Dispelling Misinformation About Monkeypox 2.0

On July 23, 2022, the World Health Organization (WHO) declared monkeypox a Global Health Emergency as a result of a rising number of outbreaks. Overwatch’s previous brief, entitled “Dispelling Misinformation About Monkeypox,” addressed fundamental issues surrounding the disease. From the time of the brief on May 24, 2022, to the writing of this brief, the number of confirmed monkeypox cases has grown from two confirmed cases in the United States to now 8,933, and globally, the cases have risen from 92 cases as of May 7, 2022, to 30,189.

Monkeypox Chart

In this brief, Overwatch analysts review how the narrative for monkeypox has evolved. Since the announcement from the WHO, there has continued to be a flood of misinformation, disinformation, and finger-pointing about the origin and reasons for the continued spread of the disease.

Misinformation Fuels Disinformation

The original assessment noted, “If misinformation spreads to countries like China or Russia, they could spread disinformation about the U.S. and Europe being responsible for the virus as was done with COVID-19.”

Since May, we have seen many articles in traditional mainstream news and publicly available sites and platforms conducting their journalistic responsibilities by questioning the U.S. response. Analysts identified occasional loose comparisons to the U.S. response to COVID-19 and questions about why we did not act against the new pandemic threat.

In most cases, articles addressed reasons, and promoters of disinformation used snippets or headlines to create unfounded accusations. Analysts have seen messages by pro-CCP group Wumao, claiming that the U.S. and Western countries are sending infected birds to spread monkeypox to China and other Asian countries. Wumao, or the 50cent army, is a pro-CCP group that creates comments or articles intended to derail negative sentiment toward the CCP.

The intent is to create more division and blame. The Chinese narratives emerged in May and have continued unabated but are largely overlooked in the U.S. digital environment.

Example of translated WhatsApp message spread throughout Indonesia:

Hey, guys. No matter where you are, if you see a bird that can’t fly, can’t walk or struggle on the ground, you should never catch it, for fear of monkeypox infection. The relevant community has informed you, please pay attention to it. Remember United States and Western countries used the birds to carry take the Monkeypox virus to spread to the Asian region! My sister sent it from Germany and asked me to inform family and friends immediately. Have relatives and friends on the notice, do not because of compassion, get infected unknowingly.


This message was baseless and allegedly produced by Wumao. References to the message were accompanied by keywords such as ’‘hoax’ and ‘fake story’ and have been mainly seen on Indonesian information platforms1.

This has illuminated that the CCP wants a vector of influence in Indonesia and surprisingly enough, there are truth watch dogs actively combating it. (Fitri Haryanti Harsono from Liputan6 and Dr. Adrian Wong from Techarp.com).

Other sources, such as the New Federal State of China (NFSC) Himalaya Australia, combat CCP influence by generating more false narratives compounding monkeypox misinformation. This can be incredibly dangerous when dealing with sensitive issues relating to pandemics or global health crises.

This post by the NFSC’s Miles Guo was spread across all major social media platforms3. There is an air of provocation in Guo’s voice as he speaks in his video of the CCPs potential retaliation due to the recent Taiwan visit by U.S. House Speaker Nancy Pelosi.

In this video (*reference Wayback Machine if taken down from Twitter), Guo alleges that the CCP will create a new virus that will “most likely originate from the Middle East” and would be a variant of other diseases or created by “mating” desert wildlife.

The art of being first is how disinformation campaigns gain traction. The above post is meant to provoke the CCP into a response, legitimizing Guo and NFSC_HAGnews’ narrative. Being first in the narrative allows the NFSC_HAGNews to gain a following that observes the accused (CCP), having to combat quickly drafted messages of the accuser (NFSC_HAGNews).

As the number of verified infections grows, disinformation narratives will grow. Small enablers exacerbating public opinion in the U.S. will continue to add compelling and thought-provoking ideas on top of any press release or news article to capture and hold an audience’s attention.

* Specific posts or videos referencing misinformation and disinformation are often deleted from major social media and news sites. Using the Wayback machine, researchers can reference once deleted posts, articles, and videos that were archived. The Miles Guo video has been captured here in the Wayback Machine.

