According tomedia reports, in the investigation into the crash of the Ukrainian airline PS752, open-source intelligence helped uncover the truth, forcing Iranian officials to admit to mistakenly hitting the airliner. Here’s what the translation is: In the early hours of January 8, a video taken by netizens showed a faint light in the distance, like a rolled-up piece of paper, moving back and forth slowly toward the horizon. Ukraine International Airlines flight PS752 then crashed from the air, killing all 176 people on board.
At first, it appeared to be an accident, and engine failure was blamed for the accident until a video emerged of the plane appearing to catch fire when it crashed to the ground. U.S. officials immediately began an investigation, and more complicated information surfaced. The plane appears to have been hit by a missile, as confirmed in another video. The video shows the moment a missile slammed into the Boeing 737-800. As government military and intelligence officials conducted a covert investigation, a team of online investigators came to the mystery of flight PS752, using open source intelligence (OSINT) technology.
Your browser is temporarily unable to play this video.
OSINT plays a leading role in decoding major news events. In 2018, after the poisoning of sergei Skripal, a former Russian agent, Bellingcat, an open-source intelligence website and British civil-service investigative group, delved into military records and debunked the identities of agents assigned to kill.
And a few days after the crash of Ukrainian airline PS752 outside Tehran, Bellingcat publicly refuted speculation that an engine failure had caused the crash. In the end of January 10, Iranian officials admitted that the country had “mistakenly” shot down the plane.
So how did Bellingcat and others do it?
“You can think of OSINT as a mystery,” said Lorand Bodo, an analyst at OSINT. To get the full picture, you need to find the missing parts and stitch everything together. Bellingcat’s team and other open source investigators scrutinized the public lying material. With the popularity of smartphones, many people tend to pick up their phones immediately when they see any newsworthy event and upload the photos to social media, so videos and photos of events can often be found online.
In the crash, the man who filmed and uploaded a video of the missile hitting a Boeing plane was a good example: as soon as they heard “some kind of gun shot,” they grabbed their phones and filmed them.
“Essentially, open source intelligence involves gathering, preserving, validating, and analyzing publicly available evidence to restore the true face of events. Yvonne McDermott Rees, a lecturer at Swansea University, said.
Some of the videos from the event appeared on Telegram, the Middle East-popular encrypted messaging app, while others were transmitted directly to Bellingcat. “Because Bellingcat is known for our investigation into the MH17 crash, people immediately thought of us. People started sending us the links they found. Eliot Higgins, of Bellingcat, said: “It’s a spontaneous crowdsourcing act. “
OSINT investigators then used metadata to verify whether the videos were authentic, including EXIF data. EXIF data is automatically embedded in videos and photos, showing everything from the type of camera used to capture the image, the precise latitude and longitude of the location of the person being taken. They will also try to verify the identity of the person who filmed the video and whether they were able to show up where they claimed to have been at the time of the incident. However, for this instance, they cannot use EXIF data. “People share photos and videos on Telegram, but Telegram deletes their metadata, and then others find it and share it on Twitter.” Higgins said, “What we get is a second- or third-hand version of these pictures.” All we have to do is look at the picture clearly. Then they began to take the next step.
Your browser is temporarily unable to play this video.
They then study the video itself, trying to figure out where the video or photo was taken, the direction of the shooter’s station, and what happened in the video. This requires careful examination of every building, street sign and road seen in the video, and an attempt to map it to satellite imagery. Take, for example, a second video of the Iranian airliner incident, showing several buildings, identified by Bellingcat and news agency Newsy, as a residential area in Pahran, near Tehran’s airport. By mapping the location of the images, they were able to match the buildings and landmarks they saw in video frames to what they were looking at using tools such as Google Street View. In this case, a construction site, apartment building and streetlights helped – allowing them to identify the cameraman facing northeast.
Next, the investigators looked at what they heard and saw in the video. By identifying the time of the explosion, combined with some triangular geometry and known flight paths from open source flight trackers such as FlightRadar24, they can confirm that the aircraft in the video is PS752. When multiple videos are available, investigators try to cross-check them, synchronizing a critical moment in the video to corroborate each other.
Investigators then turned to other available images, this time after the crash.
Two pictures of the partial Tor M-1 missile appeared on social media, with some claiming it was taken at the crash site. However, the source of the photos has yet to be confirmed, and Bellingcat mentioned them in the summary of the incident, but did not say they were real. They also proved difficult to determine where they were taken because they were near-shot overlooking the photos. Instead, the Bellingcat team looked around the missile: debris scattered in a ditch surrounded by concrete slabs. The Bellingcat team looked at other images they believed were near the site of the incident to support the authenticity of the images.
They also carefully studied a 40-page technical document on the particular missile to find out how it broke when it hit its target and to see if it could match the shrapnel holes seen in some of the debris photos.
In an age of radical transparency, conflicting fake news, and video of incidents being exposed on social media, traditional methods of investigation of incidents are not considered credible at all. OSINT makes this clear and convinces the doubters that their conclusions are based on facts.
As our world becomes more complex, and conflicting claims and counterclaims mess up controversial events, OSINT and its practices will become even more important. The incident also illustrates this: although Iran initially denied that the airliner was shot down, the presence of videos and photographs, coupled with a near-paranoid investigation, meant that the Iranian government had to admit that the terrible accident had nothing to do with them.
“I think, especially in this case, and MH17, you’re going to see statements from different governments and agencies,” he said. “Iran says the plane was not shot down by a missile, while the United States and other countries say it was caused by a missile, ” Mr Higgins said. Open source information can now be used to determine which is more likely. In general, you’ll soon find that if there are two conflicting statements, if you study open source intelligence, one of them is the truth. “