Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: […] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure — and the weight of public evidence — compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane “in error.” So how do they do it? “You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together,” says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. “Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened,” says Yvonne McDermott Rees, a lecturer at Swansea University.
Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. “Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they’d found,” says Eliot Higgins of Bellingcat. “It was involuntary crowdsourcing.” OSINT investigators then utilise metadata, including EXIF data — which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing — to validify that the footage is legitimate. They’ll also try and identify who took the footage, and whether it’s practical for them to have been where they claim to have been at the time. However, for this instance, they couldn’t use EXIF data. “People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter,” says Higgins. “We were really getting a second-hand or third-hand version of these images. All we have to go on is what’s visible in the photograph.” So instead they moved onto the next step.
Read more of this story at Slashdot.