Marcellus Wallace's Briefcase

Share this post
The field of OSINT
robertkroupa.substack.com

The field of OSINT

The Final Frontier?

Robert Kroupa
Jan 1
3
Share this post
The field of OSINT
robertkroupa.substack.com

The great hope of the 1990s and 2000s was that the internet would be a force for openness and freedom. As Stewart Brand, a pioneer of online communities, put it: “Information wants to be free, because the cost of getting it out is getting lower and lower all the time.” It was not to be. Bad information often drove out good. Authoritarian states co-opted the technologies that were supposed to loosen their grip. Information was wielded as a weapon of war. Amid this disappointment one development offers cause for fresh hope: the emerging era of open-source intelligence (OSINT).

This quote, from an article in The Economist, describes a field most people have never heard of. Indeed, I was totally unfamiliar with OSINT until quite recently, when I kept seeing the term being used on social media.

Twitter avatar for @JordanWildonJordan Wildon @JordanWildon
With increasingly explicit neo-Nazi views shared to over 334,000 people, QAnon influencer GhostEzra's Telegram was dubbed the "largest antisemitic online channel or forum." Today, we at @LogicallyAI can reveal the Florida man behind the anonymous account.
EXCLUSIVE: Logically Identifies GhostEzra, Florida Man Behind World’s ‘Largest Antisemitic Internet Forum’GhostEzra runs the largest QAnon channel on Telegram, and has been spreading openly antisemitic propaganda for months. Using OSINT, we found him.logically.ai

August 20th 2021

1,173 Retweets2,913 Likes

Then, I read a glowing review online about a recently published book, We Are Bellingcat.

I read the book, and frankly it blew my mind. What is it about? A section of the book jacket description reads:

We are Bellingcat tells the inspiring story of how a college dropout pioneered a new category of reporting and galvanized citizen journalists- working together from their computer screens around the globe- to crack major cases, at a time when fact-based journalism is under assault from authoritarian forces. Founder Eliot Higgins introduces readers to the tools Bellingcat investigators use, tools available to anyone, from software that helps you pinpoint the location of an image, to an app that can nail down the time that photo was taken.

This technique, collecting and analyzing data from resources open to the public, is known as open source intelligence, or OSINT. What would be the purpose of such an activity? We Are Bellingcat focuses on some of the group’s most important investigations: the downing of flight MH17 over Ukraine, Assad’s use of chemical weapons in Syria and the identities of alt-right protesters in Charlottesville, Virgina. As they explain in a website post for people interested in learning the basics:

The promise of open source research is that anyone — not just journalists or researchers at select institutions — can contribute to investigations that uncover wrongdoing and hold perpetrators of crimes and atrocities to account.

When we say “anyone”, we mean anyone: if you’ve an internet connection, free time, and a stubborn commitment to getting the facts right, then you too, can be an open source researcher.

Twitter avatar for @bellingcatBellingcat @bellingcat
As 2021 comes to a close, here’s a look back at just some of the stories produced by Bellingcat over the past year. From Colombia to the US & from Russia to Ethiopia, our work has spanned the globe. It has also helped convict an assassin & identify potential war crimes 🧵

December 28th 2021

318 Retweets996 Likes

Columbia Journalism Review (CJR) published an article discussing terrorism and the Christchurch mosque shooting specifically and they noted:

Bellingcat…produced a comprehensive and contextualized report on the motives and movements of the Christchurch killer before he carried out the attacks. The piece contextualized his use of internet image boards and the references he made in his writings and video.

“His manifesto is not dangerous to the average reader,” Bellingcat’s Robert Evans, who wrote the piece, tells me. “The people who will be most influenced by the details of this are people who are already in the dark corners of the internet and already know.” Evans would not have posted Tarrant’s writing whole or uncontextualized, “but pointing out things he feels are important, what radicalized and influenced him is important.”

Another important figure in the realm of OSINT is Christiaan Triebert.

Triebert

Twitter avatar for @trbrtcChristiaan Triebert @trbrtc
The three Oath Keepers we tracked in this Visual Investigation were indicted today in federal court on charges of: • conspiracy • obstructing an official proceeding • destruction of gov. property • unlawful entry on restricted building or grounds
justice.gov/usao-dc/pr/thr…

Christiaan Triebert @trbrtc

In a selfie-video uploaded to Parler, two members of the Oath Keepers, a right-wing paramilitary group, cheer as they pan the Rotunda. “We took the Capitol!” Now, both face federal conspiracy charges. We tracked their movements on Jan. 6: https://t.co/XNswDetcRI https://t.co/rS4HQtT8xo

January 28th 2021

21 Retweets46 Likes

Born and raised in the Netherlands, Triebert was involved at Bellingcat during the website’s earlier years, and created a crucial toolkit for OSINT researchers (see tweet below). Among many other functions, such programs allow the user to track the course of specific planes and ships.

