How Do You Know
What's True?
That's the premise behind "Disinformation" - with award-winning Evergreen host Paul Brandus. Get ready for amazing stories - war, espionage, corruption, elections, and assorted trickery showing how false information is turning our world inside out - and what we can do about it. A co-production of Evergreen and Emergent Risk International.
OSINT, pt 2: Global Affairs and Speed & Accuracy
| S:3 E:5"Open-source intelligence is a critical way of helping not just governments, but the private sector form judgments about critical issues."
This episode is the second in a series covering Open Source Intelligence (OSINT). Here, we focus on Bellingcat's investigative work into the 2014 shooting down of a passenger jet in Eastern Ukraine, the interest of the U.S. Department of Defense in OSINT, and the nuances of using investigations over intelligence. Guest Noemi Macero and host Paul Brandus discuss the impact of OSINT on forming judgments for governments and the private sector, and how uncovering open-source methods can enhance traditional journalism and combat disinformation.
[00:03:36] Democratization of intelligence analysis.
[00:04:39] Open source data investigation.
[00:12:03] OSINT-related tools.
[00:16:39] Balancing speed and accuracy.
[00:19:26] Handling fast-moving incidents.
Got questions, comments or ideas or an example of disinformation you'd like us to check out? Send them to [email protected]. Subscribe wherever you get your podcasts. Special thanks to our guest Noemi Macero , our sound designer and editor Noah Foutz, audio engineer Nathan Corson, and executive producers Michael DeAloia and Gerardo Orlando. Thanks so much for listening.
Where to Listen
Find us in your favorite podcast app.
00:05 Desi Demanova: In our last episode, we looked at the investigation using Open Source Intelligence, OSINT for short, into the 2014 shooting down of a passenger jet by pro-Russian rebels in Eastern Ukraine. We focused on the meticulous efforts of a Dutch-based group called Bellingcat. In this episode, we'll hear from Bellingcat's Chief Operating Officer on what else can be learned from Open Source Intelligence It turns out that one rather large organization was quite interested, U.S. Department of Defense. We'll also learn more about OSINT and the insidious craft of disinformation. I'm Paul Brandus, and that's the name of this podcast series, Disinformation, a co-production of Evergreen Podcasting and Emergent Risk International, a global risk advisory firm. Later in this episode, I'll be joined by one of ERI's intelligence analysts, Noemi Macero. Open-source intelligence is a critical way of helping not just governments, but the private sector form judgments about critical issues. But the chief operating officer of Bellingcat would actually prefer to avoid use of the word intelligence. That's COO Desi Dmanova explains.
01:29 Paul Brandus: Investigations, I would like to say here that we would prefer to use the word, we prefer to use investigations and not intelligence because it's a little bit different. So at the start, the very first days of Bellingcat actually were discovering things which are on social media and basically corroborating the narrative which was visible on the traditional media. So And then we discovered through our work the potential of these open source methods that can contribute to traditional journalism. So nowadays we call ourselves a collective that was a pioneer in a way in 2014 for open source methods to be used as additional methods for traditional journalism, so a lot of media now see us as being the first ones to discover this potential and we are also very happy that one of our first employees have now been hired by New York Times, by the BBC, so basically we have been some sort of an incubator for talent in that area, so we consider maybe that to be our modest contribution in the field of journalism, but also now we apply our methods in a lot of other fields in collaboration with other actors, so that is also contributing, we think, to society, we hope.
03:04 Desi Demanova: Russia's war on Ukraine well into its third year is a prime example of how it is contributing. Open source intelligence, or in de Manova's preferred parlance, information, has allowed analysts, unaffiliated with any government, to track the war by studying everything from satellite imagery, phone calls, social media, and more. In a way, you might say that intelligence gathering and analysis has now been democratized. but having so much information out in the open for any skilled analyst can be a double-edged sword. DeManeva offers this example of how one Bellingcat analyst discovered something that theoretically could have placed American troops, even the security of nuclear weapons, at risk. It seems that some service members were logging on to Quizlet, a California-based company that provides online tools for studying and learning.
04:04 Paul Brandus: So one of our researchers who comes from educational backgrounds, he has a very keen interest in looking for how applications on internet are used to memorize languages, for example Quizlet. So at some point he was looking into Quizlet and discovered an interesting pattern that triggered his further curiosity. So, he discovered that usually Quizlet is used for people that learn new languages to memorize words. But he discovered a pattern that he saw a lot of data on Quizlet being numbers. So, he thought like, to me that doesn't make a lot of sense, so I just want to dig further. So he started digging further and he saw more instances like this appearing on Quizlet and then he found that the people using that did not have their privacy settings on closed but on open and then he discovered the people behind and then these were American soldiers, he found their… profiles on Facebook because they were also open and then what he discovered is that these American soldiers were using Quizlet to memorise codes of nuclear vaults in the Netherlands where American nuclear weapons are also guarded. So this was everywhere on the internet for everyone to see. And this is not misinformation or disinformation, I mean the intent was just to use something to memorise very complicated or a lot of data, but so the investigation became bigger and bigger and then what we found out was actually quite dangerous because inadvertently, you know, the codes, but also the places of the security cameras and also the badges and a lot of very, very highly sensitive security details were just like in the open internet. So we did the investigation and before publishing, because this is like a big scoop, so we approached the Dutch Ministry of Defence and also the Pentagon and said, look, we have this information, what to do about this. So they were like really shocked. that we could discover that in such a way. Also took us one investigator and like, I don't know, a month with very limited resources.
