The Raven Report: 01 APR 23
Eyes in the Sky and Civilian Spies
Eyes in the Sky and Civilian Spies:
How Public Access OSINT is Changing Today’s Wars
The intent of this story is to hopefully make every one of you reading this, aware of these forms of threats and promote critical thought and discourse. It is not a new threat either, cartel spotters and informants have used a tactile version of this for decades. I’ve seen a variation of it fielded by the Islamic State in Iraq when they took the phones of dead Kurdish fighters and impersonated them online with the guidance of Turkish Intelligence hoping to gather intel back in 2018. It is ever-evolving, and anyone with an internet connection is capable of it. To counter it requires a vastly different method of thinking than how we typically address intelligence threats.
Let’s begin.
A man gets home from his day job and goes on Discord, where he visits, games, and talks with his friends from around the globe. They have all known each other since they were teenagers, and are concerned about the state of the Ukrainian Civil War. Russia has been training close to Ukraine for weeks, and a few friends of this Discord server have decided to gather enough information from Russian enlisted soldiers and officers to paint a picture of what’s happening and what the next steps are without the Russians, who will willingly give key parts of information, even realizing.
A few of the friends begin using VPNs in Russia and begin to geolocate locations of military bases, troop positions, and supply stockpiles, using photos posted by Russian Soldiers on VK, Instagram, Facebook and numerous forum websites. They then can pinpoint military positions using celestial, terrain, flight path, and structural surrounding information to narrow down the time, location, and angle of photos taken, as well as photos with ESIFdata posted on websites where ESIF data isn’t removed. To widen their net of information, they also use agricultural satellite information, which is updated weekly, and daily for certain providers, to obtain accurate up to date imagery of their areas of interest. However, this is just the basic logistics side.
They then begin using the aforementioned VPNs, as well as PC Android system emulators, to begin the next step of creating, for all intents and purposes, a person that, through the internet, is in every way a real person with such degrees of detail that they will fool even the most skeptical Russian servicemember. Two members of Discord begin replicating a Russian phone by mimicking Russian data services and geographical settings by altering programs built into Android software. They then write and test a program run through a location emulator used within the Android software to mimic a person’s movement and daily commute within towns near these Russian positions.
Two of these friends, who live in Eastern Europe and are familiar with the culture, fashion trends, and social demeanor, begin meeting with their third friend, who went abroad for school and is majoring in photography. They use the campus photo studio and take varying photos, selfies, and so forth in front of a neutral backdrop, with varying lighting intensities, hues, and angles. The photography major then takes these, and superimposes them onto photos of the towns they intend to emulate a person in via Adobe Photoshop and Lightroom.
The photos are then compressed and reformatted to the exact dimensions they would be on Samsung devices, and the ESIF data is changed to when and where they want it to reflect. After he is complete, the two models have twins in southeastern Russia. With these new resources, a few friends begin rebuilding old, and throw-away VK accounts under the aliases they want the avatars to be. Once everything appears organic, they download Tinder and VK onto the Android emulators and go hunting.
Months go by, Russian servicemembers have been contacted, and using the interrogation tactics originated by Hans Scharff , have become good friends to the avatars. Some have told of getting ready for an extensive training mission, which is new but not uncommon information for what has been relayed to the group by the young men who have spilled their lives to these avatars. On February 24th, 2022, at 6:00 AM, Moscow time, everyone was woken up by phone calls and told to get on a Discord call by friends in Eastern Europe. Russia had just invaded Ukraine. The group scrambles and estimates departure times indicated by the Russians catfished, with standard vehicle transport speeds, to estimate the rate of the Russian advance.
One of the friends, a web designer, asks everyone to get as many traffic camera sites as possible sent to a sub-thread and tests an HTTP coding shortcut possibly used by the original programmers. On many sites, he switches a 0 to a 1 on the URL and gains access. Each successfully entered camera is monitored by two people, and using a quick Google search, get a ROC-V manual, as well as an organically formed one generated by the group using the information they obtained in the months preceding today. Those who are friends with Ukranian servicemembers begin establishing contact with them, and in time, four Russian columns are spotted. Each team records and streams their screens, and again, by using Google, are able to figure out how to write SALUTE reports. Any vehicle count and identification missed in the live count is updated by the second member by going back to the first member's live stream. A second team begins receiving the time and direction of the columns and estimates the most plausible routes for each one. Those with contact to Ukranians update them on what they are doing.
Within a few hours, after all the cameras have been shot offline or knocked down and no more troops are visible, detailed SALUTE reports are compiled with a map showing estimated routes and anticipated timelines. They are put in a compressed ZIP file and sent to the Ukrainian contacts and Ukrainian officials, social media pages, news stations, commanders, and service branches. In 12 hours, hundreds of Russian command groups, medical, supply, transport, and armored vehicles are destroyed. An estimated 850-1,000 VDV infantry, army engineers, commanders, signalers, support troops, and ground infantry are killed in the columns identified by this group. The southern advance into Ukraine takes a major blow the day it begins. Within days, every Russian the group contacted through the alias is killed or captured.
This group of friends were not professional soldiers, they were not government agents, they were bored civilians concerned over friends they would likely never meet. In their everyday lives, they are cashiers, foremen, project managers, customer service reps, artists, and students. They were not trained except through search engines, social media, and human curiosity. They were not funded and did not have an organized schedule or specialized equipment. They were undisciplined, had no uniform regulations, and no physical fitness standards. Yet, they could garnish, allocate, identify, and forward information from the comfort of their homes in their free time, which resulted in the deaths of hundreds and crippled operations. This is not an isolated story. Hundreds of thousands of groups just like this one have assisted whatever military force of their fancy and provided invaluable, up-to-date intelligence. Intelligence that main body militaries would never get, and Tier-1 special forces might, just maybe, get if the mission is deemed important enough. They are an invaluable asset and a critical threat on the modern battlefield.
Conclusion
To end, I know some of you are saying in your heads that this won’t affect you because you never post about the military on social media, but it still does. Even when many of you are plainclothed in ‘civilian attire’ with a beard grown out or with your hair down, most of the armed forces are still easily identifiable by anyone who knows what to look for due to the social and cultural impact of being in the armed forces. Even Special forces in Syria, in new Land Cruiser 70 series pickups, despite being deemed ‘civilian vehicles,’ were always spotted by locals due to a lack of license plates and non-native passengers with medium fades, clean-shaven faces, and Oakley sunglasses. For those of you who went to Poland, I am positive at least one local told you they knew you were military when you went out on the weekends.
In the modern era, any information can be weaponized.
Book of the Week
With the growing presence and use of social media, we should all have an understanding on what it is capable of and the role it plays. Like War is a classic in this arena and should be on the shelf of every officer and senior NCO.
In Your Ears
The Hiring Board
These are the jobs that are currently open in Washington. Don’t let the opportunity pass you by! Visit this website for the most current openings.
Technician Jobs can be found HERE
