open source intelligence – Techdirt (original) (raw)
Peering Through The Fog Of War With Open Source Intelligence
from the what-took-them-so-long? dept
“The fog of war” is a phrase that has been used for over a hundred years to describe the profound uncertainty that envelops armed conflicts while they are happening. Today, the uncertainty for non-combatants is exacerbated by the rapid-fire nature of social media, where people often like or re-post dubious war-related material without scrutinizing it first. The situation has become particularly bad on ExTwitter under Elon Musk’s stewardship, as a recent NewsGuard analysis published on Adweek revealed. The platform’s “verified” users pushed nearly three-quarters of the platform’s most viral false Israel-Hamas war-related claims, which were then spread widely by others:
The verified accounts promoted 10 false narratives, such as claims that Ukraine sold weapons to Hamas and a video of Israeli senior officials being captured by Hamas.
Collectively, posts promoting false claims garnered 1,349,979 likes, reposts, replies and bookmarks, and were viewed by more than 100 million people globally in a week, per NewsGuard.
A recent example of how difficult it is to tease out what happened in a fast-moving conflict with many civilian casualties is the explosion at the Al-Ahli Baptist Hospital in Gaza City. As Wired noted:
Within minutes, information about what had happened was distorted by partisan narratives, disinformation, and a rush to be first to post about the blast. Add in mainstream media outlets parroting official statements without verifying their veracity, and the result was a chaotic information environment in which no one was sure what had happened or how.
Open source intelligence – the analysis of information drawn from a variety of freely available sources, usually online – is emerging as one of the best ways to peer through the fog of war. For example both the Guardian newspaper and the UK’s Channel 4 news made use of open source intelligence in their attempts to work out who was responsible for the explosion at the hospital in Gaza. One of the leading journalistic practitioners of data analysis, the FT’s John Burn-Murdoch, believes that the absence of OSINT is why many traditional media outlets are failing so badly in their reporting of the Israel-Hamas war and elsewhere. As he wrote in a thread on ExTwitter:
With the proliferation of photos/footage, satellite imagery and map data, forensic video/image analysis and geolocation (~OSINT) has clearly been a key news gathering technique for several years now. A key news gathering technique *completely absent from most newsrooms*
According to Burn-Murdoch, this has had a terrible effect not just on the quality of reporting, but on the public’s trust in journalism, already greatly diminished as a result of constant attacks on the media by populist politicians around the world:
most mainstream news orgs today are either simply not equipped to determine for themselves what’s happening in some of the world’s biggest stories, or lack the confidence to allow their in-house technical specialists to cast doubt on a star reporter’s trusted source
So you end up with situations where huge, respected news organisations are reporting as fact things that have already been shown by technically adept news gatherers outside newsrooms to be false or at the very least highly uncertain. It’s hugely damaging to trust in journalism.
It’s great that a leading exponent of data journalism like Burn-Murdoch is calling for mainstream media to make the use of open source intelligence a regular and integral part of their reporting. Doing so is especially important at a time when the fog of war is thick, as is the case in the Middle East today. But it’s a pity that it has taken this long for the power of OSINT to be recognized in this way. Techdirt first wrote about what is still probably the leading practitioner of open source intelligence analysis, Bellingcat, over eight years ago.
Follow me @glynmoody on Mastodon.
Filed Under: bellingcat, data journalism, elon musk, ft, gaza, israel, middle east, open source intelligence, osint, palestine, twitter, war
Removing Terrorist Content Isn't Helping Win The War On Terror
from the misguided-efforts dept
The terrorists are winning.
This shouldn’t come as a surprise. The War on Drugs hasn’t made a dent in drug distribution. Why should the War on Terror be any different? Two decades and several billion dollars later, what do we have to show for it? Just plenty of enemies foreign and domestic.
While politicians rail against “terrorist content,” encryption, and the right for people to remain generally unmolested by their governments, they’re leaning hard on social media platforms to eradicate this content ASAP.
