Share this page!

paper trail media Profile picture
@paper_trail_m
Mar 31 16 tweets 6 min read Twitter logo Read on Twitter
The investigative team of the #VulkanFiles was able to identify several hundred Twitter accounts based on the clues in the documents. The investigation of @christo_buschek @flornrnd and Damian Leloup @lemondefr. A Thread.
The leads in the documents are often easy to miss. In one document, we found an Email address. It looks like many others, a first name, last name, a year. Next to it, we see a date.
A Twitter account with the same first name, last name, and year in its profile name tweets on that same date we saw in the documents.
Another example can be found in a screenshot in the documents. We see a profile picture – a young woman, legs crossed, plaid dress, green background, smiling into the camera. Image
Several other Twitter accounts also used the same profile picture. Duplicate profile pictures were a strong indicator for us to find further usage of the bot program. Image
More and more, we were able to map clusters of accounts. We linked accounts through shared hashtags or profile pictures, mutual followers, or links, which were tweeted. This allowed us to connect many disinformation campaigns with the #VulkanFiles. Image
For example, many accounts spread falsehoods about Hillary Clinton during the 2016 presidential campaign.
Several Tweets mention the downing of flight MH17. Several accounts shared multiple websites claiming that Russia had nothing to do with it and that these allegations are part of an “information war.”
Another campaign revolves around a former employee of the German Consulate in Ukraine. The bots shared a link pointing to a forged letter in which the employee urged stronger sanctions against Russia.
This letter was used as proof of an anti-Russian conspiracy. But it gets even weirder: The victory of @ConchitaWurst at the Eurovision Song Contest was presented as a response of the west to the annexation of Crimea.
Shortly after the Ukraine war escalated in 2022, several accounts were reactivated. They tweeted just one sentence:

Отличный руководитель #Putin #москва translated - great leader #Putin #Moscow. Image
derstandard.de/story/20001450…
lemonde.fr/en/pixels/arti…
theguardian.com/technology/202…
sueddeutsche.de/projekte/artik…
also with @DajanaKollig @Roman_Hoefner @nasablowski @Techjournalisto @manisha_bot

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with paper trail media

paper trail media Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @paper_trail_m

paper trail media Profile picture
Apr 2
In November 2019, an anonymous Twitter account called @m4lwatch posted some tweets. He says he found hacking software belonging to Sandworm - the hackers of the Russian secret service. And he draws a connection between Sandworm and NTC Vulkan - the company of the #VulkanFiles.
@m4lwatch writes about “Znatok”, a Russian name for someone who seems to know everything. "Znatok" is said to be used for cyber attacks. M4lwatch suspects that such targets could be people or embassies. Where he got this information from, he leaves open.
"Znatok" also appears in the #VulkanFiles - for example, a virtual computer is set up - a digital computer that does not need its own hardware. It is also called “Znatok”.
Read 6 tweets
paper trail media Profile picture
Apr 2
2019 setzt ein anonymer Twitter-Account namens @m4lwatch einige Tweets ab. Er habe eine Hacking-Software gefunden, die zu Sandworm gehört - den Hackern des russischen Geheimdienstes. Und er stellt eine Verbindung her zu NTC Vulkan – der Firma aus den #VulkanFiles.
@m4lwatch schreibt über “Znatok”, ein russischer Name für jemanden, der scheinbar alles weiß. "Znatok” soll für Cyberangriffe genutzt werden. M4lwatch vermutet, Ziele könnten Personen oder Botschaften sein. Woher er diese Informationen hat, lässt er offen.
Auch in den #VulkanFiles kommt “Znatok” vor - zum Beispiel wird ein virtueller Rechner eingerichtet – ein digitaler Computer also, der ohne eigene Hardware auskommt. Auch er wird “Znatok” genannt.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(