Protecting Children Online: OSINT Investigations into Digital Exploitation

Okay. Um uh good afternoon everyone. Um thank you very much for joining us today. Uh the first uh edition of Bside conference canon which is like um one step to improve cyber security especially in Africa and uh in the world in general. And today we have a very special guest which I come across her content somehow and uh it's something that is very very close to me when it comes to the safety of children and I've seen how she's passionate about that and I just told her that I would like to have her because people needs to hear what she can tell them about this and uh probably we can sell um more children and help

the world in that regard. So um I think she's going to use a slides to take us through some very important information. But before then maybe um I would like you to introduce yourself and then go ahead and start. >> Hello everyone. My name is Paula Popovich and um as you will see a bit later on in the slides I'm a cyber security researcher and um oin passionate um I am I am here to talk about um case study that I have done and I hope you find it very very interesting and insightful. I would like to know if you can hear me. Somebody said they cannot hear me. Yeah, I can hear you. I don't know maybe

it's from her own I can hear you. >> Okay. Um I I will be sharing the uh slides with you if you allow me to share the screen. >> Yeah, you can now. >> Okay. Can you see my screen? >> Yeah, we can see it. >> Okay. So, welcome. Uh, I represent the Blue Dwarf. Who am I? I am Paula Papovich, the founder of the Blue Dwarf and the host of its podcast where we explore the intersection of open source intelligence and cyber security, particularly in the context of digital parenting and youth protection. Before we go any further with this presentation, I have a small um disclaimer that I would like you to read. I'll give you about a minute and a

half due to the time. Um, anytime you want to read the disclaimer, just contact me and I will provide it to you.

I hope you all read the disclaimer. Uh, so I will proceed. As I said, if you have any question, the disclaimer is there and I can provide it to you. I will start with a very simple question. How many how many of you like to travel and how many of you know where you sleep when you travel? I assume that not as many as um I would like to know. So to dive in this talk focuses on how OSEN techniques can be used to surface pattern of risk that traditional scrutinity might miss especially in cases where online history is fragmented or institutional transparency is inconsistent. What started as seemingly average hospitality uh listing evolved into

something more. Reviews hinted at red flags. Digital records showed uh continuity despite rebranding. Oent method revealed links to prior criminal networks all accessible through open data. This investigation began with court documents, but those documents led back to a public forum originally presented as a support group. It was there that grooming be began as predatory predators exploited the space under the guise of the care and community. None of this required hacking. It only required connecting the dot. This isn't just a story. It's a mirror. Our institutions, platforms, and policies are not keeping up with the modern digital risk. Child protection cannot remain secondary. Cyber security must grow beyond infrastructure. It must include the people behind the screens, especially

the most vulnerable. As we turn to the case, um, this investigation sc um, sorry, as we turn to the case, at the center of this investigation, the scale of its implication becomes clear. In 2024, a former US state senator pleaded guilty to traveling abroad with the intent of engaging in sexual exploitation of minors. According to the court records, he made multiple trips to Prague between 2011 and 2021, each with the deliberate aim of engaging in illicit activities involving minors. He was sentenced on 6th of March 2025 to 10 years in federal prison followed by a period of supervision release. This indicament included two federal charges. One for international travel with the intent of engaging in sexual conduct

with the minor and the other for receiving child sexual abuse material. This prosecution brought measure of justice. However, one detail remains specifically relevant for uh from an investigative perspective. The property listed in those fillings is still operating today at the same address but under different name and brand. Another significant development occurred in 2023 when one of the US state senators known associate appeared to vanish. He he um he went from someone to no one. Open source intelligence suggests the individual may have undergone plastic surgery and assume a new identity. A hypothetis supported by abrupt changes in travel activities, the use of alyses and booking anomalies observed during the investigation. Despite these findings, to date, no

official manhunt was initiated. This may reflect jurisdictional limitation or a reliance on traditional forensic evidence that excludes OENT contribution. The situation reflects a broader issues. While open source intelligence can surface valuable insight, such findings are often underutilized unless sourced through a formal investigative channel. In this context, the case underscore a missed opportunity to act and highlights the ongoing tension between civic investigation and institutional responses. This case study investigates a hospitality business that appear legitimate complete with an active website booking platform and positive reviews. However, OEN methods revealed it previously operated under different names and was reference in a court document involving now convicted offender. Using domain records, contact details, and archived content, I confirm continuity between the current venue and

