Can you read Emoji? 🕵️♂️📖❓
** cross-posting from my co-author's post of this blog series
Introduction
Very often I get the question how cryptography is part of Open-Source Intelligence (OSINT). My answer to that is: It depends on what you are investigating and if you are able to detect a form encryption.
For this blog post series I have asked for help from my friend Sadie, a former NSA cryptanalyst. She has by far more knowledge than I have about this subject matter. This is why we have co-written this blog series from which this is the second blog. The first fundamentals introductionaly blog can be found here: Cryptography & OSINT - The fundamentals
Why Emojis matter to OSINT
Emojis are now an essential part of how we communicate online. Emojis have developed into a complex system of symbols that can convey emotions, objects, and even entire phrases. At first, they were created to give our text-based conversations a little personality. However, their adaptability has made them a great tool for criminals, who use them to sell narcotics or communicate through ciphers. In this blog, we will explore how OSINT investigators can find and dissect emoticons on the web, and how they can utilise this information to battle criminal activities.
Criminal use of emojis to sell illegal goods
Let's begin by looking at how criminals use emojis to sell illegal goods. The use of the snowflake ❄️ emoji to represent cocaine is one illustration of this. This seemingly harmless symbol is used to advertise drugs for sale in posts on social media platforms like Instagram, Telegram and Twitter. The use of the pill 💊 emoji to represent prescription drugs like Xanax, Adderall or XTC is another example. Criminals are able to use emojis to sell their goods in a subtle way that authorities can easily miss. These are just two very basic examples of how people online can sell and offer their illicit goods.
Example Advertisement offering drugs from a Telegram channel:
Example Advertisement offering cloned credit cards and more from a Telegram channel:
Example Twitter search for user accounts using two carrots that represent "Two Jabs" also known as got two (or more) COVID-19 vaccinations:
Emojis used as ciphered communications
Emojis aren't just used by criminals to sell illegal goods; they also serve as ciphers for communication. Criminals can communicate in code by assigning specific meanings to various emojis, making it difficult for authorities to decipher their messages. The crown 👑, diamond 💎, and dollar sign 💲emojis, for instance, could signify a scheme to rob a wealthy individual. Due to the prevalence of this kind of cypher communication in online forums and chat rooms, it is challenging for OSINT investigators to keep an eye on criminal activity. Criminals involved in human trafficking may use emojis to communicate about their illegal activities. For example, a woman 👩 emoji with a shopping bag 🛍 may represent a victim who is being sold for sexual purposes. Keep in mind to include various skin-tones and hair colours. This might help physically identify a person. A suitcase 🧳️ emoji may indicate that a victim is being transported, while a key 🔑 or 📍emoji may indicate the location of a victim.
Cyber Crime criminals may use emojis to communicate about their illegal activities. For example, a computer 💻emoji may represent a device that has been hacked or compromised. Similarly, a key 🔑 emoji may indicate a password or encryption key, while a open lock 🔓 emoji may represent a secure system that has been breached.
Criminals involved in smuggling may use emojis to communicate about their illegal activities. For example, a boat 🚤emoji may represent a vessel used for smuggling contraband goods or people, while a suitcase 🧳️ emoji may indicate that items are being smuggled across borders. Similarly, a truck 🚚 emoji may indicate that smuggled goods are being transported by road. These are some examples investigators can think of during their investigations. Mindset and critical thinking is key when it comes to trying to "guess" what kind of emojis certain groups are using for their activities. Other examples might be a 🔗 to indicate a URL link or point of contact. Contact phone numbers might also be in the form of emoji's 0️⃣ 1️⃣2️⃣3️⃣which makes it more challenging for investigators to search and find.
Understanding emojis their meanings
So, how are these emoji ciphers solved by investigators? Using Emojipedia, a database with thousands of emojis and their meanings, is one option. Investigators can use Emojipedia to identify and decode potential ciphers by analysing the emoji patterns used in a specific post or message. For instance, if a message contains a series of emojis that appear to be random, investigators can use EmojiNet to look for common meanings for those emojis and then use this information to decipher the message.
Additionally, Emojipedia contains information about the various contexts in which various emojis are utilised, which can assist investigators in comprehending the hidden meanings of particular emojis. Online investigators are able to effectively decipher emoji ciphers and uncover criminal activity by combining this information with their investigative abilities.
A good alternative to Emojipedia is FastEmoji because it will not only show emoji's that are standard on most mobile devices. It will also show self-made emojis that are built out of keyboard characters .
For example this means ( •́⌣ •̀)⌐╦╦═─ "I'll use my rifle".
Another example could be that people show their support to Nazi oriented thoughts:
ಠ▄ಠ = Hitler
(∩ ͡° ͜ʖ ͡°)⊃卐 = Nazi boy
People can also use it express their current mood or state:
(๑′◉﹏◉๑) = Popped A Molly, I'm Sweating, Woo!
ʕOᴥOʔ (づ ̄ ³ ̄)づ[̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅] = When you hit that blunt
┣▇▇▇═──(╯︿╰)つ = Anti Vaccination OR No needles please
Searching for emoji's in search bars
To effectively search for ciphered emojis investigators will have to input one or more emojis in the search bars of social media platforms. On a mobile device it is easier to pull up emoji keyboards. On a Desktop or Laptop it may be a bit more challenging.
To pull up a standard emoji keyboard on a Windows operating system the key command is:
During text entry, press Windows logo key + . (period)
To pull up a standard emoji keyboard on Apple OSX operating system the key command is:
Click in the text field for that app and press Command + Control + Space
To pull up a standard emoji keyboard on a Linux operating system the key command is:
Press Control - Shift - E , then press Space .
Alternatively you could also install a browser extension which will let you search by keyword for specific emojis and then will let you paste them in a search bar.
For Chrome or Chromium browsers you can use : Emoji Keyboard - Emojis For Chrome
For Firefox browsers you can use : Emoji Keyboard - Emojis For Firefox
In some search engines you can search for the Unicode representation of an emoji. This can be useful because emojis look different on different OS but the unicode is mostly uniform across OS. A good resource to learn more about emoji Unicode is the Emoji chart on Unicode.org
Find contact details with Emojis
How could someone share his or her phone and email contact details without exactly spelling out the words: contact details, email, e-mail, phone or phone number?
They can use emoji’s!
From a OSINT perspective this is also a good way to find details that often is used to find people their online presence. For example if we find someone their mail or phone we can now use mail or phone search tools to find their addresses or social media accounts.
Here are some steps you can take to find someone's contact details using their name or username and emojis:
Start with a Google search: Use the person's name or username along with relevant emojis in a Google search. For example, if you're looking for John Smith, you could try searching for "John Doe 📧📱" or "Jane Doe contact information 📞📧". Make sure to try different variations and combinations of emojis to see if it yields better results.
Use social media: Search for the person on social media platforms like LinkedIn, Twitter, or Facebook. Use the emojis to narrow down your search. For example, if you're looking for John Smith's email, you could search for "John Doe 📧" on LinkedIn or Twitter. If you're looking for his phone number, you could try "John Doe 📱" on Facebook.