OSINT – Brian.Carnell.Com

Discovering If An Email Address Is Associated With A Google Account

For Google accounts, users can set up an alternate email address which Google explains can be used . . .

to sign in to your account. They can also be used to reach you in case you get locked out.

There is an odd feature about those alternate emails, however, which is buried in Google’s Account Help documentation–Google will, in some cases, publicly associate/reveal the alternate email address with the Google account.

When people might see your Gmail address instead of your alternate email address
When people share things with your alternate email address, they will sometimes see your primary Google Account email (Gmail) address listed instead. Some examples include:
– Google Docs: When someone shares content, like a document, with your alternate email address, your Gmail address will show instead of the alternate address.
– Google Sites: When someone shares a site with your alternate email address, your Gmail address will show instead of your alternate address.
– Calendar: When you respond to invitations forwarded from your alternate address, the event organizer will see the responses come from your Gmail address.
– Google Keep: When someone shares a note with your alternate email address, your Gmail address will show instead of your alternate address.
– Google Groups: If you remove an alternate email address that was part of a group, your Gmail address might show up instead.
– Google Ads: When you accept an invitation to use a Google Ads account with your alternate email address, your Gmail address and your alternate email address will show on the account access page.

This post at subfn.net notes that it is possible to use Google Analytics to determine if a given email address is an alternate email for any Google account.

1. Log into Google Analytics

2. Navigate to Admin > Account User Management > Add user

3. At this point, enter an email address. If the email is a backup email of a Google account, the primary Google email (e.g. the Google login email) will be disclosed

This seems like something that Google should make a lot clearer to users adding alternate emails.

Python Script to Download YouTube Comments Without the YouTube API

Egbert Bouman has a YouTube Comment Downloader script hosted on a Github repository that will download YouTube comments for a specific ID without using the YouTube API.

Saveddit–Open Source Bulk Downloader for Reddit

Saveddit is an open source tool to bulk download media and comments from Reddit.

SocialPath–Open Source OSINT Tool to Track Username Reuse

SocialPath is an open-source intelligence tool designed to track usernames across social media.

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit and Stackoverflow. Collected data is sorted according words frequency, hashtags, timeline, mentions, similar accounts and presented as charts with the help of D3js. This technique allows me to track darknet users who does not use unique nicknames.

This sounds kind of crazy, right? I mean, if you were engaged in illegal activity or wanted to remain anonymous, using the same or similar usernames on various social media platforms would seem to be an obvious no-no.

And yet, sometimes these folks aren’t the brightest, or they need to use similar usernames to signal to potential collaborators that the Twitter and Reddit profile are reputationally identical.

On the defensive side, if you absolutely must use social media, it is probably best to start generating random usernames to avoid automated attacks like this.

As the SocialPath creator puts it,

From obvious reason I won’t publish results of my research but you can repeat it by yourself. When engaging in illegal activity on darknet, one should remember to treat their username as already compromised and should not share it across different services or even mention about it anywhere. Reality is often different and criminals get caught very often because of that mistake. SocialPath shows that it’s not hard to create this kind of app by anyone hence LE has more powerful tools, real time monitoring and bigger database including dumps from previous seized markets.

Null Byte Video on OSINT Browser Extension Mitaka

There’s also an accompanying article on the Null Byte website about using the OSINT-oriented browser extension Mitaka.

Bellingcat Podcast Season 2–The Executions and The Hunt

In 2018, a video began circulating online that showed an outrageous act of barbarity–armed men in uniform escorting four unarmed women and children, and then summarily executing them.

Bellingcat has a two-episode podcast, The Executions and The Hunt, describing how the online OSINT and human rights community teased out clues in the video to ultimately identify the killers and bring a modicum of justice.

The podcast is disturbing in many ways, especially the ending where it seems unlikely there will be any punishment for the perpetrators of the atrocity.

But sometimes all anyone can do is shout the truth to whomever will listen.