Win McNamee / Staff / Getty / Coda Story

The dark side of open source intelligence

Internet sleuths have used publicly available data to help track down last week’s Washington D.C. rioters. But what happens when the wrong people are identified?

In May, a video of a woman flouting a national Covid-19 mask mandate went viral on social media in Singapore. In the clip, the bare-faced woman argues with passersby outside of a grocery store, defending herself as “a sovereign” and therefore exempt from the law. 

Following her arrest later that day, internet detectives took matters into their own hands to ensure that justice was served. They soon identified the woman as the CEO of a digital security firm. Within hours, social media users had posted her personal information and the names and photographs of her employees. 

The only problem was, they got the wrong person. Internet sleuths mistook the woman for business executive Tuhina Singh, but two days after the incident, she was identified at a court appearance as Paramjeet Kaur, a physiotherapist. The damage had already been done: false accusations against Singh had prompted a torrent of racist and xenophobic comments online.

The easy availability of information on the internet has made open source intelligence — OSINT — a valuable tool for researchers and ordinary web users. Collaborative group research, and the subsequent shaming of individuals, uses publicly available data gathered across social media platforms, including facial recognition, IP addresses, satellite imagery, news media and online public records. Around the world, OSINT, which dates back to World War II but gained momentum after the 9/11 attacks in 2001, has been used to spot burned villages in Myanmar, reveal Russian bombings of hospitals in Syria, profile surveillance hubs operated by U.S. law enforcement and even to locate internationally wanted animal abusers

The recent attack on the U.S. congress has mobilized internet users to track down insurrectionists, with the encouragement of law enforcement. The FBI and police departments around the country have called on the public to help identify some of the suspects. Two days after the violent mob stormed the capitol, Twitter users, utilizing OSINT, identified two men armed with zip ties and other plastic restraints. Eric Gavelek Munchel and Larry Rendell Brock were subsequently arrested by the FBI.

While the use of open source intelligence has been praised by law enforcement and investigative journalists for its crime-solving efficiency, public data can be dangerous when used in haste on social media. The speed that makes OSINT so effective as an investigative tool can also make its use more susceptible to blunders and bias. From terrorist attacks to protests and mass shootings, open source intelligence has led to inaccurate vigilante-style justice and the doxxing of innocent individuals.

Last week’s siege in Washington D.C. has already seen one person misidentified as a capitol rioter. Internet trolls accused David Quintavalle, a retired firefighter from Chicago, of hurling a fire extinguisher at a police officer, who was killed in the violence. 

The search began when researchers at Bellingcat, a news organization that uses open-source records to investigate crimes, called on the public to help identify the man who attacked Officer Brian Sicknick. As social media users examined publicly available photographs and video footage, one Twitter user took a screenshot of the man in a video and enhanced the picture for clarity. The image was shared over 40,000 times and in the resulting investigation, Quintavalle was mistakenly identified. He received phone calls from strangers calling him a murderer and, according to his lawyer, Chicago police were forced to post a patrol car outside his home for protection. On the day of the siege, Quintavalle had been celebrating his wife’s birthday in Chicago.

Surveillance experts say the use of OSINT can complicate official efforts to identify suspected criminals. “It creates this awkward dynamic where media is paralleling investigative efforts and becoming part, in a way, of the policing effort,” said Albert Fox Cahn, the founder and executive director of the Surveillance Technology Oversight Project in New York. 

In addition to the media, OSINT is used by national security agencies, law enforcement and business analysts. And the industry is booming. The global open source intelligence market, already sizable at an estimated $3,980 million in 2020, is projected to reach $5,720 million by 2026. 

Political bias

The aftermath of the capitol riots isn’t the first time social media investigators in the U.S. have missed the mark when pointing out offenders in the wake of violence.

In 2017, after a violent, far-right rally in Charlottesville, Virginia, internet detectives quickly mobilized to track down the white supremacists who attended. One Twitter user placed a photograph of a man at the rally carrying a tiki torch next to a headshot of someone with a similar build and facial features. Within hours, Kyle Quinn, a professor of engineering at the University of Arkansas, was being publicly shamed. More than 11,000 people retweeted the image. Some sent death threats, published his home address and demanded that he be fired from his job. Quinn, it turned out, was over 1,000 miles away in Arkansas on the day of the rally. 

In another instance, three years prior, the hacking group Anonymous wrongly named two St. Louis police officers as responsible for the fatal shooting of Michael Brown.

