OSINT: The Tools of Truthseeking In The Age of Disinformation

[00:00:00] This episode is brought to you by Shopify.

[00:00:03] Forget the frustration of picking commerce platforms when you switch your business to Shopify.

[00:00:08] The global commerce platform that supercharges your selling, wherever you sell.

[00:00:13] With Shopify, you'll harness the same intuitive features, trusted apps and powerful analytics used by the world's leading brands.

[00:00:20] Sign up today for your $1 per month trial period at Shopify.com.

[00:00:25] That's Shopify.com slash tech.

[00:00:35] The silence in these fields is that of a tomb like sorrow and loss have isolated it from the war around it.

[00:00:43] CNN correspondent Nick Patton-Walsh in July 2014 at the crash site of Malaysia Airlines Flight 17.

[00:00:52] The Boeing 777 was en route from Amsterdam to Kuala Lumpur when it was shot down over eastern Ukraine,

[00:01:00] killing all 298 passengers and crew.

[00:01:04] What happened?

[00:01:05] Here's what we know so far.

[00:01:08] Evidence indicates that the plane was shot down by a surface-to-air missile

[00:01:13] that was launched from an area that is controlled by Russian-backed separatists inside of Ukraine.

[00:01:20] We also know that this is not the first time a plane has been shot down in eastern Ukraine.

[00:01:25] President Barack Obama at a White House briefing.

[00:01:29] But who did it?

[00:01:31] There was plenty of intelligence, much of it was in the open and available for sleuths to piece together.

[00:01:37] Ultimately, the discovery of the truth was expedited by open-source intelligence, OSINT for short.

[00:01:45] Open-source intelligence is a critical way of helping not just governments,

[00:01:50] but the private sector, form judgments about critical issues.

[00:01:55] In that regard, it can help differentiate truth from untruth, fact from fiction, and information from disinformation.

[00:02:08] I'm Paul Brandes, and that's the name of this podcast series, Disinformation,

[00:02:13] a co-production of every green podcasting and Emergent Risk International, a global risk advisory firm.

[00:02:20] Later in this episode, I'll be joined by one of ERI's intelligence analysts, Iman Elbana.

[00:02:27] We have just shot down a plane, this Russian voice says.

[00:02:43] Reportedly a member of a pro-Kremlin rebel group, the second voice said to be a colonel in the GRU,

[00:02:51] the Russian Military Intelligence Directorate, a man named Vasyl Mikhailovich Geronin.

[00:02:57] The tape was released by Ukraine's main security agency, the SBU, which said it intercepted phone calls between separatist forces

[00:03:07] and the Russian military intelligence officer.

[00:03:10] The conversation, which took place within 30 minutes of the shoot-down,

[00:03:15] was also deemed authentic by the US National Security Agency.

[00:03:20] But private sector investigators were also looking into the tragedy.

[00:03:25] One was a Dutch-based group named Bellingcat.

[00:03:29] Bellingcat is an investigative group that specializes in fact-checking and open-source intelligence.

[00:03:37] It was founded in 2014, a decade ago, by British citizen journalist Elliot Higgins and is based in Amsterdam.

[00:03:46] Higgins' interest in OSINT, again open-source intelligence, began in 2011 when he realized that it was possible to verify videos with satellite imagery.

[00:03:58] He quickly put this understanding to work by examining video footage from the civil war in Syria

[00:04:05] and concluding that the Syrian government, then as now headed by Bashar al-Assad,

[00:04:11] was using cluster of munitions and chemical weapons against its own people.

[00:04:16] His skills soon proved helpful in unraveling the mystery of Flight 17 as well.

[00:04:21] Here's Higgins explaining at a conference put on by the Atlantic Council's Digital Forensic Research Lab.

[00:04:28] Moments after M.A.17 was shot down, we immediately had this surge on social media of people finding information, sharing it.

[00:04:36] A lot of it was rubbish, but we needed to figure out what was good information and what wasn't.

[00:04:41] So one of the first things we started seeing are photographs and videos of a Buck missile launcher being transported on a truck.

[00:04:48] Over the weeks and months that followed, more images appeared.

[00:04:52] From that we could actually build up a route of where this missile launcher had been.

[00:04:56] So what we have here is the first photograph that was taking of the missile launcher on the day.

[00:05:02] But how do you know that's the case?

[00:05:05] Well, there's various interesting things in this image.

[00:05:08] For example, the phone number that's visible here.

[00:05:11] Now, as all good open-source investigators should do, as soon as you see a number on something that's interesting,

[00:05:17] type it into the internet and see what happens.

[00:05:19] And in this case, we came across this website.

[00:05:22] This is for a vehicle yard, a rental firm that's in the city of Dinesque, which is septic disc control at the time.

