Why open-source intelligence can help and hinder understanding of what's happening in Gaza, Israel
Experts rely on publicly available content to investigate what's happening on the ground in a war zone
Social media platforms have been flooded with horrific footage from Israel and Gaza since Oct. 7 — the day the Palestinian militant group Hamas carried out a surprise assault on Israel, armed with cameras and smartphones in the arsenal of weapons used in the slaughter and kidnapping of hundreds of Israeli civilians.
In the aftermath, as Israel bombed the Gaza strip in retaliation, the deaths of thousands of Palestinians have also been captured on camera: images of airstrikes levelling homes and buildings and bodies being pulled from mountains of concrete rubble.
As brutal as it may be to watch, the imagery is a trove of information for researchers and investigators like Sam Dubberley, the managing director of digital investigations at Human Rights Watch, who is among those working to preserve and analyze as much of this material as possible.
It's referred to as open-source intelligence, or OSINT, a valuable resource for determining what happens in conflicts and war zones and for gathering evidence of potential war crimes and human rights violations.
But the effort it takes to collect and verify such information is more complicated than ever, say OSINT experts, due to the sheer volume of content that has emerged so quickly and the amount of false or misleading material muddying the waters.
"It's our job at Human Rights Watch to go through this information and try and establish [the] facts," Dubberly told CBC News from Berlin. "But it means looking through a lot of pain, you know, a lot of pain in Israel and a lot of pain in Palestine."
What is OSINT?
OSINT is basically any form of information that isn't top secret, said Andy Carvin, managing editor of the Atlantic Council's Digital Forensic Research Lab (DFRLab) based in Washington, D.C.
"In the context of conflict, it's typically referring to all of that eyewitness footage and video and other content circulating across the internet and trying to make sense of it," he said.
Carvin's first foray into gathering OSINT happened while working for a policy research organization after the 2001 Sept. 11 attacks, when he developed an email list for eyewitnesses, journalists and others to share their accounts of what happened. He further honed his OSINT gathering techniques while leading the social media team at NPR and monitoring the 2011 Arab Spring uprisings across the Middle East and North Africa.
There's rarely a "clear smoking gun," said Carvin, explaining how one piece of intelligence on its own is not enough to tell a complete and reliable story about an individual event or attack.
One of the first and simplest steps for OSINT analysts, like Vancouver-based Ritu Gill, is to verify visual material using a reverse image search — uploading a photo or video thumbnail to a search engine, such as Google Images or TinEye, to determine the original source and whether the footage already existed on the internet before the event, and has been reshared out of context."
Once verified, Gill explained, analysts can then attempt to piece the puzzle together by cross-referencing a video or photo with messages on social media channels, satellite imagery, maps, geolocation tools, public records and news stories.
Hospital blast
The importance of verifying and analyzing open-source intelligence was highlighted in the aftermath of a deadly, nighttime blast at the al-Ahli Arab Hospital in Gaza City on Oct. 17.
Initial reports, citing Hamas-run government officials, accused Israel of firing an airstrike at the facility and killing hundreds of people sheltered there, while the Israeli Defence Forces blamed a failed rocket launch by Islamic Jihad, another militant group in Gaza.
But in the hours and days that followed, Western governments — including the Canadian government — said reviews of both open-source and classified intelligence aligned with Israel's assessment that it was a misfired rocket originating in Gaza that caused the carnage.
The Associated Press, which did its own OSINT analysis of more than a dozen videos from the moments before, during and after the hospital explosion, and assessed other satellite imagery and photos, also suggested it was likely a rocket from with in Gaza that broke up in the air and that the explosion was most likely caused when part of that rocket crashed to the ground.
The AP did acknowledge that a lack of forensic evidence and the difficulty of gathering that material on the ground in the middle of a war means there is no definitive proof.
But the consensus wasn't universal. Qatar-based Al Jazeera — whose live footage from Gaza the night of the explosion was referenced in many OSINT analyses — contends there are "discrepancies" in the claims the rocket originated in Gaza.
A report by Britain's Channel 4 News also raised questions about Israel's claims.
Human Rights Watch has its own investigation underway, though it had not been released in time for publication of this article and Dubberley was unable to comment on it.
But he said OSINT evaluation has limits in a situation like this and time needs to be taken to combine it with eyewitness accounts. It's fair to explain what you do know and what you don't know, he said.
It would be beneficial for governments citing open-source intelligence to provide the sources they used to make their assessments, Dubberley added.
The X factor
Assessing open-source material from Israel and Gaza is proving to be challenging both because of the unprecedented volume but also because of changes to what was once a reliable forum for OSINT analysts: Twitter, social media platform now known as X.
Since being taken over and rebranded by billionaire Elon Musk last year, X has implemented a paid subscription service meaning anyone can have their account verified, with a blue checkmark, instead of the previous system which only verified reputable accounts such as those of journalists, politicians and academics.
Gill, who also trains people in OSINT and operates the website OSINT Techniques, said the switch has led to accounts purporting to be open-source intelligence experts or fact checkers without having proven track records. Some simply share misinformation or disinformation — and the blue checkmark only helps amplify it in the platform's algorithm.
DFRLab's Carvin said one thing that will help you tell if an OSINT researcher has "integrity" is their willingness to admit mistakes or potential biases.
"The closest thing we have to magic bullets are finding sources that we trust," said Carvin.
With files from The Associated Press