Moderator's Note

This thread today had two other related threads merged together. 'Brown Moses' work is the focus and is separate from a general open source intelligence thread (ends).


A true "armchair" expert, who from his home, has become a reputable source of information and intelligence, much of it visual - shown on YouTube. Profiled today in the New Yorker (behind a paywall), but the Huffington Post has a full article too:http://www.huffingtonpost.com/2013/11/18/eliot-higgins-syria_n_4269417.html?utm_hp_ref=tw

A little background:
From his living room, Higgins was racing to solve the same whodunit confronting world leaders amid claims that Assad had unleashed chemical weapons against rebel sympathizers in the suburbs of Damascus. Was Zamalka a victim of such an attack? If so, who was responsible for the deed?

On paper, Higgins -- a 34-year-old with a 2-year-old daughter -- brought no credentials for the job. He had no formal intelligence training or security clearance that gave him access to classified documents. He could not speak or read Arabic. He had never set foot in the Middle East...Yes he has his critics and supporters - like this un-named CW expert:
I think Eliot has done a lot more for Syria than the U.N.Twitter shows 13k followers and 56k Tweets.

OSINT in a different way:
When viewed in isolation, the micro-dispatches posted to Twitter, Facebook and YouTube tended to confuse and overwhelm anyone trying to make sense of events. But if you viewed such posts together, Higgins realized, the photos and videos could yield detailed accounts of events across the globe. The posts could be used to fact check claims, providing clues far beyond what cameramen had intended to show. Arguments could be won, myths disproved, rival commenters put in their place.One wonders how OSINT and people like "Brown Moses" will fare when journalists and NGOs will have drones.

That's extraordinarily well-written for HuffPo.

A lengthy article from the Daily Telegraph, if you read the HuffPost piece possibly nothing new, but still of interest. A website is coming soon:
It is called bellingcat.com, and a stable of about 15 contributors will write on subjects including Africa and the Middle East; they are partnering with Uncoverage, a crowd-funding site for investigative journalists.

The extent of potential open source footage, first some context:
In 2007 Assad banned Facebook and YouTube, but after the current uprising began, in early 2011, and his grasp on the country started to weaken, he lifted the ban. The internet has since become a potent weapon for opponents of his regime.....After the Houla massacre Higgins realised that he could subscribe to every YouTube channel uploading footage from Syria, then aggregate the videos by region and organisation on his blog. He began by monitoring several dozen channels. Now he tracks 700.

Link:http://www.telegraph.co.uk/news/worldnews/middleeast/syria/10730163/The-blogger-who-tracks-Syrian-rockets-from-his-sofa.html

His results have certainly been very impressive. Some months ago I did watch some videos of that tragic and brutal civil war and was surprised by it's youtubezation. The flood of digital data over the net seems to have pushed the importance of that OSINT thing into new dimensions...

A very short film clip as he speaks to a Google audience:http://www.marketingmagazine.co.uk/article/1288554/google-marketing-chief-attacks-very-sad-youtube-twitter-ban-turkey

The flood of open-source data and information, reporting and propaganda streaming out of Eastern Ukraine did enable outsiders to get surprisingly quickly a good understanding or what might have happened. It does obviously not replace traditional or other means of gathering information to understand events but it does in many cases greatly aid them.

https://pbs.twimg.com/media/BsxLMxFIYAAtzAP.jpg

The geo-location of digital media like tweets, pictures, videos is greatly speeding up research and makes it far more accurate. Fascinating stuff. In this specific case the close links between Russian news outlets and Russian organizations in Eastern Ukraine and the Russian propaganda overdrive made many events quite visible. Girkins bragging about a downed aircraft, rebel boasting of Buk launchers, videos of said launchers, quick propaganda spread by Russia media and so forth all left leads pointing towards a highly likely chain of events.

https://pbs.twimg.com/media/Bsxc-huCIAEQ_ZI.jpg:large

Brown Moses is of course also involved (https://twitter.com/Brown_Moses/status/489868690247385088/photo/1).

In the great scheme of things OSINT will become increasingly important for all the interested actors.

Earlier this week there was a conference on open sources, Investigathon, even Google participated, as did Brown Moses.

The Google PPT is huge and took a long time to download, IIRC 130 plus slides and it defeated my understanding:http://dmrussell.net/presentations/Investigathon-final.pdf

This article follows MH17:http://gigaom.com/2014/07/18/want-to-help-fact-check-breaking-news-like-the-malaysian-airplane-disaster-heres-how-and-where-you-can-do-it/

Brown Moses has started a new website, but you need to donate to get access:https://bellingcat.com/

Quite a presentation, I don't think I will work through that.

