Open-source intelligence is a challenge to state monopolies on information | #cybersecurity | #cyberattack | #cybersecurity | #infosecurity | #hacker

IN 1960 JOHN KENNEDY, the Democratic candidate for the American presidency, accused the incumbent Republican administration of having allowed a “missile gap” to open up between America and the Soviet Union. The idea seemed plausible. The Soviet Union’s success in launching the first satellite, Sputnik, on a rocket which could double as an intercontinental ballistic missile (ICBM) had naturally led to speculation that it was far ahead of America in the deployment of such weapons.

Plausible, but wrong. Soviet ICBMs could be counted on the fingers of one hand. But although, by the final days of the campaign, President Dwight Eisenhower had strong evidence of this from the CORONA spy-satellite programme, he could make no mention of it. The ability to spot ICBM sites from space was so precious that it was worth risking the White House to keep it secret.

What was then world-historic is now the stuff of student projects—albeit an exceptional project for an exceptional student. When rumours of new Chinese ICBM launch sites fluttered through Washington, DC, earlier this year, Decker Eveleth applied himself to the problem. His resources were easily sourced satellite pictures; common sense, which told him the silos would be on flat land far from American radars in Japan and South Korea; and a degree of stick-with-it-ness sufficient to the challenge of systematically examining all the empty plains of western China.

Having slogged all across Inner Mongolia without luck, he hit gold in neighbouring Gansu. There, in the Gobi desert, he could see 120 missile silos under construction, the largest such effort mounted anywhere on Earth since the end of the cold war. A month later Matt Korda, a 26-year-old researcher at the Federation of American Scientists, an NGO, discovered the same telltale grid pattern in a secluded part of Xinjiang.

Mr Eveleth first dabbled in the interpretation of satellite data two years ago, when he was a sophomore in college. “A class had some very boring readings,” he says, “so I opened Google Earth.” That led him to Geo4Nonpro, a crowdsourced project which let budding hobbyists and seasoned experts collaborate to annotate satellite pictures of everything from uranium mines in India to chemical-weapon facilities in Syria. “It’s fun,” says Mr Eveleth. “There’s a happy feeling you get when you look at a site and think: I’m the first person to know what that is.”

Geo4Nonpro was run by the James Martin Centre for Nonproliferation Studies (CNS), a part of the Middlebury Institute for International Studies at Monterey, California. The CNS is a leader in gathering and analysing open-source intelligence (OSINT). It has pulled off some dramatic coups with satellite pictures, including on one occasion actually catching the launch of a North Korean missile in an image (pictured above) provided by Planet, a company in San Francisco.

Satellite data, though, is only one of the resources feeding a veritable boom in non-state OSINT. There are websites which track all sorts of useful goings-on, including the routes taken by aircraft and ships. There are vast searchable databases. Terabytes of footage from phones are uploaded to social-media sites every day, much of it handily tagged. “On their phone people have the same quality information I used to have to go into a secure facility for,” says Bruce Klingner, who worked as an analyst for the CIA and the Pentagon’s Defence Intelligence Agency for 20 years. “It’s just really kind of mind-boggling.”

And it is not just the data. There are also tools and techniques for working with them—3D modelling packages, for example, which let you work out what sort of object might be throwing the shadow you see in a picture. And there are social media and institutional settings that let this be done collaboratively. Eclectic expertise and experience can easily be leveraged with less-well-versed enthusiasm and curiosity in the service of projects which link academics, activists, journalists and people who mix the attributes of all three groups. The intelligence world is thus being democratised, a development which is challenging governments, reshaping diplomacy and chipping away at the very idea of secrecy.

An archaeology of knowledge

When Eliot Higgins began analysing YouTube footage of weapons used in the Syrian civil war in the early 2010s it was seen as a “weird amateur hobby”, he says. But he saw their potential. In 2014 Mr Higgins founded Bellingcat, a collective of researchers, investigators and “citizen-journalists” funded by a range of charities which now has 18 full-time employees. In its first year it cut its teeth on an investigation into the shooting down of a Malaysia Airlines flight, MH17, over eastern Ukraine.

Local people had posted videos of a Russian missile launcher moving through the area. Mr Higgins and a band of volunteers roamed Google Earth to identify various trees, road bends and buildings visible in those videos so that they could say exactly where it had been when. [email protected], an anonymous blogger, identified a specific field as the likely launch site. Photographs taken later showed the same launcher back in Russia—and missing one missile.