its troubling past. The site has since been rebranding. now appearing under multiple names across platforms while the address and the physical features remain consistent. This digital inconsistency uh complicates public accountability. Earlier marketing language when viewed alongside with legal finding raises concern about prior audience targeting and pos uh positioning. Rebranding, while common, can obscure history, especially when tied to a serious offenses. To be absolutely clear, this is not an accusation against the current owner or the management. No allegation are made about the present day operation. Instead, this illustrate how oim can surface hidden continuity and why transparency matter when past exploitation is involved. Despite multiple rebranding, this business consistently operate from the same physical location. By cross-

referencing historical and current booking listing, map data and archive reviews, I confirmed that each identity functioned from same premises. Geoccoordinate, guest reviews, and recurring feature such as external bathroom and service inconsistencies provide digital footprinting. When layered with metadata and corporate registering data, they form a continuity map that challenge the idea of a new establishment. Over nearly three decades, the company changed name, structure, legally reregister under different entities. Corporate feelings revealed ongoing operation at the same address despite shifting names and branding. International ownership specifically in Germany and Kuba was also noted. While lawful this structure combined with it inconsistent listing reduce visibility and discover uh discourage scrutinity. This is where OSEN proved essential. Traditional oversight doesn't connect

these dots. Open-source tools like domain records, registry databases, archive content and platform reviews help uncovering pattern of continu continuity hidden in plain plain sight. One detail stood out. Tracing a register register owner's uh Cuban address led to a res residential street filling with bicycles. The picture that you can see in the top corner, ordinary at face value, but a reminder of how far trails can travel and how context turn data into meaning. This investigation found no violations, but it shows how lawful rebranding and restructuring can distance a business from reputational concern. OSENT doesn't just reveal what's hidden. It frames what's visible in a way that promotes accountability and informed awareness. This isn't just about one missing

person. It's a lens into how predator operate in today's digital world. Quietly, persistent and often beyond institutional reach. When civic investigation undercovers credible risk and system can't or won't respond, we must ask what we are missing. Predators no longer need physical u physical access. They exploit anonymity, jump between apps, and target platforms that prioritize engagement over safety. Children, while tax-savvy, are often unaware of these risks and the institution meant to protect them struggle to keep up. This talk isn't about blame, it's about awareness. Behind every screen there is there is a potential danger and early recognition is the key to prevention. I am speaking to adults, cyber professionals, parents educators but my goal is to protect children.

Avoidance isn't neglect. It's often fear. But knowledge break that fear and awareness is our first line of defense. Children now receive smartphones before they can even speak. These devices act as digital pacifiers uh sorry pacifiers yet we rarely monitor what's behind the screen. In my study, parental awareness strategies and knowledge of teams online chat activities and cyber security risk, I found that children as young as five own a device, a device that's connected to internet. Many parents underestimate how easily kids bypass restriction. Digital fluency isn't the same as foresight. Predators exploit that gap and parents believing in filters and rules and these things they they they believe these things are enough often missing the early signs.

This is more than cyber security. This is about social vulnerability. The threat isn't just technical. It's emotional, relational, and deeply human. And so our responses must be layered, informed, and above all collaborative. The academic paper began with simple questions. Do parents know what their children are doing online? Have they set boundaries? While many answered yes, most struggled to explain what those rule were. A major gap emerged in awareness of disguised tools like vault apps which look harmless but hide private social media or private chats. Few have ever checked their child device and even fewer knew what they look for. There's a dangerous assumption that parental control software or app defaults are good enough. Many caregivers believe their children don't

use certain apps or aren't capable of risky behavior. Statements that unintentionally create blind spots. But cultural discomfort around talking about grooming, sexion, or dark web access only increase risk. Silence gives predator rooms to operate. Things aren't reckless. They're digitally fluent but often unaware of manipulation metadata and how easily private content can be saved for exploit. Many trust that disappearing messages truly disappear. Meanwhile, adults often overestimate their digital awareness, assuming, "Oh, my child isn't online or they wouldn't know how to hide things." That's a false assumption. But this gap leads to missed warning signs. What do we do when parents believe these topics are taboo topics? That's a question that's still unanswered today. Avoiding uncomfortable conversation only

