Ritu Gill, or @OSINTtechniques as she’s known online, joins the podcast to give tips for social media intelligence gathering. What are the little-known platforms to look at and how do you gather safely? Tune in to hear the tips.
Ritu Gill is an Intelligence Analyst with over 16 years of experience working with Canadian law enforcement, 12 of those years were with the Royal Canadian Mounted Police (RCMP). During her tenure with the RCMP, she specialized in open source intelligence, and worked on high profile investigations. As part of RCMP’s international capacity building program, Ritu trained law enforcement in Bangladesh and India in the use of the internet as an investigative tool. In 2016 Ritu set up a consulting business providing OSINT training and research to law enforcement and related entities across North America. Ritu holds a Bachelor’s Degree in Criminology from Kwantlen Polytechnic University and is actively involved in the OSINT community.
Ritu Gill
I honestly, it's just it's shocking in general what some people will post.
Jeff Phillips
Welcome to NeedleStack, the podcast for professional online research. I'm Jeff Phillips, your host.
Aubrey Byron
And I'm Aubrey Byron, a producer and co-host. Today we're going to be discussing social media intelligence, otherwise known as SOCMINT.
Jeff Phillips
And joining us today is Ritu Gill, better known as @OSINTtechniques on Twitter and a law enforcement professional with over 16 years of experience. Thanks for joining us.
Ritu Gill
Thanks so much for having me. I'm super happy to do this. And yeah, thanks again for reaching out, I appreciate that.
Jeff Phillips
Well, do you have a lot of experience specifically with Canadian law enforcement? Um, but but how did you start using OSINT and what drew you into into the field?
Ritu Gill
So I started using OSINT way, way back when. But really my law enforcement experience started after I finished my bachelor's degree in criminology in 2007, and from there I ended up working for the local police department based in Metro Vancouver, where I reside. Pretty much, really, it was a series of steps that got me to where I am today. I do have a lot of people asking like, hey, how did you get into OSINT? It was, you know, I started from the ground up. I always say that I feel like it's kind of repetitive, but it's the truth. I started from the ground up, you know, I worked in a lot of administrative roles with the police at first, and I eventually got into research role as a researcher. And then I got experience doing that for a while, and that's when I came across open source intelligence. And I was kind of like, oh, what's this? I didn't know this was like a field of work.
Ritu Gill
I didn't know that people could actually have a job doing this, which took me to becoming an analyst eventually as well. But yeah, definitely being in a researcher role and think it was kind of like, was it just luck? I came across open source intelligence, how other analysts were using it, and then I started learning more about it. And really, I mean, I feel like that's how it just kept building kind of building blocks to get me where I am today.
Jeff Phillips
You know, that's a seems like sometimes a recurring theme in our in our show that there's so many roles that are out there that are potentially even doing OSINT, they may not know it or at least doing aspects of it, maybe not following all the OPSEC and Infosec types of things they need to do, but they're they're out there doing investigations and research online, dealing with open source, and to discover there's a professional area to get better at called OSINT is super interesting.
Ritu Gill
Yeah for sure.
Aubrey Byron
You recently gave a presentation on lesser known platforms for at OSMOSISCon. Can you tell us a little bit about the up and coming platforms that you have your eye on?
Ritu Gill
Yeah for sure. So yeah, I did present OSMOSISCon. It was really great. It was in New Orleans this year. And yeah, it was a great audience. And the reason I chose the topic and I'll cover that, even though you didn't ask, I will talk about that is just because you see so many open source topics about, you know, the common platforms which are really necessary to know about as well, but thought for more experienced people, they might want to see something totally different and more like niche. So I cover things like, and, you know, lesser known platforms. It could mean different things to different people. But for me, it was things that I maybe didn't hear about a few years back. One I'll mention is something like VSCO, and a lot of people have had that so many times people were like, what's this go? So again, it's a social media platform. That's one that I feel like I came across it a number of years ago, but I saw that people were posting their VSCO links in their Instagram bios, and that's how I came across it.
Ritu Gill
And so I clicked on it, and it took me to this other platform through a series of steps and research. I guess research steps was I discovered that, hey, there's no privacy settings on VSCO. Like you can't as a user, private as your account. So that's like a lot of information. So one thing I'll mention is there are a lot of regular social media users like posting on VSCO, but what I started noticing was that there were some users or many users maybe I don't know the percentage, but they appear to look like they were part of local games based in maybe Vancouver. And I thought that was interesting. And, you know, it looked like kind of like dial it doping kind of operations. Because of the photos, they would post bundles of cash, weapons, drugs like that. That's pretty much the what the whole account would be. So thought that was quite interesting. And the other interesting thing was if you found that person on Instagram and they had a bicycle link, they would sometimes privatize their Instagram, but then they're VSCO because they don't have an option would be completely open.
