OSINT and Maps: A Curious Case of Open-Source Intelligence in Action
Table of Contents
by:
OSINT Curious
Curiosity has always been my compass, guiding me through the endless labyrinth of the Internet. On one fateful evening, that curiosity, paired with a bit of persistence, led me down an unexpected path — one that uncovered confidential material hiding in plain sight and spiraled into an ongoing court case. This story is a testament to the power of open-source intelligence, or OSINT, and how even the simplest tools, such as Google Street View, can unveil extraordinary things. But before we dive into what happened, let’s talk about what OSINT is and why it matters.
A Brief Primer on My OSINT Workflow #
OSINT (Open-Source Intelligence) is the collection and analysis of data gathered from open sources, and it has always been a topic that fascinates me. One of my favorite tools for this exploration is Google Street View, which offers an interesting window into the world. Its coverage of Finland is particularly extensive — so extensive, in fact, that some might argue it’s too good, especially near sites critical to national security or military installations.
I have spent countless hours virtually wandering its streets, and 99.5% of the time, it leads to nothing of real interest. But then there’s the elusive 0.5% — those rare moments, when I stumble upon something truly extraordinary. This was one of those times.
Using Google Search the “Right Way” #
One effective way of uncovering potentially interesting information from Google Street View is to look for names or identifiers on street signs or warning signs, particularly near locations that house critical infrastructure. These can include military installations, telecommunications masts, electrical substations, water treatment plants, and similar facilities.
One such sign caught my attention and sparked my curiosity. Using its details, I conducted a Google search — but to protect the identity of the location, I won’t reveal the exact wording or appearance of the sign.
In fact, Google offers a number of powerful search operators that can help refine and target search results. For instance, searching for The Thing and “The Thing” produces different outcomes: The Thing searches for the general term, while “The Thing” retrieves only results containing the exact phrase.
Using the exact phrase from the sign — unique Finnish words and language — I performed a search, fully expecting to find little to nothing given its specificity. To my surprise, it yielded a set of results, including a link to Google Maps.
A Hidden Map: An OSINT Treasure Trove #
Google Maps isn’t just a navigation tool—it’s also a platform where users can create custom maps, layering their own data onto the base map. What many don’t realize is that if these custom maps are public, Google may index them, making the data searchable.
As I stated above, when I performed the Google search using the exact phrase from the sign, I expected to find little to nothing. Instead, I was directed to a Google Maps link — a custom map that had been indexed and was publicly accessible.
What I found wasn’t just a simple overlay — it was a meticulously constructed dataset spanning the whole of Finland and split into two maps: one for the north and another for the south. Together, these maps contained over 20,000 markers, each representing a specific location.
At first glance, the sheer volume of markers was overwhelming.
- What kind of data could this map hold?
- Who had created it, and why?
These questions raced through my mind as I began analyzing the contents. Each marker had the potential to reveal something significant, and the implications of this publicly available map were staggering.
Custom maps on Google Maps come with a handy feature: the ability to export the raw data. This makes it easier to analyze the information using a variety of tools. I exported the data in KML/KMZ format, which Google Earth supports natively. Since KML is an XML-based plaintext format, it’s straightforward to parse and analyze, opening up even more possibilities for detailed exploration.
I opened the KML file into a text editor and started running searches. The data contained large number of accurate GPS locations of at least the following entities:
- telecommunication towers (including which ISP´s gear it had installed on it)
- large transformer stations
- water treatment plants
- military installations
- storage sites for mining explosives
- medical supply storages
- service tunnel entrances
It quickly became clear that I now had possession of a dataset containing potentially very sensitive information, especially when compiled and presented in this mapped format.
To clarify, the individual data points on the map were not particularly sensitive on their own. However, when someone compiles a large dataset – even one sourced entirely from open information – and presents it in an easily searchable and browsable format, it takes on an entirely different level of sensitivity.
I manually verified several locations and found their GPS coordinates to be highly accurate. Many of the map markers also included written descriptions containing details that could only have been known by someone who had physically visited the sites — information that could not have been obtained solely from satellite or Street View images.
Tracing the Map’s Creator #
The custom Google Map provided a few valuable clues about its owner, including the account name and a profile picture. By performing a reverse image search on the profile picture and cross-referencing it with the account name, I was able to uncover the map author’s personal website.
The website was, to put it mildly, “interesting.” It prominently featured content promoting the so-called “global tunnel war,” a conspiracy theory linked to the QAnon movement.
Further digging revealed a YouTube channel run by the same individual. The channel showcased several of the “discoveries” highlighted in the map’s dataset, providing additional context about the map and its creator’s motivations.
Reporting the Findings and the Aftermath #
Once I had gathered enough relevant information, it was time to report my findings to the appropriate law enforcement officials. Fortunately, I had a trusted personal contact in the right position to handle this.
Shortly after I submitted my report, the map author’s entire Google presence was removed. This included all custom maps, YouTube channels, and associated Google accounts, which were swiftly terminated.
It’s often said that getting companies like Google (or similar platforms) to remove sensitive data can be a slow and frustrating process. However, when the request comes through official channels rather than from a private user, the process is noticeably faster.
Not long after my report, the first news stories about the case emerged here in Finland, revealing that the National Bureau of Investigation was actively working on it.
More recent news coverage (apologies, most of the articles are in Finnish) has continued to follow the developments of the case.
When Curiosity Meets Accountability #
OSINT is a powerful tool when used responsibly, capable of uncovering information that perhaps shouldn’t be publicly accessible. However, it is important to remember that the same effectiveness applies to adversaries who may use it to gather information about you or others. In today’s world, vast amounts of data can be extracted from open sources, and the true impact lies in how the analyst chooses to use it.
Private individuals can often be valuable assets to law enforcement. If you come across something that seems like it shouldn’t be out in the open, reporting it is a responsible step — and one that can potentially prevent harm. There’s no harm in erring on the side of caution.