The amount of digital material flowing out of war zones through various by many entities is indeed vast and varied. Without getting into the technical aspects it is in my opinion key to look at the big picture. Lets take first into account the following global trends:

1) An ever increasing amount of objects able to capture various data*
2) An increasingly wide and deep capability of long-range communication
3) An ever increasing importance of social media and data sharing

Even if it a simplistic take those overall trends will provide a increasing detailed, rich and robust base for OSINT. There is no doubt that parties will try to opress and counteract when it isn't in their interest but this can only achieved partly. Interestingly propaganda videos and dispatches have in many occasions revealed informations which backfired or harmed the producer's cause.

It is clear that not only media but various services, likely led by the US, have long started to make use of the recent waves of OSINT. The US has of course the advantage that the data of the most important software companies is on home soil and that it is present in different forms almost worldwide. The Ukrainians have been clearly saving lots of stuff coming over the social media so that the deleting stuff wasn't quite successful. Some cases in the Donbas like the famous seperatist Buk with three missile moving east have also shown that it is difficult to understand from the outside where to draw the line between OSINT and 'normal' covert observation. Was it filmed by a civilian, agent or infiltrated soldier? If it was the former was it first posted on YT or sent to a Ukrainian civil group or directly to the government?

Lots of question but there is little doubt that we will see the importance of OSINT growing.


*Smartphones, CCTV, dash-board cameras, and normal ones have been used to cite a few.

An interesting account of the open sources used to identify a photo of a mobile SAM-11 aka Buk:
In the wake of the tragic events of July 17th a number of photographs and videos were posted online claiming to show the Buk missile launcher that has been alleged to have been involved in the downing of flight MH17 in locations that were claimed to be near the crash site. Over the last 48 hours, using a variety of open source investigation techniques, it has been possible to identify the precise location some of these images were taken, confirming key claims about the location of the Buk missile launcher.

Link:https://www.kickstarter.com/projects/1278239551/bellingcat/posts/919158

Open source and the MH17 shootdown (http://armscontrolwonk.com/archive/4701/open-source-and-the-mh17-shootdown) links fine articles (some already posted) and has an interesting podcast with sometimes surprising background on some of the work. Overall good stuff.

Had also to laugh at how the trolls, in this 'Kremlin' ones, operated because it felt so familiar. Lie, busted, new lie, busted, new lie and so forth.

Another example of OSINT, notably satellite photos and videos, can help to explain events. 'Brown Moses' helped too:
Today marks the first anniversary of one of the biggest air strikes that has been conducted inside Syria, and particularly in the country's third largest city's of Homs, on a strategic Syrian army arms depots. .....Many believed that the attack in Homs on Aug. 1st, 2013, was carried out by Syrian armed opposition groups, launching Grad rockets towards the strategic arms depots of the Syrian army, resulting in a massive explosion that rocked the entire city of Homs.

Today and after almost a year after that strike, a number of never released before satellite photos revealed for the first time that the target was not the arms depots, rather a secret underground chemical weapons storage facility south of Homs.

Link:http://www.businessinsider.com/israel-bombed-a-secret-syrian-chemical-weapons-facility-2014-7#ixzz398mH7FT0

Note this was a year ago today and citing in part the conclusion:
This incident also suggests that Israel targeted the Syrian chemical weapons program at least once before the August 21st Sarin attacks in Damascus.

Bellingcat, his website got now £48,388 pledged of the £47,000 goal. I was one of them. It is of course not an investment for any monetary return but a support for high quality open research.

Bellingcat now offers open, public access - having raised funds - and in a case study (one of four) offers guidance on verifying film footage in:https://bellingcat.com/category/resources/case-studies/

The Independent @Independent

A crowdfunded site may have just exposed Isis using Google Maps http://bit.ly/1qCJctb

Moderator adds: This website is partly founded by "Brown Moses", an open source SME and documented on a thread 'OSINT: "Brown Moses" better than the UN on Syria':http://council.smallwarsjournal.com/showthread.php?t=19471

The UK blogger bellingcat who identified the IS training camp in Mosul via open source materials as well as working the open source location ID for the US journalist killing has been hit by a massive DDoS attack all day---this is interesting for two reasons 1) the IS did not believe open source could be so effective and 2) his work was also used in the MH17 open source materials.