Targeted LGBTQ Community

What has taken hold of the U.S. social media landscape is the predominance of infections within the gay community, triggering emotional responses outside and within the community, in both pro and anti-camps. The CDC’s confirmation of the first monkeypox cases in the United States in two unrelated children at the end of July 2022 was when this was most apparent. CDC Director Rochelle Walensky made the following statement in a virtual event with the Washington Post, “Both of those children are traced back to individuals who come from the men-who-have-sex-with-men community, the gay men’s community…” The official statement released by the CDC went further on to state that both cases were “likely the result of household transmission.” And even though the release states that sexual contact is not the only way to spread the disease and heterosexuals can contract monkeypox just as quickly as persons who identify as “gay,” the polarizing narratives began almost immediately. On the same day of the updated release Rep. Marjorie Taylor Greene asked in a tweet, “If monkeypox is a sexually transmitted disease, why are kids getting it?” The tweet has over 38k likes and 9,879 retweets as of this writing.

The formula is textbook: CDC officials or public officials provide the most current information possible, a prominent official or social media influencer makes a rhetorical comment, and the ensuing chain of response allows disinformation narratives to flow into the larger conversation.

From the creation of fake memes pushing a particular narrative, such as the one created by Twitter user “The Ferryman’s Toll,” that has been retweeted 281 times.

To the reports of hate crimes being committed towards LGBTQ members, such as an August 9, 2022, report by the Daily News (Assuncao, 2022) that a Washington, D.C. gay couple was attacked by teens who called them “monkeypox f—-s.”

When facts are disregarded in order to increase one’s number of supporters, likes, or political status, echo chambers are created, and the ensuing misinformation and disinformation propagated within them can have disastrous results. Echo chambers exist because social media users do not take personal responsibility for information shared, and sharing occurs without full context or conducting further research, which can prevent polarizing narratives before they divert attention from the main issue.

World Health Organization (WHO) Perspective

The WHO closely monitors the outbreak and favors international cooperation and information sharing with partners and member states. Since the declaration, their messaging has been in line with the Center for Disease Control (CDC) regarding how an individual contracts the virus. However, while WHO states in one tweet that “Stigma and discrimination can be as dangerous as any virus and can fuel the outbreak,” WHO also has multiple tweets singling out the Men of the LGBTQ community.

Unfortunately, discriminatory tweets are becoming increasingly popular. While WHO’s messaging around monkeypox has focused on those currently most affected by the spread of the disease, gay men, there is an underlying danger that this approach could add fuel to the narrative that this is a disease affecting gay men only. As with Covid 19, when government messaging transforms to fit the new realities of a crisis, old messaging is often resurfaced and contorted to create disinformation. While Twitter can be an efficient medium to publish alerts, the lack of context allowed by character limits can often limit qualifying statements and the addition of vital context.

Our Assessment

We assess that misinformation and disinformation messaging will closely follow the increased number of those infected with monkeypox. This issue’s vector of influence won’t just stay within the confines of the United States. We have already demonstrated that anti-US and anti-CCP influencers are attempting to control the story in Asia and possibly the Middle East.

We stand by our original assessment that if outbreak numbers exceed acceptable levels, the likelihood of quarantines or mandatory government policies could be implemented to mitigate the spread of infection. If this happens, combined with negative popular sentiment due to successful disinformation messaging, we could see in-person protests leading to pockets of civil unrest.

Overwatch will continue to monitor Monkeypox-related issues arising in the Middle East, Southeast Asia, Russia, and the U.S.

*Keyword associations to keep on alert; supply chain disruption, lockdown, mandatory vaccination, quarantine, Monkeypox, MPV, MPXV, contact tracing, or hMPXV.

*Google Alerts allows you to create a list of keywords to follow and have articles and posts sent daily to your email

OSINT Monitor Workflow

IBM Watson News Explorer




CDC Infection Rate Map

World Health Organization




  1. Adrian Wong, Is U.S. Sending Infected Birds To Spread Monkeypox?!


Anas Surya, Hoaxes Of The United States And European Countries Deliberately SpreadIng Monkey Pox To Asia – NEW OR HOAX


Fitri Haryanti Harsono, Viral message chain of transmission of Monkeypox carried by birds, is it?

