Listen to this Post

Introduction:
In the modern intelligence landscape, the boundary between cybersecurity and physical security is rapidly dissolving. Open Source Intelligence (OSINT) has evolved beyond scraping social media; it now encompasses high-resolution satellite imagery analysis, allowing analysts to derive operational status, supply chain bottlenecks, and infrastructure vulnerabilities from space. The recent release of the “Pacific Gulf Star Oil Company Satellite Tank Farm Storage Analysis Report” by SyCek exemplifies this shift, demonstrating how commercial satellite data can be used to calculate crude oil storage levels, identify active operational zones, and assess geopolitical risks without ever setting foot on the ground.
Learning Objectives:
- Understand the methodology for differentiating floating-roof vs. fixed-roof tanks using satellite imagery.
- Learn to calculate fill-level estimates based on shadow analysis and thermal anomalies.
- Acquire technical skills for automating OSINT collection using Linux command-line tools and Python for geospatial analysis.
You Should Know:
- Satellite OSINT Methodology: From Image Acquisition to Intelligence
This report highlights a core OSINT workflow: the transition from raw pixel data to actionable intelligence. The process begins with the acquisition of high-resolution satellite imagery (likely from sources like Sentinel Hub, Planet Labs, or commercial providers). Analysts use the differences in how tanks are constructed to determine their contents and fill levels.
Floating-roof tanks are the primary target for quantitative analysis. Unlike fixed-roof tanks, which cast permanent shadows making fill-level estimation impossible via visual light, floating roofs move up and down with the liquid level. When a floating roof is low (empty), the metal sidewall (the “shadow band” or “tank shell”) is exposed. When it is high (full), the roof sits near the top.
To replicate this analysis, you can use a combination of Linux tools and Python libraries to process geospatial data.
Step‑by‑step guide explaining what this does and how to use it:
To extract metadata from satellite images and prepare them for analysis, use the `exiftool` and `gdal` suite in Linux. This allows you to verify the capture date and georeference the image.
Install required tools sudo apt update && sudo apt install exiftool gdal-bin python3-gdal Extract embedded GPS coordinates and timestamp from the image exiftool -GPSLatitude -GPSLongitude -DateTimeOriginal satellite_image.tif Convert a GeoTIFF to a more manageable format for analysis gdal_translate -of JPEG -outsize 50% 50% satellite_image.tif output.jpg For bulk analysis of a directory of images, use a bash loop to list all capture dates for file in .tif; do echo "$file: $(exiftool -DateTimeOriginal -s3 $file)"; done
2. Tank Type Classification and Fill Level Estimation
The report breaks down the facility into Zones (A, B, C, D, E, F). This segmentation is crucial for operational intelligence. Zone A showed high storage (30–35 tanks near full), while Zone D showed depletion (10–12 tanks <30%). To classify tanks programmatically, analysts rely on geometric analysis. Floating-roof tanks often appear as circles with a central dot (the roof seal) or a varying shadow width, whereas fixed-roof tanks (often used for products with volatile organic compounds) appear as domes or cones.
Step‑by‑step guide explaining what this does and how to use it:
Using Python with OpenCV and NumPy, you can automate the detection of circular structures (tanks) and measure the ratio of the roof diameter to the total tank diameter to estimate fill level.
import cv2
import numpy as np
Load the satellite image
image = cv2.imread('zone_a.jpg')
gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)
Use Hough Circle Transform to detect tanks
circles = cv2.HoughCircles(gray, cv2.HOUGH_GRADIENT, dp=1.2, minDist=50,
param1=100, param2=30, minRadius=10, maxRadius=100)
if circles is not None:
circles = np.round(circles[0, :]).astype("int")
for (x, y, r) in circles:
Draw the outer circle (tank perimeter)
cv2.circle(image, (x, y), r, (0, 255, 0), 2)
Logic for detecting internal shadow (floating roof position) would go here
Typically involves edge detection to find the inner circle representing the roof.
cv2.imwrite('tanks_detected.jpg', image)
- Active Operations Confirmation via Thermal and Infrastructure Analysis
The report mentions “active operations confirmed” via visible cooling ponds, rail transfer infrastructure, and processing units. In cybersecurity terms, this is analogous to identifying “live hosts” on a network. Just as a penetration tester looks for open ports (445, 80, 443) to indicate active services, the OSINT analyst looks for visual indicators: steam (thermal anomalies), vehicle presence on rail spurs, and water discharge into cooling ponds. These indicators suggest the facility is currently in production mode, not in maintenance or shutdown.
