Discover and read the best of Twitter Threads about #osint

Most recents (24)

Today we are releasing a new investigation into an American airstrike that caused civilian casualties in Somalia.

With so much Trump impeachment news to keep up on, why should you spare a moment on 3 dead farmers in Somalia?

Give me a shot in this #thread to answer that.
First, the facts: on 18 March 2019, the US launched an airstrike against 3 men driving in a Toyota SUV on their way back to Mogadishu. Everyone agrees on that.

@USAfricaCommand says they killed 3 "terrorists."

We say they don't know who they killed.…
This word "terrorist" is important. After 18 years of war, it no longer means what you think it means.

The US isn't talking about operatives planning international attacks. AFRICOM told us they hit "lower level al-Shabaab" or "affiliates" ahead of a ground operation.
Read 17 tweets
I’m mentally processing that Tinder #OSINT post from @dutch_osintguy. Information possibly available is:
1. Photo (reverse image potential)
2. Name (alias discovery)
3. Age (false positive potential)
4. Occupation (location possibility)

Many points of iteration here to explore!
I spent some time exploring the page source; Tinder does a good job at buttoning up.
I’m going to write an #OSINT article on this thought bubble to expand it out a bit this week.
Read 3 tweets
JUST OUT: @Graphika_Inc has uncovered an active and prolific, but ultimately low-impact, cross-platform political spam network in Chinese boosting attacks on the #HongKongProtests.

For more on the network we're calling "Spamouflage Dragon", read here.…
@Graphika_Inc We call it "Spamouflage Dragon" because the network posted high volumes of spam around lower volumes of political content, presumably as camouflage against detection algorithms.

Like this YouTube account, mixing TikTok videos and politics.
@Graphika_Inc A lot of the assets it used appear to have been hijacked and repurposed, clumsily and hastily.

This YouTube channel, for example, had almost 800,000 views in total, but almost all of them came from episodes of "The Good Life", over two years ago.
Read 20 tweets
#BREAKING: Trump asked the President of Ukraine to investigate @Crowdstrike, a now publicly traded company $CRWD that 1st determined state-sponsored Russian hackers hacked the DNC. There is no server in Ukraine .. but that's beside the point #infosec
Here's our thread on @crowdstrike from 07-24-19 documenting the continued propaganda efforts coming from the Kremlin 2 smear & muddy the waters on something that has been fact 4 a number of yrs & confirmed in the Mueller report #infosec #osint #Hamilton68
This is a good breakdown of the Ukraine call with Zelensky and spells out numerous problematic sections #UkraineTranscript
Read 8 tweets
The nexts 5 tweets will show you how gets part of its data: from contact lists of people who upload this to app makers. Be prepared to read some not so flattering contact list entries #osint #investigating #patientzero #data
Our first person is Dutch and filed away a certain Vivienne as "asshole" in his/her contact list: (2/6)
Rather painful memories are kept alive with this entry "My Jerk Ex" (3/6)
Read 6 tweets
Many congratulations to @FBIPhoenix for taking on these Russian assets and fellow-travelers, including one Wikileaks lover who said he wanted “storm ICE buildings and detain all the workers” and others who taught workshops on armed conflict.

@MarkWarner warned us about them.
I do not know why @corey_lemley was described as a‘nonviolent’ protester in the article. He deleted all his Facebook pages because @FBIPhoenix are so rightly looking into him, but I think you’ll find the internet is forever.

Outraged tweets about @FBI < < < actual research
“Yes, I will pull my Zimmerman card,” said the so-called “nonviolent activist” @Corey_Lemley, “and you won’t be missed by anybody.”

In another tweet he says “I will keep promoting violence....”

Just possible that @FBIPhoenix might actually know what they are doing?
Read 7 tweets
I captured five days of tweets using #WestPapua & #FreeWestPapua tags after a crackdown by Indonesian forces against Papuans in Aug. What I found was a bot network spreading pro-govt propaganda.

Follow this thread for an #OSINT journey with a @Twitter network analysis
This is a representation of all of the twitter activity I captured. The dots are the nodes which are accounts. The lines between them are retweets, mentions or likes. I have used the open source visualiser @Gephi to illustrate this network & to conduct 'bot-spotting' 🤖
How does this help? With this visualisation we can spot irregularities. Just like a moth in a web, we notice this far-removed cluster of accounts over to the left, with a very unnatural network pattern. This thread will look at WHO they are, WHAT they do, and HOW they run.
Read 29 tweets
Today I'm happy to release a new dataset about prisons in the USA. With the help of the brilliant @natdatsol1, we joined Homeland Infrastructure Foundation-Level (HIFLD) shapefiles with open source satellite imagery. Link to the data at the end of this thread. Why did we do this?
@natdatsol1 A year ago I did a deep dive into the @WorthRises dataset of corporations which profit from the prison-industrial complex. My goal was to find and boycott corporations which exploit prison labor. You can read the Twitter thread with my analysis here:
@natdatsol1 @WorthRises The TL;DR is that the exploitation of prison labor is both ubiquitous and opaque. This year, @WorthRises published an updated dataset of corporations ( and, in their methodology section, included this note:
Read 14 tweets
An investigation by @BBCArabic has uncovered evidence of war crimes committed in #Idlib province, Syria