Viral Pesan Berantai Penularan Cacar Monyet Dibawa oleh Burung, Apa Iya? – Health Liputan6.com (www-liputan6-com.translate.goog)

World Today, Viral message chain of transmission of monkeypox carried by birds, is it? https://www.world-today-news.com/viral-message-chain-of-transmission-of-monkeypox-carried-by-birds-is-it/

  1. Miles Guo, The CCP will most likely unleash another new virus!

https://gettr.com/post/p1lbsb5b7bb , (2) NFSC_HAGnews (@NFSC_HAGnews) / Twitter , https://www.youtube.com/watch?v=hrAmk2N5VQI , Chinese whistleblower Miles Guo: “Monkeypox is just an excuse! (bitchute.com)

  1. Muri Assuncao, Washington, D.C. gay couple say they were attacked by 2 teens, who called them ‘monkeypox f—-ts’


  1. World Health Organization (WHO) Twitter Page https://twitter.com/WHO/status/1552286397054287875

Does Valuable Intelligence Have To Be Classified?


Intelligence agencies and commercial companies have long struggled with the concept and inception of adopting open-source intelligence (OSINT) into their range of capabilities. Open-source intelligence is a way of collecting and analyzing publicly available information. In today’s world, there is no shortage of content. The data is overwhelming and is outpacing the available resources of skilled open-source analysts who are trained on the methodology to apply critical thinking skills.

Traditionally, government agencies have gathered intelligence in a sensitive compartmented information facility often referred to as a SCIF. The purpose of a SCIF is to safeguard and store classified information. This practice is now being challenged by intelligence professionals who recognize the value behind publicly available information (PAI) and the advancements of OSINT.

Active collection of intelligence to answer requirements has been a constant. However, today intelligence and research professionals can take a more passive role in the collection process. This is due to the overwhelming number of social networks and content creators, who intentionally engage with digital content at an average rate of  3 hours per day, according to Hootsuite Social Analytics.

Nefarious actors, organizations, and entities are sharing and making their presence known at an alarming rate, and they are doing it on public channels. The speed at which this valuable information gets to the collector can now be instant. A recent example is the Ukraine/Russia conflict.

Even though OSINT and its methods have technically been around for almost a century and the term was not coined by the US Military until the 1980s, the conflict in Ukraine, civil unrest, and the crippling economic effects of COVID shined a brighter light on the need to timely and accurately collect public information.

To know a populace you must engage them, and what better way to know a distant populace than to ingest their by-the-minute sentiment and first-hand reports of an ongoing situation?

The conflict in Ukraine alone showed the value of publicly available satellite imagery to depict Russian military movements and posts from actual military members on the ground illustrating the disinformation and misinformation being spread.

OSINT in Ukraine

OSINT, being comprised of rapidly growing amounts of cell phone videos, online information, social media, and commercial images, has enabled intelligence professionals and at-home analysts to collect information around the globe, with no need for classified capabilities.

There is a vast amount of PAI which grows worldwide by the second. The intelligence community can no longer ignore the wealth of that information and its place in answering real-world requirements.

What currently lacks in the commercial space and government abroad is the training to enable analysts and researchers to harness this trove of information, but most importantly do it accurately and timely with the depth it requires. The military is now taking notice of commercial OSINT training for its own analysts to fully capture the common operating picture of any situation.

With the major disruption to international economies by COVID, having by-the-moment information was key to being proactive to ensure corporations large and small could have enough reaction time to redirect logistic lines, prepare for shortages, and handle appropriate customer needs. Many companies tapped into social media to uncover supply chain insights of panic buying during the pandemic. When researchers looked at sentiment across 200k social media posts to observe influence of individuals’ perception of threat to the supply chain and scarcity of products, it ultimately led to panic buying and creating a strain on the supply chain.

This critical need for OSINT and the collection of PAI was captured by Harvard Business Journal in an article titled “OSINT – The untapped treasure trove of United Nations Organizations,” where it outlined the catastrophic loss to international agendas and economies was due to a lacking ability to collect the raw social data and interpret it into global business decisions.