[00:05:29] We know that because we have this, which gives us the full address,

[00:05:33] and we're actually able to find that place on Google Earth.

[00:05:37] And we can zoom into the exact location.

[00:05:41] And we can see the vehicle yard.

[00:05:43] And what we can even do is go to the street view imagery and see the phone number on the building outside.

[00:05:50] And we can see that it matches to the vehicle and confirm it's a phone number from that vehicle yard.

[00:05:56] So we can already see there's a very strong chance that this is somehow related to each other.

[00:06:01] So from one scrap of information, a phone number, Bellingcat's digital detectives were able to determine the possible location of a possible missile launcher.

[00:06:12] That wasn't proof of anything, not yet, but it was a good starting point.

[00:06:17] Higgins then showed another video of a truck transporting what looked to be a large piece of military equipment.

[00:06:25] So this one was a lot easier to geoload k because the person who posted online also gave us the full coordinates of where it was posted.

[00:06:34] The problem was we don't just trust stuff because it's on the Internet, but again, it's a string of numbers.

[00:06:40] So we chuck that into the Internet, see what comes up.

[00:06:43] And it gives us this location in a town called Zores, which is east of Dinesque.

[00:06:49] Now, we want to verify this. So what we're able to do is start comparing the various things.

[00:06:55] Now we can do the old colored boxes on items that we do with geolocation.

[00:06:59] So we have this structure on top of one of the buildings we can see.

[00:07:03] We can also see this structure on the ground.

[00:07:06] We can see the shadow being cast by this post, for example.

[00:07:09] The paths are the same.

[00:07:10] There's all these details that allows to match it quite easily and quickly.

[00:07:14] So we've established two locations.

[00:07:18] So now what we're going to do is move back to the vehicle yard we were in at Dinesque.

[00:07:24] And this time, what someone did is they decided they would automatically calculate the route between this location and the next location

[00:07:33] and then switch to Street View.

[00:07:36] And then what he did is he pointed the camera down the road and started virtually driving down it to see if he could find a match for the photograph.

[00:07:44] Note that Higgins mentioned things like satellite imagery, Street Views, roadmaps.

[00:07:49] These are all resources available to anyone with a computer.

[00:07:54] Incredible resources right at your fingertips.

[00:07:57] He continued.

[00:07:59] And eventually that person did and I'm extremely glad to say that wasn't me.

[00:08:04] But it was an area just east of the vehicle yard.

[00:08:09] What was interesting here is these signs because we could start taking these signs and comparing the details and structures that were visible.

[00:08:17] So straight away, we could start seeing things that matched in the image and we started matching them off.

[00:08:25] So again, we have the color boxes.

[00:08:27] We can see that's a match.

[00:08:29] That's a match.

[00:08:30] And this is a match.

[00:08:31] But there was one thing that was made it very clear is the same location.

[00:08:37] And it was the branches and the leaves in the background, which were almost identical.

[00:08:41] And if you really carefully look at every individual branch as I did and every little tweak, you can actually see that all in the same position.

[00:08:49] So we can be certain this is the same location.

[00:08:53] At this point Higgins brought in a colleague, Art Toler, who again zeroed in on that imagery and what it revealed.

[00:09:01] You saw this picture earlier with the table game with the first geolocation table game.

[00:09:07] So this will be a little bit familiar to you.

[00:09:09] So right here you see the book, Missle Launcher again.

[00:09:12] We spent its latest journey from Donetsk that morning that went through Zagrasse and now it's in Therese and the city in eastern Ukraine.

[00:09:21] Here it is the book Missle Launcher that shot down in mix 17 with the truck with the phone number on the side.

[00:09:28] And remember the Jeep that's important later on.

[00:09:30] So keep that file out away for about 15 minutes from now, following by a US 469 Jeep.

[00:09:35] And so where is this located?

[00:09:37] When this first came out it was reported that it was in Snizhnoye or Snizhnaya in Ukraine,

[00:09:42] which is a town actually about five kilometers east of Therese.

[00:09:46] Toler noted and this is important for investigators using OSINT tools that it can take time to put clues together.

[00:09:55] But like anything, experience and familiarity with the tools and so forth can accelerate the process.

[00:10:02] Obviously important for any analyst.

[00:10:05] Of course street views and whatnot may be more robust in some parts of the world than others.

[00:10:11] In eastern Ukraine Toler noted that it can be a tad problematic including the village of Therese central to the Flight 17 probe.

[00:10:21] There's no Google Street View or Yandex Street View for Therese, but we have the next best thing.

[00:10:29] If you go on to YouTube there's a whole bunch of Russians and Ukrainians, almost always Russians and Ukrainians who have the register the dash cam video.