And social media companies are doing all they can. Moderation is hard. It’s impossible when you’re serving millions of users at once. Nonetheless, the content goes down. Some of it is actual “terrorist content.” Some of it is journalism. Some of it is stuff no one would consider terroristic. But it all goes down because time is of the essence and the world is watching.
But to what end? As was noted here all the way back in 2017, efforts made to take down “terrorist content” resulted in the removal of evidence of war crimes. Not much has changed since then. This unfortunate side effect was spotted again in 2019. Target all the terrorist content you want, but destroying it destroys evidence that could be used to identify, track, and, ultimately, prosecute terrorists.
Sure, there’s some concern that unmoderated terrorist content contains the inherent power to radicalize internet randos. It’s a valid concern but it might be outweighed by the positives of keeping the content live. To go further, it might be a net gain for society if terrorist content was accessible and easily-shared. This seems counterintuitive, but there’s a growing body of research showing terrorists + internet use = thwarted terrorist plots.
Call me crazy, but this sounds like a better deal for the world’s population than dozens of surveillance agencies slurping up everything that isn’t nailed down by statute. This comes from Joe Whittaker at Lawfare, who summarizes research suggesting swift removal of “terrorist content” isn’t helping win the War on Terror.
In my sample, the success of an attempted terrorist event—defined as conducting an attack (regardless of fatalities), traveling to the caliphate, or materially supporting others actor by providing funds or otherwise assisting their event—is negatively correlated with a range of different internet behaviors, including interacting with co-ideologues and planning their eventual activity. Furthermore, those who used the internet were also significantly more likely to be known to the security services prior to their event or arrest. There is support for this within the literature; researchers at START found that U.S.-based extremists who were active on social media had lower chances of success than those who were not. Similarly, research on U.K.-based lone actors by Paul Gill and Emily Corner found that individuals who used the internet to plan their actions were significantly less likely to kill or injure a target. Despite the operational affordances that the internet can offer, terrorist actors often inadvertently telegraph their intentions to law enforcement. Take Heather Coffman, whose Facebook profile picture of an image of armed men with the text “VIRTUES OF THE MUJIHADEEN” alerted the FBI, which deployed an undercover agent and eventually led to her arrest.
Correlation isn’t causation but there’s something to be said about visibility. This has been a noticeable problem ever since some law enforcement-adjacent grandstanders started nailing every online service with personal ads to the judicial wall for supposedly facilitating sex trafficking. Ads were pulled. Services were halted. And sex traffickers became increasingly difficult to track down.
As this research notes, radicalization might occur faster with heavier social media use. But this isn’t necessarily a bad thing. Greater visibility means easier tracking and better prevention.
Out in the open also means encryption isn’t nearly as much of an issue. Terrorist organizations appear to be voluntarily moving away from open platforms, sacrificing expeditious radicalization for privacy and security. But even that doesn’t appear to pose nearly as much of a problem as politicians and law enforcement officials suggest.
When looking at the Islamic State cohort in the United States, unlike other online behaviors, there is not a significant relationship between the use of end-to-end encryption and event success. Terrorists who used it were just as likely to be successful as those who did not.
Unfortunately, there are no easy answers here. While driving terrorists underground results in limited visibility for those seeking to thwart their plans, allowing them to take full advantage of open platforms increases the number of possible terrorists law enforcement must keep an eye on.
The downsides of aggressive moderation, however, are clear. Visibility decreases as the possibility for over-moderation increases. Evidence needed for investigations and prosecutions vanishes into the ether over the deafening roar of calls to “do more.”
Filed Under: content moderation, content removals, open source intelligence, terrorism, terrorist content
As Everyone Knows, In The Age Of The Internet, Privacy Is Dead — Which Is Awkward If You Are A Russian Spy
from the not-just-here-for-the-medieval-church-architecture dept
Judging by the headlines, there are Russian spies everywhere these days. Of course, Russia routinely denies everything, but its attempts at deflection are growing a little feeble. For example, the UK government identified two men it claimed were responsible for the novichok attack on the Skripals in Salisbury. It said they were agents from GRU, Russia’s largest military intelligence agency, and one of several groups authorized to spy for the Russian government. The two men appeared later on Russian television, where they denied they were spies, and insisted they were just lovers of English medieval architecture who were in Salisbury to admire the cathedral’s 123-meter spire.