When a Ukraine International Airlines flight, PS752, crashed outside Tehran on January 8th 2020, five days after America had assassinated a leading Iranian general, Bellingcat was on the case again. So were the members of a channel on Slack, an instant-messaging and collaboration tool, called “Arms Control Wonk Podcast”: the podcast in question was founded by Jeffrey Lewis of CNS. The channel’s 1,000-strong membership bats around thoughts on everything from missile tests to the spread of covid-19, says Paddy Kerley, an Irish cyber-security professional who enjoys scrutinising North Korean nuclear facilities in his spare time. Others have equally esoteric interests. “There’s one guy reverse engineering a Sidewinder [missile] that he bought parts of on eBay—you know, normal things normal people do.” Membership costs $5 a month, $3 for students.

Photographs taken at the PS752 crash site showed the mangled parts of a rocket and damage that seemed consistent with a missile attack. Wary of misinformation, the Bellingcat team ran a search for previous uses of the same images. It came up blank, suggesting the photos were new.

A video posted anonymously to Telegram, an encrypted messaging service, showed a light streaking into the sky, a flash and a boom just prior to the crash. A series of nondescript apartment blocks and a construction site were visible in the foreground. The Slack team divided into groups to pan through freely available satellite images of Tehran looking for the same pattern. They lighted on a spot in a suburb to the west of Imam Khomeini International Airport (see illustration).

Locating that spot gave the analysts a bearing. The 11 seconds between the flash in the sky and the sound of the explosion provided a distance. According to FlightRadar24, a website which displays the transponder signals of aircraft, the location thus calculated sat on the flight path of PS752. It had been downed by a surface-to-air missile launched from nearby.

The next day Canada’s prime minister, Justin Trudeau, said that “intelligence from multiple sources” showed that the plane had been brought down by Iran’s own air defences. Such accusations were “psychological warfare against Iran”, thundered an Iranian spokesman. But the evidence of what had actually happened continued to accumulate, thanks both to government briefings (the sorry chain of events had been captured by American spy satellites; the mobile-phone conversations of panicked revolutionary guards had been intercepted) and to the people using OSINT techniques. On January 11th Hassan Rouhani, Iran’s president, publicly acknowledged that a “disastrous mistake” had been made.

As in the case of MH17, the OSINT efforts were not the last word. But on both occasions the open availability of evidence gathered from diverse sources and analysed independently was incriminating in a way that parti-pris pronouncements from intelligence agencies would not have been on their own.

The order of things

In reacting to events such as the downing of aircraft, the OSINT community typically relies on data that are already out there. For other projects it acquires new data it expects to have use for—often from space. The capabilities that CORONA provided in the 1960s are now handily outstripped by a bevy of commercial satellite operators (see chart). Planet has been launching cameras on tiny “cubesats” since 2013 and now has a constellation of about 150 with which it aims to photograph all of the Earth’s land surface every day. Its cheaper images have a resolution of three metres per pixel, picking out objects the size of a car; its sharper ones are 50cm per pixel, showing more detail. Companies like Maxar, a maker of bigger American satellites, and Airbus, a European aerospace giant, provide higher-resolution images.

When, in the 1990s, the American government sought to encourage the development of such ventures, it imagined controls over the high-resolution stuff. That policy foundered when companies elsewhere began to sell high-resolution images on the open market; better that American companies be able to compete than that they go under. Though “shutter control” by the American government remains possible, the law it rests on is not used. Subtler suasion may be at play, though. Dr Lewis has the impression that some at the Pentagon have been less than pleased with some of the images published by his team; when the government is a big customer, such anger could matter to the revenue of the companies involved.

The government is a big customer because the commercial images provide a useful supplement to its classified in-house capabilities. They also provide a rhetorical resource: pictures bought commercially can be used publicly without revealing anything about classified capabilities. “We are providing a particular role in society that most open countries, including the United States, net benefit from,” says Will Marshall, the CEO of Planet. “It might occasionally expose something inconvenient for them, but that’s the new state of the world.”

You can look

If government is the biggest consumer, though, Dr Lewis may be the keenest. He and his colleagues have used data from Planet, Maxar, Airbus and others to analyse missile programmes in China, Iran, North Korea, Russia, Saudi Arabia and other countries. The evidence base they have built to further their work on non-proliferation has earned them an impressive reputation for unearthing missile launchers, rocket factories and nuclear plants.

“Overhead” imagery, as it is known, is not magic; it needs interpretation, and that means knowing what you are looking for. A haunting lesson comes from a second-world-war reconnaissance mission. In 1944 a plane sent to photograph a chemicals plant in northern Poland which the allies planned to bomb turned its cameras on early and captured images of a large industrial complex nearby. It was only three decades later that Dino Brugioni and Robert Poirier, a pair of CIA analysts working in their spare time, pointed out that those early frames were the first aerial images ever taken of the Auschwitz-Birkenau concentration camps.