[00:10:37] So these dash cam videos he bears across the street, the comments in the air meteorize right?

[00:10:42] And also you have kind of your own personal Google Street View for each town and village in Russian Ukraine.

[00:10:47] So a lot of these places don't have coverage in Google Maps or Yandex Street View.

[00:10:51] But you do have a bunch of people even with the timestamp, right? This is in 2012.

[00:10:56] You can see over time how these places change.

[00:10:58] So you have the next best thing. You have live videos that are on YouTube.

[00:11:01] Just type in the city, maybe the address you're looking for and you can find all these people who've uploaded these videos.

[00:11:06] So they're driving around town. They even listen in super detail that route they take.

[00:11:11] Sometimes they drive between towns. It's three, four hours long videos.

[00:11:14] Just as good as Google Street View.

[00:11:16] So YouTube, an amazing resource again. Open intelligence available to anyone.

[00:11:22] Of course all of this visual data can then be used in combination with social media, for example Twitter or XSZ.

[00:11:30] Now officially called to bring an analyst even closer to the truth.

[00:11:35] Especially when the analyst uses another tool, this one called SunCalc.

[00:11:41] With this you can put in the day that the photo was taken and it could figure out the azimuth of the angle of the sun with all the historical data and astronomical data.

[00:11:49] And if you put the approximate direction that a kishado is cast at the time, you can find out not to the minute but within 15-30 minutes when the photo was taken.

[00:11:59] So if we had seen this video right here, if it would actually have been taken at 5pm or at 8am, it does not fit our timeline.

[00:12:06] Because the book was in Danetsk around 9-10am and it fired the missile at 4-20pm.

[00:12:13] So if this was at 5pm or 8am, it throws everything out the window.

[00:12:17] Because it means this photo is old or some information we know is wrong.

[00:12:20] But if it's the timeline perfectly, this is exactly the same time.

[00:12:23] This is around 12-15, which is when a lot of reports coming from Twitter of locals in Tures were talking about this book going down that exact street that we saw.

[00:12:32] So it's not just one piece of information, we triangulate from different pieces of information.

[00:12:37] So phone numbers, YouTube videos, roadmaps, social media, the wonders of modern technology combined with Mother Nature, the casting of Sun and Shadow,

[00:12:47] helped Bell and Cat determine when and from where the anti-aircraft missile that knocked Flight 17 out of the sky was fired.

[00:12:56] But let's return to Elliot Higgins now who says there's still more to be told and thanks to videos, more to see.

[00:13:04] There were other things we were discovering as well.

[00:13:06] Once we found these videos and photographs of this path, we started digging through social media for people who'd seen it and posted about it.

[00:13:13] Because there's a big difference between, say, Ukraine and Syria.

[00:13:17] In Syria, in opposition held areas, you have very restricted internet.

[00:13:20] In Ukraine, people are just posting all sorts of rubbish.

[00:13:23] So you have to sort through that rubbish and you find posts like this.

[00:13:27] So this is a translation of a post.

[00:13:29] This as far as we figured out, I believe, is the first sighting of that missile launcher.

[00:13:34] And it's describing that missile launcher coming down a highway into Donetsk before it leaves.

[00:13:39] And it's in a convoy.

[00:13:41] It has a convoy with an RAV4, Cameraman Files UAZ, which is kind of a military vehicle which we saw in the photograph earlier,

[00:13:48] and a blue van.

[00:13:50] They get the make-wrong.

[00:13:52] And we know that because we actually had another video appear, I think, around two years later of the missile launcher in a convoy.

[00:13:58] And this is very interesting because straight away you can see the vehicles described in the convoy.

[00:14:03] You can see the missile launcher again.

[00:14:05] You can see the UAZ behind it and the van.

[00:14:08] Now we wanted to verify where this was taken and what time it was taken.

[00:14:13] And a minor miracle occurred.

[00:14:16] First of all, one thing we discovered is searching for the videos of convoys is that the same exact vehicles were in a separatist convoy two days earlier.

[00:14:26] So we knew they're in the area.

[00:14:28] We knew these number plates were the same and all the other details.

[00:14:30] But how do you know if this video was actually taken on July 17th?

[00:14:34] Well, there's a petrol station in the video.

[00:14:38] And what you can do is go to the petrol station's website.

[00:14:42] And there's these websites that archive web pages.

[00:14:45] And by looking at those gas station archives, you can find out what gas prices were on such and such a date.

[00:14:53] Thus making it easier to date the video showing the missile launcher on the truck.

[00:14:58] Again, this process obviously is far from easy like any puzzle.

[00:15:03] There are lots of pieces and it's the analyst's job to methodically put them together.

