Geolocating Dissent: Decoding Social Media Signals Amidst Russias Political Storm



Validating and Geolocating Information is a vital part of the OSINT toolkit.

The Status:

If you’re a fan of open source intelligence one of the first things you probably realized was that it’s a vast field, with many different types of specialties. We have people who specialize in identifying vehicles, or aircraft along with people who are able to translate and interpret troop movements via social media. There’s an army of geopolitics fans on social media who specialize in various military's or countries. It’s a vast field and as such, it can be quite common to have to interpret these sources that might often lay outside your typical field of experience.

In our opinion on of the most interesting facets to this field, can be the geo location and identification of media from various sources. While this can be used in a government role targeting things like human trafficking and dark web activity one extremely common use of this tool is to identify and analyse posts on social media. While the reasons for doing so can be varied one good example of seeing the effectiveness of this was after MH17 was downed. It was open source intelligence that was able to track the launcher in the aftermath of the attack, the broadcast of which proved effective in dissipating the barrage of disinformation about the attack that followed.

We’ve seen this be used to great effect over the years, with even things like time verification being done by tracking things like sun position and shadows. It’s a reminder of the power of social media being able to post a picture and have it identified by someone who may have never even been to the location.

With that said today we’re going to hone our own geo location skills a little by sorting through some of the social media posts over the last 48 hours in regards to activities within Russia. It’ll be a walk through so you’ll be able to get a feel for how it all works without having to attempt anything too difficult.

The Tweet:

Let's take a look at our tweet of interest. Apparently this is taken in Rostov on Don, and it shows interactions between the locals and Wagner members. It’d be nice to validate the location of this so lets see what we can find. It’s a reasonably short clip so we shouldn’t need to take too long doing an analysis. Watch the clip before scrolling down to see what you can observe before we unpack it.

Our Tweet of interest. Source: Twitter

At First Glance:

On first impressions things look consistent. The language is region appropriate and the time appears consistent with what we’d initially expect to see. However we can do a bit better than that because the clip reveals quite a bit of useful information to us if we look behind the scenes and take in everything else within the frame. It’s quite a simple one all things considered but it’s still a good example of how this type of thing can work.

Looking Closer:

We can see right away in the middle of the clip that we have street signs visible within the frame. There is also some form of signage on the building to the left, how ever we probably won’t be able to use that for identification at this point.

We can also see Tram tracks and electrical lines within the clip. This means we have a public transport precinct running through the area that can help us with our task, as it should be quite distinctive within an area as well as on public record somewhere.

However as the clip pans around at the 22 second mark, we see a Cafe in the back ground.

Geolocation requires analyzing what we see outside the “main event” and relying on investigative skills to confirm. Source: Twitter

What’s obscured in one frame may be very clear in others. Say hello to the Avocado Queen. Source Twitter

Almost There:

While the name is mostly obscured at 22 seconds, by the time we nearly hit the end of the clip at 37 seconds it’s quite visible and we see a complete name. Avocado Queen Restaurant and Bar. Lets hit Google and see what we can find

We’re getting closer. Google listing for our Bar.

By the end of our first search we have a solid candidate. It also looks like we’ve found a great bar, with a 4.4 star rating! Hopefully the coffee is good.

However we are diligent open source investigators which means we aren’t quite done yet as we need to crosscheck our candidate location with the video footage we’re trying to locate. We do this so we can confirm we are looking at the right location. Lets move to Google Earth so we can do this.

Our Candidate is looking great! Source: Google Earth

While our first view shows some discrepancies between the twitter clip and our still shot’s we can still be confident we’re in the right area. Despite the bar sign being different, we see the street signs as matching our clip. It’s an older shot, but we can work with it.

Over the Shoulder view shows us our tram lines and tracks. Source: Google Earth

Looking over the shoulder, we get confirmation of our clip as we can see our tram tracks and electrical lines running through the shot, right where we’d expect them to be. Therefore we can say in this instance with extreme confidence that our video was taken at: 62 Budonnovskiy Prospekt Rostov-on-Don Rostov Oblast

Other Considerations

While this was a fun exercise it’s important to consider a few things in regards to what we’ve just done.

Firstly this was quite a basic exercise. This is due to the fact that we were only looking to identify the location, not confirm date time and other relevant factors. Should we need to do so with other pictures then we now need to look at geo spatial and weather data as well as considering things like exifdata and the like as well. While this doesn’t preclude geolocation of something it does add an additional layer of complexity which you may need to factor in to your plans. Lastly when you’re conducting these types of investigations it’s worth considering your work station and flow, as having access to larger and multiple monitors can assist you in cropping, viewing and processing map data and conducting searches to identify your location. While it’s by no means essential, having the right tools and setup can assist you on your learning path making information easier to process en mass.

More Challenges

If you enjoyed this tutorial and you’d like to do some more then you’re in luck.

Firstly you can receive random geolocation challenges by following our twitter. Once a fortnight or so we will tweet out random pictures as an osint challenge. You’ll also get good results by searching #osintchallenge on twitter as other accounts will regularly do the same.

If you’d like to get a little more serious then tryhack me has OSINT modules that are free for beginners. Sign up for try hack me via this link to receive a sign up bonus as a thank you.

Lastly Amazon Prime has their annual Prime Day event scheduled for the 11th of July and we’re in on the fun! We’ll be tweeting out Prime Day specials on SDR dongles, Raspberry Pi Boards and other useful pieces to help you on your open source journey so keep an eye out on our twitter or telegram for the latest updates and to stay involved.

Comments

ad social bar

Popular posts from this blog

What The Tech?! Mobile Telephones

From Good to Bad: Exploring the Impact of Reputations on Online Trust.