Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source The Internet Technology IT

How Digital Sleuths Unravelled the Mystery of Iran's Plane Crash (wired.co.uk) 172

Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: [...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.

Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.

This discussion has been archived. No new comments can be posted.

How Digital Sleuths Unravelled the Mystery of Iran's Plane Crash

Comments Filter:
  • by Anonymous Coward on Tuesday January 14, 2020 @03:51PM (#59620890)
    I'm sure the passengers had enough time to fire up their phones and record the trip to the ground. Granted the landing was pretty violent and some may have been destroyed, but certainly some were flung far enough at those velocities that they could be recovered. The people in the plane likely disintegrated on impact, but SD cards are compact and rigid and easily may have survived the detonation.
    • I'm sure the passengers had enough time to fire up their phones and record the trip to the ground

      Probably so, I'll bet you can find some on Ebay, whatever the locals got before the government came in and destroyed any remaining evidence before bulldozing the site [metro.co.uk].

    • by Cylix ( 55374 )

      Or you can watch the video of the missile hitting the plane.

      That works too.

    • Re: (Score:2, Insightful)

      I'm sure the passengers had enough time to fire up their phones and record the trip to the ground. Granted the landing was pretty violent and some may have been destroyed, but certainly some were flung far enough at those velocities that they could be recovered. The people in the plane likely disintegrated on impact, but SD cards are compact and rigid and easily may have survived the detonation.

      Posting to correct a down mod. Yes the logical place to look for eye witness accounts regardless of how tragic, is on the memory chips of any surviving digital devices. If the Iranians are not forth coming about examining that data then shame on them. If we do not accept that perhaps the efforts of Iran at transparency may be legitimate on this particular tragedy then shame on us. However the results however are then only sold to Rupert Murdock and Fox News then double the shame on US.

    • I'm sure the passengers had enough time to fire up their phones and record the trip to the ground.

      I wouldn't count on electronics that were turned on and have an intentional antenna functioning after the strike.

    • encrypted data (Score:5, Informative)

      by SethJohnson ( 112166 ) on Tuesday January 14, 2020 @05:15PM (#59621216) Homepage Journal
      That data was encrypted with a key likely only known to the deceased. See the other news about William Barr complaining about Apple...
    • Wait a sec. We're modding up the position that data on locked phones is private [slashdot.org] even if the owner is a deceased murderer, and the information contained within might help save lives. But we're simultaneously modding up a proposal to rifle through the the private contents of phones of deceased persons, in order to satisfy our morbid voyeuristic curiosity about their last moments alive?
  • Really? (Score:2, Interesting)

    by rldp ( 6381096 )

    Bellingcat reposts what they saw on 4chan and takes credit for it?

    • by jrumney ( 197329 )

      Pretty much. The story is complete bullshit anyway.

      By mapping the location of the images, they’re able to use tools such as Google Street View to match up the buildings and landmarks they see in the video frame to what’s in front of them.

      Good luck with that in Iran.

      • Re:Really? (Score:4, Informative)

        by ISayWeOnlyToBePolite ( 721679 ) on Tuesday January 14, 2020 @04:42PM (#59621086)

        Pretty much. The story is complete bullshit anyway.

        By mapping the location of the images, they’re able to use tools such as Google Street View to match up the buildings and landmarks they see in the video frame to what’s in front of them.

        Good luck with that in Iran.

        This seems to be the story you're referring to https://www.bellingcat.com/new... [bellingcat.com] feel free to enlighten me what's wrong with it, because it looks legit to me?

        • by cusco ( 717999 )

          Bellingcat is made up of a bunch of shady characters who have gotten caught repeatedly falsifying evidence and forging documents for their "exposes". If the NYT is working with them it smells like Project Mockingbird has been dusted off and put back into operation.

          • Bellingcat is made up of a bunch of shady characters who have gotten caught repeatedly falsifying evidence and forging documents for their "exposes". If the NYT is working with them it smells like Project Mockingbird has been dusted off and put back into operation.

            It would really help your case if you could provide a link, they seem pretty open about what they are doing.

            • Some people are mad they don't "like" the Lion Assad enough or aren't investigating the things they think they should be investigating. Some of the work might've been a bit sloppy but I've never seen any evidence that they falsified stuff. So, let's see.

            • by Mashiki ( 184564 )

              https://medium.com/@caityjohns... [medium.com]

              They're really shady fucks. They were also the ones who pushed the big "syria did chemical weapons" and the dump from wikileaks [wikileaks.org] that came out recently show that was not likely the case, that on the ground inspectors found otherwise, and inspectors were threatened if they didn't fall in line.

              • Thanks for the effort, but a blog post that starts with " The Imperialist propaganda firm Bellingcat", goes on to claim that they are involved with CIA psyops, that the chemical attacks in Syria didn't happen and that Tucker Carlson speaks the truth is a bit too far down the rabbit hole for me to follow.

        • by jrumney ( 197329 )

          Why would I be referring to a different story than the one linked in the summary? I was referring to the Wired article which the above quote came from (the Bellingcat version doesn't mention Google Street View, which is not available for Iran).

