OSINT is Open Source Intelligence: it is derived from data and information that is available to the general public. It’s not limited to what can be found using Google, although the so-called “surface web” is an important component. Most of the tools and techniques used to conduct open source intelligence initiatives are designed to help security professionals (or even threat actors) focus their efforts on specific areas of interest.
Still from video taken from video of Russian missile attack in Kharkiv, the northeastern city of Ukraine. It was Open Source Intelligence that verified the authenticity of the attack – using TikTok, actually.
24 February 2022 (Krakow, Poland) – I have written about Open Source Intelligence (OSINT) many times before. I intend a far lengthier post in the coming week because of its critical use in the Russia/Ukraine war.
After filming we quickly jumped into Ukraine war coverage. I had my European media team with me + my Polish contacts, plus two long-time friends who are Ukrainian journalists based in Kharkiv and Kyiv, respectively. There was no better time to put together a war team. And I had one of my long-time OSINT contacts who was based in Kyiv (I had been to Kyiv for cyber war research projects and had been building an OSINT network) and he was sending me his summaries of the first hours, and then the first days, of the Russian ground and aerial assaults. What follows below is from that network and shows you the incredible value.
Of course, if you are an eDiscovery vendor or if you do digital investigations of any kind you know all this stuff because you use it all the time. But just to summarise for those of you who do not receive my paid subscription posts:
• OSINT has enabled many forensic breakthroughs in recent years and Bellingcat has made the most full use of it over any organisation I know. The internet remains an astonishing resource for helping redress the power imbalances between the rulers and the ruled. History is no longer just written by the winners, but filmed by the losers on their smartphones. To me, Bellingcat stands at the nexus of journalism, activism, computer science, criminal investigation and academic research.
• Its origins lie in the world of intelligence and law enforcement. It was the 9/11 Commission that in 2004 first recommended the creation of an open-source intelligence unit, a proposal reinforced a year later by the Iraq Intelligence Commission. But the methodology has found its most innovative and effective use in the hands of journalists.
• The central pursuit in open-source investigations is finding publicly accessible data on an incident, verifying the authenticity of the data, using that data to confirm the temporal and spatial dimensions of the incident, and cross-referencing the data with other digital records.
• An open-source investigator will thus start by scouring social media for postings from the area around the time. For instance, once such images are found, they will be geolocated using Google Earth to cross-referencing geographical features. The time for each image will then be confirmed, using digital sundials to calculate shadow length and direction. For instance, a route for a missile launcher can then be constructed by placing the photographs on a map along with the time for each sighting.
• For all its utility, such material always carries the risk of inauthenticity or manipulation. With the help of its ally Russia, for instance, Syria adapted to our new media environment by mobilizing armies of trolls to add digital noise to the mix, further diminishing trust in such material. This is where open-source verification becomes essential, establishing the authenticity of audio-visual material before any conclusions can be drawn from them.
• And an important note. The remoteness of open-source analysts from the subject of their analysis is not as absolute as its critics make it out to be. Much of the data used in open-source analysis comes from witnesses on the ground who have more immediate access to events. Which is certainly true in Ukraine.
• Most open-source investigators aren’t formally employed as journalists – many emerged from a gaming subculture where street cred derives from the economy and precision of one’s method – and professionals from other fields of expertise such as architecture, medicine, chemistry, finance, and law have found uses for their specialist knowledge in unraveling forensic puzzles. The British-Israeli architect Eyal Weizman has pioneered the entirely new field of forensic architecture, using open-source data for spatial investigations into human rights violations; the chemical weapons expert Dan Kaszeta has contributed to several Bellingcat investigations; UC Berkeley’s Human Rights Investigations Lab recruits from over a dozen disciplines.
• For me, this is the closest that journalism has come to a scientific method: the transparency allows the process to be replicated, the underlying data to be examined, and the conclusions to be tested by others. This is worlds apart from the journalism of assertion that demands trust in expert authority.
BOTTOM LINE: In the years to come, responsible publishers will have to invest in greater capacity for robust fact-checking and digital verification. I think only media giants like the New York Times or the BBC have the resources to maintain fully-staffed open-source investigations units. But I am heartened that organizations like Bellingcat are receiving more and more funding. My own company, Luminative Media, opened an OSINT unit about two years ago and it has thrived.
And before I move to my example of OSINT, a political word. Millions of words have been spewed in the last few weeks about what Russian president Vladimir Putin wants. He wants to destroy Ukraine, say some. No, he craves respect, say others. He wants this … or maybe that. No one knows, and in Ukraine very few people I had spoken with thought he’d launch a full-scale invasion.
But this morning he did, and the world witnessed a ruthless, illegal Russian invasion of an allied democracy. Putin’s risk appetite is far greater than we realised.
We must be quite clear about what the Ukrainian people expect from the Kremlin. The genocide inflicted on Ukraine by the Kremlin in the early 1930s is never far from the minds of any Ukrainian. This event saw the intentional starvation of around 4 million Ukrainians. Putin is as capable of inflicting pain and suffering on countless innocent victims. Part of narrative analysis requires understanding these psychological elements so deeply imbedded in people and associated groups. They both trigger fear and resolve to not become victimized again.