Local activists hold Russia responsible

@BBCArabic In this rebel-held town in northern #Syria, an aerial attack on a street market of Maarat al-Numan on July 22 killed 39 people

Two separate airstrikes hit the same civilian target #Idlib
@BBCArabic This is known as a double tap - when an initial airstrike is followed by a second attack by the same plane to kill civilians and medics trying to help the injured

As foreign secretary in 2016, Boris Johnson called the use of "double-tap" as "unquestionably a war crime"
Read 17 tweets
1) Odessa is the latest horror, and we're streaming the tweets. This is the FIFTH mass shooting we've captured. It's so common we are setting up a permanent watch.
2) @TRACterrorism is a longtime user of our system, first for tracking ISIS, and now #DomesticTerrorism.
@TRACterrorism 3) @RVAwonk has taken the lead on disinformation, but she also pays close attention to the violence, too.
Read 15 tweets

On all cool #OSINT techniques & tools I come across over the rest of my life.

That's what happened when you get bored on a Saturday afternoon after trying to understand some advanced image forensics.

Also aiming to make this the longest thread in @Twitter history.
@Twitter Re image forensics, let's begin with #photogrammetry.

Here is a brilliant article by @Sector035, explaining how to measure the distance between an object in a photo and the camera that took the photo.

@OsintCurious is a great resource by the way!…
This is a @Twitter thread I'll build over time.

One tweet a day.

That's how I plan to beat the world's record of the longest thread.
Read 5 tweets
Best known experts on Pakistan Army @iamthedrifter exposes @OfficialDGISPR's Propaganda machinery - how top students from Universities in every city are recruited, brainwashed at early age into believing theres no future without PA & anyone who questions is RAW Agent & Traitor.
Heres how Pakistani Disinformation campaign was launched against India at the height of India-Pak conflict recently with a special focus on #Kashmir. Almost all of the handles mentioned in our report are still actively engaged in propaganda even now.

Heres how in an extensive tracking operation @GreatGameIndia busted a Pakistani propaganda unit peddling #fakenews under cover of #OSINT under guidance of retired Pakistani Generals directed by British and Israeli Generals headquartered in London.…
Read 5 tweets
A little while back I came across something strange and shared it with some friends...

I went back and forth with @2xwide_dreaming and it kind of went on the back burner. With this latest Grassley revelation #carterheavyindustries we came across something 10x weirder...
@CarrollQuigley1 @Avery1776 Not sure if you guys have ever stumbled upon this but it gets pretty weird and deserves a proper look. The fact this wasn't identified in the investigation is bonkers...
So the 1st thing that I thought and still think is weird is this 👇👇👇
Read 48 tweets
[#OSINT] Getting started on MultiFind v1.2 this week. Adding a bunch of suggestions thus far from the first BETA. We'll be opening up another BETA sign up for v1.2. We'll be looking for 200+ testers for more advanced features. If you signed up for v1, you'll already be included.
[#OSINT] The MultiFind v1.2 BETA sign up is now active. If you were on the v1 BETA, you're already included in the second iteration. If you haven't signed up yet, head to to sign up, test a new tool, and provide feedback and suggestions. Thank you!
[#OSINT] If you sign up for the MultiFind v1.2 BETA, you'll receive v1 in the interim before v1.2 is finished being developed. Then, I'll update you with the download link for v1.2 when it's ready!
Read 3 tweets
A brief thread on the need for rigor and responsibility in the tools, methods, analysis, and presentation of #OSINT research, particularly if being posted publicly, even more so on Twitter since giving full context is even harder than written pieces. 1/
OSINT tools can be a double edged sword: same tools I use to verify identities are regularly used for doxxing; the same trails of breadcrumbs could assist a stalker or other bad actor, not to mention their potential analytic value. Use responsibly. 2/
Methodology is also important; this is a science, so we need a null hypothesis (this account is totally who they say they are, and that’s their Twitter behavior). The focus is not on proving your theory, it’s finding enough evidence that you can confidently reject the null. 3/
Read 12 tweets
[#OSINT] Okay everyone, sign ups for the MultiFind BETA are now available. First, read this article for a brief introduction to v1 of MultiFind, it includes a video and a few words. At the bottom you’ll find a link to sign up for the BETA!
Remember only the first 100 subscribers will receive access to the first BETA test!
Read 3 tweets

