What seems to be Russian trolls fabricated false media websites and even videos. We worked with two sites that emulate Sueddeutsche Zeitung. #osint 🧵 how the actors went about...
First, I have to give it to the trolls, the site looks stunningly similar to the real thing. Logos, webicons, the js., the CSS, the links to the real site, all neatly in place. 1)
A search for the domain, in this case ...eutsche.me or ..eutsche.online will link back to the real main page.
The top level domains are cheap GoDaddy domains, proxied via the US company #Cloudfare, to disguise the identity of the trolls... sneaky 👟
2)
Cloudfare is the company that maintained a contract with the people behind the imageboard 8chan (until they finally cut biz ties) where a manifesto was published before trror events and which is linked to massshootings in the US & the CC shootings in New Zealand
The biggy is probably instances of trackers. Those will redirect the user and monitor traffic and clicks. Its a consistent element in, what seems a more sophisticated troll disinformation campaign. The trackers connect for isntance to Russian service #Yandex (🦸♂️ @SedimentIV) 3)
As @LarsWienand & others reported, there are a variety of media sites imitated by domains that were faked. For SZ it was .me and .online. Other cheap top level domains incl .today .live ... some hosted on namecheap. A Pattern
Great story by Lars here: t-online.de/nachrichten/de…
5) How to spot the fake sites: Mainly via search engine and other #Google search operators. Non media domain related websites can be found by excluding domains or parts of them: "-site:suedd..." "-site:.de"
6). Finally to the imitated videos: The videopieces suggest they where produced with automation. The video snippets used are exactly 5 seconds long. The material make NO sense, suggesting their footage where scrape off a streaming platform & automatically added together....
The faked videos are about dissatisfaction with the government, since the russian invasion/agression war. But reverse image search of the video snippets show clearly instances months before the event.
Vid scene of politician Schäuble was from Oct 2021 7)
A scene of a demonstrator verbally attacking another minister was from January, 2022. The profiles who reposted the fake media links where cheap sock puppet or bots with easily IDable #ThisPersonDoesNotExist headshots... its is a poor attempt to spread it, with limited success 8)
Conclusion: The faking of media sites were somewhat well done. It was down to how easy the website infrastructure made it for the trolls. The video is a bad attempt to woo the crowds. All in all, it didnt convince. You can read the story here: sueddeutsche.de/politik/desinf…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
NEW🧵 Russian Spy Ships Project - Espionage at Sea 1/ research ships with armed soldiers syst spy on gas pipelines, datacables, wind farms, & military infrastructure in the Baltic & North Seas. This is revealed by our int. #investigation involving journalists from six countries
2/ October 2023: The containership #NewnewPolarBear crosses the #Balticconnector #Pipeline and slows down abruptly. Its anchor severely damages the pipeline.
2.2/ Just months earlier, the Russian seabed survey ship #Sibiryakov conducted suspicious maneuvers, at least once directly over the pipeline. Was it preparing for sabotage?
#OSINT #Espionage #NorthSea
🚨NEW: Russia bleeds tanks. We wanted to know how long Russia can hold out with the current losses, using heaps of old tanks from military bases. And used #AI to count & analyze fading tanks stocks. Visual investigation as @SZ_Investigativ together with @Se_Gier & @SZ visual team
We looked at the biggest military bases on land, abt 87, to understand why experts say that out of 5 tanks Russia sends to the UKR font 4 are used/refurbished. "86% of 1530 tanks delivered were refurbished tanks from storage". Michael Gjerstad,
@IISS_org. Stocks aren't bottomless
We trained the AI model a few bases to recognize armored vehicles/tanks/IFV, which needed crisp satellite images. Helped by @Picterra, we trained & improved the model, so we can run it on many bases to understand the shrinking stock of vehicle types
Howdy, fellow #OSINT #Journalist. I want to share with you my latest checklist for #OSINT #company investigations.
This way, you'll ensure you check all boxes when investigating... Links contain my go-to sources.... let's dive in (Version 1.0) - PDF at the end of 🧵
We start with a company name... First up, 1. Gain a general overview of what you are dealing with. Google dork the firm, use a corporate wiki, understand jurisdiction & company form -> then check with business registries, that might be responsible...
4. Check for leaked data on the company and owner/managers: If you are suspecting a shell company, check OCCRP and @ICIJ Offshore leaks. If personal company data, search for ransomware leaks or country specific DBs (e.g for Russia). A list of my favs ...
Wagner's operation in UA may have distracted the reporting, but the story continues, with it the expansion, possible atrocities, the hunt for minerals and the looting... funding the war in Ukraine
In mid-September 2022, 14 civilians of the Tuareg, a Berber ethnic minority, are allegedly killed by Wagner soldiers. Some 6km from a place called Nani, central Mali. Wagner was building a presence there, for months. Bodies are being shoved into a crater..
...the crater was created earlier when a soldier allegedly ran over it with his motorcycle, which then exploded. As a response, civilians were killed and stuffed in this crater...
The violent & disgraceful behavior by Wagner mirrors to details of the massacre analyzed by the UN
Reiche in Privatjets wollen vermeiden, dass man ihnen auf die Finger schaut. Bei einer monatelangen Datenrecherche zusammen mit dem NDR zu #Privatjet Flügen kam das auch heraus -
Ein🧵 dazu wie Reiche im wortwörtlichen Sinne unter dem Radar fliegen
Lang ist es nicht her, im Dezember erst, dass Elon Msk den Twitter Account von Jack Sweeney, die Person hinter einer Jet-Tracking-App von Msk Flugzeug, "geshadowbanned" hat.
Was wir in DE finden, spiegelt das Problem etwas. Vollständige PJ Flüge Datensätze bleiben rar...
000de€ kosten diese granularen Daten, wenn vollständig. Sie werden von Firmen gehortet. Hinzukommt: Daten werden nicht als klar "Privatjets" ausgewiesen. Dazu brauchten wir viel Zeit. Mit dem Chaos der schwammigen Klassifizierung kommen Fehler in der Berechnung der Emissionen
On August 26, 2022, a bomb hits the colorful playground of RES kids Paradise in Mekelle, Ethiopia. Frames of the climbing area, painted walls, iron stilts, it's all that remains. The attack showed what the warring parties, that fought a bloody war in Tigray, were capable of
A🧵
A woman, let's call her Ayana, worked 5km away, heard the sound of the explosions & saw a fighter jet fly away after the impact. She found the charred bodies of two dead children on site. One of the first videos showed more bodies ethiopiatigraywar.com/incident.php?i…
"Yes, I heard bombs & the sound of the jet & me as an aid worker & some of my co-workers gathered with their families at that place, at ResKidsParadise, where I saw that it was totally devastated & mothers were crying, looking for their children who were playing there", told me