[00:15:10] Let's take a short break here when we come back.

[00:15:13] I'll talk with a long time intelligence analyst at Emergent Risk International,

[00:15:18] who is well versed in the craft of open source intelligence.

[00:15:23] This series on disinformation is a co-production of Evergreen Podcasts and Emergent Risk International,

[00:15:29] a global risk advisory firm.

[00:15:31] Emergent Risk International. We build intelligent solutions that find opportunities in a world of risk.

[00:15:42] Greetings from Evergreen Podcasts!

[00:15:45] We're rolling out a listener survey and we want to hear from you.

[00:15:48] The information in the survey will help us gather statistics and in turn make our shows more appealing to advertisers.

[00:15:54] I know most people don't like ads, but this is one of the only ways our shows make money and help keep their lights on.

[00:16:00] We promise it will only take a few minutes, but the impact on our podcasts will be tremendous.

[00:16:06] As a token of our appreciation, we'll randomly select one lucky participant each month

[00:16:11] to win an exclusive merchandise package from Evergreen Podcasts.

[00:16:15] Head to evergreenpodcast.com slash listener survey to help a show and possibly get some free stuff for doing so.

[00:16:23] We can't thank you enough for the support. Now back to the show.

[00:16:31] Welcome back. This is the first in a two-part series on open source intelligence or OSINT.

[00:16:37] We just heard the amazing story of Hal Bellingcat, the Dutch based investigative group that specializes in fact checking and open source intelligence,

[00:16:47] helped learn the truth about the downing of a civilian airliner a decade ago.

[00:16:52] But the underlying tools of OSINT, that's the point.

[00:16:56] Let's continue the conversation now with Iman Albana, cheese director of customer success at Emergent Risk International,

[00:17:04] but also a nine-year intelligence analyst and frequent user of OSINT tools.

[00:17:11] OSINT has emerged as a really powerful tool, as you know, for gathering data from publicly available sources.

[00:17:21] In your opinion though, are companies and decision makers taking full advantage of this?

[00:17:28] I do think companies and decision makers are taking more and more advantage of OSINT,

[00:17:33] especially just because of the sheer volume of publicly available information.

[00:17:38] You almost can't function without some level of OSINT.

[00:17:41] We all actually use OSINT and we probably don't realize it, but OSINT is really just, you know,

[00:17:48] any of the publicly available information, but it's about using it in an effective way to kind of sift through that information

[00:17:55] and gain valuable insight.

[00:17:57] So I do think companies, especially those with well staffed and invested intelligence teams,

[00:18:06] whether it's for security purposes, but also importantly for business and market sentiment purposes,

[00:18:13] you know, you have to have fully capable intelligence functions to do business.

[00:18:21] And I think a lot of corporations are very aware of that and are investing in those,

[00:18:26] although I'm sure there are some gaps, of course, when it comes to utilizing OSINT.

[00:18:32] Is there any kind of correlation between companies that use OSINT that are aware of the benefits it has

[00:18:42] and say things like shareholder returns or market cap or that kind of thing, company profitability,

[00:18:50] or just avoidance of errors and pitfalls.

[00:18:54] Is there any correlation between the use of that and those things?

[00:18:59] I think there is, you know, those that do OSINT effectively, so trying to kind of, you know,

[00:19:05] focus on the information that's going to gain valuable insights,

[00:19:08] being able to, you know, work with social media and, you know, understand, you know,

[00:19:14] your brand and the changing sentiment around it and how that affects profitability.

[00:19:20] That's all crucial.

[00:19:21] And I think companies pay attention to it a lot on the business side,

[00:19:25] especially, you know, companies that perform well.

[00:19:28] From the intelligence community perspective, OSINT is often thought, you know,

[00:19:34] in terms of security.

[00:19:36] So thinking about intelligence to identify threats.

[00:19:40] That's often where you see talk of OSINT, which is extremely important.

[00:19:45] Of course, you know, companies want to be able to get ahead of any potential threats to them,

[00:19:50] you know, protect their people and assets, their executives and all of that.

[00:19:54] And OSINT is absolutely crucial to doing that.

[00:19:57] But there's a lot from corporate intelligence teams in the use of OSINT

[00:20:01] that can go beyond just, you know, addressing the risks,

[00:20:05] but even, you know, turning that intelligence into opportunities as well

[00:20:09] and focusing not just on the risk but the opportunity,

[00:20:12] which I think is crucial for companies.

[00:20:15] And they do it.

[00:20:17] It's just a matter of understanding that, you know, this is what OSINT is

[00:20:21] and how they can do so effectively in sharing tools,

[00:20:24] whether it's using OSINT for security and risk assessments

[00:20:29] versus using it for, you know, more market and business driven

[00:20:33] and profit driven decisions,

[00:20:35] which is what your company shareholders are going to care more about.

