The field of OSINT

The Final Frontier?

Jan 01, 2022

The great hope of the 1990s and 2000s was that the internet would be a force for openness and freedom. As Stewart Brand, a pioneer of online communities, put it: “Information wants to be free, because the cost of getting it out is getting lower and lower all the time.” It was not to be. Bad information often drove out good. Authoritarian states co-opted the technologies that were supposed to loosen their grip. Information was wielded as a weapon of war. Amid this disappointment one development offers cause for fresh hope: the emerging era of open-source intelligence (OSINT).

This quote, from an article in The Economist, describes a field most people have never heard of. Indeed, I was totally unfamiliar with OSINT until quite recently, when I kept seeing the term being used on social media.

Jordan Wildon @JordanWildon

With increasingly explicit neo-Nazi views shared to over 334,000 people, QAnon influencer GhostEzra's Telegram was dubbed the "largest antisemitic online channel or forum." Today, we at @LogicallyAI can reveal the Florida man behind the anonymous account.

logically.aiEXCLUSIVE: Logically Identifies GhostEzra, Florida Man Behind World’s ‘Largest Antisemitic Internet Forum’GhostEzra runs the largest QAnon channel on Telegram, and has been spreading openly antisemitic propaganda for months. Using OSINT, we found him.

Then, I read a glowing review online about a recently published book, We Are Bellingcat.

I read the book, and frankly it blew my mind. What is it about? A section of the book jacket description reads:

We are Bellingcat tells the inspiring story of how a college dropout pioneered a new category of reporting and galvanized citizen journalists- working together from their computer screens around the globe- to crack major cases, at a time when fact-based journalism is under assault from authoritarian forces. Founder Eliot Higgins introduces readers to the tools Bellingcat investigators use, tools available to anyone, from software that helps you pinpoint the location of an image, to an app that can nail down the time that photo was taken.

This technique, collecting and analyzing data from resources open to the public, is known as open source intelligence, or OSINT. What would be the purpose of such an activity? We Are Bellingcat focuses on some of the group’s most important investigations: the downing of flight MH17 over Ukraine, Assad’s use of chemical weapons in Syria and the identities of alt-right protesters in Charlottesville, Virgina. As they explain in a website post for people interested in learning the basics:

The promise of open source research is that anyone — not just journalists or researchers at select institutions — can contribute to investigations that uncover wrongdoing and hold perpetrators of crimes and atrocities to account.
When we say “anyone”, we mean anyone: if you’ve an internet connection, free time, and a stubborn commitment to getting the facts right, then you too, can be an open source researcher.

Bellingcat @bellingcat

As 2021 comes to a close, here’s a look back at just some of the stories produced by Bellingcat over the past year. From Colombia to the US & from Russia to Ethiopia, our work has spanned the globe. It has also helped convict an assassin & identify potential war crimes 🧵

Columbia Journalism Review (CJR) published an article discussing terrorism and the Christchurch mosque shooting specifically and they noted:

Bellingcat…produced a comprehensive and contextualized report on the motives and movements of the Christchurch killer before he carried out the attacks. The piece contextualized his use of internet image boards and the references he made in his writings and video.
“His manifesto is not dangerous to the average reader,” Bellingcat’s Robert Evans, who wrote the piece, tells me. “The people who will be most influenced by the details of this are people who are already in the dark corners of the internet and already know.” Evans would not have posted Tarrant’s writing whole or uncontextualized, “but pointing out things he feels are important, what radicalized and influenced him is important.”

Another important figure in the realm of OSINT is Christiaan Triebert.

Christiaan Triebert @trbrtc

The three Oath Keepers we tracked in this Visual Investigation were indicted today in federal court on charges of: • conspiracy • obstructing an official proceeding • destruction of gov. property • unlawful entry on restricted building or grounds justice.gov/usao-dc/pr/thr…

Christiaan Triebert @trbrtc

In a selfie-video uploaded to Parler, two members of the Oath Keepers, a right-wing paramilitary group, cheer as they pan the Rotunda. “We took the Capitol!” Now, both face federal conspiracy charges. We tracked their movements on Jan. 6: https://t.co/XNswDetcRI https://t.co/rS4HQtT8xo

Born and raised in the Netherlands, Triebert was involved at Bellingcat during the website’s earlier years, and created a crucial toolkit for OSINT researchers (see tweet below). Among many other functions, such programs allow the user to track the course of specific planes and ships.