There are over 500 million tweets worldwide that are published each day. Facebook adds 350 million photos daily. YouTube adds 720,000 hours of video and Reddit has 500,000 comments every 24 hours. With that sheer amount of public data each day, the ability to harness that and ingest it into answering real-world problems is of extreme value and importance to any commercial and government industry.

Content Infographic

Image Source: Domo

There still is an immense value and always will be to having classified means of collecting information and data to enable decision-makers to affect ongoing problem sets. The sensitive data that is collected by classified means is a key to ensuring those decisions are accurate and proportionate. On the other hand, not all issues need large-scale solutions. Insight and analysis of current local and international issues can be and are derived from much cheaper and easily accessible sources.

The need for an OSINT capability, no matter the industry or requirements, is growing exponentially. Companies large and small have taken notice and begun filling OSINT analyst positions within their ranks to increase proactive decision-making that keeps their interests, brand, personnel, and property safe.

Our Assessment

Commercial industries will lead the OSINT training venture and increase their abilities with technology backed by methodology. As common, the government will take the ability to a new level to answer real-world requirements which will feed the commercial technology and training environment. Industries that currently lack a capable OSINT function within will struggle to stay ahead of quickly changing situations and information. Forward-leaning organizations will quickly train and enable their own analysts to collect and analyze PAI. The landscape of social analytics will continue to increase but so will privacy restrictions, changing with the adaptation of collection abilities. Businesses and organizations that fail to see the immediate need for OSINT capabilities will continue to struggle with ongoing economic, cultural, and social changes, ultimately affecting their brand and public standing.



The Cryptocurrency Climate: Is a Hot or Cold Storage More Secure?

Cryptocurrency continues to gain popularity with about 145 million adult Americans currently owning or previously owning cryptocurrency, even with an increasing number of investors being conned out of their digital assets because of their inexperience in investing and lack of understanding of the social laws governing the security and protection of their digital assets through hot and cold storage wallets. This makes new investors the primary targets for con artists. The cons are not slowing the trend down. According to a recent study, Americans who have never bought cryptocurrency before believe they are likely to do so for the first time next year as a result of the falling stock market and rising inflation.

For this report, Overwatch examined allegations and recent sightings of fraudulent and counterfeit hot and cold cryptocurrency wallets, focusing on the Ledger Wallet, which is acknowledged as one of the most well-liked hot and cold wallets available. Our analysis pinpointed several problems investors encounter when storing their cryptocurrency for protection.

Hot and Cold Storage and Their Scams

Investors in cryptocurrencies have two primary options for protecting their money: Hot and cold wallet storage. The easiest way to distinguish between the two is that a hot wallet is online and frequently connected through apps, but a cold wallet is offline and generally a handheld digital device. The other less popular option is to leave purchased digital currency on the exchanges.

cryptocurrency - hot and cold wallet
The difference between hot and cold wallets in cryptocurrency.

A hot wallet’s fast accessibility of investing directly from a smartphone or computer app draws investors in large numbers. The ease with which one can now invest in digital money increases the potential of fraud for thousands of people. However, the federal government has recently issued warnings about cybercriminals actively impersonating reputable cryptocurrency investing firms and convincing investors to download phony mobile apps to steal cryptocurrency. However, these criminals have a history of using high-quality counterfeit cold wallets with established backend access to compromise investors’ digital assets. This is typically done by providing a pre-seeded device or establishing malware on the device prior to shipment. Once an investor receives the device and attempts to transfer currency from an exchange or another wallet, the fraudsters will be able to obtain the funds. We mention this to demonstrate that there is no superior storage solution with the product’s absence of carefulness.

In a Private Industry Notification published by the FBI on July 18, 2022, titled “Cyber Criminals Create Fraudulent Cryptocurrency Investment Application to Defraud US Investor,” the FBI described how fraudulent hot storage wallets operate. According to the report, cybercriminals persuade victims to download a fake app to add cryptocurrencies to their wallets. The victims later seek to withdraw money from the app, but they are informed via email that they must first pay taxes on their investments. The victims are still unable to receive their cryptocurrency withdrawals even after paying the supposedlevy. This fraud is only one of numerous hot wallet scams involving cryptocurrencies that analysts have come across recently.