06:39 Desi Demanova: All of that uncovered in about a month by one analyst with limited resources. Imagine what Russia, China or someone else might be able to do. Dymanova continues her story.
06:52 Paul Brandus: So they had to change the codes. So this story, when we published it, after the codes were changed, generated an enormous world coverage. It was even published in Kiribati and translated in so many languages. So this is just an illustration of what the potential of open source is. not only to discover wrongdoing, but just how real curiosity, a combination of curiosity, freedom of our researchers to do, to research what they are interested in, not being limited by time or by any assignment for something to research. Of course, it may be very simple, but there's a combination of things which actually describes or defines our methods. So we use open source to discover all kinds of things.
07:50 Desi Demanova: All kinds of things, indeed. And perhaps something that governments cannot do, but private analysts can, is to crowdsource ideas and research, which can yield results in some very important ways.
08:04 Paul Brandus: For us, what is important is how we contribute to this public interest, because you can have different definitions, but then what the difference is, is how somebody contributes to that public interest. So in our goals, that's why we have decided, actually, it's a choice not to be a company, but to be for non-profit and also a charity. So this choice means that our purpose in what we do is we want to use our skills to contribute to public good in our area, using open source to discover wrongdoing or to discover facts which can help further investigation or uncover crimes or shed light on war crimes or human rights abuses.
08:55 Desi Demanova: Let's take a short break here. When we come back, more on the war in Ukraine and also Israel and how the craft of OSINT can help safeguard employees and business operations in potentially dangerous places. We'll be joined by Noemi Masoiero of Emergent Risk International.
09:17 ad read: This series on disinformation is a co-production of Evergreen Podcasts and Emergent Risk International, a global risk advisory firm. Emergent Risk International. We build intelligent solutions that find opportunities in a world of risk.
09:40 Desi Demanova: Welcome back to Amy Masiero of Emergent Risk International is a GSOC lead based in Portugal, who offers an example of how she uses open source intelligence on behalf of a client, which operates in Ukraine.
09:55 Noemi Masoero: With my team, because of the duty of care that we owe to our client, we have to ensure the security and safety of our employees and travelers in Ukraine. And as you can imagine, the situation in Ukraine and getting information about incidents in Ukraine, it's not that easy. So we have realized that an excellent source is the telegram account of the mayor and we use on a daily basis as soon as we have the information about siren activation. So we try to always find new sources that are reliable especially for situations that are a bit plagued with myths and disinformation. But Vitalik Ishchitko has proven to be like an excellent source for us. And as I was saying, we always try to strive for increasing the amount of local sources that we get. And he, him and several other mayor has been excellent sources for us. And the main one, the main source has been really their Telegram account. It's up to date. immediately with all the information about the incident development that then is also and I can really see that he is the best source because he is then also used by other international media outlet that I consider as reliable so like it crystallizes the level of reliability of a source I would say yeah.
11:42 Desi Demanova: So just to make sure I understand, I mean, ERI has clients that have various operations in Ukraine, and the mayor of Kiev, his Telegram account is a principal source of information there. What other tools do you find, what other OSINT-related tools do you find useful?
12:03 Noemi Masoero: I use a lot Twitter and for the same reason, um, as the one that I just detailed before, I tend to use, um, I tend to perform the researches in local languages because it ends up providing that, um, immediate information from local sources. And then hopefully it's then also like verified by other international media outlets that we consider it as reliable. But oftentimes, you get that first input from local sources, I would say. To do so, you have to use some Google dorks. You apply them to Twitter. You can decide that you want to make a research just in a specific language by using the Google dork lang double dot and then the code of the language. Otherwise, you can directly input words. in that language. So, for example, if I use, for example, for the situation in Israel, oftentimes we get information about terrorist attack in Israel, and rather than looking at the name written in in the language we translate it in English, I would go and look for it in Hebrew. And if you take the word of the name of the city written in Hebrew, and then you input it directly into Twitter, it's likely that you're going to get way more information than if you perform a research in English or in whatever other language.
13:38 Desi Demanova: Of course, one problem with Twitter, or X as it's officially called, is that safety and verification standards have eroded since the company was purchased by Elon Musk. It is easier for false narratives to gain traction, obviously complicating the job for any analyst.