Bellingcat @bellingcat

The Bellingcat Online Investigation Toolkit contains masses of collected online tools, resources and apps to assist you in your own open source investigations docs.google.com/spreadsheets/d…

Triebert now works for the New York Times, using his research/analytical skills to help produce their acclaimed Visual Investigations series. The following information/article was released as I write this, from another staff member at the NYT.

Haley Willis @heytherehaIey

An analysis of confidential Pentagon documents by the Visual Investigations team found that civilian casualty allegations had been dismissed based on flawed reviews of evidence — which we were able to correct using openly available sources.

nytimes.comDocuments Reveal Basic Flaws in Pentagon Dismissals of Civilian Casualty ClaimsA Times investigation found inconsistent approaches to assessing claims of civilians killed by coalition forces — including failures to conduct simple internet searches.

The Visual Investigations team has done reports on everything from the horrific mass shooting in Las Vegas to the murder of journalist Jamal Khashoggi in Saudi Arabia. The video/documentary where the team studies the Jan 6 insurrection is the their masterpiece, though, and is on the shortlist for an Academy Award nomination (documentary short).

Christiaan Triebert @trbrtc

youtu.beDay of Rage: How Trump Supporters Took the U.S. Capitol | Visual InvestigationsThe Jan. 6 attack on the U.S. Capitol was perhaps the most widely documented act of political violence in history. The New York Times obtained, analyzed and ...

Speaking of Jan 6, Triebert is not the only person who has used OSINT methods to take a closer look at the attack.

Washington Week | PBS @washingtonweek

"A band of online sleuths called 'Sedition Hunters' has had an enormous effect on the Jan. 6 investigation" writes @ryanjreilly in @HuffPost. "Their dossiers are so in-depth that in some cases they effectively ghostwrote FBI affidavits" #WashWeekPBS:

bit.lyThe FBI’s Secret Weapon In The Capitol Attack ManhuntA band of online sleuths called “Sedition Hunters” has had an enormous effect on the Jan. 6 investigation. Next up: Holding the FBI’s feet to the fire.

ProPublica @propublica

ProPublica sifted through thousands of videos taken by Parler users to create an immersive, first-person view of the Capitol riot as experienced by those who were there.

propub.liWhat Parler Saw During the Attack on the CapitolProPublica sifted through thousands of videos taken by Parler users to create an immersive, first-person view of the Capitol riot as experienced by those who were there.

An army of so-called online sleuths, known as #seditionhunters, have assisted law enforcement in helping to identify people who broke the law that day, an operation that has become one of the biggest manhunts in history.

Frank Figliuzzi @FrankFigliuzzi1

We're learning more about what may have happened to deceased officer Smith on Jan 6: Online sleuths are knocking out cases that the feds have been working on for months. huffpost.com/entry/jeff-smi… via @HuffPostPol

huffpost.comA D.C. Cop At The Jan. 6 Riot Died By Suicide. Sleuths Identified 1 Of The Rioters He Battled.Less than 24 hours after a Capitol rioter was identified by online sleuths as a Capitol Hill chiropractor, the family of the late Officer Jeff Smith filed a lawsuit.

Christiaan Triebert @trbrtc

After @sparrowmedia released a video showing the face of the infamous “zip tie guy“, a group of Southern Appalachian activists identified him by sorting through footage of counter-protests in Tennessee last summer.

Opossum Press @OpossumPress

With videos of zip tie guy now being spread, we’ve found he’s attended some protests in the Nashville area in the same gear. https://t.co/BErxZbtm2X https://t.co/hI2YxiYK6X

John Scott-Railton @jsrailton

🚨BREAKING: reports that Eric Munchel (aka Male #1) was arrested by @FBI in Tennessee. Lucky for him he already likes handcuffs. We don't if a tip to the FBI played a role, but be proud if you contributed to ANY identification effort. THREAD Source: newschannel5.com/news/newschann…

An article in the Daily Kos explains:

John Scott-Railton is a senior researcher at the University of Toronto’s Citizen Lab, and swiftly identified Brock after image enhancement software made his outfit’s flair recognizable. There was the Texas flag patch, and even more helpful, there was the yellow fleur de lis of the 706th Fighter Squadron. Scott-Railton wasn’t the only person in what he calls the “digital ecosystem of accountability” to track Brock down, either: Michael Sheldon, of the Atlantic Council’s Digital Forensic Research Lab, also identified the 53-year-old father of three who lives in an affluent part of the Dallas metro area.

