This week we have a great interview with Artem Starosiek, CEO of Molfar.
Molfar is a Ukrainian up and coming OSINT company that was propelled into the limelight after February 2022, because of their work of documenting, debunking and counteracting various forms of russian propaganda online.
Read on to find out what it’s like to operate a growing company in the wartime conditions; also, check out some suggested resources that Artem is sharing towards the end.
What exactly is Molfar and what is its origin story?
Molfar is a Ukrainian OSINT agency that was formally started in 2019 as it evolved from a group of people doing background checks on individuals and businesses from the perspective of financial investments. Prior to the russian invasion of 2022, we were not particularly active in the public domain, we were mainly focused on private work for clients from the business and legal spheres.
We built our reputation on the word of mouth recommendations. Then in 2022 a shift happened, and we started doing work that we decided to put out for public view. Mostly anything on the open Internet linked to the russian invasion. I would describe us as self-financed, small but growing fast, and last but not the least – driven by patriotism.
What can you share about your background and your decision to get into OSINT?
I don’t have any formal education or background in OSINT and never had. I come from Dnipro in Ukraine and during my university education, I studied metallurgical production. My OSINT adventure started as a result of temporary summer work. A friend asked me if I was interested in an analyst position at a tech company that at the time was doing online research. It kind of went on from there, but I see it as a random occurrence rather than a deliberate choice at the time.
What are your main areas of focus and why?
Apart from investigative work for private clients and institutions, we work for and with the Ukrainian military, and government bodies. We also do have clients from within the EU and also the US. Also, we volunteer in terms of military intelligence a lot.
What has changed for you from a professional perspective since February 2022?
The first big change right after the full-scale war broke out was a switch to remote work. We did this for the safety of our employees, as we did not want to take the risk of working in the office in light of the Russian army advancing on Kyiv. Besides that, we tried to continue doing our work as normal as it was possible under the circumstances.
The biggest changes were the mental ones – there was a lot of uncertainty, and it was all very scary. After the initial 3 days, when russian troops got close to Kyiv but failed to capture it, we understood that russia would lose the war and that in fact, they had already lost it then. There was so much work to do after that, we often worked 12–14 hours per day.
What are the current challenges and difficulties that Molfar is facing?
The war has ways to disrupt everything, but that was not our main challenge. We began to grow and scale, from 25–30 employees to about 60 that work for Molfar right now. Processes were hard to change, scaling was challenging too. We have been using russian software and tools for our research on the russian Internet – those tools have become harder to use as well.
Access to some information got harder. Another big thing was the fact that russian government officials and intelligence services became interested in us. About 2 months ago, we were blacklisted by Roskomnadzor, which means they are blocking access to our site from the russian IP space. That actually was a happy moment for us because it means that our work has had some real impact and success.
What kind of sources of information do you typically rely on and could recommend to the wider OSINT community?
Mainly Telegram and various Telegram bots and services. HUMINT is important too. Knowing the language of your adversary is key because obtaining information often means talking to people. Sources of this information can differ – a lot of the time it can be hacked russian databases and released out in the open. We use an engine called X-ray Contact to go through those databases.
Do you have any tips for navigating the so-called “runet”?
There is no point in conducting any analysis of the russian mainstream media content because the organizations behind it are all state puppets and propaganda tools. There is no real information on there, so skip all that and head to other platforms like Telegram.
Telegram is where you can find leaked military correspondence. Telegram is where you can find data dumps and other information that is not being fed by the government. Having said that, not all government sources are useless. For example, checking a website for government tenders allowed us to estimate the true scale of the russian losses in Ukraine: by tracking the growing number of body bags purchased by state departments from private businesses.
You can do the same for factory equipment, even if not strictly military. Again, you need to be able to read the russian language for all this.
Any tips for RU threat actor research, from bottom-feeder cyber criminals, cybercrime groups to advanced persistent threats or state operatives?
Bottom-feeder regular cyber criminals are not that interesting, and the FSB manages all the big players in cybercrime. So, I would say start from the government and entities working for it, like the Wagner mercenary group.
