The Useful Idiots of Open Source Investigation
As part of open source investigations we draw on a wide variety of sources, from satellite images to social media posts. Often key evidence comes from the people or organisations being investigated, or people close to those organisations, oversharing information on social media and other channels, providing crucial information that damages their own cause. Over the last few years I've encountered multiple examples of these useful idiots providing key information to open source investigators as they search for the truth.
Volcanoes in Damascus
In the wake of the August 21st 2013 Sarin attacks in Damascus there was a great deal of debate over who was responsible for the attacks, with some claiming the attacks were a false flag operation to draw Western powers into the conflict on the side of the opposition. Key to these claims were the use of a previously unknown munition which some claimed could have only come from a opposition workshop.
The remains of a chemical rocket used on August 21st 2013
Thanks to the Syrian media and military it was not only possible to show this was untrue, but to also glean further information about the munition that gave a clearer indication of who was responsible. A few months after the Sarin attacks, after the threat of foreign intervention subsided, videos began to be posted online showing the same types of rockets used on August 21st, but rather than coming from opposition channels they were posted on channels belonging to pro-Syrian government groups, showing their use by the Syrian military.
From multiple sources it was possible to establish there were two sizes and types (chemical and explosive) versions of these rockets, known at Volcano rockets, and multiple pro-government sources confirmed the use of the explosive version by pro-government forces.
A Volcano rocket launcher featured in
Embedded OPSEC Nightmares
In both the Syrian and Ukrainian conflict journalists, bloggers, and various hanger-ons have become embedded or otherwise attached to military units, providing unique access to forces on the ground. For open source investigators they have become a great source of the sort of information those groups probably didn’t want shared all over the internet.
ANNA News became well known for their footage from the Syrian military, in particular footage they recorded from cameras mounted on the turrets of Syrian tanks. Their strongly pro-government stance allowed them access that most news organisations could only dream of, producing unique footage of the conflict. In one instance, as documented by Storyful, the destruction of a tank was filmed both by ANNA News and the Syrian opposition fighters who destroyed it.
ANNA News also provided key information on the August 21st 2013 Sarin attacks. In the weeks before the attacks ANNA News was embedded with a Syrian military unit tasked with capturing a strip of territory in Damascus, as part of Operation al-Kabune. Using the series of videos they released it was possible to map out the progress of this operation, showing the Syrian military had control of an area that would have allowed them to launch the August 21st Sarin attacks, and added more context to why the attacks would have been launched in the first place. Without the footage from ANNA News it would have been impossible to verify the positions and movements of government forces prior to the August 21st attacks, and their motivation for being in the area.
Another open source useful idiot is Graham Phillips, who has made his name from buddying up to Ukrainian separatists and producing numerous YouTube videos from Ukraine, some of which have inadvertently provided key information about the involvement of Russia in the conflict in Ukraine. In a February 2015 video he passes a column of tanks near the town of Debaltseve in Ukraine.
This 32 second piece of footage of Phillips inadvertently exposes Russia’s secret war in Ukraine. Without realising it, Phillips was passing a convoy of T-72B3 tanks, a variant of T-72 tank not used by the Ukrainian military, and currently in service with the Russian military. Rather than filming tanks captured by Ukrainian separatists from the Ukrainian army, Phillips’ footage exposed Russia’s provision of tanks to Ukrainian separatists.
Phillips’ work also played a key role in a video produced by Ukraine’s Dnipro Battalion, which combined their own drone footage of Ukrainian separatist positions with open source material, including Google Maps, Google Street View, and Phillips’ footage of dancing at the birthday party of a separatist commander.
Who Needs Embeds?
Of course, it’s not just embeds who become open source useful idiots, but fighters themselves. Both sides in Syria have revealed more than they probably intended on social media, with the most glaring example coming from the start in 2013. At the start of 2013 weapons began to appear in Syrian opposition videos that had not been seen in the conflict before. Dozens of videos featuring these weapons were uploaded to YouTube from the start of 2013, and within weeks over a hundred of these videos were online.
From the videos it was possible to establish it was mostly groups in the south of Syria receiving the weapons, those groups had ties to organisations and governments outside of Syria and were considered moderate opposition groups, and the weapons all had links to one country, Croatia. The New York Times took these video and related research to various contacts and it soon transpired that the Saudi government had purchased the weapons from Croatia and flown them to Jordan to arm rebel groups in the south of Syria. What was meant to be a secret operation to arm Syrian opposition groups ended up being a front page New York Times story, thanks to the injudicious use of YouTube by the Syrian opposition groups who received them.
In Ukraine the soldiers of the Russian Federation have repeatedly provided evidence that, despite Vladimir Putin’s denials, Russian troops and equipment are in Ukraine, fighting against the Ukrainian military. Russian solder Bato Dambaev became an unwitting celebrity after his movements from Russia to Ukraine, covered in the Atlantic Council’s Hiding in Plain Sight report, were recreated by VICE News journalist Simon Ostrovsky. Ostrovsky retraced Dambaev’s movements using Dambaev’s own social media posts, recreating the photographs Dambaev posted from Ukraine and Russia. The resulting video, Selfie Soldiers, has over 1.1 million views on YouTube, making it one of VICE News’ more successful report, all thanks to Bato Dambaev’s social media posts.
It’s not only individual Russian soldiers who give the game away, but sometimes entire units. A recent report on Russia’s 6th Tank Brigade used the collected social media profiles of dozens of soldiers belonging to the same tank brigade to trace their brigade’s movements through Russia and into Ukraine.
Corruption, Instagram, and You
It’s not just conflict zones where open source useful idiots come into play. Recent work by anti-corruption activist and Kremlin opponent Aleksey Navalny has used open source investigation into Instagram accounts to expose the spending habits of Vladimir Putin’s press secretary, Dmitry Peskov. Navalny began by revealing that a watch worn by Peskov was worth upwards of $600,000, despite Peskov’s approximate annual salary of $147,000. Navalny then followed this up with an investigation into reports that Peskov was spending his honeymoon sailing around the Mediterranean Sea on the Maltese Falcon, a yacht that in August cost 385,000 Euros a week to rent. Peskov had denied he was on the yacht, claiming he was at a hotel in Sicily and not at sea.
Navalny used a combination of open source resources to prove that Peskov was in fact sailing around the Med, the most damning being the Instagram photographs of his step-daughter, who posted a series of photographs during the week of Peskov’s honeymoon that have geotags for Sardinia. While geotags can be easily changed or faked, one image was particularly revealing, showing a member of Peskov's family wearing a robe, with “Maltese Falcon” embroidered on it.
“Maltese Falcon” embroidered on Peskov's family member's robe.
Other open source investigators would go on to use sources such as publicly accessible webcam streams to confirm the Maltese Falcon was in Sardinia, along with Peskov and his new family.
Aleksey Navalny continued his search of Peskov’s friends’ and families’ social media accounts, next identifying a series of Instagram posts geotagged to a house in a wealthy district in Moscow. Navalny investigated who owned the property, and records revealed the property, valued at $7.1 million, had been purchased by his wife-to-be, Olympic figure-skating champion Tatiana Navka, earlier in the year. Tatiana Navka refused to comment on the investigation, describing Navalny as a “maniac”.
Time and time again it can be demonstrated that often the best information comes from those people who should be far more careful about the information they share online, and while that information keeps being shared online, open source investigators will be able to take advantage of it.