Two Russians, Denis Valeryevich Tyurin & Aleksandr Gennadyevich Starunskiy, have held senior roles in Moscow’s military intelligence service known as the GRU & have been identified as responsible for a #disinfo effort meant to reach American and Western audiences #osint #InfoOps
The three English websites that were singled out in the report were InfoRos[.]ru, Infobrics[.]org and OneWorld[.]press. A fourth site that targets a French audiences also appears to be linked ObservateurContinental[.]fr #disinfo #osint #InfoOps #infosec
The WHOIS information for Infobrics[.]org very clearly links it to the more commonly known Russian site InfoRos[.]ru, that has long been suspected to disperse state backed Russian propaganda. #disinfo #osint #InfoOps #infosec
We first cross-referenced those websites within our archive of over 700+ Twitter accounts that closely align with Kremlin interests. The core set we reversed engineered from the #Hamilton68 v1.0 set of Russian propaganda accounts first publicized by @gmfus and @SecureDemocracy
We got hits on two accounts, both suspended in the past year. @Shelaco and @alhakika #disinfo #osint #InfoOps #infosec
Here are a couple of past tweets from the suspended @shelaco account from Archive[.]org. The first of course attacking the #Whitehelmets in #Syria using the common line of Russian propaganda that they are really a covert terrorist organization.
I will also note whom the Twitter algorithm suggested someone following the new suspended @Shelaco should also follow ... without additional comment. #disinfo #osint #InfoOps #infosec
Its also interesting to note the images / memes these state-backed Russian propaganda websites use. Looking through Archives[.]org one can find some very unique images that aren't likely to have pentrated mainstream news sites. This #Russiagate image was a prime example #infoOps
Doing a reverse image search for this image turned up only a couple of dozen of websites where this image appears to have been used. This particular image turned out to be very interesting. #disinfo #osint #InfoOps #infosec
Here you see an example of this unique #Russiagate image being used on both a far-left fringe website imwithtulsi[.]info and a far-right fringe website dailystormer[.]su #disinfo #osint #InfoOps #infosec
Need to take a break for dinner and will post a few more interesting reverse image searches. Here are a couple more sets of rather obscure sites that come up for this specific #Russiagate image included an Iranian site.
Using the reverse Image search engine, tineye[.]com @TinEye the earliest use of this #Russiagate image by Russian media so far, appears to be at the Russian version of RT[.]com on October 08, 2017. The page notes the image was a Reuters photo. #disinfo #osint #InfoOps
The #Russiagate image was also found on an obscure Russian website called fair[.]ru on October 18, 2017. @Tineye found 18 total results & included Vecer[.]mk a Macedonian News site founded in 2004 and results for Italian and Bulgarian news sites #disinfo #osint #InfoOps
Besides RT[.]com the main organ of the state-backed Russian media network aimed at Americans, a few other mid-sized media sites consistently came up in the reverse image searches. These included theDuran[.]com, Sputniknews[.]com & blockchain based aggregator theworldnews[.]net
Why is this important u might ask considering these GRU linked sites are not well known or even well trafficked. The reason is a concept called "narrative laundering" which has been well documented by groups like @Graphika_NYC & @noUpside #infoOps #osint
Basically the GRU injects a narrative into the "news" mainstream by having a mid-sized site republish an article by a fictitious author or a GRU linked site & then quote them as the authoritative source. This cycles 2 larger & larger media outlets. Heres an example from Infobrics
I meant 2 share a little more about the @Shelaco account that was suspended earlier. We had profiled & analyzed this account many months ago prior 2 adding to our archive of Kremlin-aligned troll accounts & here are some of the results, top URLs tweeted & top hashtag usage #osint
This @shelaco accnt highlights another relatively new trick trolls have been using. And that is to at some point burn / obfuscate the papertrail by deleting the accnt & then quickly recreating using the same handle, thus changing the creation date & clearing all past activity
You can follow @SlickRockWeb.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:

By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.