| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Headline | OSINT angle | Category | Tools/data used | What's good? | Published (MM/DD/YYYY) | Link | Who's involved? | |||||||||||||||||||
2 | Fact-check-patients-being-treated-on-footpath-is-from-up-not-delhi | Reverse image search of healthcare related #disinformation | SOCMINT | Reverse image search tools (plug ins like RevEye Reverse Image Search, a Chrome extension) | Nice explainer on the context of the disinfo | 10/29/2021 | https://newsmeter.in/fact-check/fact-check-patients-being-treated-on-footpath-is-from-up-not-delhi-685298?utm_campaign=pubshare&utm_source=Twitter&utm_medium=1270255573422891008&utm_content=auto-link&utm_id=49 | ||||||||||||||||||||
3 | Is This Timothée Chalamet’s Xbox Modding YouTube Channel? An Investigation | Reverse images/video OSINT, helping to ID a persona/location | SOCMINT, video analysis | "brighten the image in the Motherboard Forensics Lab" - you can use several tools online (like Pinetools.com/change-image-brightness ) | The way Bellingcat's Aric Toller matched the video footage of the young Chalamet with the features of the older Chalamet | 10/27/2021 | https://www.vice.com/en/article/3ab835/is-this-timothee-chalamets-xbox-modding-youtube-channel-an-investigation | Motherboard | |||||||||||||||||||
4 | China’s Massive New Aircraft Carrier Is As Big As It Can Be | Satellite image analysis of the building site of a 'super-carrier built near Shanghai' | OSINT, satellite data | Capella Space SAR images (not open source but there are potentially options if you are a serious journalists): https://www.capellaspace.com/ | Using cloud piercing SAR technology to report on new building projects by China's Naval forces. Like no other journalist does @CovertShores explain the ins and outs of foreign naval technology | 10/27/2021 | https://www.navalnews.com/naval-news/2021/10/chinas-massive-new-aircraft-carrier-is-as-big-as-it-can-be/ | H I Sutton: @CovertShores | |||||||||||||||||||
5 | The architecture of repression, New report by ASPI | One example in the analysis shows a prison in Maralbeshi County that has been operational throughout Yao Ning's term (a Harvard-educated party secretary in Xinjiang). This facility was significantly expanded in the first quarter of 2017, with construction ongoing in 2021 in two areas of the facility. Six watchtowers are visible in the satellite imagery | SOCMINT, OSINT satellite data | Google Earth Pro, Social media analysis of Weibo posts (Yao Ning’s Weibo posts); Mapbox for mapping the camps on an interactive browser app: https://xjdp.aspi.org.au/map/?) | Data driven explainer of the human rights crises in Xinjiang | 10/19/2021 | https://www.aspi.org.au/report/architecture-repression?__cf_chl_jschl_tk__=pmd_a6cv8XMhJNoWs4w8prc53zv44mqM6GjSxoZxvr4zCxU-1634743163-0-gqNtZGzNAhCjcnBszQlR | Vicky Xiuzhong Xu, James Leibold and Daria Impiombato | |||||||||||||||||||
6 | Russia allows methane leaks at planet’s peril | Using satellite imagery to track methane leaks | OSINT, satellite data | satellite imagery, official data | Holding to account countries and companies that misrepresent or miscount how much fossil fuel-based methane, a key greenhouse gas, they release. | 10/19/2021 | https://www.washingtonpost.com/climate-environment/interactive/2021/russia-greenhouse-gas-emissions/ | Washington Post's Steven Mufson, Isabelle Khurshudyan, Chris Mooney, Brady Dennis, John Muyskens and Naema Ahmed | |||||||||||||||||||
7 | Coast Guard Boards Vessel That Dragged Anchor Near Pipeline | By using AIS vessel tracking data from exactEarth to show that during a high wind event on January 25 the MSC Danit moved very erratically across the seafloor pipeline that takes oil from Platform Elly to shore. | OSINT, Shiptracking | AIS data from exactEarth/ShipView, Marine Traffic (assumed), Google Earth, | A leak from this pipeline caused a large oil spill at Huntington Beach, California two weeks ago. Detail from the vessel's track showed it was "at anchor" while it crossed back and forth over the pipeline at least three times between 5am and 9am, likely dragging the anchor and possibly snagging, moving, and damaging the exposed pipeline. More detail in the captions for these maps. | 10/17/2021 | https://www.bloomberg.com/news/articles/2021-10-17/u-s-coast-guard-boards-vessel-that-dragged-anchor-near-pipeline?fbclid=IwAR0U60RIQViZDQQfiqOc0P8oJ658fGjmeQsoLhUZvhwQL8xxa0azH57h83g | Reported by Robert Tuttle, Bloomberg News | |||||||||||||||||||
8 | Rock star Randy Bachman's treasured Gretsch guitar was stolen 45 years ago. An internet sleuth helped find it | Tracking down a stolen guitar by comparing videos and images online, searching through old sales ads, and identifying the exact same one by distinctive wood patterns. | OSINT | photo and video footage, ad listings | Good, fun example of how OSINT can be applied to solve seemingly impossible problems. | 10/16/2021 | https://edition.cnn.com/2021/10/16/entertainment/bachman-guitar-found-trnd/index.html | Story by David Williams | |||||||||||||||||||
9 | Who is behind xHamster | Locating owners, deciphering nicknames of business men | OSINT | Webarchive, use of corporate data platforms, reverse search company names domiciled in tax havens and money laundering hotspots | Excellent Google dorking, pseudonym research and Web Archive search | 10/15/2021 | https://www.youtube.com/watch?v=eN1wrpSEsos | STRG_F; Spiegel | |||||||||||||||||||
10 | Opponents of the German YouTuber declare him a Norway bomber | Reverse image search and disinformation verification | SOCMINT | Reverse image search with Bing/Google/Yandex etc (recommendation: use the Chrome plugin 'RevEye Reverse Image Search' ) + OSINT search operators searching Twitter ('site:twitter.com') | Context of the dismissal of allegation of a (un)popular YouTuber after a violent crime | 10/14/2021 | https://www.t-online.de/nachrichten/panorama/kriminalitaet/id_90966686/kongsberg-wie-drachenlord-rainer-winkler-zum-verdaechtigen-gemacht-wurde.html | Lars Wienand, T-Online | |||||||||||||||||||
11 | Bashar Assad’s Playboy Cousin Spotted Driving $300K Ferrari in Beverly Hills | Ali Makhlouf, cousin of Syrian President Bashar Assad spotted in Instagram fan account video in Beverly Hills | SOCMINT | google Dorking for finding Instagram/Youtube post by Daniel Mac. Reverse facial image confirmation of Ali Makhlouf: commentator of the Youtube video speculated its Makhlouf, who's "father Rami Makhlouf is Bashar Assad's cousin and main source of funding, the Ferrari is, simply, money stolen over generations from the Syrian people, intern'" | Verification of individual in video | 10/12/2021 | https://www.vice.com/en/article/7kv5kb/bashar-al-assads-playboy-cousin-ali-makhlouf-spotted-driving-dollar300k-ferrari-in-beverly-hills | Mitchell Prothero at Vice | |||||||||||||||||||
