ISRAEL AT WAROpen season for open source intel: Gaza war opens OSINT floodgates
ISRAEL AT WAR
Open season for open source intel: Gaza war opens OSINT floodgates
Analysts working on their own behalf are attracting tremendous attention these days on social networks, and have become, in the eyes of many, relevant intelligence sources regarding what is happening in the war in Gaza. When untrained web surfers are seen as experts, the search for the truth becomes more complicated than ever before
On October 17 at 11:17 p.m., an X user named GeoConfirmed published a thread in which he analyzed the explosion that occurred hours earlier at Al-Ahli Hospital in Gaza City. He began with an unequivocal statement: "A missile launched by Palestinian groups exploded in the air and one of the parts fell on the hospital", to which he attached the reference points: 31.504822, 34.46169, as well as videos and photos of the Gaza sky at the time of the incident. Colored squares were placed on some of the photographs that indicated points that the user wanted to highlight, on one of the photographs it was estimated that it was a specific building, and on another, the size of the crater created by the explosion was measured.
Oliver Alexander, an intelligence expert from open sources who works with the Washington Post and the British Telegraph, had a different conclusion. "The video on the lower right was taken by a camera in Bat Yam (34.739322, 32.020230)," he posted, using the exact same videos shared by GeoConfirmed. "It shows both the initial explosion immediately after the rocket barrage at the time stamp: 18:59:22, after which the Tamir (Iron Dome) interceptor missile was launched at 18:59:24, and the explosion at the hospital at 18:59:44."
In a long thread that he published five days after the explosion, an eternity in social networks, Alexander explained to his hundreds of thousands of followers how any photographic or video documentation presented until then does not prove with certainty who hit the medical facility, and clarified that there is no evidence that confirms the claim that the IDF did or did not shell the hospital. A few days later, GeoConfirmed—a volunteer group that also deals with open intelligence information—deleted from X the thread it published on the subject, and even added a link to Alexander's thread on its website.
The use of intelligence from open sources, known as OSINT (Open Source Intelligence) is not new, but the Internet revolution and the popularity of social networks have made it a hobby even for people without relevant training - something that makes the search for the truth more complicated than before. These people, more or less professionals, collect and cross-reference satellite images, photos, and videos from social networks, blogs, and other open sources of information. Using tools developed for data analysis, academics, volunteers, journalists, and activists decipher movements of forces, confirm or refute narratives, and sometimes even report cases that were previously unknown to the public.
The invasion of Ukraine is considered a major landmark in the field of open intelligence. So, while the mainstream media was not publishing anything, "OSINT detectives" were reporting on the movement of Russian troops through satellite imagery analysis. Since then, the OSINT community has grown significantly. The surge in its activity, following the activity of analysts who do not at all contribute to the investigation of the truth, also affects countries. In the first days of the invasion of Ukraine, Google disabled its real-time mapping services after they were reportedly used to track the movements of the military and civilians seeking shelter. At the time it was reported that Google did this at the request of the Ukrainian authorities. A similar case occurred this month when the Home Front Command asked Google and Waze to disable the display of road traffic in their map services.
Analysts on their own behalf have become such a widespread, decentralized, and anonymous phenomenon that in January of last year the University of Berkeley, in cooperation with the United Nations, published a document known as the "Berkeley Protocol". The document is intended to offer basic methodologies and principles, legal, and ethical standards for open source investigations, in the hope that these can later be used as evidence and reliable sources in international legal proceedings, including with regard to war crimes.
The principles include, among other things, basic rules of journalistic work, including responsibility, transparency, and objectivity. Analysts are expected to document all stages of their investigation and to be able to explain each stage of data collection and analysis so that these processes can be clearly communicated when testifying in court. The protocol also states that open-source researchers must adhere to ethical rules in conducting their work, avoid discriminating between the objects of their research, and make it accessible to the general public. They must include mechanisms for reporting errors and correcting them, as well as a variety of points of view alongside recognition of the limitations of their capabilities and analysis.
"There is a problem verifying information"
When the IDF spokesman publishes videos concerning the attack on Israel on October 7 or the explosion in the hospital in Gaza, few around the world believe him. The IDF, after all, is a party to the war. On the other hand, the work that OSINT personnel do on their own behalf is perceived by surfers as independent and objective. These analysts are attracting tremendous attention these days on social networks, when the X, Facebook, and Telegram accounts they manage have become, in the eyes of many, more relevant, available, and accessible sources of intelligence than official spokespersons or the establishment media.
The battle of versions about the explosion at the Al-Ahli Hospital illustrates this: although many were concerned with the way The New York Times, the BBC, and CNN covered the event, analysts on social networks quickly mediated the story to the public. It didn't happen by accident. An Oxford University study from June found that only 48% of Americans consume news through traditional media channels, while the rest turn to social networks. Those who turn to the networks testify that they get the information from network influencers, celebrities, and others, and not from journalists. In the Arab world, more than 60% use social networks and instant messaging applications to receive information and news.
"The main problem is verifying the information and making sure it is reliable, professional and not biased," says Dr. Nimrod Kozlovski, a cyber expert and lecturer at Tel Aviv University. "Many people are currently looking for sources to use their capabilities on, taking the raw data and running various deep analysis tools on it. We know that there are very good analysis tools in these things, which can analyze in terms of heat and density certain changes and show architectural changes. Alongside this, there are a lot of textual analysis and big data analyses. That's how endless sources emerged for which we have no prior knowledge about their reliability, their working method, and even their identity."
Against this background, the work of non-profit organizations such as Bellingcat, an investigative body that has been operating for almost a decade and specializes in fact-checking and open-source intelligence, has become valuable and a source relied on by the media in covering the war zones. Bellingcat earned its reputation when, in 2014, it was the first to prove that Malaysia Airlines flight MH17 was shot down by a Russian anti-aircraft unit, using only satellite and cell phone images. On October 20, it published an analysis of videos taken by Hamas members in the kibbutzim Kerem Shalom and Sufa, and distributed by the rescue forces in Israel. The long investigation conducted by the investigative body was intended to confirm what many Israelis took for granted - the reliability of the videos. The analysis was seen by millions of people and thousands shared it, perhaps illustrating to the world the horrors that took place in the Gaza Strip.
Not all data analysis seems equally important, but impressions can be deceiving. Last week, Bellingcat published on its X page the findings of the investigation it conducted regarding one of Taylor Swift's bodyguards, an Israeli named Eran. According to reports online, following the outbreak of the war, he returned to Israel to enlist in the reserves. However, X's fact-checking mechanism, which is known as Community Notes and uses the wisdom of the crowd to add context to posts, claims that he was not part of the popular singer's security team at all.
At Bellingcat they examined videos that recorded Swift's performances in the last 17 months and made it clear that he was indeed part of the singer's security team. Despite the results of the investigation, the comment that he was not part of the security team was not removed from X, and was even attached to a Post about him on the official X account of the State of Israel. The incorrect comment was deleted and Reposted twice, and according to Bellingcat more than 1.4 million users were exposed to it. This may seem marginal, but trust in institutions and their statements on public platforms is fragile. What is built over time can be destroyed in an instant.