So he has two groups angry at him that has the IT abilities of a DDoS---the IS and the FSB.


bellingcat @bellingcat

Bellingcat is still being DDoS'd by *someone*, if you don't know what a DDoS attack you can learn more here http://en.wikipedia.org/wiki/Denial-of-service_attack …

A group of crowd-funded citizen journalists seem to have located a training camp for the militant group ISIL using only online mapping services and some old-fashioned detective work. Bellingcat, which raised almost £51,000 ($85,000) to do its own unique form of journalism, was founded by Eliot Higgins, who became famous (and was profiled by the New Yorker) for proving Syria was using chemical weapons from his bedroom in Leicester, England using only images and videos available online. His team includes a mix of bloggers, research analysts, and traditional reporters.

http://www.defenseone.com/technology/2014/08/islamic-states-own-photos-were-just-used-find-one-its-training-camps/92267/

A twenty-five minute video, mainly PPT, which explains how Brown Moses works:https://bellingcat.com/resources/articles/2014/09/23/video-presentation-open-source-information-in-conflict-zones/

'Brown Moses' aka Eliot Higgins has been working on the MH17 shoot down again, supplying help to the police investigation and the Australian version of 'Sixty Minutes'. The later's report is available via:http://www.9news.com.au/world/2015/05/17/05/37/60-minutes-digs-into-mystery-surrounding-destruction-of-mh17

YouTube links found by Outlaw09 have been disabled due to copyright claims.

A short 4.5 minute interview with Eliot once more reveals how much can be found and verified from open source video:http://www.9jumpin.com.au/show/60minutes/extraminutes/4240894610001/

Note within the Ukraine: non-military thread are a number of posts on how the MH17 investigation has gone. Yes they are not easy to find, so this post has been added for reference.

'Brown Moses' aka Eliot Higgins has been working on the MH17 shoot down again, supplying help to the police investigation and the Australian version of 'Sixty Minutes'. The later's report is available via:http://www.9news.com.au/world/2015/05/17/05/37/60-minutes-digs-into-mystery-surrounding-destruction-of-mh17

YouTube links found by Outlaw09 have been disabled due to copyright claims.

A short 4.5 minute interview with Eliot once more reveals how much can be found and verified from open source video:http://www.9jumpin.com.au/show/60minutes/extraminutes/4240894610001/

Note within the Ukraine: non-military thread are a number of posts on how the MH17 investigation has gone. Yes they are not easy to find, so this post has been added for reference.

Next Phase in Bellingcat’s Ukraine Vehicle (Russian) Tracking Project via @bellingcat https://www.bellingcat.com/news/2015/05/18/next-phase-in-bellingcats-ukraine-vehicle-tracking-project/ …

Social media open source analyst using a Russian mapping satellite actually confirms it was a Russian invasion not an incursion—maybe someone should let DoS and the White House know about this satellite imagery if the US IC does not have it.

Russian owned Yandex has been quite helpful to further expose the Russian invasion into Ukraine last summer... :P.

But Yandex also revelas this battery of D-30 heavy artillery a little bit more south.
https://maps.yandex.com/?ll=38.29919...19&l=sat%2Cskl … pic.twitter.com/lAw3IvxuHy

Like these MSTA-S reported by @JulianRoepcke
https://twitter.com/JulianRoepcke/st...43483592847361 … pic.twitter.com/kONJFCDXql

Yandex also shows a lot of Russian artillery positions at height of Komsomolske-Telmanove. pic.twitter.com/19trsHCgRz

Yandex still shows some military vehicles on that invasion route into Ukraine.
https://maps.yandex.com/?ll=38.82076...18&l=sat%2Cskl …
@JmmJhnsn pic.twitter.com/GgyyxDKvsE

Yandex shows where Russians massively crossed border to cut off Ukraine army at Saur Mogila
https://maps.yandex.com/?ll=38.81279...17&l=sat%2Cskl … pic.twitter.com/HUMVmnwdVu

It looks like Russian Hollywood produced another idiot video of OSCE dragging a dead Azov soldier behind their car. https://twitter.com/hellmuthcstuven/...16967540002817 …

Yandex reveals where Russians crossed the border to arm and supply their militia in Dmytrivka
https://maps.yandex.com/?ll=38.92793...19&l=sat%2Cskl … pic.twitter.com/wIcjIqzmNj

Yandex reveals yet another not seen before MLRS & artillery location from Russia into Ukraine
https://maps.yandex.com/?ll=38.91726...18&l=sat%2Cskl … pic.twitter.com/83vuX6Ygju

Some more (other kind of) vehicles can be seen nearby too:
https://maps.yandex.com/?ll=38.95734...19&l=sat%2Cskl … pic.twitter.com/20BZuYMY6I

UPDATE Now Yandex shows Russian BUK battery near Marynivka in its full glory #MH17http://ukraineatwar.blogspot.co.uk/2...images_20.html …
@finriswolf pic.twitter.com/d9J3S5w6LH