[00:20:38] Just because you have open source intelligence,

[00:20:44] how do you know whether it's true or not?

[00:20:47] It's open source doesn't necessarily mean it's true.

[00:20:50] How do you verify data and information that you acquire through these open sources?

[00:20:58] Right. So that's kind of the craft of the intelligence part

[00:21:02] is trying to use open sources to verify information.

[00:21:06] So really it's just a form of research using, you know,

[00:21:10] these publicly available sources that can help individuals

[00:21:14] kind of understand a piece of information or data better.

[00:21:18] You know, there's just so much information available

[00:21:21] and you can use public sources, whether it's, you know, social media

[00:21:24] or official websites, mass media to try and triangulate,

[00:21:29] verify certain claims.

[00:21:31] It can be a challenge sometimes navigating the different webs of information

[00:21:35] but that's the craft of OSINT taking advantage of that information

[00:21:39] at your fingertips to lean valuable insights

[00:21:42] and turn it into intelligence.

[00:21:44] Definitely difficult in this day and age with, you know,

[00:21:47] all the disinformation that's out there,

[00:21:49] but there are, you know, ways that people that are really good at OSINT

[00:21:52] can go and find the original source of a claim,

[00:21:56] decide whether it's verified or not

[00:21:58] and work with that information from there.

[00:22:01] There are various types of OSINT out there.

[00:22:03] Can you take just a couple of these

[00:22:06] all for listeners who might not be up to speed on some of these things?

[00:22:11] Just a very brief explanation if you can.

[00:22:14] The first one is, and I think you would have to do this,

[00:22:17] is social media intelligence, so-comment I guess, SOC mint.

[00:22:21] But what is social media intelligence?

[00:22:23] So social media intelligence is basically just the collection

[00:22:27] and analysis of information from social media platforms.

[00:22:31] You know, of course your traditional social media platforms

[00:22:34] that you might think of like Facebook or X

[00:22:37] or formerly Twitter, Instagram,

[00:22:40] but even also there's so many new types of social media platforms

[00:22:44] so it can run the range

[00:22:47] but basically just using those platforms to find information

[00:22:51] and gain intelligence that can help decision makers.

[00:22:55] I would say with the sort of explosion of social media

[00:22:59] in the past decade, it's become a crucial component

[00:23:02] of OSINT more broadly.

[00:23:05] That's probably the most popular form of OSINT

[00:23:08] that you can think of.

[00:23:10] Through conducting social media intelligence

[00:23:13] you can target specific individuals, groups, events

[00:23:18] or just the information that's out there to gain insights.

[00:23:23] A lot of companies like I said in the Intel world

[00:23:27] you might think of it as looking for people

[00:23:31] that are threatening your company or your executive

[00:23:33] and going after it.

[00:23:35] But market people use social media intelligence all the time

[00:23:38] to measure trends, sentiment for a company,

[00:23:43] its products, very specific things.

[00:23:46] But yeah, social media intelligence is crucial for companies.

[00:23:51] Like I said, it can help them identify threats

[00:23:54] or changes in sentiment, identify both risks and opportunities

[00:23:59] just because so many people are using social media

[00:24:03] posting information out there.

[00:24:05] There are some challenges when it comes to privacy,

[00:24:08] for example, and most social media platforms

[00:24:10] have those options where some are private, some are not.

[00:24:14] There can be some ethical challenges, for example,

[00:24:18] in using taking advantage if you've got access to accounts

[00:24:22] or we've seen some people get into trouble

[00:24:26] for posing as certain people on social media

[00:24:29] when that violates a social media platform's rules,

[00:24:33] for example, but yeah, there's lots of interesting things

[00:24:39] when it comes to social media intelligence.

[00:24:41] And you mentioned a minute ago the challenge of triangulation

[00:24:46] trying to just confirm that social media,

[00:24:50] I think as most people are aware,

[00:24:53] can be a source of all kinds of things

[00:24:56] that simply aren't true.

[00:24:58] And obviously it would be rather full hearty,

[00:25:01] I think to simply take it face value,

[00:25:03] something that you see on a social media platform.

[00:25:06] If you saw something on a social media platform

[00:25:10] you mentioned, X or Facebook,

[00:25:12] the usual, the big ones that most people know,

[00:25:16] the triangulation of course would be vital.

[00:25:18] If you saw something on X or Facebook,

[00:25:22] where would you go beyond that to verify?

[00:25:26] What would you do if you saw something that was interesting

[00:25:29] that you weren't quite sure and you wanted to be sure?