12 | fact check twitteratis use video of iranian soldiers unsuccessfully trying to break vase to mock indian jawans | Reverse image search of video footage exposes old video | SOCMINT | Reverse image search (Google, Bing, Yandex etc) | Documentation of such events | 10/12/2021 | https://newsmeter.in/fact-check/fact-check-twitteratis-use-video-of-iranian-soldiers-unsuccessfully-trying-to-break-vase-to-mock-indian-jawans-684444 | newsmeter.in | |||||||||||||||||||
13 | Wing Loong Is Over Ethiopia: Chinese UCAVs Join The Battle For Tigray | Author used OSINT data on 'suspicious cargo flight to Harar Meda air base in Ethiopia from Chengdu, China, where the Wing Loong I is manufactured', as a mean to provide evidence for a delivery of at least three 'Chinese-made Wing Loong I' systems to Ethiopia in September 2021 | OSINT, Flight tracking, satellite data | Google Earth, Flightradar24, Planet Labs Satellite images to confirm plane was present at airbase | Tracking of the flight that could have delivered the weaponry: "...UR-82029 started its journey out of Chengdu (where the Wing Loong I is produced) before making a brief stopover in Islamabad, ultimately landing at its final destination of Harar Meda air base some time later." | 10/11/2021 | https://www.oryxspioenkop.com/2021/10/wing-loong-is-over-ethiopia-chinese.html | oryxspioenkop; Defence OSINT account @Gerjon_ (https://twitter.com/gerjon_?lang=en) + @TsenatSaba (https://twitter.com/TsenatSaba) | |||||||||||||||||||
14 | Disturbing' imagery used in Arizona Department of Corrections training materials, patches | The Arizona Republic obtained a large batch of training materials saved on Arizona Department of Corrections servers and created for special operations units. Metadata on the electronic files indicate they were created over the course of three years, from 2018 to 2020. | OSINT, Metadata | Metadata tools from images files can be extracted with a number of browser tools and plugins. (Good tutorial here:https://www.youtube.com/watch?v=d3NsT8lJRlE) | The reporting is useful because prisoners alleged special operations officers committed civil rights abuses against them in the aftermath of the deadly riot at the Yuma prison in March of 2018. The reporters found image of a 'skull with a sword going through it, accompanied by a lightning bolt, shotguns, and the words “Arizona Department of Corrections Special Operations and Tactics.” The images were saved with filenames that suggest they were the possible designs for a uniform patch and a challenge coin'. | 10/10/2021 | https://eu.azcentral.com/story/news/local/arizona/2021/10/12/arizona-department-corrections-training-materials-disturbing-imagery/6058546001/ | JIMMY JENKINS | Arizona Republic | |||||||||||||||||||
15 | An untimely death reveals the nature of a Russian neo-Nazi unit that fought in Syria | Social media OSINT investigation confirms nature of Russian neo-Nazi militant group | SOCMINT | Reverse image search and SOCMINT for Instagram (site:instagram.com), Google Earth for geolocation; search on (RSOTM) Telegram channel | Excellent use of all SOCMINT tools to connect data of obituary to intel still available on the web | 10/07/2021 | https://medium.com/dfrlab/an-untimely-death-reveals-the-nature-of-a-russian-neo-nazi-unit-that-fought-in-syria-5398a7d28e0a | Michael Sheldon, DFRLab | |||||||||||||||||||
16 | Son of Afghanistan’s Former Defense Minister Buys $20.9 Million Beverly Hills Mansion | Digging for open records for new owner of a property which turns out is Daoud Wardak, son of former Afghan Minister of Defense Abdul Rahim Wardak, who was exposed to have bought a $20.9m mansion | OSINT property databases | OSINT property websites and OSINT tools/databases for public US court records s.a PACER, Public Accountability Project, somedeep web databases, Court Listener, Black Book Online or state courts' records by the National Center for State Courts (more to such databases in this post, 2020) | Use of public corporation records revealing Daoud Wardak is the president of a Miami-based firm called AD Capital Group | 10/07/2021 | https://www.yahoo.com/lifestyle/son-afghanistan-former-defense-minister-172358560.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr&guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLw&guce_referrer_sig=AQAAAMUqs7DJxaGT_BPM6YKD7zbnbV-pjdkJVKpdX8AVCPu8netZFwLcs4BDN6eTFSOrXutmAPLa3ZXrDZwJ8Z3Wj3RpVlORkKBOX_dS0PZR9bxqMToPWSQLHeMohuQwTyZFuOPAVLgV4oxMYb0_roHMseaQgVPJLPk--bVoVh2ZkkJf | James McClain, Yahoo News | |||||||||||||||||||
17 | Ethiopia used its flagship commercial airline to transport weapons during war in Tigray | Use of OSINT for verification of air traffic waybill data that revealed that Ethiopia employed flagship commercial airline to transport weapons during war in Tigray | OSINT, and reverse image search | Leaked photo analysis (visual analysis techniques to verify images that were deemed 'photoshopped'); uniform analysis with open data; Flightradar24 (flights do not appear on popular online flight tracking platforms such as Flightradar24. When they do, the destination in Eritrea is often not visible and the flight path vanishes once the plane crosses the border from Ethiopia.The employees told CNN the staff could manually turn off the ADS-B signal on board to prevent the flights being publicly tracked) - allowed to compare with leaked intel on 'hidden flight operations' (hidden from flight tracking sites). | Especially good, checking waybill documentation: "The documents, known as air waybills, detail the contents of each shipment. In one document, the "nature and quantity of goods" is listed as "Military refill" and "Dry food stuff." Other entries included the description "Consolidated." The records also had abbreviations and spelling mistakes such as "AM" for ammunition and "RIFFLES" for rifles, according to airline employees. They told CNN the spelling errors were introduced when the contents were manually entered by employees into the cargo database." | 10/07/2021 | https://edition.cnn.com/2021/10/06/africa/ethiopian-airlines-investigation-tigray-war-intl-cmd/index.html | CNN investigation: Nima Elbagir, Gianluca Mezzofiore, Katie Polglase and Barbara Arvanitidis | |||||||||||||||||||
18 | A child protection phantom is going around within the AfD | Exposes online donation campaign for the benefit of an ominous 'child protection' program and involving the right wing German party AFD | SOCMINT | Mainly OSINT operator search for social media posts on platforms like Twitter. More intel on the donations itself was not collected (e.g. specific amounts), but the social engineering (calling, asking for details etc) offers lessons. The Analysis draws connection between the 'Children's Congress' and the right wing political party. | This is a running investigation that partly builds on previous research Together with the latest OSINT from social media, this makes it an important piece of the puzzle after the German election: "Weeks before the planned girls' congress, the party split from him (central character to the story being investigated). The "questionable practices" that t-online had come across in research were "fundamentally assessed very critically in the AfD," said a party spokesman at the time. One "dissociates oneself from all activities of the man"." | 10/06/2021 | https://www.t-online.de/nachrichten/deutschland/gesellschaft/id_90902198/spenden-ins-nichts-ein-kinderschutz-phantom-geht-um-in-der-afd.html | Investigation t-online, Lars Wienand und Andrea Becker | |||||||||||||||||||