Further flights took pictures of the roof vents where Zyklon-B crystals were inserted into the gas chambers; of long, snaking lines of prisoners; of smoke billowing from the pits behind Birkenau’s crematorium. None were recognised for what they were. “There simply was no historical or intelligence precedence [sic] for genocide on such a scale,” wrote Mr Brugioni in an essay in 1983. “Most World War II interpreters I have spoken to found the concept unbelievable, unimaginable, and completely incongruous.” Other intelligence officers had more sense of what was going on; but they did not know about the photos, and the interpreters did not know to ask them.

Today’s OSINT community does not suffer from such compartmentalisation, and it has sources on the ground from which it can learn more about structures seen from the sky. In 2017 reports of “counter-extremism” and “political education” camps built by China to detain Uyghur and other Muslim minorities in Xinjiang, a western province, began circulating in local and foreign media outlets. The Australian Strategic Policy Institute (ASPI), a think-tank, gathered this evidence in a single database, supplemented it with photographs shared on Chinese social media and started looking at satellite images for structures which fitted the bill. They identified 28.

China unwittingly made adding to the tally easy. In August 2018 journalists at BuzzFeed News noticed that Baidu Maps, a Chinese app, was systematically blotting out some places in Xinjiang. A number of the blots covered camps found by ASPI. Searching Baidu Maps for the easy-to-see blots and then looking at uncensored satellite data of the same spots revealed a gulag archipelago of several hundred more camps, most of them previously unknown.

Had China built such a machinery of repression three decades ago, stories from inmates and their relatives would doubtless have trickled out. America would have seen the facilities involved with its spy satellites, had it looked, and might have vouched for their existence. But the digital record furnishes evidence that is publicly accessible and visually compelling; nothing has done more to make the oppression of the Uyghurs international news.

Ever better hardware for phones, a technological trend which can be relied on, means ever better hardware for satellites. Planet’s cubesats are now far more capable than those it launched in 2013. Other companies are pioneering new forms of satellite observation. Capella, Ice-Eye, Umbra and Xpress-SAR are radar-satellite startups offering “synthetic aperture” technology which can take detailed pictures of surface features even through clouds, foliage and, sometimes, thin roofs. (It can also provide entirely unexpected insights. In 2018 Harel Dan, an analyst at a company in Israel, showed that the powerful radars used by American Patriot missile batteries interfered with the operations of a European radar satellite, Sentinel-1, thereby revealing hitherto unknown air-defence sites.)

Hyperspectral sensors, capable of making fine distinctions in the analysis of light beyond the visible blue, green and red bands, reveal things as diverse as wakes in turbid water, the health of crops or the difference between new and old paintwork. They may also show things which, wavelength-restricted as their own eyes are, human interpreters have yet to imagine. It is in part to guard against missing such things that satellite images are increasingly fed into machine-learning software which will see patterns humans might not pick out, or even think to look for.

This is not all being done for the benefit of spooks and their civilian OSINT counterparts. Seeing the world in detail and watching it change over time has all sorts of applications for agriculture, for investors, for commodity companies, for environmental monitoring of corporate activities and more. But OSINT is a happy fellow traveller.

But you better not touch

The infovorous energy and ecumenical spirit of online OSINT are not unprecedented. The men and women who staffed the Foreign Broadcast Information Service, America’s wartime proto-OSINT organisation, were “the greatest collection of individualists, international rolling stones, and slightly batty geniuses ever gathered together in one organisation”, remarked a journalist who visited their Washington office in 1943, a “unique combination of newspapermen and PhDs” consumed by “casual kidding in 17 foreign languages [and] the feeling that something big may come over at any minute”.

The same buzz is now replicated in online chats and Slack channels. To locate a tent from a scrap of road marker glimpsed through a gap in the canvas wins kudos. What other high jinks can compare with using Denis Rodman, a basketball player, to measure the size of an H-bomb? Photographs of Mr Rodman standing with Kim Jong Un allow a reliable estimate of the North Korean dictator’s height (it would be foolish to trust official statistics on such a matter). From Mr Kim’s height you can estimate the size of his head; from that you can get the size of nuclear weapons with which he has posed.

The techniques of OSINT are not only applicable in closed states and war zones. In 1978 William Arkin, who had until recently been an intelligence analyst tracking Soviet nuclear forces in East Germany for the American army, tried to work out where their NATO equivalents in the West were. He found what seemed to be telltale terms used in unclassified descriptions of some military units and found the addresses of the bases they were stationed at. In the antediluvian days before Google Earth he travelled round Germany looking at the sites thus identified. They turned out all to have a distinct double-fence security set-up and identical guard towers, measures which confirmed the presence of something particularly dangerous and worth protecting.