Twitter avatar for @bellingcatBellingcat @bellingcat
The Bellingcat Online Investigation Toolkit contains masses of collected online tools, resources and apps to assist you in your own open source investigations
docs.google.com/spreadsheets/d…
Image

June 2nd 2021

425 Retweets1,267 Likes

Triebert now works for the New York Times, using his research/analytical skills to help produce their acclaimed Visual Investigations series. The following information/article was released as I write this, from another staff member at the NYT.

Twitter avatar for @heytherehaIeyHaley Willis @heytherehaIey
An analysis of confidential Pentagon documents by the Visual Investigations team found that civilian casualty allegations had been dismissed based on flawed reviews of evidence — which we were able to correct using openly available sources.
Documents Reveal Basic Flaws in Pentagon Dismissals of Civilian Casualty ClaimsA Times investigation found inconsistent approaches to assessing claims of civilians killed by coalition forces — including failures to conduct simple internet searches.nytimes.com

December 31st 2021

30 Retweets57 Likes

The Visual Investigations team has done reports on everything from the horrific mass shooting in Las Vegas to the murder of journalist Jamal Khashoggi in Saudi Arabia. The video/documentary where the team studies the Jan 6 insurrection is the their masterpiece, though, and is on the shortlist for an Academy Award nomination (documentary short).

Twitter avatar for @trbrtcChristiaan Triebert @trbrtc
Day of Rage: How Trump Supporters Took the U.S. Capitol | Visual InvestigationsThe Jan. 6 attack on the U.S. Capitol was perhaps the most widely documented act of political violence in history. The New York Times obtained, analyzed and ...youtu.be

December 22nd 2021

3 Retweets11 Likes

Speaking of Jan 6, Triebert is not the only person who has used OSINT methods to take a closer look at the attack.

Twitter avatar for @washingtonweekWashington Week | PBS @washingtonweek
"A band of online sleuths called 'Sedition Hunters' has had an enormous effect on the Jan. 6 investigation" writes @ryanjreilly in @HuffPost. "Their dossiers are so in-depth that in some cases they effectively ghostwrote FBI affidavits" #WashWeekPBS:
The FBI’s Secret Weapon In The Capitol Attack ManhuntA band of online sleuths called “Sedition Hunters” has had an enormous effect on the Jan. 6 investigation. Next up: Holding the FBI’s feet to the fire.bit.ly

January 7th 2022

40 Retweets96 Likes
Twitter avatar for @propublicaProPublica @propublica
ProPublica sifted through thousands of videos taken by Parler users to create an immersive, first-person view of the Capitol riot as experienced by those who were there.
What Parler Saw During the Attack on the CapitolProPublica sifted through thousands of videos taken by Parler users to create an immersive, first-person view of the Capitol riot as experienced by those who were there.propub.li

January 6th 2022

6 Retweets14 Likes

An army of so-called online sleuths, known as #seditionhunters, have assisted law enforcement in helping to identify people who broke the law that day, an operation that has become one of the biggest manhunts in history.

Twitter avatar for @FrankFigliuzzi1Frank Figliuzzi @FrankFigliuzzi1
We're learning more about what may have happened to deceased officer Smith on Jan 6: Online sleuths are knocking out cases that the feds have been working on for months.
huffpost.com/entry/jeff-smi… via @HuffPostPolA D.C. Cop At The Jan. 6 Riot Died By Suicide. Sleuths Identified 1 Of The Rioters He Battled.Less than 24 hours after a Capitol rioter was identified by online sleuths as a Capitol Hill chiropractor, the family of the late Officer Jeff Smith filed a lawsuit.huffpost.com

August 13th 2021

407 Retweets1,020 Likes
Twitter avatar for @trbrtcChristiaan Triebert @trbrtc
After @sparrowmedia released a video showing the face of the infamous “zip tie guy“, a group of Southern Appalachian activists identified him by sorting through footage of counter-protests in Tennessee last summer.

Opossum Press @OpossumPress

With videos of zip tie guy now being spread, we’ve found he’s attended some protests in the Nashville area in the same gear. https://t.co/BErxZbtm2X https://t.co/hI2YxiYK6X

January 9th 2021

63 Retweets167 Likes
Twitter avatar for @jsrailtonJohn Scott-Railton @jsrailton
🚨BREAKING: reports that Eric Munchel (aka Male #1) was arrested by @FBI in Tennessee. Lucky for him he already likes handcuffs. We don't if a tip to the FBI played a role, but be proud if you contributed to ANY identification effort. THREAD Source:
newschannel5.com/news/newschann…
Image

January 10th 2021

1,740 Retweets8,136 Likes

An article in the Daily Kos explains:

John Scott-Railton is a senior researcher at the University of Toronto’s Citizen Lab, and swiftly identified Brock after image enhancement software made his outfit’s flair recognizable. There was the Texas flag patch, and even more helpful, there was the yellow fleur de lis of the 706th Fighter Squadron. Scott-Railton wasn’t the only person in what he calls the “digital ecosystem of accountability” to track Brock down, either: Michael Sheldon, of the Atlantic Council’s Digital Forensic Research Lab, also identified the 53-year-old father of three who lives in an affluent part of the Dallas metro area. 