19 | Pro-Kremlin outlets and Telegram channels use transcription glitch to discredit Zelensky | Open data analysis of a faulty technical transcript of 'closed captioning' of a debate of Ukrainian officials that led to a political mockery and weaponizing of the error by disinformation outlets (s.a. RT, Sputnik and others) | SOCMINT | Tool Meltwater Explore for its Twitter analysis (there is a free trial av) helped probing the media traction the mistake sparked on social media. Reporters used the WebArchive to get an unfiltered view on the original faulty transcript (e.g. Source C-SPAN/archive) | Excellent case study on how Pro-Kremlin media outlets embrace "insignificant incidents", like a simple transcription error to denigrate political opponents | 10/04/2021 | https://medium.com/dfrlab/pro-kremlin-outlets-and-telegram-channels-use-transcription-glitch-to-discredit-zelensky-cdb4e96be550 | DFR Lab, digital Sherlock, Roman Osadchuk a Research Assistant, Eurasia, with the Digital Forensic Research Lab. | |||||||||||||||||||
20 | Sons of Mocímboa: Mozambique’s terrorism crisis - BBC Africa Eye documentary | Reverse image searches, geolocation work on images of dead bodies, tracking of the growth of refugee camps, | GEOINT, OSINT | Google Earth Pro, Reverse image search, social media download services, 2021 Maxar Satellite images; acc. to @il_kanguru the work included "many hours of low tech stuff" (for questions and new investigative reporting, best to reach out). | The analysis from videos (finding them, archiving them) and linking them to various individuals and finding locations is superb | 10/04/2021 | https://www.youtube.com/watch?v=Wl892pnDC7I | Open Source Analysts - Il Kanguru, Aliaume Leroy, Bertram Hill | |||||||||||||||||||
21 | Satellite Imagery Contradicts Reports Of Foreign Aircraft At Bagram Air Base In Afghanistan | Testing the media claims that Bagram Air Base came alive with foreign aircraft arriving overnight | GEOINT | Planet Labs satellite images | Exposing disinformation on satellite imagery The War Zone reviewed finds NO foreign aircraft at Bagram Air Base titled as Chinese in other reports | 10/03/2021 | https://www.thedrive.com/the-war-zone/42610/satellite-imagery-contradicts-reports-of-foreign-aircraft-at-bagram-air-base | BY TYLER ROGOWAY - the War Zone | |||||||||||||||||||
22 | ‘Ran for Our Lives’: How the Deadliest Ultramarathon Claimed 21 Runners | Use of satellite data compared with findings of the original investigation exposes | GEOINT | Google Earth altitude measuring/display tool, analysis of 'online chats and phones, according to the official probe' | Especially impressive: The use of data from tracking devices paired with geolocation analysis of the runners: "Data from GPS trackers displayed confused final paths. Sports watches worn by some of them show their heartbeats faded hours after runners called for help." | 10/03/2021 | https://www.wsj.com/articles/the-deadliest-ultramarathon-claimed-21-runners-yellow-river-stone-forest-china-11633282937 | WSJ team: Wenxin Fan (Wenxin.Fan@wsj.com), Qianwei Zhang | |||||||||||||||||||
23 | Fact Check: Is this the photo of 'love jihad' victim Prerna Vyas? | Reverse image search to expose fake social media images of dead girl that went viral | SOCINT, reverse image search | Google reverse image search (tutorials here and here by Nixintel) | The dating of images was vital here because it exposed the false narrative. | 10/02/2021 | https://newsmeter.in/fact-check/fact-check-is-this-the-photo-of-love-jihad-victim-prerna-vyas-684024 | newsmeter.in; by newsmeter.in | |||||||||||||||||||
24 | POLAND / BELARUS BORDER: A PROTECTION CRISIS | Use of 'photogrammetry and spatial modelling techniques' - in particularly, they collected and analyzed satellite imagery over the border and over 50 videos and photographs of incidents on the border since 12 August 2021 | OSINT | 3D spatial visualization technology that illustrated the pushback and visually marked the border | The situation for some refugees is pressing. AI worked out how refugees from Afghanistan were left stranded at the border between Poland and Belarus without food, clean water, shelter and medicine for weeks, despite attempting to claim asylum in Poland, exposing the problems these European governments portray | 09/30/2021 | https://www.amnesty.org/en/latest/research/2021/09/poland-belarus-border-crisis/ | Amnesty's Crisis Evidence Lab | |||||||||||||||||||
25 | Secretly filmed video from a polling station in Umkirch contains false information about the election process | Video analysis with open data: "The man spreads several false claims in the video: the ballot box in the room was not sealed, the ballot paper was invalid because a corner was missing, and he was prevented from casting his vote" | OSINT Factcheck | Fact Checking with Google and legal sources. The video was probably found via various Google/Facebook/Telegram OSINT search operators (Facebook and Telegram). The video was probably downloaded (there are various tools such as this one). | A video from a polling station in Umkirch is circulating on social networks. One man claims the ballot papers are invalid because a corner is missing at the top and the ballot box is not properly sealed. Both are misleading: the missing corner is a tool for blind people, and ballot boxes do not need to be sealed. | 09/29/2021 | https://correctiv.org/faktencheck/2021/09/29/heimlich-gefilmtes-video-aus-einem-wahllokal-in-umkirch-enthaelt-falschinformationen-zum-wahlprozess/ | German investigative outlet correctiv.org, Sarah Thust | |||||||||||||||||||
26 | Bara Conflict Intan Jaya Papua: THERE'S A TRENDING THREAD OF LORD LUHUT IN THE PAPUA MINE? | Open Eyes | OSINT to expose that the conflict has been deliberately created by the army to secure the gold mining concession | GEOINT, SOCMINT | Journalists used the GEOINT, SOCMINT, and OSINT approaches to detect military strategies in the conflict in West Papua. | Reporters collected more than hundreds of videos on Facebook, Youtube, Tiktok, and Instagram to detect army military posts. From these findings, they found evidence that the army occupied civilian facilities such as schools and health centers. They changed it to a military base. | 09/28/2021 | https://www.youtube.com/watch?v=SKyXS7LaDWc&t=292s | Narasi Newsroom; @aqfiazfan (https://twitter.com/aqfiazfan) | |||||||||||||||||||
