Worldstack | Monitoring Russian Naval Vessel Movements using Open Source Intelligence
post-template-default,single,single-post,postid-7982,single-format-standard,ajax_fade,page_not_loaded,,qode-theme-ver-2.9,wpb-js-composer js-comp-ver-4.12,vc_responsive


Monitoring Russian Naval Vessel Movements using Open Source Intelligence

  |   Cyber Intelligence, Cyber Security, Open Source Intelligence, OSINT, Russia, Russian Navy, Security

Use case
Providence is WorldStack’s proprietary open source intelligence collection and analysis platform. Providence collects information from surface, deep and the dark web.
Providence was set up to detect and monitor Russian naval vessel movements through the monitoring of social media.
The intent of this exercise was three-fold:
1. Can Russian naval vessel movements be detected/monitored using Providence?
2. Can chatter from Russian Naval personnel be found, particularly posts made onboard a vessel with location services enabled; and
3. Can intelligence about the vessel’s capabilities, mission or crew be derived from OSINT.
Providence was configured to detect mentions of Russian naval vessel names and the different classes of vessels, e.g. frigate, destroyer, submarine etc. This was done in both English and Russian languages.
Filters were also set up to detect mentions of these entities in relation to areas of operation.

Figure 1 – Monitoring Russian Naval Forces with Providence
Finally, Providence was configured with a Russian language filter to make it extremely easy to identify Russian language only posts.
The data collected, processed and analysed by Providence covers a time period spanning from December 1st 2012 through to November 3rd 2017. Most of the data was collected from September 1st to November 3rd 2017 due to the restrictions on historical data implemented by the various social media APIs that were used as data sources.
The Providence user interface was set up to allow for extremely fast filtering of large sets of data which allowed the analyst to quickly identify and understand the information that Providence has collected
Statistical findings
During the time period spanning December 1st 2012 through to November 3rd 2017 the following statistics were noted:
• Pacific, Mediterranean and Atlantic accounted for the top three locations mentioned in relation to Russian naval vessels; and
• Navy, submarine and ship accounted for the top three vessel filters, with navy overwhelmingly taking the majority at 98.41% of detections.

Figure 2 – Location and vessel mentions last 5 years
Changing the timeframe to the past seven days shows that vessel mentions fall within the same statistical range, with the term navy making up the majority.
However, it shows a change in chatter in relation to location has greatly increased for the Pacific and Mediterranean.

Figure 3 – Location and vessel mentions last 7 days
This change was largely in relation to the following events:
• Reports of Russia planning to build a Pacific naval base on a disputed Island chain near Japan;
• Reports that INDRA 2017, a major Russia-India military exercise has finished; and
• Russian military launching four ballistic missiles from submarines and a transporter erector launcher in a recent battle drill.
Statistical information such as this can be used as an indicator of naval activity.
Vessel movements
The main ways in which Providence was used to determine Russian naval vessel movements and/or locations was through posts by social media users who had location services enabled when posting, allowing Providence to geo-locate the post and through crowd sourced information.
The crowd sourced information was predominantly from naval, military or ship enthusiasts who track, photograph and post about the subject. Much in the same way train spotters or plane spotters operate.
These are normally locals who live in or around a given area of operation or a base.
Another source to draw from are news and media outlets who report movements as news stories.
Three posts were identified in relation to the Russian navy.
One post in relation to the Admiral Flota Sovetskogo Soyuza Kuznetsov, which is an aircraft carrier serving as the flagship to the Russian navy, was geolocated to Murmansk, not far from the ships home port of Severomorsk.

Figure 4 – Admiral Flota Sovetskogo Soyuza Kuznetsov
The post is a Facebook “check-in” by a Facebook user checking in using the ship’s name.

Figure 5 – Admiral Flota Sovetskogo Soyuza Kuznetsov geolocation
Additionally, two posts were geo-located in an area where the Baltic fleet operates from in the towns of Kem and Belomorsk. These posts were Facebook “check-in’s” at these locations. Initial analysis could not determine whether the poster was part of the Russian naval forces.

Figure 6 – Posts geo-located near Baltic fleet operations
Widening the time frame of the data, Providence found another geo-located post. Here, the Russian cruiser Varyag was photographed by a local pulling into port in Vladivostok in 2015.

Figure 7 – Varyag photographed moored in Vladivostok port
The user posting this appears to be a local and falls into the crowd sources/enthusiast category. The user posted a series of six photographs of the Varyag in port from a variety of locations and distances.

Figure 8 – Varyag geolocation
Another example was the Guided Missile Frigate Admiral Grigorovich being photographed in Sevastopol, Crimea by a user during navy day celebrations.
Weapons systems
In the same way that location information can be derived from open sources, information relating to capabilities can be collected. An example of this is photographs that may be of interest in relation to weapons systems.
Some social media users may have access to vessels one otherwise wouldn’t or are afforded a prime opportunity to take photographs due to the location they are in.
One such user was identified taking close up photographs of the Admiral Essen during its commissioning in June 2016.

Figure 9 – Admiral Essen photographed during commissioning
Again, this user took a series of photographs of the Admiral Essen from different vantage points. Included in the series of photographs aside from the ship were some close-up images of Russian aircraft that were there for the celebrations during commissioning of the ship.

Figure 10 – Tupolev Tu-22M
It is possible to use OSINT and platforms such as Providence to detect and monitor the location and movements of Russian naval forces and identify their capabilities. Furthermore, this capability can be used to conduct similar operations on any military force as the behavior associated with the posters of this information is not restricted to Russian social media users.
It should be noted that this is but one tool in an intelligence arsenal and information found would be used in conjunction with intelligence gained from other sources such as satellite imagery and HUMINT reporting.
Another aspect that was not explored in this report is the identification of credible sources in social media. Once a user is found that is a source of good information Providence can be used to monitor their postings and collect information of importance to a user of Providence.
About WorldStack
WorldStack is a private intelligence company based in Canberra that specialises in open source intelligence. Our combination of expertise in open source intelligence tools, techniques and procedures, access to skilled intelligence analysts and in house developed intelligence platform, Providence, is unique in the market.
About the author
Eric Flis is a founder and COO of WorldStack. He is an SME in open source intelligence and cyber security consultant with government, private sector and international experience.