Yandex reveals Russian MLRS attack into Ukraine bigger than GRAD: Uragan, Smerch or Tochka-U?
https://maps.yandex.com/?ll=38.35119...18&l=sat%2Cskl … pic.twitter.com/lmHJonUa1m

Photo of the ad hoc Russian field ammunition depot south of Marynivka.
pic.twitter.com/T5QfpwfKKR
via @ravelin_by

It turns out that Google Earth now also shows the Russian ammunition depot south of Marynivka. pic.twitter.com/fFYLLtC4CZ

Yandex reveals a Russian field ammunition depot south of Marynivka
https://maps.yandex.com/?ll=38.96378...18&l=sat%2Cskl …
via @ravelin_by pic.twitter.com/mlooUGdeTc

Perfect example of both informational warfare and OSINT--first clear breakout of a Russian Spetsnaz team by functions and mission sets.

Two really well done POW videos from the two captured Russian Spetsnaz—target audience will be Russia and those that believe massively in the Russian disinformation.

The videos are also a way for allowing their families know they are alive and well as they fully named their Russian addresses--these will definitely be broadcast by Radio Free Europe today and the families will then via radio reports get the notification. The Ukraine has indicated they will allow family contacts if the families approach them.

Ukrainian POWS have been treated in a far more brutal fashion to even executions after capture and torture. Minsk 2 stated all for all must be exchanged and the Ukraine has provided Russia with a list of 401 that have not been exchanged and no info on their locations and or conditions.

Kind of kills the Russia official line especially from Putin’s spokesperson and the Russian MoD that they were “former Russia service members”.

It will be a potent response to the Russia countless statements "we ain't in the Ukraine or it's not us-- it is the mercenaries".

The last comments by the SF CPT---the top is skimming the cream and the low are skimming the blood is a telling statement from a Russian professional officer and a Spetsnaz member.

There is no pressure on the two and from all accounts Ukraine medical treatment saved the leg of the SGT.

Security Service of #Ukraine posted NEW video of #Russian POWs with English subtitles!
https://www.youtube.com/watch?v=7qLqQL7YJiI …
https://www.youtube.com/watch?v=L3khPZucwTQ …

Reference the shot down of MH17.

bellingcat @bellingcat
Who to Trust, Google or the Russian MoD? A Guide to Verifying Google Earth Satellite Image via @bellingcat https://www.bellingcat.com/resources/how-tos/2015/06/05/google-earth-image-verification/

bellingcat @bellingcat
Does Ukraine Have 9M38M1 Missiles? via @bellingcat https://www.bellingcat.com/news/uk-and-europe/2015/06/04/4010/ … pic.twitter.com/spTPihTgxC

Eliot Higgins @EliotHiggins
Just been reviewing the Russian MoD images for our new report, just noticed this little issue

pic.twitter.com/7SGuBxDXC2

Note: appears to be a BUK missile launcher.

Inspired by @EliotHiggins, Google’s New YouTube App Crowdsources War Reporting with the help of @Storyful
http://www.wired.com/2016/04/googles...war-reporting/ … via WIRED

Social media open source analysis has now gone mainstream.....will be interesting to see if western MSM keeps up.....

Eliot Higgins ‎@EliotHiggins
Details about Montage, the new conflict video analysis platform
https://medium.com/jigsaw/montage-the-next-generation-of-war-reporting-a04f4176aff#.nqpk2btk5 …
Access it here http://montage.storyful.com

There are numerous posts which show Bellingcat aka Eliott Higgins at work elsewhere. Notably a 100 plus on the Syria and Ukraine threads. This thread appears to be mainly about his early period and the tools he has developed.

Azor...you do realize and hopefully accept the simple fact that OSINT provides roughly 80% of ALL intel....the remaining 20% is the technical side that usually is used to confirm...deny and or to monitor further developments.


If you have been following both this thread and Ukrainian thread you know that...it was the lonely Brit sitting on his sofa that did the world's first really solid OSINT reporting and analysis on the 2013 Assad CWs attack when the rest of the entire MSM still was doubting it was a CW attack...since then he and others around him have developed a number of analysis tools for social media and media in general that are rapidly outperforming even intel OSINT tools...and they are free and open source.

Out of that came @bellingcat now a premier OSINT analysis team and trainers for investigative journalism and a heavy users of social media for a number of things....

LIKE basically calling CENTCOM lairs when they claimed they hit IS/AQ in a mosque not civilians...which would be a war crime and it was a war crime...