27 | The U.S. Military Said It Was an ISIS Safe House. We Found an Afghan Family Home. | Exposing the truth about an accidental airstrike by the US military in Kabul | GEOINT | Google Earth, other geo tools, possibly commercial satellite images and satellite images from Pentagon intelligence report | Revealing faulty intelligence by the Pentagon analysed and verified with open data and interviews | 09/28/2021 | https://www.nytimes.com/video/world/asia/100000007980891/kabul-drone-strike-house.html?smid=tw-share | NYT visual investigations team: Christoph Koettl, Evan Hill, Matthieu Aikins, Jim Huylebroek, Ainara Tiefenthäler, Dmitriy Khavin and Eric Schmitt | |||||||||||||||||||
28 | Anonymous Facebook pages heavily promoted Brazil’s pro-Bolsonaro marches | Reporters expose political Facebook campaigns by Jair Bolsonaro supporters; #Disinformation research. | SOCINT | Google dorking, searches for terms associated with marches, Facebook search operators. | This was a useful exercise to show that these often orchestrated campaigns can't hide. Facebook site/post owners were found that "covertly connected to an extremist Bolsonaro supporter, while another appeared to be part of larger coordinated network". Sadly the piece only locates a lot of pages that are run anonymously, which is interesting on one side because these could be produced by pro-Bolsonaro disinformation artists, but this could have been followed up more. | 09/28/2021 | https://medium.com/dfrlab/anonymous-facebook-pages-heavily-promoted-brazils-pro-bolsonaro-marches-335f4757a44b | DRFLab, Luiza Bandeira is a Research Associate, Latin America, with the Digital Forensic Research Lab. | |||||||||||||||||||
29 | These photos have circulated since 2017 in reports about Rohingya villages burned down | #OSINT reverse images search story by @AFPFactCheck to debunk #disinformation used via images from #Myanmar used in FB campaigns | SOCMINT, #OSINT search | Tools: prob Yandex/Google img search; Burmese language search, and Facebook #SOCMINT operator search. | Finding the images in previous news pieces and searching in other language, notably Burmese, on Facebook | 09/27/2021 | https://factcheck.afp.com/http%253A%252F%252Fdoc.afp.com%252F9NB3PX-1 | AFP Thailand, AFP Fact-Check | |||||||||||||||||||
30 | Navalny’s “Smart Voting” election campaign undermined by fake apps and Telegram channels | Evidence of attack towards Navalny’s Smart Voting program. Apple and Google were threatened, putting their local employees at risk | SOCMINT | By using a social media monitoring tool called BuzzSumo (30 days free trial), the DFRLab compared social media engagement on the top three most-engaged stories driving traffic to the Smart Voting website, in the two weeks before and the week follow the September 6 ban Prior to the September 6 ban, the highest-ranked story linking to the app achieved as many as 7,900 social media engagements; following the ban, the highest-ranked story reached less than 500 social media engagements. | Good: finding evidence how the smart voting campaign was targeted 'on Telegram and in app stores, where doppelgänger channels and apps impersonated their official Smart Voting counterparts to confuse and mislead potential voters' | 09/24/2021 | https://medium.com/dfrlab/navalnys-smart-voting-election-campaign-undermined-by-fake-apps-and-telegram-channels-ef0f0ac8f75a | Eto Buziashvili is a Research Associate, Caucasus, with the Digital Forensic Research Lab. | |||||||||||||||||||
31 | Great Wall of Lights: China's sea power on Darwin's doorstep | Use of AIS tracking and night light satellite tracking to spot dark fishing fleets from China | OSINT, Vessel tracking | Open data by Global Fishing Watch (Github repo with scripts and tools here). Probably Marine Traffic. Use of research vessel Ocean Warrior (here the ship on Marine Traffic). Nighttime light analysis with satellite (NASA) data ( - nighttime lights to fish for Humboldt squid on the high seas near the Galapagos Islands) | Useful data analysis of tracked vessels, contributing to an international 'black list' of Chinese fishing vessels: "Of the 30 vessels the AP observed up close, 24 had a history of labor abuse accusations, past convictions for illegal fishing or showed signs of possibly violating maritime law." | 09/24/2021 | https://apnews.com/article/china-oceans-overfishing-squid-294ff1e489589b2510cc806ec898c78f | Associated Press with Spanish-language broadcaster Univision; By JOSHUA GOODMAN | |||||||||||||||||||
32 | Satellite images show Haitian refugees massing at US-Mexico border | Visually confirm encampment of refugees from Haiti in West Texas at US-Mexican border | Satellite | Maxar images and data analysis | Bottom line, Not good: Except of the satellite illustrations and commentary on the Maxar images, the article is actually not that useful, the images merely sensationalising the news around the refugees' plight, doing little to report on the poor and difficult conditions the refugees find themselves in (we included this here to also illustrate poor reporting styles using 'open' data - though, bear in mind, Maxar is not free) | 09/23/2021 | https://eu.usatoday.com/in-depth/graphics/2021/09/20/haitian-refugees-massing-under-texas-bridge-shown-satellite-images/5784601001/ | USA Today | |||||||||||||||||||
33 | Satellite imagery seems to indicate Hurricane Ida caused significant damage to parts of Louisiana’s coast | Confirmation of damage/floods by Hurricane Iida | Satellite data | ESA satellite images (European Sa | ESA), probably confirmed via Sentinel Hub images | The before and after images via Juxapose are useful to visually witness possible damage. The commentary by USGS geologist is short, could have been better reported | 09/23/2021 | https://www.ksla.com/2021/09/23/satellite-imagery-seems-indicate-hurricane-ida-caused-significant-damage-parts-louisianas-coast/ | John Snell at ksla | |||||||||||||||||||
34 | SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE | Not per se an OSINT investigation but rather a investigation about Social media intelligence products by company ShadowDragon, used by law enforcement to investigate suspects | OSINT tools | Kaseware as well as ShadowDragon are part of an industry of software firms that exploit OSINT sources: the trails of information that people leave on the internet. Clients include intelligence agencies, government, police, corporations, and even schools. | Shows the perils well for privacy and the unethical use of OSINT | 09/21/2021 | https://theintercept.com/2021/09/21/surveillance-social-media-police-microsoft-shadowdragon-kaseware/ | Michael Kwet | |||||||||||||||||||