13:57 Noemi Masoero: It's a big, big part of open source intelligence, right, is that it isn't used both to gather, but it has to also be verified because otherwise we are just going to be part of a misinformation, disinformation in this case. And we really want to avoid that for our clients and for the broader reputation of URI. Sometimes it can still happen, right? Because we work in a very fast-paced environment and sometimes you don't have the luxury to ensure that the information is accurate 100%. What I do is that I make sure that we don't surf on like, you know, like when there is an incident going on, it's really hard to make sure that you're accurate reporting on it. So what I do is that I try to avoid as much as possible sentimentalist language, first of all, when I report it, because for sure there's going to be incidents that afterwards are going to be very different than when we initially reported on them, right, because this is the incident as a trajectory. And so afterwards, we're going to maybe discover that this incident was a terrorist attack. It was done by the ISIS-K, et cetera, et cetera. So if initially I need to report immediately on the client and I don't have the luxury to ensure that this is 100% accurate. So what I'm going to do is that I'm going to really try to make it as neutral as possible, avoid saying who did it, if it was terrorism or not. I'm going to try to use a language that is as neutral as possible and it ensures that even if it's read weeks afterwards, it's still going to be somehow accurate in the sense that I didn't say something that I didn't give responsibility to someone that ended up not being true, if that makes sense. Everything to say that, unfortunately, we don't always have the time because we live in this super fast-paced environment. We handle tactical events rather than strategic ones. The strategic ones, you have the time. to ensure that the information you're providing is correct with the tactical ones, with clients and stakeholders that are waiting for you to provide a report, oftentimes don't have it. So what you can do is that you can just ensure that you are providing something that is neutral.
16:27 Desi Demanova: So there's a bit of a conflict then between speed and accuracy. You want both, but sometimes it's not possible to have both. How do you thread that needle? Obviously, your clients need information quickly, but it has to be accurate. And you said that it's impossible to have 100% accuracy. I think you have to have a confidence level of a certain degree. to pass something on to your client. What is that confidence level for you? In other words, can you say, you know, we have a 95% confidence level in this or something like that? How do you thread the needle between speed and accuracy?
17:15 Noemi Masoero: So one thing that is super important that is part of all of this is, of course, like knowing your region, knowing the global risks, right? Like knowing quite in depth what's happening at a local level to ensure that when you are providing an analysis about an incident, it fits what you know about that country. You know, it's like part of the deal is that you have to know what an anomaly is and that you have to have a good understanding of the country you're reporting to ensure that it's not weird that I'm reporting a terrorist attack in that specific region, you know what I mean? Like an information that is completely out of everything I have ever known would be like something I would tend to take longer time to report, if that makes sense. I would take more time to find sources that confirm that. Whereas if it fits, and it's part of the disinformation, sometimes if it fits something you know about the country, it can also be a risky, slippery slope. But yeah, I would say that to handle these two contradictory pressures, right? The time and the accuracy. I tend to spend a lot of time training the team on understanding the global risks and the ones that are likely to impact us. And then we take chances. what we we it has never happened to us to we tend to maybe keep it shorter rather than providing more information this is also where sometimes it gets tricky if you provide more information about an incident that has just happened and then it's just easier to keep it short if you keep it short and simple the likelihood of the um of the incident to become completely different from what you had described is lower.
19:26 Desi Demanova: Particularly with, say, a fast-moving incident where conditions can change rapidly, it seems like it's best to be cautious and, as you just said, provide less is more. And you can always add on additional information later as you confirm things. Very interesting.
19:48 Noemi Masoero: And this is something that we do a lot, right? We have part of our procedure is to provide updates about the report. So we send this initial report to say to the stakeholders, hey guys, we know this is happening. We're taking care of it. We're performing well-being checks. We're reaching out to travelers. We are handling everything. And then after a while, when the situation settles and when the incident potentially curves down and is reabsorbed, then we provide another either strategic piece or another alert. In any case, some sort of closure to the business.
20:25 Desi Demanova: Thanks to Desi Demenova, the Chief Operating Officer at Bellingcat, who spoke at a disinformation conference at Cambridge University in England. Also thanks to Doemi Masaiaro, a GSoC lead for Emergent Risk International. Our sound designer and editor, Noah Foutz. Audio engineer, Nathan Corson. Executive producers, Michael Dealoia and Gerardo Orlando. And on behalf of Meredith Wilson, the CEO of Emergent Risk International, I'm Paul Brandus. Thanks so much for listening.
Hide TranscriptRecent Episodes
View AllUnmasking Disinformation: A Deep Dive into Russian Information Warfare
Disinformation | S:3 E:8No News Is Bad News - News Deserts & India, pt.3
Disinformation | S:3 E:7The Intentions of the Adversary: Disinformation and Election Security
Disinformation | S:3 E:6OSINT: The Tools of Truthseeking In The Age of Disinformation
Disinformation | S:3 E:4You May Also Like
Hear More From Us!
Subscribe Today and get the newest Evergreen content delivered straight to your inbox!