“In a country with so many centuries of lynching, where so many have been killed by angry mobs for the color of their skin or for their religion, I am deeply nervous about seeing anything that calls to that same instinct of the crowd taking the law into its own hands,” said Fox Cahn.

Researchers argue that open source intelligence can develop into a conflict between ideologies. “A lot of this data has become a weapon in a political battle,” said Dave Maas, senior investigative researcher for the Electronic Frontier Foundation. 

Maas cited examples of people who previously chose not to post online photographs of Black Lives Matter protesters, but who are now in favor of publishing pictures of those engaged in last week’s capitol riots. 

“I think that kind of illustrates that this is very political, and that people have different viewpoints about what’s appropriate when they’re talking about their own community versus their opposition’s community,” he said.

As the FBI works to identify hundreds of D.C. rioters, part of their strategy reportedly relies on the use of facial recognition software — known to misidentify Black faces at rates five to 10 times higher than white ones. The bureau is also using artificial intelligence provided by Clearview, a facial recognition software company, whose software has been accused of racial bias

David O’Brien, assistant research director for privacy and security at Harvard’s Berkman Klein Center for Internet & Society, says that in the week since the insurrection he has seen instances of social media users suddenly advocating the use of facial recognition software “just in this circumstance.” 

“It’s hard because I can completely sympathize and empathize with the people who feel like if there were ever an appropriate moment to use it, maybe this is it,” he said.

O’Brien highlighted the example of one of the most notorious cases of an OSINT error: the 2013 Boston Marathon bombings. The day after two homemade pressure cooker bombs were detonated near the finish line, killing three civilians and injuring an estimated 264 others, a Reddit user created a subreddit to identify those responsible for the attack. 

By the next day, more than 3,000 people had joined the thread. After hours of speculation, users falsely accused Sunil Tripathi, a student at Brown University, among others, of being involved in the bombings. One week later, Tripathi’s body was found in a river near Providence, R.I. He died by suicide a month before the attack.

“The consequences of this are huge,” said O’Brien. “Because you can have this moment, and it’s almost like a mob mentality, where people feel really strongly that they have identified the person or the individuals who might be responsible for something. And this sort of takes on a life of its own. It snowballs.”

Media outlets quickly picked up on the Redditors’ search efforts for the Boston bombers and two men were incorrectly named as suspects sought by authorities. A photograph of the pair ran on the front page of the New York Post, eventually leading to a defamation lawsuit

O’Brien said the embrace by social media users of OSINT is often at odds with careful fact-checking. “There is a difference in providing tips directly to law enforcement to handle the investigation themselves and letting it play out on social media,” he added. 

In another egregious example of open source misidentification, a tech journalist living in Canada was twice falsely linked to terrorist attacks in France. In 2015, Veerender Jubbal was bombarded on social media after he was wrongly named as the perpetrator of a series of attacks in Paris that killed 130 people. Jubbal, a Sikh man who wears a turban, had previously posted a selfie on Twitter. Someone doctored the image to show him holding a Quran and wearing a suicide vest. The Spanish newspaper La Razón published a headshot of Jubbal on its front page naming him as one of the terrorists. He had never even been to Paris.

The next year, Jubbal found the doctored selfie in circulation again after a terrorist attack in Nice, southern France, where a truck was driven through crowds celebrating Bastille Day. Eighty-six people were killed and 458 wounded in the outrage. Jubbal was once again falsely accused online of committing a crime in a country he had never visited. He received death threats and people “tweeted the worst possible racial slurs.” 

“I became hesitant to leave the house alone,” Jubbal told The Guardian

“We really are at a point of such heightened tensions, that it’s incredibly dangerous to take part in these sorts of investigations,” said Fox Cahn. “It’s a very powerful tool, but it’s also a tool that can do tremendous harm.” 

The story you just read is a small piece of a complex and an ever-changing storyline that Coda covers relentlessly and with singular focus. But we can’t do it without your help. Show your support for journalism that stays on the story by becoming a member today. Coda Story is a 501(c)3 U.S. non-profit. Your contribution to Coda Story is tax deductible.

Support Coda

Rachel Sherman

Rachel Sherman is a reporter with Coda Story. Her work has appeared in The Lily at the Washington Post, Teen Vogue, Food & Wine, Sojourners, and The Bronx Times. She's an alumna of the Craig Newmark Graduate School of Journalism at CUNY.