott worked with one local victim who had believed an online romance had blossomed with her ‘butcher’, to the extent that she had opened up to this cybercriminal about losing her mother to cancer. In response, her exploiter manufactured a father who died of cancer, for the purpose of identifying himself with his victim. The result of her painful honesty and trust was financial and emotional devastation. 

This becomes more heartbreaking when acknowledging Scott’s most common victim profile: 60-to-70 year olds, lonely or vulnerable, lacking in digital literacy. He describes victims losing their jobs, or having to go back to work after achieving their dream of a happy retirement; victims sliding into deep depression and even losing their lives to suicide. Due to the use of multiple wallets and victims to pass crypto across the globe, Scott finds  identifying one victim with OSINT techniques almost inevitably leads along the blockchain to another. These ‘invisible victims’ may have lost their life savings – amounts over and above $100,000 USD – but are too embarrassed to report the crimes committed against them.

‘The First Step is Acknowledging That It’s a Scam…’ 

Yet OSINT has the potential to break the spell of manipulation with clear and concise proof of identity. An OSINT Industries search brings up a comprehensive profile of an individual, and this information can be used by law enforcement to verify that a crypto scammer is far from who their victim believes them to be. This information is powerful: as Scott says, acknowledgement that you’ve been lied to is the first step to justice against those who perpetrate fraud. A clear picture, provided by an officer using OSINT, of a suspect can help to motivate victims to accept what has happened to them, and begin the process of cooperation with police.

Still, victims also need our help to erode the stigma around their victimisation, if law enforcement is ever to truly take down the ‘pig butchers’ and end the harm. Scott relates a story of one local victim who had been emotionally and financially manipulated for more than two years by her scammer, believing she was in a loving online relationship. Even when it could be proven with concrete data that her partner was not her partner, but a cybercriminal based in Nigeria, she could not accept the reality of her victimhood. Perhaps she was too afraid to face the stigma of being a ‘scam victim’, did not want to admit her losses, or could not break the psychological hold this ‘pig butcher’ had on her. 

Whichever way, not even photographic evidence could persuade her of the truth. Officers, here, reached out to her family, asking them to prevent any further funds being sent; OSINT can aid the process of justice, but it was only genuine care and support, without stigma, that could help move this victim out of harm’s way.

‍

* Some names have been changed to protect the identities of those involved.

** This woman has not yet been convicted at point of publication, and remains an alleged perpetrator. 

‍