Recent Scams Reported

Ledger has provided a list of current phishing attacks and many alert messages starting in December 2020 on its website. Many alerts are regarding the prevalence of fake hot wallets on the market and the structure of cold wallet frauds that use Ledger as a front. Online investors have been continuously reporting being victims of scams over the past few weeks. Overwatch analysts have also noticed other suspicious activity related to using fake Ledger applications that can be found on app stores like the Microsoft Store and the Google Play Store.

For example:

  • On June 12, 2022, a Reddit user reported a suspicious Ledger Live app was self-installed on their computer with a logo that did not match the mentioned company branding. Also found were misspelled words on the app’s landing page, where the user was requested to update their Ledger device.
  • On July 17, 2022, an additional Twitter user captured a screenshot from the Microsoft App store, revealing that a fake hot wallet app was established on the platform posted under a legitimate cryptocurrency cold wallet company, resulting in the user losing $20k.
  • On July 18, 2022, a user on Trustpilot reported that they purchased a counterfeit Ledger Wallet, which appeared tampered with before opening.
  • On July 19, 2022, a Reddit user captured screenshots of a downloaded fraudulent Hot Storage app that provided fake Recovery seed phrases to steal any transferred currency.

These schemes are not being used as a novel way to defraud cryptocurrency investors. Cybercriminals still follow the same playbook: they lure unsuspecting investors into engaging fake Ledger Wallets, entice users to download apps or visit phishing websites, and then steal any currency entered.

Our Investigation

So what are the current market trends that investors should be aware of? Overwatch analysts investigated and found that Ledger Hello is one of them, and it’s available on the Microsoft Store. However, after a thorough search, only three reviews could be found, one of which was a user warning about the application claiming that it steals your money and wallet recovery seeds.

Following this discovery, analysts searched in preparation for further reports mentioning Ledger Hello. They found a Reddit user report stating their cryptocurrency was stolen from the same Ledger Hello app downloaded from the Microsoft storefront.

In addition to our investigation, analysts ran advanced searches for Ledger Nano X and Ledger Nano S devices. Analysts found four devices being marketed on Amazon from the United Arab Emirates. The tip was based on user reports that the investors had purchased counterfeit Ledger wallets on Amazon.

It appears that the item was bought from an Amazon seller who has since left the marketplace. Analysts were able to locate an archived version of the landing page that promoted the product, nevertheless.

To further our study, we looked for any hints that fake ledger wallets were being bought, sold, or obtained in dubious marketplaces on the dark web. Our investigation turned up a fake Chrome Device Manager browser add-on that claimed to be a Ledger Nano S extension and was obtained from the Google Play Store. Investors drawn to this extension would think it was a credible hot wallet storage solution due to the extension’s internet connection. However, confirmation through the official Ledger website showed that this browser extension is not affiliated with the company, and its users are not encouraged to use it.

Our research into the dark web also turned up a forum where people talked about a set of Nano S ledgers bought in bulk on Alibaba. Following the adage “too good to be true,” investors interested in purchasing the item should view the product’s low pricing as a warning sign.

These counterfeit gadgets are presented in premium packaging that aims to resemble the real thing closely. However, there is a good chance that the device has been tampered with or pre-seeded. This frequently occurs with Chinese online markets, not only for cryptocurrency hardware.

Our Assessment

According to the aforementioned study, seventy-four percent of cryptocurrency investors, or nearly 107 million Americans, bought for the first time in the last two years. However, according to the Federal Trade Commission, over 46,000 customers claim to have lost over $1 billion in cryptocurrency to scams since the beginning of 2021. This is partially due to cryptocurrency being in its infancy and the naivety of new investors, unsuspecting of the tactics of fraudsters.

