I recently participated in the Search Party Capture The Flag (CTF) competition — a global event run by the non-profit organisation, Trace Labs, who aim to locate missing people through crowd-sourced OSINT (Open-Source Intelligence).
The search party comprised 220 teams, each with an assigned judge to verify the relevance of their submissions. Unlike the common Jeopardy-style CTFs, the “flags” in this case were evidence relating to a specific person’s disappearance. Trace Labs have appropriately gamified this by categorising the various forms of evidence which a contestant can submit, from information involving friends of the missing person (MP) worth 10 points, up to the location of the individual worth 5000 points. Report writers then gather this intelligence, compile the data into a report, and send it to the relevant law enforcement authority in charge of the investigation.
Ultimately however, the points don’t matter. The core purpose of this CTF is to empower those with, and without, a formal technical or investigative background to contribute intelligence to a missing persons case, in a fun and safe way.
Initial Analysis
During the event, time was our greatest adversary as it only lasted four hours. Our team comprised of four people, each of which with varied experience in relation to OSINT-oriented CTFs. We were assigned a total of four missing people, naturally taking one each. We made sure to maintain regular communication throughout, which proved invaluable towards the end of the event when more than one person was working on the same MP.
My assigned MP was a male teenager who had been missing for around 90 days. When I searched for his name on Google, I was directed to various news reports relating to their disappearance, all of which displayed virtually identical information, so there was nowhere to pivot to. I quickly realised that people were sharing these reports across Facebook and Twitter through dedicated missing person pages. I carefully analysed each Tweet and repost in order to find potential pivot points, such as school friends or family members, but nothing came up.
Given the age of the MP, I thought it was likely that they had a substantial social media presence, particularly on Instagram, Twitter, and Snapchat. However, the abundance of news reports and related social media posts made it challenging to find any personal accounts associated with the MP. To bypass this, I filtered out the results which contained the words “missing”, but still was unable to find anything of relevance.
Abandoning the Search
At this point, we were about 1 hour 30 minutes into the event, and I felt it wasn’t the best use of time to continue with this MP. One of my team members confirmed that they were also unable to find any information on my assigned MP, so I thought it best to change to another MP, as the others had substantially more information to pivot from.
The next MP was a man in his 30s who had been missing for almost a year. Fortunately, my teammate had managed to find a good amount of information by analysing various news reports, including details about his mother, siblings, and UK-based colleagues. I decided to adopt a similar technique and was able to find information relating to the MP’s previous partner and current girlfriend. From this I discovered associated Instagram and Facebook accounts which showed they were in the same country at the time prior to his disappearance. Scrolling through the list of followers and friends, I then found the Facebook account, which was owned by the MP in question, however, my sock puppet account was subsequently disabled so I was unable to continue the analysis.
Reflection
At this point, my team were finalising their submissions and the contest promptly ended. The platform was then locked off while the judges calculate the final scores, giving us time to decompress. After the submissions were validated, the final leaderboard revealed our team achieved #59 place out of 220.
A commonly held view among participants is that it’s often easy to forget that the MP is a real person, especially during the event. Reflecting on the MP I was initially assigned, I was thinking about what I could have missed in my analysis. Furthermore, this lack of intelligence was also more apparent after speaking to participants from other teams who were also unable to find any leads in relation to this MP. Thankfully, we were able to find lots of information on the other MPs and contribute to the intelligence which will hopefully find these individuals.
The Trace Labs Search Party CTF is a unique opportunity to use your skills for the greater good in a real and impactful way. While it was very mentally taxing, the experience was overall very positive, and I hope my contribution was valuable. I learned a lot from this event, and I will continue to participate in the future.