deepens vulnerability. Silence doesn't protect, it isolates. To bridge the gap, we need digital education for both children and caregiver. And in 2025, this isn't a bonus is basic parenting. This investigation was conducted entirely on open-source intelligence or OSIN techniques. So why is OSEN at the center of the conversation about child protection? Because it relies on what's already available to the public. This includes domain registration um domain registration records, business fillings, metadata from social media, archive websites and everything is legal. Accessible data doesn't require hacking. insider access or spec special permission. What makes OEN so so valuable? It's its ability to uncover patterns that other miss. It can expose hidden links, track rebranding rebranded identities and connect scattered clues

that might otherwise slip through the cracks of traditional investigative methods. But perhaps most importantly, OSENT enable ethical investigators. It empowers individuals, not only law enforcement to participate in public safety efforts without violating privacy. It's about recognizing what's already visible, asking hard question and turning passive data into active insights. This approach matter because in many cases the information is there. Someone just need to look for it. This investigation began with a systematic collection of publicly available information like archive, web content, booking platform listing, domain histories, and user review. Each of these sources offer it a piece of puzzle. Just a a side awareness, this slide, it's a very long, it's a very long slide. coming back.

My pres my investigation started by cross-referencing uh hotel addresses with national land and trade registry to confirm to confirm continuity despite surface level rebranding. Peris records and domain uh DNS lookups allowed me to trace domain ownership and identify connection between entities that might otherwise appear unrelated. Beyond that, I analyze behavioral patterns uh by examining metadata embedded in images and booking profiles such as geo tags and timestamps as well as shift in tones and responses style in guest reviews over time. These subtle but telling details painted a more complete picture of the operational history. What's important to emphasize is that none of these require access to private system or restricted databases. Every piece of information was legally

obtained through open public channels. I didn't need to hack anything. This process illustrates the real strength of open-source intelligent. OIT isn't magic and it doesn't rely on expensive tools or privilege access. It starts with curiosity and a structural methodical approach. So let's talk about tools. Who is records reveal domain ownership, registration history, and contact details often linking multiple sites to a single operator. Business registries make it possible to track companies fillings, uh, ownership changes, trade licenses, and historical names. Especially helpful when investigating entities that have been re rebranded. social uh social uh sorry social metadata and archived content from timestamp and geo texts to snapshots of deleted website provide the historical content that many formal

records on on it. These aren't secret techniques. They're ethical, legal, and accessible. You don't need a warrant, just persistence, critical thinking, and willingness to ask, "What am I not seeing?" Because the truth is, the internet rarely forgets. You just need to know where and how to look for. Let's walk through the workflow that made this investigation possible because the power of lies in just the doesn't lie just in in the tools we use but in how we use and structure the process. So step one it was suspicious uh trigger. It all began with a reference in court feelings and a location that stood out. A former hotel now operating under a new name was mentioned in

connection with the serious offenses. That raised a red flag. But the real question was, does this place still exist? And if so, what's changed? Step two, ocean resource maps. From there I began mapping available sources that include corporate registries uh who is record archive version of the hotel website social media metadata booking platform uh listing and guest reviews. The goal was to build a timeline not just of ownership but of how the business present itself to the public over the time. Step three, correlation revealed predator. The breakthrough came when these layers started overlapping. reused uh contact details, recurring names incorporate uh fillings, archive domain data, and consistent patterns across booking platform and social media. What looked

like a clean break in branding was in fact a continuation of the same operational footprint. Before we talk where the gaps are, let's acknowledge what's already in place. In UK, we have the online safety act which introduced new responsibilities for tech platform to remove illegal content and protect children from harmful material. It works alongside keeping children safe in education, a framework that sets children uh child protection standard for schools and educators. Ofcom, don't we like offcom? Yeah, we do. The UK communication regulator now has enforce uh enforcement powers under the online safety act to hold platforms accountable. In the United States, there's the Protect Act, which enhance criminal penalties for child exploitation and allows for extr territorial prosecution,

meaning a US citizen can be prosecuted for these crimes even if they occur abroad. Children online pro uh privacy protect protection act regulates how companies collect data for minors under 13 and children's internet protection act ties federal find funding for school and libraries to in internet safety measures on the global level. The United Nation Conventions on the right of the child affirms every child right to protection from exploitation. The EU digital service act requires online platform to moderate harmful content and be transparent about the algorithm. And the Budapest Convention, the first international treaty on cyber crime, set a legal framework for cor cooperation across borders. These are important tools and they do exist to protect children.