Due to the significant expansion of the cryptocurrency sector, Overwatch predicts that in 2023 there will be a rise in the use of fraudulent apps. To target their victims for cryptocurrency scams, fraudsters will continue to take advantage of app marketplaces and create high-quality counterfeit digital wallets, concentrating on how eager new investors are to enter the digital investment arena. Should this occur, inexperienced investors unaware of the insider’s secrets risk losing tens of thousands of dollars more than we have seen in the past.

This analysis was carried out by analysts using advanced search terms on a variety of social media sites and dark web forums. In addition, we examined the marketplaces for cryptocurrency apps on app stores including the Microsoft Store, Google Play Store, and Apple App Store. Subsequently it becomes a game of “Whack-a-mole” because fraudsters continue to add and withdraw applications from these platforms. The same is true for online merchant sites like Amazon. With that said, it’s crucial for investors to be knowledgeable about the applications they use and to avoid getting cryptocurrency cold wallets from unlicensed vendors.

For investors interested in purchasing a Ledger Cold Wallet specifically, or utilizing the Ledger app, both products should only be acquired through the official Ledger.com website.


Despite Legislation, Do U.S. Consumers Know Where and How Their Products are Made?

On June 21, 2022[i], the Uyghur Forced Labor Prevention Act (UFLPA) took effect in the United States. The Act was enacted in response to the 2014 investigations concerning the Uyghur population of Xinjiang, China, that determined the People’s Republic of China (PRC) committed numerous human rights violations that are still occurring today.[ii] The UFLPA now requires U.S. imports produced “wholly or in part in the Xinjiang Uyghur Autonomous Region” to have “clear and convincing evidence” to be free of forced labor.[iii] In addition to the enactment, monitoring resources have been implemented, and most American consumers are familiar with UFLPA, having little to no impact on purchasing behavior.


On the other hand, Chinese officials have countered U.S. allegations of forced labor in Xinjiang with accusations of lies and undercutting the international supply chain. Wang Wenbin, the Chinese Foreign Ministry spokesperson, stated that Xinjiang forced labor allegations are “a big lie made by anti-China forces.”[vii] Hua Chunying, Assistant Minister of Foreign Affairs, posted that the UFLPA “essentially deprives millions… of their right to work”. [viii] U.S. Secretary of State, Anthony Blinken, responded by stating, “we are rallying our allies and partners to make global supply chains free from the use of forced labor, to speak out against atrocities in Xinjiang, and to join us in calling on the government of the PRC to immediately end atrocities and human rights abuses, including forced labor.” [ix] | [x]

In this Overwatch brief, Echo Analytics Group and Valens Global analysts focused on challenges U.S consumers face when trying to understand the supply chain. Our research identified that forced labor products from the Xinjiang Uyghur Autonomous Region (XUAR) continue to make their way into the hands of American consumers. This brief is based on shipments already accepted into the U.S. from export companies known to utilize cotton from the XUAR and future shipments from the same companies operating under an alias.


Unraveling the Origins of Consumer Goods

When a finished product arrives in the U.S., it is difficult to confirm or deny its origins within the Xinjiang Uyghur Autonomous Region (XUAR) with “clear and convincing evidence.” For this case, analysts looked at a shipment that landed in the port of Long Beach, CA, on June 29, 2022. The shipper’s name is Nanhai Textiles Import and Export carrying containers of women’s clothing. The COSCO Shipping Rose vessel came from the Yantian port in China. Before arriving in Long Beach, CA, we backtracked its movements using Vessel Finder and the International Maritime Organization (IMO) number to reveal stops in Hongqiao, Jiangyin, Xiamen, Yantian, and El Paso, Texas. However, Panjiva’s report dated June 29, 2022, and Bill of Lading #PSEAYTNLAX50787 were no longer available on the site. Look at the sample Bill of Lading and note the Shipper, Consignee, and Marks Description.

According to the UFPLA, we must show that Nanhai Textiles did not use cotton produced by forced labor in Xinjiang to show “clear and convincing evidence” for the items in container OOLU8868244.