So, we are now left with two options. War. Or let Putin have Ukraine. We can provide military support to Ukraine, but like Vietnam that will inevitably draw us into direct conflict sooner or later. Those who think otherwise are fooling themselves.
Or we can let Putin have Ukraine. We can protest and pass resolution after resolution in the UN, but Russia will ignore us and why wouldn’t they? Putin won’t stop there, of course, but at least it’ll buy Europe a few years. Until Russia advances towards its next target.
What’s that target? I don’t know. Whoever isn’t NATO. Whoever doesn’t have the nuclear means to defend itself. And for the same reasons as now, we’ll have to throw them under the bus too.
Pessimistic? Maybe. Or pragmatic. The simple brutal truth of the matter is that at this point, nothing short of a united international military force will stop Russia. Events have made that very clear. So, those are the options. Of course, we won’t do either. We won’t fight. And we won’t just abandon Ukraine. So this will go on and on, we’ll watch the usual utterly ineffective UN fumble and bumble about. NATO will rustle its sabers but do nothing. Ukrainians will die.
The media will cheer each death as proof of whatever agenda each outfit is pushing at that moment. Political parties will blame each other and ask for your support, and money. And behind it all, Russian Intel will be pulling the strings via social media without any barriers.
When it’s over, Ukraine will be part of Russia and the Cold War — which is what everyone wants because it was so profitable — will be back in full swing. Pessimistic? Yeah, I guess so. I’d love to be wrong, but I’ve seen this so many times before.
This Saturday I am doing a video interview with Professor Joachim Diec of the Jagiellonian University in Krakow. He is a recognised scholar in Eastern European affairs, and an expert on Ukraine. He’ll provide some perspective.
FYI, the Jagiellonian University is a public research university founded in 1364 by King Casimir III the Great, and it is the oldest university in Poland and the 13th oldest university in continuous operation in the world. It is consistently ranked as Poland’s most prestigious academic institution. My Polish and Ukrainian research teams all have Master’s degrees from the university.
An example of OSINT
The following is a basic summary of the early hours of the Russian ground assault. It is only partial. The full edition runs 35 pages. This is a composite of multiple sources. And I am hiding the photos/sources for the moment to protect peoples’ security; I have not had time to scrub EXIF data and other meta data:
FYI: this isn’t the U.S. in Iraq circa 91 or 03,. Russia is using some cruise missiles and precision-guided munitions to hit targets but they are not conducting comprehensive strikes and it seems hit & miss.
The Ukrainian Air Force is probably ineffective as a fighting force at this point. Their ground attack aircraft were hit badly by early Russian strikes and they only have a limited number of fighters anyway. But we have one video posted on TikTok and verified by 6 independent publicsources that the Ukrainian Air Force did take down one Russian figure plane.
The Russians could not kick off an offensive during the night time due to their limited sensor capabilities and a lack of nav equipment at the squad level. This from communications picked up by both Ukrainian intelligence and audioposted on TikTok and Twitter, the audio verified by Bellingcat.
Twitter accounts sharing video from Ukraine were suspended exactly when they were needed most. Twitter says the accounts were “removed in error”. Right.
So the Russians had to wait until daylight to start moving in. The Ukrainian ground forces aren’t getting mauled immediately [intel says 51 have been killed as of 4pm Ukraine time]. They have been able to perform a fighting retreat at this point, but risk encirclement. The Russians have a few main offensive routes at the moment. North from Gomel and the border area towards Kyiv, strength is unknown and info is limited. Folks are taking photos but not getting too close.
But folks are taking photos of the massive amphibious force sitting off the coast of Odessa, although it hasn’t made a move yet.
As of right now, the Ukrainian forces are trading land for time in some places, and fortifying other locations. I think they want to force the Russians into more of an urban combat scenario to negate their massive armor advantage.
* * * * * * * * * * * * * * * * * * * * * * * *
I have kept this deliberately brief and a little nebulous. In the Twitter group chats and the Linked groups and the TikTok groups where OSINT analysts share videos and help each other verify material, an informal code of conduct has emerged, according to my contacts. Most researchers have said they will not share graphic videos of dead bodies though some are and those photos are being verified.
Others have decided to keep a lid on any videos that reveal Ukrainian troop movements. In cases where researchers accidentally share false or misleading information, researchers tend to delete their social media posts and issue corrections. Much of the time, the collegiate atmosphere helps prevent mistakes before they happen.
I have tracked “debunking” in real-time. One video, depicting an explosion in the dead of night, turned out to be from Yemen, not Ukraine. Another video that purported to show a Russian helicopter attack against a Ukrainian base turned out to actually be from Afghanistan.
OSINT: a tricky world. More to come.
2 Replies to “Watching the Russia/Ukraine war from Krakow, Poland: the power of OSINT”