Skip to content

Going after the right wing extremists open source intel style – an interview with MW-Osint

  • by

Right wing extremism is indisputably on the rise – lifting its ugly head and once again returning from the fringe into mainstream politics. This is particularly evident in Europe and is something I could never make sense of.

How could nazism and fascism, two very closely related ideologies that caused millions of casualties in Europe during World War 2 be revered and followed anywhere in the Old Continent, especially in Eastern Europe?

So I spoke to somebody who has recently examined the topic of right wing extremism, all in the context of a certain data breach.

MW-Osint is an alias for a security researcher and analyst, whose insights and a compelling writing style drew me to his article – Researching Right-Wing Extremism in Central Europe.

The blame is often against foreigners and people who have other beliefs. In a way, there is not much difference between an Islamic terrorist and a neo-Nazi in terms of how they turned to their respective ideology.

What is your background and how did you get involved in open source intelligence?

I was in German military and government intelligence for over 17 years.

For most of that time, I worked in Signals Intelligence as an analyst, team lead and I also taught intelligence analysis at the academy. This work was mainly done in support of German troops deployed to Afghanistan, thus I also deployed quite often. I have always been keen on having a good overall situational awareness of my area of operations, so I would use OSINT information to enrich the data that I had received from SIGINT collection.

This interest in gathering information and analyzing it basically started when I was in primary school and I remember spending countless hours in the library, reading on topics that interested me.

Having a computer at a very early age and growing up with the internet gave me even more possibilities to quench my thirst for knowledge. Sadly, I would only put in this extra effort for things that I was personally interested in and what I was taught at school didn’t really fall into that category in most cases.

So, I kind of grew up with the evolution of OSINT: from library visits to Usenet newsgroups, from using search engines to dedicated tools and gadgets, I always try to keep up with new OSINT methods.

What are your main areas of focus when doing OSINT investigations?

I spend a lot of free time reading news articles or keeping up with what is going on in the OSINT world. Every once and while, I stumble upon a topic that I think would be worth investigating. I think it is important to practice skills and techniques constantly, especially to keep up with all the changes that happen in the online world.

A new social media platform, a new tool, the loss of a certain OSINT capability; only if we use and train ourselves with real-life data, can we excel at OSINT. Luckily, I have a job in which I can use OSINT on a daily basis. But not everything I would like to try out can be done in my job.

The topics I do OSINT investigations on in my free time differ in each project and I think having an understanding of basic intelligence collection and analysis will enable anyone to conduct research on anything. This of course does not mean we will become absolute experts in the topic we are investigating, but it will at least give us some more advanced knowledge.

In the past, I have conducted research on a massive scamming network with a friend from Twitter, Sector035, and I have also looked into organized crime groups as well as terrorist organizations. Given the recent developments around the world regarding a certain rise in different types of extremism, it was only a matter of time until I would start investigating right-wing extremist movements.

So what are your general observations regarding the right wing extremists and their recent rise in popularity?

As with many other terrorist or extremist movements, they heavily rely on online communication channels.

Since I had some experience with other radical groups, I could easily pick up on the topic of right-wing extremists in terms of how they use the internet.

The way they communicate and exchange information is very similar across ideologies. I once defined general phases of terrorist/extremist online communications.

Phase 1: Being active on a certain public social media site (e.g. Facebook, Twitter) until they are kicked out and then phase 2: turning to smaller and less controlled social media (e.g. VKontakte, Gab).

The third phase is trying to create their own platforms and using seemingly more secure communications channels (e.g. messaging apps).

Phase 4 is restraining themselves from digital communications after they realize that most of the aforementioned are compromised. This has all been seen and done before. From an OSINT perspective, research on right-wing extremist groups is quite challenging, because I think many of them are now in the third or fourth phase. I am not saying it is impossible to investigate, as you will always find someone that makes an OPSEC mistake and gives out to much information publicly, but these actors are definitely aware of their communications security in general.

How would explain the support for neo-nazi groups in Eastern Europe – a region which as we all know suffered heavily in World War 2 as result of the Nazi German occupation?

As I am not a social scientist or a political analyst, I can only give my thoughts on this topic without backing this with conclusive evidence. I personally think whenever someone feels like he or she has been left behind by life, they turn to a movement that apparently gives them the support and backing they think they are missing from the government, their family or society in general.

This, I think, is the root of many extremist movements. In Eastern Europe, after the fall of the Iron Curtain, a sense of patriotism was reborn and this patriotism slowly drifted off into nationalism. There are certain individuals preying on those supposedly left behind by society and giving them a false sense of hope, masked by a feeling of national pride.