35 | Black people are about to be swept aside for a South Carolina freeway — again | The WP produced a story about how black communities suffer displacement by using open source intelligence to make their case | GEOINT, satellite images | Use of Mapbox, OpenStreetMap and Maxar satellite images as well as of images from the 1957 aerial photograph of North Charleston is courtesy of the U.S. Geological Survey. | Unusual how far back the satellite images go (1957 aerial photograph shows the neighborhoods of Liberty Park and Highland Terrace in North Charleston prior to the construction of a freeway in 1969). The reporters compared it with updated images and exposed stark changes. | 09/19/2021 | https://www.washingtonpost.com/climate-environment/interactive/2021/highways-black-homes-removal-racism/?itid=hp-top-table-high?utm_campaign=wp_main&utm_medium=social&utm_source=twitter | WP team (Darryl Fears/John Muyskens) | |||||||||||||||||||
36 | North Korea expanding weapons-grade uranium plant, satellite images suggest | Translation from Arabic to English with 'Facebook built-in translation tool'. Video analysis of various videos showing staged scenes of Belarusian border guards faking an incident "to claim that Lithuanian side had been violent with the refugees". Tools like Sowdust.github.io/fb-search/ might have been used. Alternatively, there are some 'advanced search operators' that work within Facebook (here the link to a guide). | Satellite Intelligence | Maxar satellite images | Putting the changes on the ground into context, reporting on what these structural changes could mean (e.g. uranium enrichment) | 09/18/2021 | https://www.theguardian.com/world/2021/sep/19/north-korea-expanding-weapons-grade-uranium-plant-satellite-images-suggest | AP, then covered by several news outlets. Report by Middlebury Institute of International Studies at Monterey | |||||||||||||||||||
37 | Killings in Myanmar's Bago behind Information Blackout | Open data investigation what happened in Bago | GEOINT, satellite images | Reverse image search and Google Earth | The video editing and maps are well produced by the public broadcaster | 09/16/2021 | https://www3.nhk.or.jp/nhkworld/en/news/videos/20210916203603374/ | nhk, Japan's national broadcaster | |||||||||||||||||||
38 | How QAnon could affect Germany's general election | Research and data analysis of german conspiracy online groups on Telegram | SOCMINT Telegram | Probably a number of Telegram tools and code to scrape Telegram data. Useful tutorials and codebases include this one (Telegramscraper), this one or this one - one of the most common free tools is called tgstat. | The authors have collected vast amounts of open data from Telegram and exposed that these channels,groups and individuals spread disinformation on possible 'election fraud' and a so-called 'shadow government' that these groups allege would operate in Germany | 09/16/2021 | https://cemas.io/btw21/qanon/ | Miro Dittrich at CeMAS | |||||||||||||||||||
39 | Troll farms reached 140 million Americans a month on Facebook before 2020 election, internal report shows | MIT Technology Review compared the top Facebook pages with those run by troll farms. | SOCMINT | Not mentioned, but clever use of search operators (one excellent how-to guide here) to find Facebook groups has probably allowed to locate groups in question yielding that "that five of the troll-farm pages mentioned in the report remained active". | Though, results were mainly based on an internal report by Facebook, the author used public data to show how powerful these troll run networks really were in the run-up to the 2020 election in the US. | 09/16/2021 | https://www.technologyreview.com/2021/09/16/1035851/facebook-troll-farms-report-us-2020-election/ | MIT TechReview | |||||||||||||||||||
40 | Open-source evidence of operational military helicopters captured by the Taliban | US military equipment, among them allegedly a helicopter, captured after departure of US troops. Geolocation search from video and photo images in #AFG | GEOINT, satellite images | Twitter and probably Twitter video download tools (a list can be found here). Google Maps/Google Earth Pro for historic images, Webarchive to protect Social media posts (Webarchive) | Expert approach in the verification of an alleged location for a video was in front of the municipal building in Kandahar, shared by defense analyst Joseph H. Dempsey. | 09/15/2021 | https://medium.com/dfrlab/open-source-evidence-of-operational-military-helicopters-captured-by-the-taliban-fec5b5c84a9a | DFRLab, Lukas Andriukaitis | |||||||||||||||||||
41 | Ownership of Chemicals that Exploded at Beirut Port Traces Back to Ukraine | In a thrilling tech investigation, journalists exposed the owner of the explosive cargo responsible for the devastation in Beirut | OSINT/Open company data | Investigative journalists followed a paper trail of documents on Volodymyr Verbonol, who owned a company of the same name in the city of Dnipro. The investigators used archived versions of websites (such as the one of Atlantis Corporation’s websites, from 2004, showing the company marketing fertilizer), probably by the WebArchive. The Internet Archive allowed to test two websites (savaro.com and atlantis.ua) | Laying bare a complex network of at least half a dozen trade names and various strawman and shell companies spanning several countries isn't easy and deserves credit. | 09/14/2021 | https://www.occrp.org/en/investigations/ownership-of-chemicals-that-exploded-at-beirut-port-traces-back-to-ukraine | Graham Stack (OCCRP), Rana Sabbagh (OCCRP), Aleksey Kovalev (Meduza), Nino Bakradze (ifact.ge), and Sarunas Cerniauskas (OCCRP) contributed reporting. | |||||||||||||||||||
42 | Russian Foreign Minister Has a Longtime Female Companion With Over $13 Million in Unexplained Assets | The story exposed a video from 2014, a YouTube video, that revealed the identity of Svetlana Alexandrovna Polyakova, an employee of the Ministry of Foreign Affairs of the Russian Federation with unexplained assets and close relationship to the Russian Foreign minister | SOCMINT | Not sure, but it's possible reporters used a YouTube video downloader (such as Y2Mate) in their reporting to download and archive the YouTube video. Also, to find the video, reporters might have used OSINT search operators. Not sure if used but it's possible OCCRP's Aleph was also used here allowing to find 'public records and leaks'. | Finding the video in the first place (the title: "Sermon by Patriarch Kirill after the consecration of the church of St. Sergius of Radonezh in Tsarskoe Selo", in Russian suggests almost no clues) and linking the unknown figure in the video to the politics. The reporting on family assets is also top-notch. | 09/14/2021 | https://www.occrp.org/en/investigations/russian-foreign-minister-has-a-longtime-female-companion-with-over-13-million-in-unexplained-assets | IStories, OCCRP | |||||||||||||||||||
