Police turn to hackers in Australia's first crowdsourced attempt to find missing people
For decades the traditional 'missing person' poster has been used to enlist the community's help to find individuals who may be in danger.
But with more than 2,600 Australians now listed as a "long-term" disappearance, the federal police are trying what they hope will be a more successful tactic: turning the search into a game.
More than 350 internet sleuths and "ethical hackers" — hobbyists and professionals — gathered at 10 locations around the country on Friday in a national missing-persons "hackathon".
The aim was to generate leads for 12 of Australia's most frustrating cold cases, using sophisticated but legal methods of trawling the internet.
And organisers said the results were astounding: 100 leads were generated every 10 minutes the competing teams worked.
Police overseas have used crowdsourcing in the past for help with isolated cases, aided by these largely voluntary "open-source intelligence" (OSINT) enthusiasts.
But Linda Cavanagh, of the Canberra Cyber Security Innovation Node, said the Australian event was the first of its kind to be deployed on a national scale.
"No other country has facilitated this before," Ms Cavanagh said.
Participants included information-security hobbyists, cyber-security professionals, corporate teams, and "just generally members of the community and students".
"It is all within the parameters of the law … the only information that's being provided to the hackers is publicly available information," Ms Cavanagh said.
What is 'OSINT'?
"Open-source" intelligence — information gleaned from public sources, largely websites — is a relatively new form of spy craft.
Its techniques are used in intelligence agencies but also by a growing army of hobbyists and professionals, such as private investigators.
The art of OSINT shot to prominence last month when it was used to verify a video revealing the mass detention and allegedly brutal treatment of the Uyghur community in western China, which Chinese officials had denied.
An analyst at the Australian Strategic Policy Institute, Nathan Ruser, explained how he had been able to check when and where the footage was taken by comparing details such as plant growth and building shadows with public satellite images.
"Through all of those methods I was able to basically verify that that video is legitimate," he told the ABC.
Other techniques include mining the vast amount of information posted on social media and the simplest but most-used tool in the OSINT arsenal: Google searches.
Searching the surface and in the dark
PHOTO Open-source-intelligence analyst Dan Holman, right, has built a search index of the dark web.
Dan Holman, a co-founder of Canberra-based business WorldStack, has long used OSINT methods to find people who were missing or hiding— for example, to serve them court documents.
He said his business, which relies solely on analysing public information, also helped an organisation recently find a cyber-attacker who stole sensitive data and tried to hold it to ransom.
"Our involvement was to monitor the internet to try to find out when the attacker would post that data online," Mr Holman said.
The firm detected the data immediately after it was published, allowing it to issue a 'take-down' notice to the host website.
"But we were also able to get information about how that person had posted online and where he was … including his current apartment," Mr Holman said.
Mr Holman's business has built a search index of content on the 'dark web' — a network of hidden, encrypted websites, sometimes used to organise illegal activity, and hoped to use image-matching software to help find some of the 12 missing people.
"We're comparing all the photos that we're finding from the event … against photos that we've indexed from the dark web to see if we can get a hit on a missing person.
"That might suggest, for example, that they were kidnapped and are a victim of human trafficking."