More recently, Dutch military intelligence claimed that four officers from GRU had flown into the Netherlands in order to carry out an online attack on the headquarters of the international chemical weapons watchdog that was investigating the Salisbury poisoning. In this case, the Russian government didn’t even bother insisting that the men were actually in town to look at Amsterdam’s canals. That was probably wise, since a variety of information available online seems to confirm their links to GRU, as the Guardian explained:
One of the suspected agents, tipped as a “human intelligence source” by Dutch investigators, had registered five vehicles at a north-western Moscow address better known as the Aquarium, the GRU finishing school for military attaches and elite spies. According to online listings, which are not official but are publicly available to anyone on Google, he drove a Honda Civic, then moved on to an Alfa Romeo. In case the address did not tip investigators off, he also listed the base number of the Military-Diplomatic Academy.
?
One of the men, Aleksei Morenets, an alleged hacker, appeared to have set up a dating profile.
Another played for an amateur Moscow football team “known as the security services team” a current player told the Moscow Times. “Almost everyone works for an intelligence agency.” The team rosters are publicly available.
The “open source intelligence” group Bellingcat came up with even more astonishing details when they started digging online. Bellingcat found one of the four Russians named by the Dutch authorities in Russia’s vehicle ownership database. The car was registered to Komsomolsky Prospekt 20, which happens to be the address of military unit 26165, described by Dutch and US law enforcement agencies as GRU’s digital warfare department. By searching the database for other vehicles registered at the same address, Bellingcat came up with a list of 305 individuals linked with the GRU division. The database entries included their full names and passport numbers, as well as mobile phone numbers in most cases. Bellingcat points out that if these are indeed GRU operatives, this discovery would be one of the largest breaches of personal data of an intelligence agency in recent years.
An interesting thread on Twitter by Alexander Gabuev, Senior Fellow and Chair of Russia in Asia-Pacific Program at Carnegie Moscow Center, explains why Bellingcat was able to find such sensitive information online. He says:
the Russian Traffic Authority is notoriously corrupt even by Russian standards, it’s inexhaustible source of dark Russian humor. No surprise its database is very easy to buy in the black market since 1990s
In the 1990s, black market information was mostly of interest to specialists, hard to find, and had limited circulation. Today, even sensitive data almost inevitably ends up posted online somewhere, because everything digital has a tendency to end up online once it’s available. It’s then only a matter of time before groups like Bellingcat find it as they follow up their leads. Combine that with a wealth of information contained in social media posts or on Web sites, and spies have a problem keeping in the shadows. Techdirt has written many stories about how the privacy of ordinary people has been compromised by leaks of personal information that is later made available online. There’s no doubt that can be embarrassing and inconvenient for those affected. But if it’s any consolation, it’s even worse when you are a Russian spy.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: gru, internet, open source intelligence, privacy, russia, russian spies
Should Open Source Intelligence Be Used For Policy Making?
from the transparent-and-verifiable dept
Last summer, we wrote about the rise of open journalism, whereby people take publicly-available information, typically on social networks, to extract important details that other, more official sources either overlook or try to hide. Since then, one of the pioneers of that approach, Eliot Higgins, has used crowdfunding to set up a site called “Bellingcat“, dedicated to applying these techniques. Principal themes there include the shooting down of Malaysian Airlines Flight 17 (MH17), and the civil war in Syria.
Higgins recently published a post on the blog of the Policy Institute at King’s College, London, in which he suggested that such open source intelligence (OSINT) could be used for formulating policy in situations where traditional sources of information are limited:
> In recent years, content shared via social media from conflict war zones has allowed us to gain a far deeper understanding of the on-the-ground realities of specific conflicts than previously possible. This presents a real opportunity for providing robust evidence which can underpin foreign and security policymaking about emerging, or rapidly escalating, conflict zones.