43 | Russian Spy Ship Yantar Enters English Channel | OSINT Navy expert and journalist H I Sutton spots a Russian research vessel in English channel by using open source vessel tracking website Marine Traffic | OSINT, Vessel Tracking | Marine Traffic; Checking AIS records | This looks straightforward but is hard to produce: the vessel may have turned off its AIS tracking signal in the past. To spot it, someone needs to look for the vessel and be aware of its whereabouts and history. Great find. | 09/13/2021 | http://www.hisutton.com/Russia-Spy-Ship-Yantar-Update-Sept13-2021.html | @CovertShores | |||||||||||||||||||
44 | It’s Time For European Politicians To Take Off Their Blindfolds | Image analysis of shared pics by refugees arriving in South West of Ireo, Samos, Greece | GEOINT; HUMINT | pictures, videos and location data shared by refugees | The OSINT photo-evidence of the refugees, that allowed geolocating the group's position, exposes and alleged 'attempted murder', as the authors describe it: "Three people was thrown from the coast guard vessel directly into the sea, and told they had to swim ashore. Even with life vests, this is extremely dangerous" | 09/12/2021 | https://aegeanboatreport.com/2021/09/11/its-time-for-european-politicians-to-take-off-their-blindfolds/ | Aegean Boat Report | |||||||||||||||||||
45 | Deforestation sweeps national park in Brazil as land speculators advance | Deforestation in Brazil's protected national parks, exposing illegal logging practices | GEOINT, satellite images | Deforestation alerts via satellite data from the University of Maryland visualized on Global Forest Watch; Planet Satellite images; Use of the government's land registry data | The collection of open-source satellite evidence mixed with background information on the situation in Brazil and public documents and reports, revealing a concerning picture adding proof that a "fresh incursions into Campos Amazônicos could put the area back at risk". | 09/10/2021 | https://news.mongabay.com/2021/09/deforestation-sweeps-national-park-in-brazil-as-land-speculators-advance/ | Mongabay, Ana Ionova | |||||||||||||||||||
46 | Assessing The Scale of German Language Disinformation Communities on Telegram | Mainly SOCMINT: Investigation of Telegram 1,200 Telegram channels/groups publishing far-right and conspiracy related content. Particular focus on QAnon in Germany and the funding these online groups organised. Also good, authors created a methodology for create "three main groups of fundraisers": COVID conspiracy activism, QAnon groups, and campaigns that were for a combination of far-right causes. | SOCMINT | Which tools were used is not explained in the methodology. But there are a few known Telegram tools for scraping content and member information. One is 'Telegram-Channel-Member-Scraper', you can use just the Telegram API, you can 'archive a chat is Telegram's desktop client where one can download archives for any chat you're in, but it's fairly easy to knock something up using Telethon for Python', Wildon says, one of the authors of the piece. Another good German example of a story can be found here, by ARD. | Good: useful, data driven feedback on the reality of the participation in disinformation communities in Germany, Austria, and Switzerland, which is "far higher than previously thought" (though, there is no previous estimates of this kind). The data collection is well managed. | 09/10/2021 | https://www.logically.ai/articles/german-language-disinformation-telegram | Logically, by jordan Wildon and Kristina Gildejeva | |||||||||||||||||||
47 | Examining a ‘righteous’ strike | The report aims at answering the story of an explosion in Kabul that killed three children and seven other people. The investigation merged an OSINT imagery assessment with experts' insight into the tragic bombing. | GEOINT | Insight of a 'physicist and former bomb technicians'. Photo evidence. Maxar satellite images. The authors also used 3D visualisation/modelling techniques to show the 'location of the strike, a courtyard with a tree surrounded by four walls'. | The visual storytelling. Also, few newspapers dare to work so close to with bomb/explosive experts and pull them in so tightly into the investigation. | 09/10/2021 | https://www.washingtonpost.com/investigations/interactive/2021/kabul-drone-strike-questions/?_=a | WP's team: Alex Horton , Sarah Cahlan , Dalton Bennett , Joyce Sohyun Lee , Meg Kelly and Elyse Samuels | |||||||||||||||||||
48 | How we enrolled more than seven thousand volunteers to generate data the NYPD wouldn't publish | The search for open data that confirmed suspicions on the human rights violations caused by facial recognition technology used by the NYPD | OSINT, open data crowdsourcing project | Google Street View’s API to spot surveillance cameras (though, Bing Streetside and the crowdsourced alternative, Mapillary, were also considered as possible image sources | Excellent work in 'mapping the surveillance cameras that feed data to facial recognition systems used by the police' | 09/09/2021 | https://citizenevidence.org/2021/09/09/decode-surveillance-nyc/ | Amnesty International's Citizenevidence | |||||||||||||||||||
49 | Meet The Far-Right 'Fanatics' Getting Hungary’s Football Team in Trouble | Analysis of social media posts by a far-right actors on Telegram channel shows how the individuals affect European soccer with right-wing insults against LGBT community | SOCMINT | Using banners as identifiers to track actors across platforms & to verify | Not only was the banner traced across platforms, also one person who was holding it, cross-referenced with a "photo from 2017 showing a mark on Lipták’s arm similar to the individual holding up an anti-LGBT banner on a neo-Nazi Telegram channel in June 2021". | 09/09/2021 | https://www.bellingcat.com/news/uk-and-europe/2021/09/09/meet-the-far-right-fanatics-getting-hungarys-football-team-in-trouble/ | Michael Colborne, a journalist who focuses on the transnational far-right, for Bellingcat | |||||||||||||||||||
50 | Unmasked: Vessel identity laundering and North Korea's Maritime sanction evasion | Identification and investigation of several elaborate schemes to create fraudulent ship registrations with the International Maritime Organisation (IMO). Per se not a journalism report but more a OSINT research report, the work by C4ADS highlights the shortcomings and loopholes that allows for ship identity laundering. This in turn, can aid culprits and dictators to hide illegal shipping operations. | OSINT | Tools: the authors' aim is to explain how vessel identity laundering operations work and demonstrating how they can be detected using AIS data (mostly not open-source for analysing historical AIS tracks, but often available in real time, via MarineTraffic and many others s.a VesselsFinder 🌐 MyShipTracking 🌐 Fleetmon 🌐 Shipfinder 🌐 Marine Traffic 🌐 CruiseMapper), satellite imagery (Planet), IMO registration records (probably the "Global Integrated Shipping Information System (GISIS)", but you have to register), and other sources of publicly available information (not sure what they are). | Expose on how ship owners (if they are keen) can ships to misrepresent their registered, digital, and physical identities. The IMO allows these loopholes to persist. | 09/08/2021 | Link of overview. Report | C4ADS, a 501(c)(3) nonprofit organization dedicated to data-driven analysis and evidence-based reporting of conflict and security issues worldwide | |||||||||||||||||||