Ritu Gill
So I don't know if that was intentional or if there was like any awareness around that. But that was obviously really helpful and kind of like a goldmine of information. And like VSCO is one platform, but other things I mentioned to people, I talk about this one, which is kind of old school, but it's also lesser known because some people aren't using it. Things like Skype. When you download Skype, you know you create a account. You can search the platform for a phone number, a name and email address, a username, and you can get a lot of information there. It's one of those sites that I use pretty much every day. I'm doing OSINT work because it does provide a lot. You can see a profile photo if somebody has one. Other details in that account could be sometimes, maybe the date of birth of that individual. It's listed in that profile. And if you are somebody who works for the government, law enforcement, and you have access to like close databases, well, you can cross-reference some of that information to confirm.
Ritu Gill
Is it the right, you know, DOB, date of birth, right. That kind of stuff.
Jeff Phillips
Well, you talked about finding like information that would supersede date of birth and profile photos and emails and I'm sure, um, telegram accounts. What's the most surprising evidence you've, you've found on social media?
Ritu Gill
I honestly, it's just it's shocking in general what some people will post. An example that comes to mind when you say that is, you know, if there's people or, you know, individuals or groups trying to say overthrow the government. We've seen that in, you know, certain like events in the last few years. Um, you know, whether, you know, think of like the freedom convoys that we had across Canada, you know, people what they were posting in their live video streams because I'm like, I'm thinking I'm like shocked because some of the things that are happening in these videos also shocked because I'm like, it's something that if it's an open source, anybody can go download it. And now, you know, if it's going to be something where people are being charged a year later, well, now there's all this evidence of you doing what you maybe didn't want out there initially. Another example is like, I mean, we about a couple of riots in Vancouver in the past, uh, some of them related to like hockey, the Stanley Cup riots and stuff like that.
Ritu Gill
Um, I think of, again, like the amount of people that were charged in those instances, you know, for whether they're, you know, lighting police cars on fire to looting some of the local stores downtown, there was not only. Footage of them doing it, but there's people with their cameras and, you know, things ended up on social media even though it wasn't used as much back then, but again. So that kind of stuff always shocks me that I'm like, hey, when you do stuff and you post it, it's kind of like it might be there forever, right? And you don't know who has who has kind of a snippet of what you did.
Jeff Phillips
Well, I'm a parent of two teenagers. And so, I mean, we talk about social media use all the time. And that's I mean, it's interesting. So I'm telling them not to post things that's going to live forever. You have to go get a job someday and whatnot. But on the flip side, you don't know who's recording you, and then you're finding that on social media. In the case of riots and whatnot, maybe people are identifying you. That's that's interesting.
Ritu Gill
Yeah. Like and even think of when think of like teenagers or people that haven't figured out what they want to do yet, but they're going to be eventually, you know, looking for jobs or a career. I believe a lot of people are like H.R. You know, human resources people are looking up people before they get hired, right? So, you know, what you do online says something about you. It paints a picture of who you are. So again, being careful. And yes, a lot of young people use things like Snapchat and they're like, oh yeah, but it's gone after 24 hours. I'm like, yeah, but you don't know who took a screenshot. And and you know, yes, you might be friends with 200 people, but are they really all your friends like, you got to you got to be a little just careful think.
Aubrey Byron
There are so many new platforms coming out all the time. This year in particular, it seems like. What advice do you have for trying to keep up, or just practitioners who are struggling with what to prioritize?
Ritu Gill
Yeah, so that's one of the things, like with OSINT, it is ever evolving. It's it is hard to keep up. Like a lot of people have asked like, hey, is open source a full time job? I'm like, oh, 100% because they're like, hey, can I just do it on off the side of my desk? I'm like, you can, but you might miss a lot of information. It can be one of those things where you do it off the side, off of the side of your desk. But I feel like there's so much to learn and there's so much to keep up with. Um, one of the things again, like. There's different ways I will try to stay up on, you know what's new? I'm quite engaged with the community online. You know, I have some really good friends. We communicate on a weekly basis, if not daily. Um, so I feel like I'm kind of surrounded and I surround myself in that because I want to be in the know.