    • by Zak3056 ( 69287 )

      I also like the "unraveled the mystery" part. I'm imaging some dude with a man bun saying something like, "Well, it was a complete mystery to us, until we saw the video of the missile hitting the plane. At that point, we knew something wasn't quite right and we started googling stuff. It turns out that surface to air missile systems are a real thing, and were developed starting in the 1950s. From there, we grabbed a copy of Jane's and saw that Iran had some. It was quite a bit of effort, but our team of

    • Bellingcat reposts what they saw on 4chan and takes credit for it?

      What they mean is, they paid for the recent satellite photo that verified the ground features visible in the video, so that they could verify the location on the ground that the video was taken.

      Verifying that the video was taken in the location claimed is more important to the evidence than just being able to watch the video, since it is dark and you can't see the plane clearly or any identifying marks.

  • by drnb ( 2434720 ) on Tuesday January 14, 2020 @04:13PM (#59620956)

    The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error."

    No it was not outside pressure. No it was not the weight of public evidence.

    It was internal political infighting, the elected government trying to reduce the support for and influence of the Revolutionary Guard. The pressure and evidence merely being convenient tools to discredit the Revolutionary Guard, an organization that competes with the elected government for power.

  • by Gabest ( 852807 ) on Tuesday January 14, 2020 @04:17PM (#59620968)
    They found who posted it to twitter and arrested him. https://www.reuters.com/articl... [reuters.com]
  • by gaiageek ( 1070870 ) on Tuesday January 14, 2020 @04:18PM (#59620974)
    In case anyone else was wondering. http://definition.org/define/v... [definition.org]
  • by 93 Escort Wagon ( 326346 ) on Tuesday January 14, 2020 @04:20PM (#59620984)

    What a good job those "digital sleuths" did on identifying the Boston Marathon bomber!

  • by SuperKendall ( 25149 ) on Tuesday January 14, 2020 @04:20PM (#59620992)

    Almost immediately, we had video showing a missile hitting the plane. We knew it went down in Iran a few hours after Iran had launched the cruise missiles, with no American military response so we knew it was not an American missile.

    We knew the plane went down violently, because the transponder was toast right at the time of the "event". That does not happen on modern planes no matter what kind of mechanical failure you have.

    Basically everyone knew instantly an Iranian missile had hit a plane taking off from their own airport, when the FCC had banned aircraft from flying anywhere around the Middle East hours before...

    Why in earth did they not shut down the airport? And the Iranian military, what kind of clowns do they have that they thought a giant jumbo jet was a cruise missile? It would have a massive difference in size on a radar signature.

    And just recently we even have confirmation they shot TWO missiles at the plane, the second maybe 20 seconds later. So whoever shot the missile made the same mistake twice, or there were two idiots.

    • by bobbied ( 2522392 ) on Tuesday January 14, 2020 @04:37PM (#59621068)

      Um... I mostly agree...

      However, a 737 isn't anything close to a jumbo jet and would have a similar primary radar signature to many kinds of aircraft. It is REALLY hard to tell the difference between a cruse missile, and F18 and a 737 sized aircraft on radar using a primary paint signature (where the radar signal bounces off the airframe and back to the receiver). The amount of the return, the turbine blade signatures and other returned artifacts may not be all that deterministic and may not give you much assurance that your target identification is good. Apparently it was good enough to shoot it under the perceived conditions.

      What amazes me is that this was NOT the first flight of the day from the airport. There had been like 10 other commercial aircraft departures from the airport which where NOT shot at. Something happened, a crew change, a communications outage, some misunderstood or inappropriate order, something that caused them to lose track of what was in their airspace and let them believe they should shoot a the target. This tells me there are some serious problems in Iran's air defenses, even though they have some of the best stuff you can buy from the Russians.

      • by labnet ( 457441 )

        I think you are being generous on allowing for any confusion. Even a 7th grade fool can draw a line from their international airport runway alignment to where the plane was shot down. At minimum it is manslaughter.

      • Sounds like the stuff that happens when someone gets put in charge because of nepotism or toeing the right political line rather than actually knowing what they are doing. There was also probably very poor coordination through the chain of command.

        I don't know much about radar, but wouldn't it be apparent that the object was climbing? What attacking plane or missile would just steadily climb?

      • It is REALLY hard to tell the difference between a cruse missile, and F18 and a 737 sized aircraft on radar

        Even if that were true from a radar signature standpoint, they would also have elevation data... would a U.S. cruise missile be coming from the direction of the airport, ascending at 8000 feet??????

        And again, they made this terrible mistake not once but twice!!!

      • The "serious problem" is that they were hacked. Russia has a history of giving away cracks to missile systems it sells to Iran. See my longer post further down, in the op comments thread for the article.

      • by Aczlan ( 636310 ) on Tuesday January 14, 2020 @10:48PM (#59622134)

        Um... I mostly agree...