After performing a series of searches in the Securities and Exchange Commission (SEC) and finding no record of Nanhai Textiles, analysts pivoted their search to find aliases for the company through Google Dorks, social media, Panjiva, Office of Foreign Asset Collection (OFAC), Market Watch, and human rights watchdogs (Politico, Voice of America, Human Rights Watch, Helena Kennedy Center, etc.). The following are all alias listings for Nanhai Textiles:

  • Nanhai Textile Import & Export Co LTD of Guangdong (link)
  • Foshan City Nanhai Deyao Textile Industrial Co., Ltd. (link)
  • Foshan Nanhai Weilong Textile Co., Ltd. (Facebook) (link)
  • FoShan NanHai HuaChun Fashion Co., Ltd. “Supplier to PVH Corp
  • Foshan Chicley Textiles Co. Ltd. (link)

None of the above listings have direct ties to or show up on the Department of Homeland Security’s UFPLA list, a list of entities known to utilize forced labor. As a result, this shipment passed muster without issue and, luckily, just days after the UFPLA went into effect.

However, as listed above, Foshan NanHai HuaChun Fashion Co., Ltd. is a direct supplier to PVH Corporation (Corp.). PVH Corp manages significant apparel brands and denotes receiving products produced by Esquel Enterprises, also known as Changji Esquel Textile Co. Ltd (currently on the UFPLA entity list). Additionally, PVH Corp.’s current senior leadership formerly oversaw importing operations for Urban Outfitters, the same receivers of our case study shipment from Nanhai Textiles and retailers of PVH products.

These correlations do not necessarily connect our entities directly to materials sourced from the XUAR. Instead, our example shows the complex supply chain and how far removed the consumer is from the cultivation of raw materials to the finished product. How can a supplier provide “clear and convincing evidence” that their products meet the requirements in the UFPLA?

The difficulty in proving where raw materials came from is “at the ginning stage [when fibers are separated from their seeds], cotton from disparate locations is mixed together, making it impossible to trace the provenance,” according to Liv Simpliciano of Fashion Revolution in an interview for The Guardian. She quotes leaders in supply chain technology as saying the only way to prove the absence of Xinjiang cotton is a “complete digital chain of custody.”

According to an article published in the Taipei Times, Tech companies such as TrusTrace, Supply Shift, and TextileGenesis, plan to use “blockchain and artificial intelligence to trace supply chains for fashion labels.” These companies aim to provide transparency to the industry by providing traceability throughout the supply chain. However, as stated by TrusTrace, “Only the brand is informed,” meaning that TrusTrace is “not alerted when Xinjiang cotton is found in a brand’s supply chain.” This places the ownness back on the importer to report when they receive alerts, leaving the system vulnerable to market manipulation.

To the Informed Supplier

For an additional case study, we referenced “Laundering Cotton: How Xinjiang Cotton is Obscured in International Supply Chains.” Laura T. Murphy and her team covered the Texhong Textile Group, currently under scrutiny for sourcing from the Xinjiang Tianmian Foundation Textile Co. (not on the UFPLA entity list).

The case study shows direct correlations between the Xinjiang Source, Intermediary Manufacturer Supply Chain, and specific shipments.

According to Laundering Cotton, Texhong’s subsidiary Winnitex supplies manufacturer Andalan Mandiri Busana (AMB). On a shipping report from Panjiva, J.Crew received a large shipment of men’s pants labeled AR886-3 from AMB on 03/31/2021. The same product number was recorded on J.Crew’s website as available for purchase.[xi]

The Laundering Cotton report illuminates several other case studies from major American and international apparel retailers. They also caveat at the end of the report by stating that each entity named throughout the study has had the opportunity to reply. Their responses are recorded here in Annex D of the report.

Our Assessment

We assess that U.S. Importer inventories of XUAR-sourced products will continue to make their way into the hands of unwitting consumers. However, as the UFPLA expands its list of banned entities, future shipments of ethically sourced goods promise to deny forced labor products into the supply chain. As noted with the ginning stage of cotton and the complexity of supply chains, there may never be a single solution to help legislation against forced labor reach its full potential.

Overwatch assesses that it will take a combined effort on the UFPLA to expand their banned entities along with consumer awareness that anything from these designated regions could be in support of forced labor. Launching a consumer campaign to raise awareness about where and how products and services are sourced has proven highly effective, especially within the agriculture industry. We will likely not see any significant decrease in forced labor until consumers and legislation become more aligned.

