Editor’s note: Criminals no longer need fences or shady meetups — today, stolen property shows up on Facebook Marketplace, OfferUp, eBay,and encrypted chat apps within hours of a crime. That’s why knowing how to use open-source intelligence (OSINT) to find stolen property is now critical for law enforcement. OSINT refers to the process of collecting and analyzing publicly available information from online sources — like social media, resale platforms, forums and digital tools — to generate investigative leads. By tracing digital breadcrumbs, investigators can identify suspects, connect accounts and recover stolen items before they disappear for good.
By Detective (Ret.) Brandon Burley, MPA
The old playbook won’t cut it anymore. A theft case lands on your desk — stolen electronics, a high-end watch, or a vehicle that vanished overnight. Perhaps it’s something larger: evidence from a murder scene, a firearm used in a shooting, or a priceless heirloom ripped from a home during a violent invasion. The usual approach kicks in: check the pawn shops, run known offenders, pull surveillance, and hope for a lucky break.
But criminals have evolved. They move faster, sell smarter and leave fewer physical trails. They don’t need fences when they have Facebook Marketplace, OfferUp, eBay and invite-only Buy/Sell/Trade groups. They don’t meet in parking lots when they can negotiate through WhatsApp, Telegram, or encrypted Discord servers that vanish without a trace. They cover their tracks with ride-share drop-offs, VPNs, burner phones, and disposable accounts.
If you want to find them, you have to move just as fast — and that’s where open-source intelligence (OSINT) has become a critical asset for today’s investigators. OISNT isn’t merely about scrolling through social media; it’s about understanding where criminals operate, how they communicate and how to track their movements before the evidence disappears. It’s about integrating digital intelligence with traditional investigative work — turning a username into a name, a name into an address, and an online listing into a recovery long before the stolen property is gone for good.
Building a digital alias that works
No investigator walks into a drug house wearing a badge and uniform and expects criminals to talk — the same logic applies online. If a suspect recognizes an investigator’s name or spots a blank account snooping through their connections, the trail dies before it begins.
Courts have upheld law enforcement’s use of deception in investigations, including the Supreme Court case Lewis v. United States, which affirmed that officers can assume false identities to infiltrate criminal activity. This legal precedent is pivotal as it legitimizes undercover digital tactics that are now essential for penetrating sophisticated criminal networks. A well-built alias needs to be real enough to blend in while remaining generic enough to avoid scrutiny. Months of passive activity — liking posts, following local businesses and joining community groups — can mean the difference between gaining entry into a hidden resale community or being immediately flagged as law enforcement.
Pawn shops used to be the first stop for stolen goods; that model has shifted. Today’s criminals recognize that online platforms offer a broader audience, faster transactions and less oversight. Stolen items now appear on Facebook Marketplace, OfferUp, eBay and private resale forums, often within hours of the crime. By searching for key terms, filtering by location and tracking seller history, investigators can uncover telltale patterns — a suspect moving high-end watches might use identical phrases across multiple listings, while a vehicle sold at an unusually low price may reveal VIN discrepancies. Reverse image searches, for instance, can expose duplicate listings under different names, tying multiple accounts to a single seller. The faster a stolen item is found, the better the chance of intercepting it before it slips further away.
Digital breadcrumbs lead to real-world arrests
A prime example of OSINT in action can be seen in the recent case of a Chilean burglary ring that targeted high-profile athletes, including Patrick Mahomes, Travis Kelce and Joe Burrow. These criminals exploited OSINT themselves — monitoring athlete schedules and public social media posts to strike when their victims were away. But their own operational security failures proved to be their downfall. One of the burglars made a critical mistake: he took photos with stolen items and stored them in an iCloud account.
Investigators, leveraging digital forensics and OSINT methodologies, obtained a search warrant for the suspect’s iCloud storage. The photos provided indisputable evidence linking them to the crimes. Combined with surveillance footage, travel records, and online sales data, the FBI was able to dismantle the ring and recover stolen property worth millions. This case underscores how criminals, despite their best efforts, often leave behind digital breadcrumbs that skilled investigators can follow.
Often, a username is the only clue in an investigation, but it is rarely a dead end. Criminals are often careless enough to leave digital footprints: they reuse handles across platforms, link accounts to old emails, or inadvertently reveal personal details in anonymous conversations. Cross-referencing usernames across various sites can expose secondary accounts, phone numbers, or associated email addresses. Searchinghrough past forum posts, old gaming profiles, or account registrations can unearth years of hidden information.
While advanced tools like TLOxp, LexisNexis Accurint, or LP Police can bridge the gap between digital personas and real-world identities, OSINT offers alternatives. Tools such as Have I Been Pwned reveal whether an email or username has been compromised in a data breach, sometimes uncovering associated passwords and secondary accounts. Even a simple Google search using advanced operators can resurface old posts that tie a suspect to real-world locations or details once thought to be long buried.
At times, a suspect listing disappears before an investigator finds a lead, and a key social media post is wiped before a screenshot can be taken. Criminals may try to erase their tracks, yet the internet never truly forgets. The Wayback Machine, operated by the Internet Archive, allows investigators to view archived versions of web pages — even those that have been deleted — while cached Google pages and services like archive.today can sometimes recover vanished listings, restoring critical information before it is lost forever.
Tracking a stolen item online is one challenge; tracking the suspect behind it is another. Criminals frequently expose themselves through careless social media habits, often without realizing it. Platforms such as Instagram, Snapchat and TikTok routinely include geotags, metadata and location markers in photos and videos. A suspect bragging about a stolen Rolex, for example, might unknowingly reveal the exact location where the video was recorded through embedded GPS data. Even when geotags are absent, comparing background details with Google Street View can help match intersections, storefronts, or even unique graffiti.
Federal case law has affirmed law enforcement’s ability to investigate criminal activity on the dark web. In United States v. Horton, the court upheld the FBI’s use of network investigative techniques (NITs) to track users on an illicit dark web platform, ruling that the tactic was lawful under a valid warrant. Officers conducting dark web investigations should always ensure their techniques comply with legal standards to avoid compromising their cases. This legal endorsement empowers officers to confidently deploy digital tracking tools on the dark web, yielding actionable intelligence that can decisively disrupt criminal networks.
| RELATED: Social media as an investigative tool: OSINT strategies for law enforcement
When OSINT fails, traditional tactics still win
When OSINT hits a dead end, traditional investigative methods still apply. A suspect who vanishes online might still appear in license plate reader databases, toll records, or ride-share transaction logs. A burner phone that never shows up in public databases may nonetheless connect to cell tower pings, Google location history, or nearby Wi-Fi access points. Even an erased profile might persist in archived web pages or third-party data dumps.
The investigators who succeed are those who think several steps ahead, seamlessly blending OSINT with conventional tactics, never relying solely on chance to close a case. The criminals are online — investigators should be too.
About the author
Brandon Burley, MPA, is a retired detective with law enforcement experience in investigations ranging from narcotics to violent crimes. He specializes in leveraging modern investigative tools like social media OSINT and geofencing to enhance public safety along with established tactics of HUMINT. Brandon is also an accomplished author and educator, dedicated to advancing ethical practices and practical solutions in criminal justice.