When Mr Arkin’s findings were published in 1981 America accused him of having used classified information from his army days. To avoid criminal charges he had to prove the information was all in the public domain. In a new book, “Restricted Data”, Alex Wellerstein, a historian at the Stevens Institute of Technology, describes the proceedings: “A colonel shouted the names of bases, and Arkin would then display the tangled web of documents proving that each base contained nuclear weapons.” As they ran through base after base, the colonel “slumped deeper and deeper into his seat”. Mr Arkin walked free.

Some may sympathise with the colonel. If OSINT makes keeping military secrets harder it may give comfort to enemies. “We often get complaints from professional photo interpreters, that they don’t like seeing their method described so explicitly in public”, says Dr Lewis, “because they think it might help the adversary.”

Many of his colleagues are acutely aware of these risks. Melissa Hanham of Stanford University says that when her OSINT work led her to a theory of why North Korea’s submarine-launched ballistic missiles were failing she decided that it would be wrong to publish it, lest it help the missileers. She is working with various OSINT organisations to develop a code of conduct for open-source researchers faced with such ethical quandaries.

The room for improvement that can be revealed by OSINT is not just in dictatorships. In early 2018 Nathan Ruser, then a student and now an analyst at ASPI, got interested in the data made publicly available by Strava, an app that allows users to log exercise routines. It showed joggers looping around New York’s Central Park, cyclists streaming down Shanghai’s Bund and swimmers thronging Bondi Beach. It also showed lonelier fitness regimes being pursued in various hotspots around the world, thus revealing what turned out to be CIA bases in Somalia and Djibouti and a Patriot missile battery in Yemen. Was this embarrassing? Yes. Is it likely to lead to better security in future? Again, yes.

If security services can benefit from OSINT, can they also use it to their own ends? When Bellingcat identified the two Russian agents who had poisoned Sergei Skripal, a Russian spy living in the English city of Salisbury, the Kremlin was apoplectic. “Bellingcat is closely connected with the intelligence services,” fumed Sergei Lavrov, the country’s foreign minister, “which uses it to channel information intended to influence public opinion.”

If such accusations were to stick, the organisation would be weakened. It is to give the lie to them that Bellingcat meticulously documents the databases it draws on, the methods it uses and the crosschecks by which it validates things. To plant a falsehood that passed muster would mean starting a paper trail years before: not impossible, but hard to do on the fly. And hard to get away with, too, in an open community full of frenemies eager to probe each other’s conclusions.

Why didn’t you tell the world?

The most general challenge posed by OSINT is the weakening of a certain sort of state power. Dr Wellerstein argues that treating secrecy as simply denying people information misses something crucial. “It’s about the control of the information. It’s about the ability to dole it out as you see fit to get your ends…and governments have always known this.” Dr Lewis was originally attracted to OSINT in the early 2000s by his frustration during the run-up to the Iraq war. He felt that civil society had no way to check dubious claims being made on the basis of intelligence released through choreographed public statements and secret briefings to news organisations. Now, to an increasing extent, it does.

In undermining state monopolies on intelligence, OSINT is increasingly capable of challenging the narratives states promulgate. The CNS and other OSINT groups, for example, have consistently provided a sense of North Korea’s nuclear abilities more realistic than that offered by recent American administrations, which repeatedly claimed they would not allow North Korea to develop capabilities which, judging by the OSINT evidence, it already had.

If revealing inconvenient truths undermines policies based on ignoring the facts, though, it is not necessarily a road to peace. A country given a bloody nose in a border skirmish might be less inclined to back down if its citizens are shown evidence of its failure. Secrecy enables face-saving, and thus de-escalation.

Consider the resolution of the Cuba crisis in 1962. The removal of Soviet nuclear weapons from the island was achieved through a deal which also saw America remove its Jupiter missiles from Turkey. This quid pro quo was kept secret for decades; Kennedy even lied about it to former presidents. “Any other course”, his aides later wrote, “would have had explosive and destructive effects on the security of the United States and its allies.” Secrecy enables malfeasance, perhaps, but it can also serve as a lubricant. In an age of OSINT the withdrawal of the Jupiters would quickly have become common knowledge.

But would the quid pro quo have been necessary at all in such an age? Cuba was a crisis because the missiles were already there when America first became aware of the situation. Today, one imagines, it would have been on the ball a lot earlier. And if, for some reason, it had missed what was under its nose, driven, chatty and motivated satellite-data wonks would have delighted in telling the government, the press or Twitter what was what. A reduced capacity for subterfuge may, in some cases, be a genuine loss. A lessened risk of strategic surprise is a real benefit.

This article appeared in the Briefing section of the print edition under the headline “Trainspotting, with nukes”

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.