Step‑by‑step guide explaining what this does and how to use it:
To automate the detection of thermal anomalies (indicating active processing), you can use the `ffmpeg` command line to extract frames from satellite video feeds or use `jq` to parse JSON data from thermal satellite APIs like NASA’s FIRMS (Fire Information for Resource Management System).
Extract a frame from a satellite video for analysis ffmpeg -i satellite_video.mp4 -vf "select='eq(n,100)'" -vframes 1 thermal_frame.jpg Query NASA FIRMS API for thermal anomalies near a specific latitude/longitude curl "https://firms.modaps.eosdis.nasa.gov/api/country/csv/7d/LEBANON" -o thermal_data.csv Parse the CSV for coordinates matching the tank farm location (example lat 33.8, lon 35.5) grep "33.8" thermal_data.csv | grep "35.5" > active_hotspots.txt
4. Intelligence Integration for Cyber-Physical Security
For a cybersecurity professional, this OSINT report serves as a threat intelligence feed. If the tank farm is a client or a critical infrastructure node in the Gulf region, knowing that Zone A is near full capacity and Zone D is depleted tells a security team exactly which assets are currently valuable and which are vulnerable. A red team could use this data to prioritize physical penetration tests or social engineering campaigns targeting the logistics chain for the full tanks (Zone A), while blue teams can focus monitoring on the operational zones (E & F) where processing units are active, as these likely house the Industrial Control Systems (ICS) and SCADA networks.
Step‑by‑step guide explaining what this does and how to use it:
To map this physical intelligence to network assets, you can use `nmap` and `shodan` CLI to identify exposed industrial control systems in the geographic region.
Use Shodan CLI to find exposed Modbus (port 502) devices in Lebanon shodan search --limit 10 country:"LB" port:502 Perform a targeted Nmap scan for a specific IP range associated with the facility's ISP nmap -sV -p 80,443,502,44818,1911,2222 192.168.1.0/24 Export results to a CSV for integration with the satellite intelligence map nmap -sV -p 502 -oG - 192.168.1.0/24 | grep "/open/" > ics_assets.txt
5. Mitigation and Hardening Based on OSINT Leakage
The existence of this report is, in itself, a security finding. It demonstrates that operational data (oil levels) is being leaked via unclassified commercial satellite imagery. For facility operators, the mitigation is not technical patching, but operational security (OPSEC). Hardening in this context involves installing glare panels to obscure roof positions, implementing random coverings for tanks, or using “spoofing” storage facilities to mislead satellite analysts.
Step‑by‑step guide explaining what this does and how to use it:
To simulate the effectiveness of countermeasures, you can use image manipulation tools to test how glare or blurring impacts detection algorithms.
Using ImageMagick to simulate glare by adding noise and contrast convert tank_image.jpg -contrast -contrast -noise 3% -brightness-contrast 15x10 obscured_tank.jpg Using ffmpeg to blur a specific region of interest (ROI) defined by coordinates ffmpeg -i original.tif -vf "boxblur=20:1:enable='between(t,0,20)'" -c:a copy blurred_output.tif
What Undercode Say:
- OSINT is no longer just about social media scraping; satellite imagery analysis is a critical skill for modern cyber-physical threat intelligence.
- The ability to differentiate between floating-roof and fixed-roof tanks using visual light analysis is a fundamental capability for energy sector security analysts.
- Automation of geospatial analysis via Python and Linux CLI tools (GDAL, FFmpeg) allows for scalable intelligence gathering across multiple facilities.
- Active operations indicators (cooling ponds, rail infrastructure) serve as the physical equivalent of “open ports” in a network scan, revealing high-value targets for attackers.
- The Pacific Gulf Star Oil Company report underscores a significant vulnerability: commercial satellites can publicly expose strategic supply chain data, allowing adversaries to time attacks based on inventory levels.
Prediction:
As commercial satellite constellations increase in resolution and revisit frequency (sub-30cm resolution and multiple passes per day), we will see a convergence of traditional IT security with space-based intelligence. AI models will soon automate the detection of fill levels and operational status, leading to real-time “physical asset exposure” feeds. This will force critical infrastructure operators to invest heavily in physical OPSEC (operational security) and anti-satellite countermeasures, not just firewalls and endpoint detection. The future of cybersecurity will inevitably include defending against an adversary who can monitor your inventory from 500 kilometers above the Earth.
▶️ Related Video (78% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Shivam Mittal2023 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