[00:25:33] Right, if you're trying to kind of confirm something

[00:25:36] you see on social media and you absolutely should,

[00:25:39] it's wholly dependent firstly on who's posting it.

[00:25:43] The interesting thing is there are so many more

[00:25:47] official channels, so whether it comes to

[00:25:49] certain ministries or ministers and government officials,

[00:25:53] a lot of them are using social media constantly

[00:25:56] and sometimes that's the only place they're posting information.

[00:25:59] Even for example, local police departments,

[00:26:02] emergency management, in times of crisis

[00:26:05] a lot of the times they're only solely posting

[00:26:08] from social media accounts.

[00:26:10] So the first thing is to understand who's

[00:26:13] posting the information because sometimes

[00:26:15] it might actually be from an official source.

[00:26:18] Obviously Twitter has gotten into some,

[00:26:20] or X now has gotten into some issues

[00:26:24] with the way they verify accounts.

[00:26:27] It was originally actually pretty trustworthy,

[00:26:30] reliable the way that they do the process.

[00:26:32] It's a pretty stringent or somewhat stringent

[00:26:35] betting process. Nowadays people can purchase

[00:26:38] those little blue checks.

[00:26:41] So that makes it a lot more challenging

[00:26:45] to kind of understand who's who on social media accounts.

[00:26:51] Other than that, there's often the turn to

[00:26:54] traditional media and understanding

[00:26:57] if some of these major media organizations

[00:27:00] or press groups, local sources as well

[00:27:03] if they are also reporting on the same thing

[00:27:05] or if they're able to verify social media claims.

[00:27:09] But a lot of the time things are said

[00:27:12] on social media, there's no verification

[00:27:14] and a lot of the times it's disinformation,

[00:27:16] misinformation or just a lot out false.

[00:27:20] So it's a difficult area to navigate

[00:27:25] but there are both pros and cons to it

[00:27:27] and I think it's something, the intelligence part is crucial.

[00:27:30] So yes, there's lots of information on social media

[00:27:32] but being able to intelligently sift through it

[00:27:36] and decide what is an actionable sort of thing

[00:27:39] to flag to your decision maker is really important.

[00:27:43] Another one that is important

[00:27:46] that folks might not know as much about

[00:27:50] is geospatial intelligence.

[00:27:53] Now in the old days, by old I mean 15, 20 years ago

[00:27:57] geospatial intelligence would be something

[00:28:01] that was essentially the domain of the federal government,

[00:28:06] something at the national government level

[00:28:08] but these days anybody can access a satellite imagery

[00:28:12] and that kind of thing.

[00:28:14] So within the parameter of OSINT

[00:28:17] tell me about the geospatial intelligence.

[00:28:21] Yeah, so geospatial intelligence like you alluded to

[00:28:23] it's based off of sort of images, maps, location related data

[00:28:28] so there's lots that can be revealed through that

[00:28:32] especially satellite imagery.

[00:28:34] Obviously like you mentioned it's been a long time

[00:28:38] crucial thing for militaries, traditional intelligence

[00:28:42] agencies who have historically had the best access

[00:28:46] I would say to that type of imagery

[00:28:48] but now with the expansion of commercial satellite imagery

[00:28:54] I think it's made that more accessible

[00:28:57] to just about anyone although there are still

[00:29:01] some limits and I'm sure governments

[00:29:05] have better access to quality and updated satellite imagery

[00:29:11] but I think thinking about geospatial intelligence

[00:29:16] one example that comes to mind is of course Russia, Ukraine

[00:29:20] I think there was circulation of satellite imagery

[00:29:24] of Russian troops heading towards the border

[00:29:27] prior to the invasion I think.

[00:29:29] Some analysts pointing to changes in Russia's behavior

[00:29:34] and using satellite imagery to do that

[00:29:37] it's also been crucial you can see people

[00:29:40] looking at the aftermath of certain drone strikes

[00:29:43] or what not, it's not coming from official sources

[00:29:46] but even just analysts on the internet

[00:29:48] or Bellingcat is a really good example of a site

[00:29:53] that they do a lot of really interesting OSINT work

[00:29:56] and they use geospatial intelligence to do it

[00:30:00] where they'll kind of help confirm attack claims

[00:30:03] or assess the aftermath of a certain attack

[00:30:06] so there's a lot happening in the OSINT space

[00:30:09] when it comes to geospatial intelligence specifically

[00:30:12] another example I saw actually circulating recently

[00:30:16] is there's this, it's not something I've been able to verify

[00:30:20] but there's this satellite image of a site in Mongolia

[00:30:24] actually that resembles Taiwan's presidential office

[00:30:28] and some analysts are linking it to maybe

[00:30:31] it's signs of China's preparations

[00:30:33] for a possible invasion of Taiwan some days

[00:30:37] so they're taking that one image

[00:30:40] comparing it to satellite imagery

[00:30:42] of Taiwan's presidential office

[00:30:44] and trying to kind of gain some insights

[00:30:47] over what China might be planning which is interesting.