Ritu Gill
So not only things like, yeah, you might some people join discord channels, but, you know, I read the most recent books, that kind of stuff, but also just getting online and whether there's a community on Twitter or on LinkedIn or other places now. So I will look at what are people posting, you know, what's out there. And that will bring some of those platforms to light.
Jeff Phillips
You mentioned doing it off to the side, and I guess it depends on which what you're actually doing owes an amount. I mean, there's one thing to me to be a to be an enthusiast and to try to help out. Let's say it's related to Russia, Ukraine or what's going on in Israel. But, you know, if you're if it's part of your actual job, I'm curious because you work with law enforcement on collection methods, can you talk a little bit about practicing good OPSEC, which you might not be doing if you were just doing it on the side, especially when it comes to social media intelligence collection.
Ritu Gill
Yeah for sure. So having good OPSEC, having good operational security is really important. The reason is one we need good OPSEC. We're trying to protect ourselves right. As if you're an online investigator, you don't want your name attached to certain things you might be doing, maybe certain accounts you're following and that kind of stuff. Um, my $0.02 for that is you don't have research accounts. So if you're conducting an investigation on whatever platform, pick one. Even if it's like Instagram, Facebook, maybe it's TikTok. If you need a research account to access information, which you do in a lot of the social media platforms nowadays, like you can't get around it. So the the reason you want to have a research account, also known as a sock puppet, which a lot of centers refer to those as, um, it's to protect yourself. Right? So you don't want to have the name maybe Ritu Gill on your account, but you want to use something else, right? Something discreet, something where you blend in to maybe your target group.
Ritu Gill
Um, so it's kind of twofold, right? You want to have a research account or a sock puppet to access information. The other reason is to protect yourself. And also, if I'm going to throw on a third reason, it's to protect the integrity of an investigation. Um, again, do you want to be using your personal accounts? If you work for the government or you work for law enforcement, would you want your personal devices and your personal social media accounts to get disclosed in court? I'm going to say probably not. Right. So it's another incentive to create a research account, you know, and don't use your personal accounts for investigative purposes.
Jeff Phillips
Now I'm going to throw one thing in there on YouTube because of. We're not lawyers here on on NeedleStack. You know, if your particular organization has a policy or not in terms of if you can create such accounts and do that off of work machines, you might want to look into any of the internal policies you might have on sock puppets.
Ritu Gill
Yeah, 100%. That's always a good caveat to have. Yeah. I always remind people like, yeah, definitely follow your organization or your agency's rules policies. That always supersedes anything we're saying. You know, one thing I have had people say to me is, oh, but, you know, I'm not just looking at, say, Facebook. They're like, oh, I'm not allowed to create social media accounts on Facebook. It says it's illegal. I'm like, no, no, no, hold on. No, Facebook doesn't want you to create fake accounts. But unless you work for Facebook, you know, right. Then it's a different story. But I'm like, I don't work for Facebook. Like it's not illegal to create a bank account on Facebook. That's not what it says. Right? So it's like using some critical thinking. Also, when we're looking at creating accounts and what that means for depending on who you are and what agency or organization you want for sure.
Jeff Phillips
And the default, if you can't do that mean to me, and if your company is very strict about it, you know, I you know, there's depending on what you're investigating, the fallback shouldn't be, well, then I'll just jump on my phone and use my personal account to go do that investigation. For all the reasons you just said to protect yourself. Then maybe you shouldn't be investigating that if you can't have such a research account. Um.
Ritu Gill
Yeah. Yeah. No, definitely. Like. And one of the things I mentioned sometimes is especially to investigators who say like. Your typical like police officer. And I know not everybody is in that job, but I think it puts it in perspective. I'm like, okay. If I say to you, I'm like, hey, would you conduct surveillance on a house using your personal vehicle? And they're like, no, obviously not. And I'm like, okay, well, when you look at your online activity, why would you use your personal account? Those are also linking back to you, just like a car would link back to you. So why would you do that? They're like okay, they kind of see it, right? Sometimes having examples, people will understand something better just to be like, hey, this is why. And I've also shown people a number of cases where people that do investigative work have been targeted by certain groups because, you know, they're like, hey, I use my own account.
Ritu Gill
And then now, you know, things are happening to them, you know, their houses are catching on fire. And that's actually real. From within Metro Vancouver, we had an issue where, again, some police officers houses were randomly catching on fire, but not so random. Wow. So yeah. Yeah. So it's like it could be quite serious. Um, obviously like everybody's OPSEC will be also different. I'm not saying you're OPSEC should be like mine or mine should be like yours. You kind of have to make your own assessment depending on who you are. I just think one of the basics of having good OPSEC as research is having a sock puppet account, having research accounts like I have many on different platforms for all these reasons. And you know, I use them according to kind of what the purpose is and if I need it, depending on what day it is or what I'm working on. Sure.