49 Twitter #OSINT Tools Thread 👇🏻🔎🔥

1. Advanced Twitter Search (Custom Options)
2. Twitter Location Search (Enter GPS)… #Twitter

3. Twitter Time Search (Enter Dates and Keyword) since:2012-01-01 until:2012-01-02
4. Topsy (Occasional Deleted Posts)
5. All My Tweets (Entire Archive)
#osint #Twitter

6. MentionMapp (Closest Friends)
7. First Tweet (Display Date Joining Twitter)
8. First Tweet (Display the first Tweet of many ReTweets)
#osint #Twitter
Read 14 tweets

📧 22 #OSINT Email Tools List 🔎

1. VoilaNorbert (Email Assumptions Tool)
2. FindAnyEmail (Email Assumptions Tool with Validation)

3. Email Assumption Doc (Guesses Email by Username)…
4. Email Assumption Doc (Guesses Email by Name)…
#osint #email

5. Reverse Genie (Meta Search)
6. Whoismind (Reverse Email to Websites)
7. ThatsThem (Reverse Email Lookup)…
#osint #email
Read 9 tweets
1) Who radicalized Cesar Sayoc? His plea for leniency today points the finger straight at Sean Hannity, but there is another name that no one bothered to identify except me.
2) First, some bona fides. I used @RiskIQ during the pursuit, I preserved evidence in an admissible fashion using @Hunchly, and I'm dropping it now because Sayoc's public defender just said he wasn't interested.
@RiskIQ @hunchly 3) Let's head off a Boston Marathon style mob chasing the wrong guy. The responsible party is a gym goer in the Pacific Northwest, near Sayoc's age. And to my eye, he is also a probable steroid user.
Read 20 tweets
#OSINT THREAD: Heightened IRIN readiness! As of 20/07/2019, the IRIN has deployed warships to patrol the Persian Gulf & Gulf of Oman. These include 2x British built Alvand-class Frigates, 1x Iranian built Mowj-class frigate, and 1x British built Ol-class replenishment ship. 1/4
It's strange that the 33,000 ton IRIS Kharg (Ol-class) replenishment ship is missing. This ship is usually only deployed for very long range deployments and port calls, for example to East Asia or the Mediterranean. Unclear why it is missing from its mooring spot. 2/4
As of 20/07/2019, Alvand-class frigates IRIS Alvand (71) and IRIS Sabalan (73), as well as Mowj-class frigate IRIS Sahand are missing from their usual berths. Mowj-class vessel IRIS Jamaran (73) remains in its berth - white helipad just visible. 3/4
Read 7 tweets
Ok #OSINT folks! If you would like to get @sowdust 's Searchbook extension working on Chrome so you can use @Hunchly here is how: 1/n
Download the extension from their Github repo here:…
Unzip the sucker and then open manifest.json in your favourite editor. Completely replace the "application" section as shown and then save the file.
Read 8 tweets

On June 3, 2019, there was a massacre on the streets of Sudan’s capital, Khartoum.

This is the story of that massacre, told through the phone cameras of those who kept filming, even as they came under live fire.

#BBCAfricaEye has analysed more than 300 videos from Khartoum on 3 June.

Using these videos, we can bring you a shocking, street-level view of the violence that was inflicted on protesters that morning and the 1st direct testimony from men who say they took part in this attack.
A quick note on the background to these events:

In April, Sudan's former President Omar al-Bashir was toppled by months of mass demonstrations.

Since then, protesters had been staging a peaceful, round-the-clock sit-in along Buri road, close to military HQ.
Read 43 tweets
#Thread 1/n

Mme @LaetitiaAvia

En tant que collectif de citoyens luttant contre la violence jihadiste en ligne depuis janvier 2015, nous tenons à vous alerter sur un cas emblématique de #hoax monté par des #identitaires pour pousser à la haine anti-#musulmans.

@LaetitiaAvia 2/n

Vous ne nous connaissez probablement pas mais pouvez vous renseigner sur notre engagement et notre sérieux, p.ex. auprès de @MurielDomenach ou consulter la page Wikipedia :…

Nous sommes spécialisés dans la veille sur les RS et l'analyse de profils.
@LaetitiaAvia @MurielDomenach 3/n

Cette affaire de #hoax #identitaire a été dévoilée par @KersimonIsa dans un fil détaillé :

Tout a été vérifié et recoupé de notre côté en trouvant d'autres éléments confirmant son analyse.

Ce #fake a généré des centaines de commentaires haineux.
Read 18 tweets
Ch.. ch.. changes in the internet graveyard are now visible with this tool… That’s ... big! #osint This will greatly help you to research the past.
Now Ch.. Ch.. Changes in is beta, as you can see here. The words "About" "TrumpU" "Trump Blog"
"TrumpU Podcast"
"Discussion"are shown as changes here, but they were already there (2/3)…
It also misses some changes, as shown here. So @MarkGraham , why is this happening. Don't read me wrong: so happy with your initiative (3/3)
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!