[00:30:50] Interesting, another OSINT source these days

[00:30:55] is blockchain intelligence

[00:30:58] I think folks have a basic understanding of what the blockchain is

[00:31:02] but with regard to OSINT tell me how that might work.

[00:31:06] Blockchain intelligence is a little more complex

[00:31:10] and for those that are more familiar with blockchain

[00:31:13] it's more accessible

[00:31:15] I think it's linked to financial intelligence as well

[00:31:18] so trying to understand kind of, you know

[00:31:22] financial intelligence is traditionally looking at

[00:31:25] basically financial transactions and sifting through

[00:31:29] for insights often used by banks and governments

[00:31:34] law enforcement to track financial crimes such as money laundering

[00:31:39] or tax evasion for example

[00:31:42] but when it comes to blockchain intelligence

[00:31:44] that's becoming more important as we see criminals

[00:31:47] for example turning to cryptocurrency

[00:31:50] and these digital currencies to get away from

[00:31:53] the traditional financial transactions

[00:31:56] that are more easily tracked

[00:31:58] so using blockchain intelligence

[00:32:00] that's the way you can kind of see

[00:32:02] the log of cryptocurrency transactions

[00:32:06] and so it's a complex process

[00:32:08] but those that are able to do it

[00:32:11] can actually trace back certain financial transactions

[00:32:15] one example I think Israel and the US

[00:32:18] have done this with HMS

[00:32:20] the Gaza based militant group

[00:32:23] looking at some cryptocurrency transactions

[00:32:27] made to them

[00:32:29] showing that they've taken advantage

[00:32:32] their heavily sanctioned group

[00:32:34] because they're designated as a terrorist organization

[00:32:36] by the US, UK and others

[00:32:39] so to get away from those traditional sanctions

[00:32:42] they're taking advantage of cryptocurrency

[00:32:45] and they're not the only ones

[00:32:47] but intelligence analysts trying to find this activity

[00:32:51] have to look through blockchain ledgers

[00:32:53] to try and figure out where

[00:32:55] these digital currencies are moving

[00:32:57] and who they're getting into the hands of

[00:33:00] What other OSINT tools would you like to see?

[00:33:03] We've touched upon a couple there are others

[00:33:05] Web intelligence, financial intelligence

[00:33:08] which you just alluded to with the discussion of blockchain

[00:33:11] but are there any other tools out there

[00:33:14] even other areas that you would like to see

[00:33:18] that would be useful to an OSINT analyst?

[00:33:22] Yeah I think one space to watch of course

[00:33:25] is artificial intelligence, AI

[00:33:28] we keep hearing a lot about it

[00:33:30] and how much it can improve the effectiveness

[00:33:33] of certain processes, automate things for us

[00:33:36] and that's going to be I think crucial to OSINT

[00:33:38] there are actually a lot of existing AI

[00:33:41] linked AI powered OSINT tools that are

[00:33:44] popping up, one that we've actually

[00:33:47] used and kind of partnered with

[00:33:49] there's this company called Pyrotechnologies

[00:33:52] they're doing a lot of really useful things

[00:33:56] around the US elections but specifically

[00:33:59] they have an AI tool that identifies and tracks

[00:34:02] threats across social media

[00:34:05] and they have this specific tool

[00:34:08] to track trends on election narratives

[00:34:11] and they're using unmoderated social media platforms

[00:34:14] so it helps because for people conducting OSINT

[00:34:17] that want to get into some of these platforms

[00:34:21] that some of them are

[00:34:23] there are risks of course

[00:34:25] interacting with people especially

[00:34:27] that might be pose a threat to your organization

[00:34:30] or might require you to identify yourself

[00:34:33] so to have tools like that

[00:34:36] that take that burden away

[00:34:38] that helps but this one they can

[00:34:40] specifically use AI to identify narratives

[00:34:44] so one that was circulating of course

[00:34:46] is with the TikTok ban

[00:34:48] or proposed TikTok ban from Congress

[00:34:50] some are trying to say that it's an attempt

[00:34:52] to influence the US elections

[00:34:54] and there's arguments on both sides

[00:34:56] that it's going to benefit Republicans

[00:34:57] that it's going to benefit Democrats

[00:34:59] or this idea that TikTok is an anti-government space

[00:35:02] and the government's coming into ban a platform

[00:35:04] that lets people criticize the US government

[00:35:07] some of these narratives are circulating widely

[00:35:12] and from Pyre's tool

[00:35:15] that can help organizations point to a specific threat

[00:35:19] or understand like if people are getting

[00:35:22] that upset about technology platforms

[00:35:24] ahead of the elections

[00:35:26] if that means that they might target some

[00:35:29] in other ways down the line

[00:35:32] I think that example of using AI to sift through that

[00:35:36] and taking kind of the burden off of human moderators

[00:35:39] because there's just too much out there

[00:35:41] for people to sift through

[00:35:43] but having a tool that can do that for you

[00:35:45] and there's other tools out there that can do that

[00:35:48] Another good tool by the way is data miner

[00:35:51] So faster verification obviously has tremendous

[00:35:54] market value attached to it

[00:35:57] I think one thing that I also wanted to ask

[00:36:01] some of the potential pitfalls or risks

[00:36:05] of the private sectors over reliance

[00:36:09] or perhaps simply reliance on OSINT

[00:36:12] tell me about some of the potential risks

[00:36:15] or pitfalls that could be associated with that

[00:36:19] I think the biggest thing about dealing with OSINT

[00:36:23] is just that risk of being susceptible

[00:36:26] to disinformation and misinformation

[00:36:29] it's really hard sometimes to verify things

[00:36:32] and with OSINT it's done very quickly

[00:36:36] there's so much information out there

[00:36:38] often you're sifting through social media

[00:36:40] posts and things and trying to decide

[00:36:43] whether something is a real threat

[00:36:45] or of real importance to your organization

[00:36:48] can be difficult

[00:36:50] but when you're using those types of platforms

[00:36:52] all the time

[00:36:54] you can easily go down the road

[00:36:58] of using something that was actually

[00:37:01] misinformation or disinformation

[00:37:03] so I think being exposed to that

[00:37:06] is important especially as we see

[00:37:09] the dark side of AI when we're seeing

[00:37:12] AI powered disinformation campaigns

[00:37:15] being circulated widely

[00:37:17] so maybe your traditional verification processes

[00:37:20] you see something on social media

[00:37:22] you go to a new site to try and verify

[00:37:26] these tools have already posted it

[00:37:28] on every possible channel

[00:37:30] and so you might see that information

[00:37:32] and think it's real because you've seen it

[00:37:34] in multiple sources but in the end

[00:37:36] this is just a very sophisticated disinformation campaign

[00:37:40] and we've seen actually even nation states

[00:37:43] like Iran for example organize those

[00:37:46] and do it really well and have a lot of reach

[00:37:48] not just in their area but in the US even

[00:37:51] so something to watch

[00:37:55] open source intelligence is such a big topic

[00:37:58] in our next episode

[00:38:00] we'll get some additional insight from

[00:38:02] Bellingcat's chief operating officer

[00:38:05] and we'll hear from a merchant risk intelligence

[00:38:07] analyst Noemi Waseero

[00:38:10] my thanks to Iman Albana

[00:38:12] sound from CNN and the Atlantic Council's

[00:38:15] Digital Forensic Research Lab

[00:38:18] our sound designer and editor Noah Fouts

[00:38:21] audio engineer Nathan Corson

[00:38:24] executive producers Michael Dale-Loya

[00:38:26] and Gerardo Orlando

[00:38:29] and on behalf of Meredith Wilson

[00:38:31] the CEO of Emergent Risk International

[00:38:34] I'm Paul Brandis thanks so much for listening

[00:38:47] On the morning of August 1st 1966

[00:38:50] shots ring out from the observation deck

[00:38:52] of the clock tower on the University of Texas campus

[00:38:55] it marks the infamous beginning

[00:38:57] of the modern era of mass shootings in America

[00:39:01] You're listening to Stop the Killing podcast

[00:39:03] Join us as we take you behind the crime scene tape

[00:39:06] to explain global mass shootings and mass attacks

[00:39:09] I'm Sarah Ferris but more importantly

[00:39:12] this is Catherine Schreit

[00:39:14] the former head of the FBI's active shooter program

[00:39:17] I spent five years as the FBI's top executive

[00:39:19] looking for answers to the mass shooting crisis

[00:39:22] I've been at the shooting scenes

[00:39:24] I've traced heroic acts of bravery

[00:39:26] and I've sat silently and listened

[00:39:28] to the heart-wrenching stories from survivors

[00:39:31] Amongst this horror there is hope

[00:39:33] we all hold the key to stop the killing

[00:39:35] you just need to know how to unlock the door

[00:39:38] Download Stop the Killing and be part of the solution

[00:39:41] Search Stop the Killing on Apple, Spotify

[00:39:44] and all the usual suspects