He cites his own group’s work on the shooting-down of the MH17 flight as an example, noting some of the advantages and challenges:
> Our research on the Buk missile launcher demonstrates that not only is there a wealth of largely untapped information available online and especially on social media, but also that a relatively small team of analysts is able to derive a rich picture of a conflict zone. Clearly, research of this kind must be underpinned by an understanding of the way in which content is being produced, who is sharing it, and, crucially, how to verify it — and these are methodological challenges which need to be addressed systematically.
That call for open source information to be used more widely has now been echoed by two researchers at the International Centre for Security Analysis, also at King’s College — not surprisingly, perhaps, since they too use this technique in their work:
> There is a powerful case for incorporating OSINT approaches to evidence-based policymaking. In the first place, evidence produced by OSINT methods can be both robust and rigorous, not least because it can be underpinned by extensive datasets. And in the second, it has the potential to be both transparent and verifiable; all open source evidence is, by definition, based on data that is publicly (and often freely) available.
However, they note that so far the uptake of such methods to inform policy-making has been very limited. Here’s why:
> At the heart of the problem is the fact that OSINT approaches are still relatively ‘young’ and, all too often in our experience, lack the rigour and reliability needed to underpin effective policymaking.
To overcome those issues, they suggest that practitioners of OSINT should develop more reliable open intelligence tools and methods, and should communicate better the advantages of this approach. They also urge policy makers to take open source intelligence into consideration as an additional form of evidence, but given the conservatism and risk aversion in these circles, I imagine it will take some time before that happens.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: open source intelligence, policy, research
Did US Send CIA Rendition Jet To Europe In The Hope Of Grabbing Snowden?
from the far-from-hopeless dept
Although we have various details of Edward Snowden’s journey from Hong Kong to asylum in Russia, we unsurprisingly know almost nothing of what the US was doing during this time as it tried to catch him. That makes the following story in The Register particularly intriguing:
> As the whistleblowing NSA sysadmin Edward Snowden made his dramatic escape to Russia a year ago, a secret US government jet — previously employed in CIA “rendition” flights on which terror suspects disappeared into invisible “black” imprisonment — flew into Europe in a bid to spirit him back to America, the Register can reveal.
The story’s credibility is greatly enhanced by virtue of who wrote it. Duncan Campbell has an unmatched track record for covering the world of spies and surveillance, which includes being the first to reveal the existence of both GCHQ and Echelon, the precursor to today’s Five Eyes surveillance system.
Whether or not you are convinced that the jet in question was sent to Europe in the expectation that it would come back with Snowden, Campbell’s story is well-worth reading, not least for this explanation of how the jet was tracked:
> [The CIA’s Gulfstream V jet] N977GA was not reporting its progress to air-traffic controllers, and thus it would normally have been necessary to use a massive commercial or military radar installation to follow its path. But, even if pilots have turned off automated location data feeds, ordinary enthusiasts equipped with nothing more than suitable radio receivers connected to the internet can measure differences in the time at which an aircraft’s radar transponder signal reaches locations on the ground. Using the technique of multilateration, this information is sufficient to calculate the transponder’s position and so track the aircraft. > > … > > Several such online tracking networks are active in the UK, using this and other sources of information: they include www.flightradar24.com, www.planefinder.net, Planeplotter (www.coaa.co.uk/planeplotter.htm) and www.radarvirtuel.com. UK-based Planeplotter is one of the more sophisticated of these global “virtual radar” systems. It boasts 2,000 members with receivers hooked up to the internet.
That’s a wonderful example of how a network of enthusiasts, using low-tech kit and the Internet, are able to piece together highly-sensitive information like the flight paths of CIA rendition jets. It’s a useful reminder that no matter how much the odds seem stacked against ordinary citizens, human ingenuity has a way of making the struggle against even the most powerful adversaries far from hopeless.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: cia, crowdsourced intelligence, ed snowden, open source intelligence, rendition jet