51 | Recent oil spills in central Yemen | Using a combination of local media, social media and satellite imagery to track oil spills in Yemen and how they are linked to conflict | GEOINT | Geolocation, shiptracking, data: Sat imagery (Google Earth, PlanetScope and Sentinel-2), social media footage, AIS ship tracking data | Drawing attention to the environmental impact of conflict | 09/08/2021 | https://ceobs.org/recent-oil-spills-in-central-yemen/ | CEOBS, by Dr Eoghan Darbyshire | |||||||||||||||||||
52 | Fellow Research: Inside the Shadowy World of Disinformation-for-hire in Kenya | Disinfo OSINT investigation into Twitter accounts that are "undermining Kenyan civil society", as authors write | SOCMINT | Among others tools, used Sprinklr, Twint, and Trendinalia. | Strong findings pointing to systemic blind spots in Twitter's move to stop larger political disinformation campaigns (11 different disinformation campaigns consisting of more than 23,000 tweets and 3,700 participating accounts) | 09/02/2021 | https://foundation.mozilla.org/en/blog/fellow-research-inside-the-shadowy-world-of-disinformation-for-hire-in-kenya/ | Mozilla Fellows Odanga Madung and Brian Obilo | |||||||||||||||||||
53 | Covert Evacuations and Planned Demolitions: How the C.I.A. Left Its Last Base in Afghanistan | Satellite image, fire/explosion and evacuation effort investigation of Eagle Base, Afghanistan. | GEOINT; TECHINT | Data: Planet Labs satellite imagery, corporate records, active fire data and flight paths (flightradar24, tracking signal of helicopters) to assess how the evacuations and planned demolitions played out. Methodology of remote sensing for heat signatures explained here. | Analysing heat signatures: "Publicly available data from NASA sensors shows heat signatures at the site possibly caused by active fires and explosions.". It's possible via VIIRS fire detections. The NYT team also used open-source Flightradar24 information to showcase how evacuees were flown by helicopter to Hamid Karzai Airport to avoid Taliban checkpoints. | 09/01/2021 | https://www.nytimes.com/2021/09/01/world/asia/cia-afghanistan-evacuations-demolitions.html | NYT's Christiaan Triebert and Haley Willis | |||||||||||||||||||
54 | Does Pic Show Healthcare Worker Who Treated COVID Patients for ‘573 Days’? | From viral picture without context to identifying and contacting the person in the picture | OSINT | Use OCR in Facebook Search to find more pictures of the same cardboard, this leads to more pictures with visual clues for geolocation which leads to context. Than you look for social media posts about this context and search for people who look similar. After identification we used beenverified.com to find her telephone number. | If a picture does not have useful visual clues, look for more pictures of the same person/objects. Cross reference between platforms: in this case an Instagram-profile was private, but we found her on Etsy. | 08/28/2021 | https://twitter.com/brechtcastel/status/1431612326759829513 | Dan Mac Guil (Snopes), Andreas Søndergaard Petersen (TjekDet), Brecht Castel (Knack | |||||||||||||||||||
55 | Anatomy of a crackdown | Geolocationing of video evidence and photos (mainly from TikTok, 20,000 videos of Myanmar's security forces) posted on social media that revealed that "heavy weaponry was used against protesters" | GEOINT | Datasources: AAPP, conflict/protest data by ACLED and IP Observatory, Video verification of social media posts, local news and individual reports | The illustrations show where video footage was filmed and journalists tell an engaging tale about how military killed protesters. The verification of the various military-grade weaponry used against civilian protesters that caused in a high number of casualties. | 08/25/2021 | https://www.washingtonpost.com/world/interactive/2021/myanmar-crackdown-military-coup/ | Joyce Sohyun (Visual Forensics @washingtonpost), | |||||||||||||||||||
56 | Logically Identifies GhostEzra, Florida Man Behind World’s ‘Largest Antisemitic Internet Forum’ | Revealing the identity of a notorious antisemite by geolocation of photos posted on Telegram, identifying Google and Yelp review accounts, and ultimately finding an associated email and the person behind it | GEOINT | Geolocation, gas prices, posting patterns | Smart use of gas prices to narrow down location of a gas station in one of the photographs. Overall great example of how geolocation can be used in an investigation. Holding to account someone who has escaped public scrutiny and responsibility so far. | 08/20/2021 | https://www.logically.ai/articles/exclusive-ghostezra-florida-man-largest-antisemitic-forum | Logically, by Nick Backovic, Jordan Wildon and Joe Ondrak | |||||||||||||||||||
57 | Infographic: Tracking the flights out of Kabul | After Taliban's takeover in AFG, airlines avoided the country's airspace and 'effectively stopped using Afghan airspace, taking longer routes to avoid the country.' Then, rescue flights resumed and #OSINT sources shared details on how many flights they encountered. | OSINT | Collection by Twitter account @DefenceGeek who says that data was collected via @flightradar24, @ADSBexchange and @planefinder | Reporting around the flightdata and the maps of cancelled and departed flights | 08/17/2021 | https://www.aljazeera.com/news/2021/8/17/infographic-tracking-the-flights-out-of-kabul-interactive | DefenceGeek on Twitter | |||||||||||||||||||
58 | Verifying footage of a Tibetan Prison with geolocation and OSINT | Using geolocation, horizon analysis, and media/image searches to complete a picture of a notorious prison known for political detention and torture in Tibet | OSINT/ GEOINT | Google, Bing, Yandex, Baidu, for information gathering and reverse image searches. Google Earth for satellite overviews, Baidu Maps for local imagery. | Highlights verification methodology for a subject with local image censorship and misinformation. | 08/16/2021 | https://tompatrickjarvis.medium.com/verifying-footage-of-a-tibetan-prison-with-geolocation-and-osint-d830fc462411 | Freelance journalist Tom Jarvis, Tibet Research Project contributors | |||||||||||||||||||