Twitter avatar for @jsrailtonJohn Scott-Railton @jsrailton
🚨BREAKING: Lt. Col Ret Larry R. Brock (aka Male #2) has now ALSO been arrested by @FBI in Texas says @USAO_DC. Again, know if our notification to the FBI played a role yet. But very proud.
Image
Image

John Scott-Railton @jsrailton

BREAKING I can now confirm Male #2 w/ restraints is highly decorated combat vet & @AF_Academy graduate Lt. Colonel. Ret. Larry Brock of Texas. Releasing his name now after 24h of collaboration w/@RonanFarrow & his investigations team to confirm. https://t.co/nog9HI7DzX https://t.co/ClHImsFucM

January 10th 2021

1,174 Retweets4,514 Likes
Twitter avatar for @emptywheelemptywheel @emptywheel
A Tale of Two Zip Ties: The Different Fates of Eric Munchel and Larry Brock
A Tale of Two Zip Tie Guys: The Different Fates of Eric Munchel and Larry Brock - emptywheelThe government is pushing hard to keep one Zip Tie Guy, Eric Munchel, in jail awaiting trial. With the other, retired Colonel Larry Brock, they’re already moving towards a plea on trespass charges.emptywheel.net

February 23rd 2021

46 Retweets87 Likes
Twitter avatar for @ZoeTillmanZoe Tillman @ZoeTillman
DC federal judge orders Eric Munchel (ID'd as the man photographed in the Capitol with zip tie handcuffs) to stay behind bars pending add'l review — prosecutors appealed after a TN judge ruled he could be released, noting, among other things, the "arsenal" they found in his home
Image
Image
Image
Image

January 24th 2021

662 Retweets1,976 Likes

Gisela Pérez de Acha is an attorney/reporter originally from Mexico, who has written on extremism and other topics.

Perez de Acha

She became so fascinated with the field of open source research that she started teaching a college level course in the topic. J298 OSINT Seminar- Open Source Investigations, at The University of California at Berkeley Graduate School of Journalism, teaches how to incorporate traditional investigative reporting with the latest OSINT methods. The schools website explains:

This class will be two part: a seminar focusing on a particular story in collaboration with the Associated Press, and a lab portion focusing on using cutting edge Open Source investigative techniques, pioneered by Berkeley’s Human Right’s Center, with investigative reporting and multimedia skills. This course will be co-taught by representatives from the Human Right’s Center, the Investigative Reporting program and Richard Koci Hernandez, with the objective of producing high-quality OSINT Investigations. AP journalists will also likely contribute to this seminar.

Twitter avatar for @giselillaGisela Pérez de Acha @giselilla
Last "OSINT Reporting Class" at @ucbsoj this year. Thanks to the @hrcberkeley queens: @KAlexaKoenig, @adlampros, @stephaniercroft & @bhngyn. Nothing would happen without them. And to @DavidBarstow for being our guide while bridging old-school investigative reporting with OSINT.
Image

December 1st 2021

6 Retweets37 Likes

Finally, the investigative news site ProPublica has released a new mapping tool that looks at the persistent health/cancer risks that residents in certain areas have long faced due to pollution.

Twitter avatar for @propublicaProPublica @propublica
The EPA allows polluters to turn neighborhoods into “sacrifice zones” where residents breathe carcinogens. ProPublica reveals where these places are in a first-of-its-kind map and data analysis.
Poison in the AirThe EPA allows polluters to turn neighborhoods into “sacrifice zones” where residents breathe carcinogens. ProPublica reveals where these places are in a first-of-its-kind map and data analysis.propub.li

January 2nd 2022

40 Retweets51 Likes

The Houston Chronicle notes:

The reporters explain how their work is especially important because it shows on a granular level what is known as the "cumulative" effects of pollution from all industrial facilities in an area, rather than a single facility on its own. The journalists spent two years analyzing an enormous amount of emissions data from a five-year span. ProPublica calls the final product "the most detailed map of cancer-causing industrial air pollution ever published." It's not meant to be a definitive indicator for any single case of cancer, they explain, but rather a resource for people to understand better the risks of where they live.

ProPublica has also been involved in investigating the capital insurrection: see here.

Share this post
The field of OSINT
robertkroupa.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 Robert Kroupa
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing