Putting the intelligence back into OSINT
Ukraine is increasingly engaging the OSINT operational space by both encouraging use that supports their fight and seeking to deny information to their enemy. This is standard operating procedure for countries at war with all sides in both WW I and WW II producing dozens of posters on this topic.
Monday morning, this infographic (below) started making the rounds. It provides a path for direct open source intelligence flows to the Ukrainian government.
We strongly discourage anyone from “blindly” dropping into any digital resource via a random QR code they encounter. We note that the Ukrainian government has listed multiple methods on the graphic to verify the source.
Super frustratingly, our read (at the time we ran the test on Verisign) of www.ssu.gov.ua shows that it is NOT protected by DNSSEC. That seems really super problematic if you want people sending you OSINT raw data, especially given Russia’s cyberwarfare capabilities.
The Twitter account shown in the tweet above has similar pro-Ukrainian content to a multitude of other channels on the platform. Based on that, it’s not clear to what extent any information forwarded to that channel is fed into intelligence analysis work by the Ukrainian government. It may be that it’s getting dropped into a communications group looking for interesting content rather than a formal intelligence group. Regardless, creating any path for such information without protecting it is a bad idea.
On the flip side of that message, Ukraine also started pushing the following graphic and text out on multiple Telegram channels and other outlets:
TL;DR: Please stop feeding open-source intelligence systems data that assists the enemy.
Translated into English using Apple’s translation capabilities; it says:
Ukraine banned the use of DVRs
This was stated by Bogdan Senik, Head of the Public Relations Department of the Armed Forces of Ukraine. Prohibitions that apply to all regions of Ukraine:
▪️shooting of public roads;
▪️shooting of general-purpose facilities;
▪️shooting of infrastructure facilities;
▪️shooting of checkpoints;
▪️shooting the location or moving our military units.
The reason is the desire to avoid disclosure of information that can help the enemy learn about the movement and progress of the tasks of the defense forces.
This is an almost verbatim update of this US poster from WW II:
We do note that the timing of these messages seems to be related to various OSINT key resources directly challenging the casualty and destruction numbers posted by the Ukrainian government. There’s no way to know if the two are directly related and if Ukraine has grown tired of at least some of the OSINT actors out there, but that is a possibility.
Are they unhappy with the open-source intelligence movement or perhaps know they have suffered losses because of it, or is this just random uncorrelated events?
Image: Keep Mum - She's Not so Dumb! - Careless Talk Costs Lives. © IWM (Art.IWM PST 4095) IWM Non Commercial License
FIN