This blog post was originally posted to AutomatingOSINT.com.
Stemming from the recent riots in Baltimore, Eoghan mac Suibhne (Twitter) wrote an interesting piece on image verification. Read it first before carrying on:
The moral of this story was that you can use reverse search on your browser to double check images before you believe that they are current or even relevant to the story they are attached to. In a lot of cases, he discovered that the images being Tweeted during the riots were actually old images.
So how do we actually do these checks that he talks about in the article?
Using Google Reverse Image Search
First off, if you’re not using Google Chrome for all of your OSINT goodness then you really should. Firefox has some tools that you can install, but overall I have always preferred using Chrome. Now let’s take a look at a neat piece of technology that is built in to Chrome. I want you to right-click on the image below and then select Search Google for this image.
Chrome will automatically send you over to images.google.com and it will tell you a whole bunch of great information as shown below:
So this is actually incredibly neat! Google has figured out that it is “Black Hat Python” as you can see in the search bar at the top of the screen. As well they have pulled some relevant URLs and displayed a list of “Visually similar images”. All from a single right-click in Chrome. Now let’s take a look at TinEye.
Reverse Image Searching With TinEye
TinEye is a reverse image search engine that is designed to only return web pages that contain your target image. Its algorithms are designed differently than Google’s and as such can return different results than the first method we explored.
To install the Chrome Extension simply visit the TinEye Extension page here and click the “Add To Chrome” button in the top left corner of the page as shown below:
Once you have added the extension you now have TinEye search capabilities at your fingertips. So let’s try the same technique, right click on my book cover and select Search Image on TinEye from the popup menu. This will open a new browser tab and show you the results from TinEye.
Voila! Now you can search all manner of images that you come across when you are doing your OSINT work, or even if you want to watch events unfold in real time you can begin to spot the bullshitters. Just like Eoghan did.
As mentioned in the article at the beginning of this post, this is an incredibly useful way to determine if someone is reposting old content or actually uploading some new stuff. If Google only returns results for example for “Baltimore riots” and does not have older images present in its index you can ascertain that the image is newer and potentially original content. You can augment those results with a TinEye search as well. Another useful technique is to take a logo or image used by a group of people, and use TinEye or Google searches to find other social media or websites that use the logo or image to help expand your investigation sources.
Now of course what you could do to automate this process would be to watch a trending hash tag on Twitter, and then monitor all posts with photos in them. As each photo gets posted, you could then retrieve that photo and use the TinEye API to reverse search automatically. You could then set up an alerting system that would email you or SMS when a new image is detected that does not show up in TinEye. You could also use these results to begin to filter out the bullshitters from your Twitter searches. If you’re interested in learning how to write code to do exactly that, get some more information about my OSINT course here.