59 | Forensic Methodology Report: How to catch NSO Group’s Pegasus | Domain/URL analysis of NSO Group’s Pegasus infrastructure | TECHINT | NSO Group Pegasus Indicator of Compromise. Tools released by the iOS security research community including libimobiledevice and checkra1n were used as part of this research. The authors would also like to thank Censys and RiskIQ for providing access to their internet scan and passive DNS data. | Cool: Amnesty International build a tool, Mobile Verification Toolkit (MVT), for checking mobile devices on malicious content | 07/18/2021 | https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ | Amnesty International | |||||||||||||||||||
60 | Not 'over 10,000 people' marched against corona measures in Amsterdam | Analysis of social media posts to estimate the crowd size of a manifestation. | SOCMINT | Geolocate, proof you see the whole crowd on one photo, estimate density of the crowd & use mapchecking.com | Using different footage to first geolocate and than verify the begin and end of a demo. This is crucial to proof you see the whole crowd and than you can use the brilliant tool mapchecking.com | 05/25/2021 | https://www.knack.be/nieuws/factcheck/factcheck-nee-niet-ruim-10-000-mensen-liepen-in-optocht-tegen-coronamaatregelen/article-longread-1736521.html | Brecht Castel, Anthony Catel | |||||||||||||||||||
61 | Number of Arabic Facebook groups about the Belarus-EU migration route doubles over summer | Video verification and #OSINT evidence from social media suggests new Facebook groups were created to facilitate people smuggling to/through Belarus. Arabic-language Facebook groups concentrating on Belarus indicated a corresponding uptick in interest by Arab-speaking refugees and economic migrants. Groups tend to be private. | SOCMINT | Translation from Arabic to English with 'Facebook built-in translation tool'. Video analysis of various videos showing staged scenes of Belarusian border guards faking an incident "to claim that Lithuanian side had been violent with the refugees". Tools like Sowdust.github.io/fb-search/ might have been used. Alternatively, there are some 'advanced search operators' that work within Facebook (here the link to a guide). | Finding these groups with Google translations and operator searches is brilliant. The findings are strong: "People who end up in this no-man’s land are unable to receive vital humanitarian assistance", puts urgency on the story. There are people who are suffering and looking for a way out, something these posts (and their screenshots) make painfully clear. The video verification is less thorough, party made difficult due to the quality of the video (here the original link) | 05/20/2021 | https://medium.com/dfrlab/number-of-arabic-facebook-groups-about-the-belarus-eu-migration-route-doubles-over-summer-4be0c7a64ef9 | DFRLabs/Atlantic Council | |||||||||||||||||||
62 | Facebook account hacked? Here’s how to get it back | This allows to understand how Facebook reacts to hackers compromising and selling account details of Facebook accounts and presents great background intel for OSINT investigators | SOCMINT | Tools like 'HaveIBeenPwned' are recommended. There is also an explainer on general Facebook's infrastructure, help-service and Facebook 2-factor verification features that hacker increasingly enable. | Not per se an OSINT investigation, rather a guide how to use open source tools to protect your OSINT work when researching and how to proceed if one's Facebook account gets hacked. | 05/19/2021 | https://www.wired.co.uk/article/facebook-account-hacked | WIRED's KATE O'FLAHERTY | |||||||||||||||||||
63 | Where in the World is Q? Clues from Image Metadata | Using metadata of images to narrow down location of conspiracy theory leader | GEOINT, SOCMINT, Image metadata | Use of exif data tools, such as exiftool, Baidu Maps/Baidu street view for image verification, Stockimage platfrom Shutterstock, Google search (dorking) | Using the hidden data to hypotesise where the person was who posted the images | 05/10/2021 | https://www.bellingcat.com/news/rest-of-world/2021/05/10/where-in-the-world-is-q-clues-from-image-metadata/ | Abigail W. Xavier, Robert Amour and the Q Origins Project | |||||||||||||||||||
64 | Migrant Crisis: Boat used to cross the Channel traced to shipyard near Rotterdam | Tracking dinghy/boat of refugees arriving in Britain | OSINT | Mainly reverse image search and operator search | They found one dinghy traded 170 miles from where it was spotted in Britain (observed by helicopter media cameras), and then tracked down the person in the Netherland who sold it to the smugglers. They then also showed the security camera video footage on the property of the same trader who was ripped off by people smugglers in 2019 | 05/10/2021 | https://news.sky.com/story/migrant-crisis-boat-used-to-cross-the-channel-traced-to-shipyard-near-rotterdam-12403218 | Sky OSINT journalists (Kieran Devine, Jack Taylor and Adam Parker, Data and Forensic Unit) | |||||||||||||||||||
65 | In diesen Luxus floh Attila Hildmann vor der deutschen Justiz | Reverse geo-image search helped pinpointing the location (a property in Turkey) where Hildman fled prosecutors and more than 200.000 in debt in Germany | OSINT | Google/Bing/Yandex image search of property. Use of weather maps (probably Zoom Earth or another weather app with historical weather data) to confirm location in March. Also possisble, to track Hildman's crypto wallets (see here) | Great image search analysis: this was hard. Analysis of the background of the images (the flooring, the pool, the inside and outside of the property) this was well executed. | 04/05/2021 | https://www.t-online.de/nachrichten/panorama/kriminalitaet/id_89774694/attila-hildmann-in-der-tuerkei-in-diese-luxusvilla-floh-er-vor-deutscher-justiz.html | Published in various online magazines but the work was by 'Hildbusters', a groups or individual on Twitter committed to expose Hildman's games. | |||||||||||||||||||
66 | |||||||||||||||||||||||||||
67 | |||||||||||||||||||||||||||
68 | |||||||||||||||||||||||||||
69 | |||||||||||||||||||||||||||
70 | |||||||||||||||||||||||||||
71 | |||||||||||||||||||||||||||
72 | |||||||||||||||||||||||||||
73 | |||||||||||||||||||||||||||
74 | |||||||||||||||||||||||||||
75 | |||||||||||||||||||||||||||
76 | |||||||||||||||||||||||||||
77 | |||||||||||||||||||||||||||
78 | |||||||||||||||||||||||||||
79 | |||||||||||||||||||||||||||
80 | |||||||||||||||||||||||||||
81 | |||||||||||||||||||||||||||
82 | |||||||||||||||||||||||||||
83 | |||||||||||||||||||||||||||
84 | |||||||||||||||||||||||||||
85 | |||||||||||||||||||||||||||
86 | |||||||||||||||||||||||||||
87 | |||||||||||||||||||||||||||
88 | |||||||||||||||||||||||||||
89 | |||||||||||||||||||||||||||
90 | |||||||||||||||||||||||||||
91 | |||||||||||||||||||||||||||
92 | |||||||||||||||||||||||||||
93 | |||||||||||||||||||||||||||
94 | |||||||||||||||||||||||||||
95 | |||||||||||||||||||||||||||
96 | |||||||||||||||||||||||||||
97 | |||||||||||||||||||||||||||
98 | |||||||||||||||||||||||||||
99 | |||||||||||||||||||||||||||
100 |