And yet in many real world cases just like the one I sh the one I shared with you today, we see that this protection fall short. That's what we'll what we'll explore next. Despite the laws we've just review, we continue to see clear and troubling gaps. S the systemic failure that appear across uh three key areas. First, when platforms like Yahoo shut down forums tied to abuse, they often do so without any support. The uh the content may disappear, but the impact does not. And many cases victims are left to cope with the trauma and in 99% of the cases the victim doesn't know what to do with that. These shutdowns often erase uh vulnerable evidence

that could support investigation, identify patterns, or validate survivor experience. When the digital records vanish, so does the chance for justice. Second, open source intelligence is fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre fre frequently gathered verified and even reported but too often it's ignored if oin doesn't come through formal channels or lack traditional forensic uh packaging it's sideline this isn't because the intelligence lack value it's because many institution still aren't trained to treat it as credible that leaves a gap not in information but in action.

Third, there is no standard alert system when abuser rebrand or when venues with problematic history change names. Someone can dissolve a company, acquire a new domain, change a branding and continue operating without ever raising a red flag. The danger isn't always buried on the dark web. It can lies on the front page of a booking site, hidden in plain sight. These are not just technical failures. They are gaps in our policies, our system, and our institutional reflexes. And unless we address them, predators will continue to reinvent themsel and slip through the cracks. A while ago, I had a conversation with my mother and she asked me why I want to spend my time investigating something as dark and

devastating as child exploitation when she imagined I work in a lab making chocolate and bringing people joy. She wanted to keep me in a bubble safe far from the harshest corner of the world. And I understand that every parent wants to protect your their child. But I made a different choice and I told her I am here because I want to help. I want to bring justice to children who've endur endured what no one should ever face. She paused and then she said something to me that I will never forget and it will always stay with me. She said to me, "Justice in cases like that is rare. If you really want to help, make sure

some children never have to lose their innocence in the first place. Do your job well. You may never know who you've helped. There won't be applause, but you'll have made a difference. And so I stand here here today not for recognition but to ask you to to act as cyber security professional, investigators, policy makers, educators. We are uniquely positioned to build safer system, detect digital threats, shape protective policies. Every system we design, every line of code we write, every threat we flag, all matters because with every click, a child can move one step closer to safety or one step closer to losing their innocence. Let's make sure it's not the former. Sorry, let's make sure it's the former.

The first one, not the last. The beauty of is this. You don't need a special clearance. You You don't need to go out of the way or break the law to make a difference. You don't need to be in law enforcement or work for an agency. Everything I share with you today was discovered through legal, public, and openly accessible data. OSENT isn't just a research method. It's a civic protection tool. It's a bridge between awareness and action, between silence and advocacy. But let's be clear, tools don't solve problems. People do. It's how we use the tools and who we use them for. That's what matter most. So what can we do? We train not only

cyber security professional but also parents, educator and frontline workers. We report not just to law enforcement but to our networks to raise visibility of overlooked threats and we advocate because real change won't happen without pressure without voice voices calling for uh reform. In cyber security, it's easy to focus on enterprise risk dash dashboard vulnerabilities, red teaming and so on. But it's time we expand our threat models. Let's look beyond corporate networks. Let's make sure we raise awareness. If there's one truth I hope you take away from today's is this. Predators don't always hide in the shadow. They hide in plain sight behind friendly username inside Polish booking platform under fivestar reviews. But OENT give us the lens to see through

the facade ethically, legally and effectively. This isn't about surveillance. It's about visibility. Seeing what's already there but often missed. And once we see it, we cannot unsee it. As cyber security professional, educators, policy advocate advocates and digital care um caregivers, we have a duty to act to expand our scope to share our tools to protect those most vulnerable not just from the technical exploit but from the human harm. Because the greatest vulnerability doesn't lie in network, it lies in people. Thank you for listening. >> Thank you very much. Um, as I said from the beginning, this is very very important topic to me because we have the problem but we are not talking about it enough. We are not doing anything. I

believe with a session like this people get to understand the important of this topic and I really really enjoy this. Thank you very much for taking your time and sharing this with us and uh I hope this will give other people the hope and also the motivation to start using this technique and save the children because every child deserve to be protected. Thank you very much. Uh I wish to have you next year with another very important and very uh special session. Thank you very much for everyone that join us today. Um yeah, I think this is the end of the session. Thank you. Uh >> thank you for having me. >> Thank you. >> Bye.

>> Bye.