With the bounty of raw video and photo files available from the January 6th Capitol terror attack, participants can potentially be identified using the video taken by someone else. Or, more specifically, by identifying who is recording the video.
A thread!
1/9
Every cellphone uses a sensor to convert a visible image (or video) into digital data that is processed to create the final media file. These sensors—and the digital signal they create—are imperfect (because physics). But every sensor is *uniquely imperfect*.
2/9
These imperfections result in digital “noise” in the data. Videos taken by one cellphone can be analyzed to extract a sort of “fingerprint” of the digital noise inherent in that cellphone’s imperfect image sensor. That fingerprint persists, even in videos taken weeks apart.
3/9
If an analyst has physical access to the cellphone thought to have recorded a video, a new video can be taken, and its noise fingerprint compared to the video under investigation. If the fingerprints match, you’ve identified the source camera.
It gets more interesting…
4/9
There are even analysis techniques that can extract a “partial” noise fingerprint from a still image, and identify a match between a still photograph and a video—even if the original media was uploaded to a social media and compressed. Why is this so relevant?
5/9
Let’s say “John Q. MAGA” live streamed his exploits to DLive. He’s wearing a mask, so you can’t identify him.
Let’s also say that “John Smith” is on YouTube, where he used the same cell to record an (unmasked) video of himself.
Reviewing testosterone supplements, probably.
6/9
Now, you don’t know if “John Q. MAGA” is actually “John Smith” by sight—he’s wearing a balaclava, after all. But multimedia forensics can extract the sensor noise fingerprint of the two videos, and if it was the same phone, those fingerprints will match. Boom: unmasked MAGA.
7/9
There are many papers detailing various approaches that multimedia forensics experts use to link source videos across social media platforms using the sensor noise fingerprint. Here’s one:
The money quote from that paper: “its effectiveness has been proved to link Facebook images to YouTube videos…”
I just wanted folks to be aware that, just because a cellphone camera operator hides their face in their criminal selfie videos, there are ways to identify them.
9/9
PS: to tie it back to the first tweet in that thread…
If you can use sensor noise to identify a person recording *someone else committing a crime*, you’ve just opened up a new avenue of investigation; one that can place the videographer alongside the subject of the video.
P.P.S.: remember that Parler gave verified status to anyone who sent a photo of their drivers license?
How do you think they took that photo?
Using their cellphone camera.
Which adds that unique sensor noise fingerprint.
So, yeah…there’s a lot of data available to the FBI.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
If I was a former Twitter employee, I’d be furious. Access has been described as “complete” and “unfettered.” Combined with the screenshot, it leads me to believe that non-employees were given a complete “compliance export” of Twitter’s private Slack Enterprise Grid workspace.
If true, it’s likely in violation of California’s tough privacy laws. Yes, even internal corporate chats would be covered once they’re shared outside the corporation, like Twitter’s current leadership appears to have done here.
Ex-tweeps: call your lawyers. You’re under attack.
Parler getting kicked off AWS is really wild. Don’t get me wrong, AWS has the absolute right to do it, but the fact that they ARE doing it is mostly unheard of.
For sure, the act *itself* makes Parler toxic to every other cloud computing provider with infrastructure in the U.S.
Google Cloud Platform and Microsoft’s Azure certainly won’t touch them with a ten foot pole. And as much as Parler admins claim they developed the site to avoid vendor lock-in, that’s probably the most expensive way to host on AWS, and is almost certainly not true in real life.
And they have, what, a day to move the site? There’s probably enough data alone to make that impossible, even with Mercer Money. Unless they’ve been backing up offsite to external media (highly doubtful), they likely won’t be able to get all their data out in time.
Twitter told @verge: “If a government account, like @POTUS, was used to evade @realDonaldTrump’s ban, Twitter said that it would remove the content associated with this behavior and try to remove Trump’s access to this account.”
Protesters are now **inside** the Capitol Building. Senate hearings are suspended.
These MAGA terrorists are now brawling with police inside the U.S. Capitol Building, and trying to get through to the interior chambers.
Doors to the Senate have been locked, Pence and Grassley were whisked away to a secure location, remaining senators instructed to stay away from the doors and remain silent.
New York Times reporter @jennymedina liveblogs, “Georgia election officials have suggested we may not know final numbers until midday tomorrow,” which is true.
But it looks like we’ll know tonight if we won the Senate.
You’d think that Trump’s own DOJ would be shouting from the rooftops about “Hunter’s hard drive” if it was found to be legitimate after a digital forensics analysis. But they’re not.
One thing we do know: the FBI was investigating if it’s a Russian disinformation campaign.
The repair shop owner said the computer (an an external hard drive that appears to have been purchased by the shop after the laptop was allegedly dropped off) was given to the FBI for a grand jury investigation in December 2019.
Also in December 2019: NSA Chief O’Brien told Trump that he believed Giuliani was being targeted by a Russian disinformation campaign in an effort to influence the 2020 election by discrediting Joe Biden.