In many cases, this is also combined with finding someone to blame for the seemingly bad situation. The blame is often against foreigners and people who have other beliefs. In a way, there is not much difference between an Islamic terrorist and a neo-Nazi in terms of how they turned to their respective ideology. The internet with its vast possibilities enhances this overall process of turning to certain ideologies because it allows like-minded people to easily connect across cities, countries and continents. Just like we have seen in the Iron March forum.

What is Iron March?

Iron March was a forum in which fascists, racists, neo-Nazis and many other crazy people came together in order to exchange thoughts and ideas and communicate with each other.

The forum existed from roughly 2011 until it was hacked and taken offline in November 2017. It actually was preceded by other similar cites and I am sure there are successor sites out there.

People from all over the world would share their deranged thoughts and in some instances groups that came together on Iron March actually caused harm outside of the internet in the real world. Some members committed crimes and actual terrorist attacks were planned on Iron March. The amount of craziness on this forum is unbelievable. I had actually found discussions within the forum regarding satanic beliefs and vampirism as well.

What was the situation with the Iron March leak? What kind of information was leaked and how?

The forum was hacked in 2017 and this data was recently made public. A treasure trove for those investigating right-wing extremism, it provided many leads to investigate movements, groups and individuals. Basically, personal information such as usernames, emails, names, Skype-IDs, phone numbers, IP-addresses and many other pieces of data were found in the leak, as well as private messages between members and public and closed message groups.

For many OSINTers such as myself, this was something interesting to look into. For me, I approached it as described before to sharpen my OSINT and intelligence analysis skills. I had planned to find leads from Iron March users to link them to other platforms and also figure out how they would try to securely communicate outside of Iron March.

Conducting OSINT of right wing extremists carries a certain amount of risk. What is your threat model and what precautions do you take to ensure digital privacy and your own personal safety?

Whenever you do OSINT research against other individuals or organizations a certain risk is involved. The risk is definitely greater when looking into right-wing extremists. Good OPSEC measures start during the actual research.

For example using sockpuppets, maybe even an extra set of sockpuppets for that specific case, as well as disguising your system with VPNs and other technical means. Since I had planned to publish one or two articles on this topic, I also self-assessed the threat that could derive from those articles. This is why I tried to keep personal data from Iron March users and other right-wing extremists out of the articles as much as possible in order not to endanger myself of becoming a victim of retaliatory actions by the people I reported on.

Of course, a nimble OSINTer would be able to find out which people or profiles the stories I told originate from, but in general I think they are kept quite “clean”. The other thought on my mind, is that my blog is a niche-product. Unlike like mainstream journalists, doing amazing research on such ugly topics, I can carefully monitor how many people read my blog and kind of keep track of where blog referrals are coming from. I don’t think this is easily possible when publishing something in a major media outlet.

Their exposure makes things so much more dangerous in terms of personal security and I have a great amount of respect for any journalist or researcher who puts him or herself in harm’s way in order to shed light on topics like right-wing extremism.

I think it is important to report on certain issues and spread the truth. I am also lucky that I basically have no digital footprint before early 2018 (remember my background 😊).

I also try to keep my private life away from Twitter and the internet as much as possible and at least try to keep those that are close to me (family and friends) out of my digital profile. Should I at some point gain more popularity, I would definitely have to overthink my personal threat model before publishing sensitive topics.

What is your opinion on the recent debate: unbreakable encryption and privacy for everybody versus companies installing backdoors to enable law enforcement investigate terrorist and extremist groups?

Coming from a government intelligence background, I might see things differently than many other InfoSec or OSINT practitioners. Government agencies will most likely always be able to penetrate or collect on digital communications. But they don’t care about our private conversations as much as many of us think they do.

Unbreakable encryption might cause more harm than it does good by enabling subversive elements such as terrorists, criminals or extremists to evade lawful government information gathering. On the other hand, many brutal regimes consider their practices against their opposition as lawful. So, this debate also has an ethical, almost philosophical, aspect to it. Those are the kind of topics that are best discussed with a nice glass of wine at hand.

Well, thank you so much! Is there anything you would like to add that we did not mention here?

Good intelligence starts with sharing. That is the beauty of this OSINT community that has come together on Twitter, Slack, Rocket chat and through various blogs.

I think the more we share tools and techniques with each other, the better we will become at tackling the future OSINT challenges that await us. Thanks for listening (reading) to my two cents on this potpourri of topics and I wish you the best for your blog! You’ve gained a new reader in me!

To read more, visit Key Findings or follow @MwOsint on Twitter!

Leave a Reply

Your email address will not be published. Required fields are marked *