During the SANs SEC487 class, Micah provided a link to an Instagram picture while demonstrating the many techniques on social media intelligence. During the talk, he challenged the class to find the location of this image. It wasn't an official challenge but i was intrigued and i want to challenge myself to see what i could find. Of course it was 2 pm and my after lunch syndrome kicked in and my eyes were tired but this surprise challenge is what prevented me from sleeping in class!
So the challenge was: Find the location of this image. An image the trainer took and posted on his Instagram.
 |
| The Flag: Find this place |
First thing i did was to screenshot the image, open in paint, save in JPEG format and look at the possible clues in this image.
 |
| Extracting the Image from Instagram |
 |
| Potential clues/artifacts that could be pivoted |
After looking at the clues, I did what many would probably do - use Google Image to see if similar images would provide me the answer - but as i expected... all were strikingly similar but none were the answer.
 |
Google Image results
Next, using Google search and with the two clues 'Constitution' and '2000', i attempt to see if any results would actually makes sense to me. As the image appeared to be possibly a park, keywords 'constitution' and 'park' were used but the results were plenty. I am definitely not going to use each of these results and locate them in Google Maps.
 |
| Results when keying the term 'constitution park' |
|
I then used the keywords '2000' and 'constitution' and I got a result that sounded American and the others just didn't make sense to me.
 |
| Results when keying in '2000 constitution' |
Using the result '2000 constitution ave' and put it on Google Maps, i found something. But it didn't look like a public park to me. So yeah, definitely not the answer.
 |
| Trying out the first 'logical' result |
Similarly to using Google search engine, i tried the same keywords on Google Maps and again, plenty of results. I was sure it's one of the hundreds but I don't think i was gonna visit one by one.
 |
| Google Map's results when keying '2000 constitution' |
 |
| Google Map's results when keying '2000 constitution park' |
So after wasting over 20 mins, i went on to find another way. This time I need to find information that could tell me where he was at that time. The clue was at his Instagram pic on a publicly set URL link. Date: 17 November 2017.
 |
Date of Picture Posted
|
What i did then was to visit his Instagram account in the hopes of getting to see what other pics he might have posted that could provide some clues to where he was at. But unfortunately, his Instagram account was set to Private! So nothing!
 |
| Instagram Account is Private |
I even went to his personal website and find posts within the date range of 10 November to 20 November but nothing! Absolutely nothing that could help me. Then i recall he has a Twitter account that was set to public! With his twitter handler and using advanced search, i was hoping to find something.
 |
| Twitter Advanced Search Option |
That's when i found a single post that could be the holy grail to find what i eventually was looking for. It was a Retweet of a post from a Twitter account tagging him - dated 14 Nov 2017!
 |
| Retweeted on 14 November. A possible clue! |
Accessing the original post, the next clue was '@hcpss_arl'. And yeah that's him for sure!
 |
| Confirmed his physical presence at this location |
Visiting the Twitter account of @hcpss_arl led me to its website
 |
Twitter Profile of HCPSS ARL
|
Visiting the Twitter account of @hcpss_arl led me to its website and the address! The Google Map link was definitely a bonus!
 |
| Address of the institution Micah was at |
Now that I am here, what next??????
 |
| Location of the Institution on Google Maps |
This is where my keywords search came in handy! If you have not notice it before, Google Maps provide results that are nearest to the location you are viewing at that moment. So by typing 2000 constitution it will get me all the address with 2000 constitution closest to the location of the map i am currently viewing. In this case it showed as 2000 Constitution Avenue Northwest Washington, DC.
 |
| The first result that is closest to the institution |
 |
| The distance from the institution to the 2000 Constitution Avenue |
This was the time my confidence level shot up because the location definitely looks like a park to me!
 |
| Looks like a Huge Park!!! |
Now time to find where exactly the location of the image was taken. Street View to the rescue!!
 |
| Street View of the location |
And finally!!! Found the exact location where the artifacts in that original image are present - now on the Street View itself!
 |
| Location Finally Found! |
When i showed this to a classmate, he asked a very good question. The Tweet was dated 14 November and the image posted on his Instagram was dated 17 November. So in a way, although i got my answer right, I was actually drawing invisible dots to connect the timeline of events.
This was where I need to come out with a theory myself to justify my connecting of the invisible dots... so two theories are:
1) Micah could have stayed a few days around the area of the institution before he drove down to the park on the 17th.
2) Micah could have drove down to the park after his lesson, took that pic on 14 November itself and decided to post it on the 17th instead.
Only the trainer knows the logical and true answer and unfortunately I wasn't able to get it from him. But i was pleased to see his reaction when i told him that I found the location and his response was "Oh You Did?!". I am definitely not sure if this was how it was intended to find the location to the image and I'm sure some of the readers stumbling upon this blog would probably go... "meh.." but nonetheless I was happy to 'capture the flag'!