Aubrey Byron
So you've been practicing for many years and consulting on it and speaking about it, but this year you have an awesome tool coming out of your own. Can you tell us a little bit about it?
Ritu Gill
It's actually quite exciting. It's coming really soon. It's called Forensic OSINT and it is essentially a screen capturing tool for investigators. It's going to have some cool features I think. So it's going to have things like seamless screen capture. It's going to have like downloading videos directly from platforms. Say like you're on a TikTok video, you can click a button, then you hit download and it downloads on your system. Um, some other things it's going to have image capture. It's also going to have one really big piece is. So a lot of people may need to go to court for certain things they work on. Not everyone, but some people want to at that court standard where things are like it's collecting metadata and the files are hashed and, you know, these screen captures, it means that, you know, if it's changed or altered, you'll know. So we also provide file hashing and that kind of stuff here. Um, and on top of all those things, there's other features that we have as well.
Ritu Gill
One of the things is an asset knowledge base. So essentially as you're conducting your research, this knowledge base will give you information about what social media site you're looking at. So it might pull some key. It might pull some key extractions like things like user ID just by a click of a button. Um, it might provide other things that will, you know, like tips and tricks on like how to say Facebook in the best way or how to save Instagram the best way. So yeah, that's a little bit about the tool. Pretty exciting time. Um, and that releases coming just in days.
Jeff Phillips
Congrats. Where can people follow along as far as when it'll get released?
Ritu Gill
Yeah. So right now, if you sign up at www.forensicosint.com, we have pretty much we're going to be we're doing early rollouts too. Like the first I don't know whatever number of subscribers. So if people go to forensicosint.com and you sign up into our mailing list right now, also one of the incentives is we're doing a daily draw for people to win, like a free six month license to forensic OSINT, because we want we want people to test drive it and see like what they think. We want them to give us feedback. Hey, how can we make it better? Um, and one of the reasons we created this was because we see there's some gaps in some of the tools out there currently maybe that don't do everything we want them to do. Because if you're looking at somebody who actively works on investigations and I'm like, hey, this tool doesn't do what I want it to, but now we've built something that will kind of fill those gaps. That's the exciting part.
Ritu Gill
So. Yeah, that's that's what's happening right now.
Jeff Phillips
That is awesome. Congrats to you and everyone that's involved.
Ritu Gill
Thanks so much.
Jeff Phillips
We really appreciate all the time today. My last our last question for you. What kind of advice would you give to practitioners, particularly those that are that are brand new to the field and just starting to get involved in OSINT?
Ritu Gill
Yeah, so I always tell people that like, practice is so important, right? A lot of people go online, they read articles, you can read books, and I recommend both, but definitely go apply what you're learning. Because if you're just reading, you're I don't feel like you're getting the full experience of like, hey, using a tool. Yes, I read about this tool maybe or a technique, but maybe go apply that. So that's what I would say especially I do get a lot of people asking about like, hey, how do I get into OSINT? Um, I did write a blog post for SANS about how to get into OSINT, actually, um, just because I was getting so many emails about, hey, how do I get into this? And I'm like, well, here's a quick little article about, hey, maybe you want to get involved with OSINT Community. Here are a couple of communities online that you know are quite engaging. Um, other things, other places, like some people are doing weekly newsletters.
Ritu Gill
That's great information that comes through each week. They've been doing it for a number of years. That's also another place you can go. So, um, yeah, definitely. There's lots of different places. And I could talk about getting into OSINT for a while, but that's kind of, uh, yeah, those are some that's a starting point.
Jeff Phillips
Well that's awesome. Again, thank you so much, Ritu, for chatting with us today.
Ritu Gill
No problem. Thanks so much for having me on this. This has been great and it's great to meet both of you.
Jeff Phillips
Thank you. And thank you to our audience for listening. You can learn more about where to find Rita in her work in our show notes, so please check those out. You can also view transcripts and other episode info on our website, authentic8.com/needlestack. That's authentic with the number eight, slash NeedleStack. And be sure to let us know your thoughts on X, formerly known as Twitter, you can find us @needlestackpod and to like and subscribe wherever you're listening today. We'll see you next time on NeedleStack.