For example, previously we looked into a Wagner hackathon organized by Prigozhin – mainly to search for the digital footprints of its participants online. Turned out that EvilCorp was involved in it. Killnet is another group worth keeping tabs on, as well as other less known hacking groups and collectives.
Mostly, however, Killnet does psyops and what I call “media projects”. Which means they aim for maximum impact on regular media or social media, but not as much real life impact. It’s hard to verify claims of hacking, DDoS attacks or anything else they publicly claim they have done. Military work, on the other hand, is kept secret and harder to uncover by civilian online researchers.
What changes have you been noticing or expect to see in the future within the OSINT landscape?
I basically see the field growing and continuing to grow. More people will be getting involved, more OSINT tools and techniques. This stuff is effective. 10 years ago or so, mainly military organizations and intelligence agencies did OSINT work. Now, everybody is at it, some of the best practitioners are regular people. The whole field will continue to expand.
I would like to see some public education elements on fact-checking and researching online sources. Stuff like this should be taught in schools. Initially, we were recruiting students for OSINT work. Now you can find experienced specialists on the job market. One big change I saw during the war was the shift in cooperation between state bodies and private bodies in Ukraine. Examples of government employees, the military, and regular civilians, all cooperating to counter the russian threat. And this is in every sphere, not just in OSINT.
Finally, the developments in AI technologies, further automation of tasks and processes, those things will have a big impact. In a few years, it will all change how open-source intelligence research works and even how we fact-check the fact-checkers.
What opsec tips could you share for somebody conducting RU state actor research?
You need to start with basic cybersecurity awareness. Stay away from the public cloud and avoid storing sensitive information there. Don’t use public free proxies and free VPN services. It’s essential to separate your investigative environment from your private setup.
Also, when working with other people, always do thorough background checks on everybody, even those who work directly for you. This is unfortunately a necessity. We have had problems with questionable individuals, had to manage risks of infiltration, phishing attempts, people contacting us under false pretenses.
Once I was communicating with a person who claimed he had interesting information – in one email he sent me an attachment, it was meant to be a document file, but was 25MB in size. This was an attempt to infect my computer with a trojan, I verified the file using a file scanning service. You just have to be overall careful and aware. It might help to purchase some DDoS protection for your website if you are planning to publish some big story.
Sometimes russian intelligence agencies would contact us and pretend to be the Ukrainian Secret Service. Once we even had an insider access attempt, a person who was a russian supporter tried to get employed at Molfar and infiltrate the company from within. We prevented that from happening.
If you were to get a crystal ball and look ahead 5- 10 years from now – where do you see Molfar and Ukraine in general?
Hopefully, the threat from the east will not be as prominent as we won’t need so many people to work on it! I can see AI coming into the field and changing the way we all work. There will be better software, capable of more thorough analysis.
As for Ukraine overall, I think we showed the world our strength and that our country does not want to be and does not belong in the russian orbit of influence. Maybe we will adopt the Israeli model – they are a small country surrounded by enemies but have strong links to the EU and US. I also hope that there will not be a russia as we know it in 10 years.
Anything else to add?
Not really, other than sharing some resources that we recommended.
A list of Telegram bots used by Molfar’s researchers:
1. The Eye of God. It’s paid, but there seems to be a free period for the first 10 requests. Focused on russia, Ukraine, the Post-Soviet states and a little bit on the world. Often deleted by Telegram. You can get a new bot on their website.
2. UniversalSearchRobot – a free Telegram bot focused on russia, Ukraine, the Post-Soviet states and a little bit on the wider world.
3. QuickOSINT_bot – another paid Telegram tool, similar to the Eye of God, but sometimes provides new unique information.
Molfar’s researchers’ basic toolkit:
https://x-ray.contact/ – person search by name, contacts, image (perfect for US).
https://www.getcontact.com/en/ – caller ID app for reverse searching numbers
http://web.archive.org/ – website history.
https://opencorporates.com/ – aggregator of legal entities.