        However, a 737 isn't anything close to a jumbo jet and would have a similar primary radar signature to many kinds of aircraft. It is REALLY hard to tell the difference between a cruse missile, and F18 and a 737 sized aircraft on radar using a primary paint signature (where the radar signal bounces off the airframe and back to the receiver). The amount of the return, the turbine blade signatures and other returned artifacts may not be all that deterministic and may not give you much assurance that your target identification is good. Apparently it was good enough to shoot it under the perceived conditions.

        What amazes me is that this was NOT the first flight of the day from the airport. There had been like 10 other commercial aircraft departures from the airport which where NOT shot at. Something happened, a crew change, a communications outage, some misunderstood or inappropriate order, something that caused them to lose track of what was in their airspace and let them believe they should shoot a the target. This tells me there are some serious problems in Iran's air defenses, even though they have some of the best stuff you can buy from the Russians.

        IIRC, the Ukranian plane was 2 hours late taking off, my guess is that the SAM sites had a printed list of flights scheduled to depart and they did not get the message that that flight was departing 2 hours later than it was scheduled to.

        Aaron Z

    • when the FCC had banned aircraft from flying anywhere around the Middle East hours before...

      When did the FCC get the power to regulate aircraft flying over foreign countries?

    • The current protest slogan covers this pretty well if you take a broad view of it:

      They killed our geniuses and replaced them with clerics.

      Iran currently has an average IQ of 84, that has consequences on top of public policy that has for example crashed the country's fertility rate.

    • ... and who sourced those videos? ... who verified the authentic ones? ... who eliminated the many fakes? ... who identified the type of missile? ... who characterised the missile systems capabilities? ... who identified the sites the videos were shot from? ... who identified that (at least) two missiles were fired from different launch sites? ... who identified at least one of the probably launch site?

      I've been following this on bellingcat and they were generally at least a day ahead of the mainstream news

  • "Open source intelligence" is what we call conspiracy theories that the establishment supports.

  • ...as if hundreds of fitbits suddenly cried out in terror and were suddenly silenced.

  • by guacamole ( 24270 ) on Tuesday January 14, 2020 @06:04PM (#59621408)

    I find it curious how Iran and Ukraine both were affected or involved in the last four high profile passenger airliner shotdowns:

    • Iran Air Flight 655, Iranian airliner shot down by a missile from an American ship in 1988.
    • Siberia Airlines Flight 1812, Russian airliner flying over Black Sea from Israel to Siberia shot down in 2001 by apparently a runaway missile fired from a Ukrainian ship during naval exercises.
    • Malaysia Airlines Flight 17, shot down over Ukraine's rebel region of Donbass in summer of 2014, allegedly by the rebels with help from their Russian overlords.
    • Ukraine International Airlines Flight 752, a Ukrainian airliner shotdown by Iranian missile over Iran.

    The conclusion should be.. don't take any Iranian and Ukrainian airline flights. Also don't take any flights flying over or near those countries...

  • > In 2012 Wikileaks d0x'd Stratfor
    > Including a 2009 intel report
    > Citing "Our Mexican Source."
    > Which states that Russia gave Israel the crack to Tor-13 air defense systems
    > In exchange for access to Israeli-made drones sold to Georgia.
    > Also reports that Israel and Turkey working together to crack S-300 air defense system codes.
    > In 2009.
    > In 2012, Jerusalem Post publishes info from the d0x to let people know that Israel has total control over current Iranian air defenses.
    > In 2

  • Since when is Bellingcat considered a thrustworthy news source by those who can still think for themselves?
    It's just a psyops division of the British secret service.
    Please keep the propaganda away from Slashdot.

  • You mean to tell me "DIGITAL SLEUTHS" saw fucking live video of the missile launch and impact and consider that "UNRAVELING" a great mystery?

    You didn't even need to worry about whether or not the video was legit - Iran admitted it as soon as the video went public.

  • It may have sped things up a bit (and comes with a risk of misidentifying the cause), but the official investigation would have found this anyways. It is pretty hard to miss shrapnel-holes in a an airplane body.

  • The fact that the aircraft was observed to go down in flames; there was obvious shrapnel on parts of the plane wreckage that wouldn't normally have it from an uncontained engine failure; the fact that its data transponder cut out and the lack of communication from the crew pretty well pointed to either a catastrophic failure in the aircraft [highly unlikely nowadays] or a shootdown from an air-to-air or surface-to-air missile probably radar guided with a proximity fuse as the evidence didn't point to a heat

  • by hoofie ( 201045 ) <mickey@NospaM.mouse.com> on Wednesday January 15, 2020 @01:49AM (#59622326)

    Utter shite - as soon as pictures appeared of the wreckage it started looking VERY likely that the aircraft was hit by a radar guided proximity fused missile with an expanding rod or shrapnel warhead [the pictures CLEARLY showed punctures on the aircraft skin which were pre-ground impact]. The similarities to Malaysia Flight 17 were instantly obvious.

    After that it was just a question of when the Iranians would fess up.

    The NYT and Bellingcat are trying to manufacture a scoop that was already very publicly aired and discussed.

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...