John Scott-Railton @jsrailton

🚨BREAKING: Lt. Col Ret Larry R. Brock (aka Male #2) has now ALSO been arrested by @FBI in Texas says @USAO_DC. Again, know if our notification to the FBI played a role yet. But very proud.

John Scott-Railton @jsrailton

BREAKING I can now confirm Male #2 w/ restraints is highly decorated combat vet & @AF_Academy graduate Lt. Colonel. Ret. Larry Brock of Texas. Releasing his name now after 24h of collaboration w/@RonanFarrow & his investigations team to confirm. https://t.co/nog9HI7DzX https://t.co/ClHImsFucM

emptywheel @emptywheel

A Tale of Two Zip Ties: The Different Fates of Eric Munchel and Larry Brock

emptywheel.netA Tale of Two Zip Tie Guys: The Different Fates of Eric Munchel and Larry Brock - emptywheelThe government is pushing hard to keep one Zip Tie Guy, Eric Munchel, in jail awaiting trial. With the other, retired Colonel Larry Brock, they’re already moving towards a plea on trespass charges.

Zoe Tillman @ZoeTillman

DC federal judge orders Eric Munchel (ID'd as the man photographed in the Capitol with zip tie handcuffs) to stay behind bars pending add'l review — prosecutors appealed after a TN judge ruled he could be released, noting, among other things, the "arsenal" they found in his home

Gisela Pérez de Acha is an attorney/reporter originally from Mexico, who has written on extremism and other topics.

She became so fascinated with the field of open source research that she started teaching a college level course in the topic. J298 OSINT Seminar- Open Source Investigations, at The University of California at Berkeley Graduate School of Journalism, teaches how to incorporate traditional investigative reporting with the latest OSINT methods. The schools website explains:

This class will be two part: a seminar focusing on a particular story in collaboration with the Associated Press, and a lab portion focusing on using cutting edge Open Source investigative techniques, pioneered by Berkeley’s Human Right’s Center, with investigative reporting and multimedia skills. This course will be co-taught by representatives from the Human Right’s Center, the Investigative Reporting program and Richard Koci Hernandez, with the objective of producing high-quality OSINT Investigations. AP journalists will also likely contribute to this seminar.

Gisela Pérez de Acha @giselilla

Last "OSINT Reporting Class" at @ucbsoj this year. Thanks to the @hrcberkeley queens: @KAlexaKoenig, @adlampros, @stephaniercroft & @bhngyn. Nothing would happen without them. And to @DavidBarstow for being our guide while bridging old-school investigative reporting with OSINT.

Finally, the investigative news site ProPublica has released a new mapping tool that looks at the persistent health/cancer risks that residents in certain areas have long faced due to pollution.

ProPublica @propublica

The EPA allows polluters to turn neighborhoods into “sacrifice zones” where residents breathe carcinogens. ProPublica reveals where these places are in a first-of-its-kind map and data analysis.

propub.liPoison in the AirThe EPA allows polluters to turn neighborhoods into “sacrifice zones” where residents breathe carcinogens. ProPublica reveals where these places are in a first-of-its-kind map and data analysis.

The Houston Chronicle notes:

The reporters explain how their work is especially important because it shows on a granular level what is known as the "cumulative" effects of pollution from all industrial facilities in an area, rather than a single facility on its own. The journalists spent two years analyzing an enormous amount of emissions data from a five-year span. ProPublica calls the final product "the most detailed map of cancer-causing industrial air pollution ever published." It's not meant to be a definitive indicator for any single case of cancer, they explain, but rather a resource for people to understand better the risks of where they live.

ProPublica has also been involved in investigating the capital insurrection: see here.

Marcellus Wallace's Briefcase

Discussion about this post