If you get to Oxford, England he is giving a public talk on 22nd January 2018 @ Nuffield College, the hosts are Oxford Intelligence Group (OIG). From their announcement:
Bellingcat founder Eliot Higgins examines the way in which a wealth of open source information is changing the way we understand conflict, and the implications in a range of fields, from journalism to justice and accountability.
Eliot Higgins is an award-winning investigative journalist, and founder of the Brown Moses Blog and Bellingcat. He publishes the work of an international alliance of fellow investigators using freely available online information. He has helped inaugurate open-source and social media investigations by trawling through vast amounts of data uploaded constantly onto the web and social media sites. His enquiries have revealed extraordinary findings on subjects such as the downing of flight MH17 in Ukraine, and the 21 August 2013 Sarin attacks in Damascus.
More details PM me please.

There are a number of recent posts to Bellingcat's recent work on the attempted murder of a GRU defector in Salisbury, UK. See Posts 75, 77 & 80 on that thread:http://council.smallwarsjournal.com/showthread.php?14375-Recent-Russian-Intelligence-Operations/page4

An exploration of Bellingcat in 'The Spectator' alas behind a paywall, which considers the allegations made it is a servant of the UK / US agencies. It ends with this:
The real secret of Bellingcat is that they have stumbled upon a disturbing truth: that it has become impossible to tell analogue lies in a digital world. In an age where almost all personal data is searchable and every event photographed, the most secret information is often hiding in plain sight. All you need to know is where to look for it — even if that means delving into the internet’s darkest corners.
Link:https://www.spectator.co.uk/2018/10/how-bellingcat-outfoxes-the-worlds-spy-agencies/?

The opening part of a Bellingcat investigation into the private operator of UK and other nation's visa issuing being subverted by the Russians, hence the two Skirpal suspects having visas for year to enter the UK and other European nations. It starts with:
One of the unanswered questions lingering after Bellingcat’s unmasking of the identities of suspects in the botched-up poisoning of Sergey and Yulia Skripal, is how two (or, likely, more) undercover GRU officers were able to obtain visas to travel to the UK. Securing a visa to the UK – as to most of EU destinations – is not a trivial procedure. A single-entry visitor visa is relatively straightforward to procure – it requires either an invitation from a UK resident or business, or a pre-arranged tourist trip.

Link:https://www.bellingcat.com/news/uk-and-europe/2018/11/16/spies-without-borders-fsb-infiltrated-international-visa-system/

Social media OSINT*.

A warship of Russia's Northern fleet entered the Black Sea on Wednesday, January 9. The vessel in question is the Severomorsk (619) anti-submarine Udaloy-class destroyer, according to Andriy Klymenko, an expert with the Ukraine-based Maidan of Foreign Affairs Foundation. "For the first time since the start of Crimea occupation, a warship of the Russian Northern fleet – not just a landing ship of another fleet but the one that is part of the Russian navy's main strike force – has entered the Black Sea waters," * the expert wrote on Facebook, also posting the relevant photos of the destroyer.

https://www.unian.info/politics/10402719-russia-deploys-northern-fleet-s-warship-to-black-sea-photo.html

The latest Bellingcat update on the Skirpal attack in the UK; another apart will follow. A glimpse into "escape and evade":
It is unclear what Fedotov’s role may have been, if any, in the preparation and execution of the poisoning operation. We could also not establish if he traveled to Salisbury on any of the days he was in the UK. He had booked a return flight on Aeroflot’s SU 2579 from Heathrow to Moscow in the afternoon of March 4, the day on which Sergey and Yuliya Skripal collapsed unconscious. However, he never boarded that flight. PNR records seen by Bellingcat and its investigative partners show that despite checking in to that flight around noon on March 4, “Fedotov” was a last minute no-show. Instead, using transportation that has yet to be identified by us, he made his way to Rome, and boarded a flight at 15:30 that same day back to Moscow.
Link:https://www.bellingcat.com/news/uk-and-europe/2019/02/14/third-suspect-in-skripal-poisoning-identified-as-denis-sergeev-high-ranking-gru-officer/comment-page-1/#comments

Next part on the investigation. Note some of the information gained came from archived Russian public records and the use of "helpers" to check existing public records which is not open source information.
Link:https://www.bellingcat.com/news/uk-and-europe/2019/02/21/the-search-for-denis-sergeev-photographing-a-ghost/

Bellingcat continues to provide information, in this example they cannot confirm the identity of the "third man" or the officer in charge of the GRU mission. This final sentence should encourage you to read the article:
The involvement of a GRU Major General would indicate the unusually high importance of the operation.
Link:https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/