Cyber-Baddie and the Golden Mask / Episode 2 / OSINT

Cyber-Baddie and the golden mask episode 2

The second installment of Cyber-Baddie and the Golden Mask introduces the practice of open-source intelligence gathering, also called OSINT. OSINT is gathering information from publicly available sources. Unlike other types of intelligence gathering, which conjures up images of cold war spies peeking over newspapers, OSINT is easy, unrestricted, and is commonly practiced by journalists and businesses.

Before the web, OSINT mainly consisted of searching for information in traditional media. This included TV and radio broadcasts, newspaper articles, newsletters, books, academic publications, government publications, and even company brochures. In a pre-Internet story, Cyber-baddie would be off to the library for research, then visit the city archives to get floor plans. Now information sources for OSINT are mostly online.

Cyber-Baddie’s first step towards stealing the golden mask is to perform rudimentary OSINT. This involves finding information about the museum and it’s staff online. A series of panels show him browsing the web with Google search, the museum’s website, Wikipedia, Google Earth, Google Maps, Twitter, LinkedIn, Facebook, and finally the museum newsletter.

A few hours of searching informs Cyber-baddie of the physical layout of the museum grounds and the staff who work there. This includes a layout of the building and grounds, maps of surrounding roads, names of staff, their roles, and even personal details about what staff “like” on Facebook. My intention is not to accurately represent an exhaustive OSINT methodology, but instead to show how accessible and effective this can be. OSINT can be a non-technical way to gather information that can be performed by anyone.

Creating this episode was more complicated than anticipated. I needed a convincing aerial image of the museum with Google Earth. To do this, I needed to find a real museum that resembled the museum drawing from the first episode. After searching photos of museums around the world, I discovered Yorkshire Museum in York, England. Opened in 1830, and designed with the Greek Revival architectural style, it had the four doric columns I was looking for. The match was so close that I suspect the original graphic from Pixton was based on the Yorkshire museum.

If I chose to use Yorkshire museum as a stage, the story would be firmly planted in the United Kingdom, with all the inherent continuity restrictions. After careful consideration, I decided not to set the story at the Yorkshire museum stage, and instead to use an unnamed museum that is nominally set in North America.

I included two seemingly innocuous details. One is a simple privacy hack that was made famous by Mark Zuckerberg. Another is a nod to an unsolved crime. Hanging on Cyber-Baddie’s wall is the missing Vincent Van Gogh painting, Poppy Flowers. This painting has a value of about $50 million and hasn’t been seen since it was stolen from Cairo’s Mohamed Mahmoud Khalil Museum in 2010.