2. Open Source Investigation
LET’S START WITH A STORY
In 17 July 2014, during the Russian military intervention in Ukraine, Malaysia Airlines Flight 17 (MH17) from Amsterdam to Kuala Lumpur was shot down while flying over eastern Ukraine. All 283 passengers and 15 crewmembers were killed.
Who did it? The Russian military claimed that the Ukrainians had shot down MH17. The Ukrainian side claimed that the Russians had shot it down. Some said that MH17 might have been shot down in error by Ukrainian separatists. And some said it was not possible to find out what happened.
Newspapers’ front pages on 18 July 2014.
A group of British investigative journalists in a collective known as Bellingcat decided to try to find out what really happened. All they had available to them was information they could find on the Internet: videos, photos, social media posts, satellite images, and geolocation tools.
Bellingcat succeeded in finding out which missile launcher had been used to shoot down MH17 and which military unit had been responsible, with names and photos.
The technique Bellingcat used to accomplish that is called open source investigation. This method uses information that is available to everyone on the Internet. And since it is available to everyone, you can try these techniques out for your own research.
Here is a list of open source investigation techniques, tools and hints that can be useful for:
FINDING OUT WHAT HAPPENED
CROWDSOURCING
As simple as it may seem, the most powerful tool in the Internet age is crowdsourcing.
Talk to people. Ask people on social media for information. They might have seen what happened, and might give you a valuable hint for further investigation. Please keep in mind that you cannot simply rely on that information – you still need to verify it. There are open source investigation tools for verification, and these will be introduced below.
SEARCH ENGINE ADVANCED SEARCH
The easiest way to find needed information is to use search engines like Google, Bing, or Yandex.
Google is the biggest and most advanced one. Bing is one of the alternatives when searching for information about Western countries. Yandex is useful when searching for information about Russia, Belarus, Kazakhstan, Turkey, Ukraine.
The results you can find using search engines can be more general or more specific, depending on how you use it.
There are tips and trick to make your search more advanced, to help you find the information you are searching for.
These tips and tricks will be introduced in chapter 4. Using Google Advanced Search.
WAYBACK MACHINE
Sometimes it may happen that you are not able to find a web page even if you know it exists. Unlike printed texts, information that is on websites can be changed or deleted at any time. The Wayback Machine is a digital archive of Internet web pages that allows the user to go “back in time” and see what websites looked like in the past. This is useful if a web page has changed, moved, or disappeared.
SOCIAL MEDIA POSTS, PHOTOS AND VIDEOS
When something remarkable happens, people usually notice it and share posts, photos and videos about it on social media. These posts, photos and videos can help you find out what happened.
Here are some tools for social media research.
FOR FACEBOOK
Graph.tips/beta is a search for Facebook profiles. You can use it to search posts/people/places/photos/videos by date and location.
And finally, use your common sense. Ask yourself if the story is really plausible. If you have doubts, if the story makes you angry or seems sensational, check before you share.
FOR SNAPCHAT
Snap Map is a searchable map of geotagged snaps.
FOR TWITTER
Twitter advanced search helps you search tweets by date, keywords, etc.
FOR YOUTUBE
The YouTube Geo Search Tool helps you search for videos by date and location.
From time to time, social media companies change their polices, and that might cause third-party tools to periodically fail to work. If that happens, please check Bellingcat’s Online Investigation Toolkit for alternative open source tools.
VERIFYING PHOTOS AND VIDEOS
Crowdsourcing and social media investigation can give you valuable information on what happened. Unfortunately, this information can also be not completely reliable. That’s why it is very important always to verify the findings.
Posted photos and videos might be genuine, but they also might not. The photos might be taken somewhere else or in some other time, or digitally altered.
Here are tools for finding out if the photo is genuine or not.
REVERSE IMAGE SEARCH
Reverse image search is one of the easiest open source investigating techniques.
You can use Google image search, Bing image search or Yandex image search to finds similar images on internet. Using this can help you to find out if the photo is authentic or altered, and can give you hints about where and when the photo was taken.
To learn more about reverse image search, please see chapter 3. Using Reverse Image Search.
FORENSICALLY
Forensically is a set of free tools for digital image forensics. It includes clone detection, error level analysis, metadata extraction and more.
The magnifier allows you to see small hidden details in an image. The clone detector highlights similar regions within an image to find out if the picture has been manipulated using the clone tool. Error Level Analysis compares the original image to a recompressed version to make manipulated regions stand out. Metadata tool displays the hidden metadata in the image, if there is any.
The GeoTags tool shows the GPS location where the image was taken, if it is stored in the image.
FOTOFORENSICS
FotoForensics is a simple image forensics tool. You can either paste the image URL or upload the photo, select the analyzers on the left, and see the results. The FotoForensic web page also contains tutorials in case you need extra help.
IMAGE VERIFICATION ASSISTANT
The Image Verification Assistant helps you analyze photos to find out if the images have been altered, and to find where and when the photo was taken, if such information is stored in the image. It also has a built-in Google reverse image search tool that allows you to find similar images on the Internet.
Please keep in mind that analyzing images is a complex task, and there is no one-button solution that will tell you if a picture is real or digitally altered. Photo forensics tools can help to bring out the details that the human eye may not be able to identify, but you cannot use them to make the decision for you.
VERIFYING LOCATION AND TIME
Some photos contain metadata and a GPS location, which gives you hints regarding where and when the photo was taken.
This photo’s metadata contains a GPS Date stamp that gives us the date when the photo was taken, and GPS Latitude/Longitude that gives us the location where the photo was taken. Please keep in mind that metadata can be removed or altered, so always double check.
If the photo does not contain any metadata, use reverse image search tools to find similar images on the Internet. That can give you a hint as to where the photo was taken, or if the photo has been altered.
Pay attention to the details. Are there any easily recognizable landmarks? Are there any signs in a specific language? What do the car license plates look like? These details can give you a hint as to where the photo was taken.
If reverse image search does not give you any useful results, select a detail on the photo, crop the image, and search only for the specific detail.
The same method can be used if you are investigating a video instead of a photo. Take screen shots of the frames that contain recognizable details, and use these as photos for reverse image search.
To learn about how to do this, please go to the chapter How to find out where a video was filmed.
And most importantly, always double-check your findings with other tools, such as geolocation tools (Google Maps and Google Earth).
GOOGLE MAPS AND GOOGLE EARTH
Google Maps and Google Earth are Google’s mapping services that offer satellite imagery, street maps, streetview and other useful functions. These functions come in handy if you need to verify where the photo was taken or the video filmed.
The street view function helps you find the same specific details you found on the photo.
The Google Earth historical imagery functions allow you to see how the same place looked in the past – a useful tool if you need to find out when the photo was taken.
To learn more about how to use Google Maps and Google Earth, please see chapters 5. Locating Where a Video Was Filmed.
There are may other interesting and useful open source investigation tools available. More available tools are listed here. Give them a try!