Ultimately, the ones who will have the most significant impact are the producers of these products. When they have a healthy understanding of what their consumers demand and are concerned with their brand reputation, they will work to enforce a higher standard of “clear and convincing evidence” to their market base.

OSINT Workflow for Supply Chain Due Diligence

https://panjiva.com/ (shipments)

https://www.vesselfinder.com/ (vessels)

https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information (Sanction Lists)

https://www.sec.gov/edgar/search/ (Business by name lookup)

UFLPA Entity List | Homeland Security (dhs.gov) (Xinjiang Banned Entity List)

(List is not exhaustive or a complete list; this is the bare minimum.)


[i] U.S. Customs and Border Protection: Uyghur Forced Labor Prevention Act

[ii] Aljazeera: China’s Uighurs claim cultural ‘genocide’; China’s Uighurs claim cultural ‘genocide’ | Opinions | Al Jazeera

[iii] Ibid. page 1

[iv] WRC Case Brief: Lacoste Linked to Factory in China that Reportedly Uses Forced Labor; https://www.workersrights.org/wp-content/uploads/2020/03/WRC-Case-Brief-Yili-Zhuo-Wan-Lacoste.pdf

[v] Congressional-Executive Commission on China: Global Supply Chains, Forced Labor, and the Xinjiang Uyghur Autonomous Region; CECC Staff Report March 2020 – Global Supply Chains, Forced Labor, and the Xinjiang Uyghur Autonomous Region.pdf

[vi] Australian Strategic Policy Institute: Uyghurs for sale; https://www.aspi.org.au/report/uyghurs-sale

[vii] Politico: U.S. importers brace for chaos as Uyghur Act looms; https://www.politico.com/newsletters/politico-china-watcher/2022/06/16/u-s-importers-brace-for-chaos-as-uyghur-act-looms-00040072

[viii] Reuters: Tracking China’s Muslim Gulag; https://www.reuters.com/investigates/special-report/muslims-camps-china/

[ix] U.S. Dept of State, Dept of Treasury, Dept of Commerce, Dept of Homeland Security, Office of Trade Representative, and Dept of Labor: Xinjiang Supply Chain Business Advisory; 20210713_xinjiang_advisory_0.pdf (treasury.gov)

[x] United Nations Human Rights Council: UN human rights experts urge China to allow them ‘full access’- UN human rights experts urge China to allow them ‘full access’

[xi] Laura T. Murphy, et al. (2021). “Laundering Cotton: How Xinjiang Cotton is Obscured in International Supply Chains.” Sheffield, United Kingdom: Sheffield Hallam University Helena Kennedy Centre; https://www.shu.ac.uk/helena-kennedy-centre-international-justice/research-and-projects/all-projects/laundered-cotton


When AI In The Workplace Oversteps Privacy

Artificial Intelligence (AI) has become a growing member of today’s workforce. Companies use AI to help improve customer service, energy consumption, and quality assurance. However, what happens when AI moves into a managerial role in how employees operate? How far are employers allowed to take AI before concerning themselves with employee rights, ethics, and labor laws?

In this issue of Overwatch, we work to highlight some of the ways big employers are using AI to manage their employees and what that means for their employees and their culture.

In a 2017 Google Talk, Frank Abagnale (the man on whom “Catch Me If You Can” was based) tells young analysts that the type of con he was able to perform 50 years ago is “4,000 times easier today” due to the growing availability of technology. Through publicly available information (PAI), criminals can quickly see what corporate signatures should be on financial transactions, what the format of those transactions looks like, and even where employees hang out after work to talk shop. Impersonating employees has never been easier.  As Mr. Abagnale puts it, “you no longer need a printing press to make all four colors on an ID card that passes a quick visual inspection.”

Tesla is just one company that has taken this challenge head-on and started implementing several employee monitoring systems. What may have begun to protect the company against fraud has become a division of employee monitoring tools to help manage employees. Tesla was outed by CNBC back in 2017 for using a PR firm to monitor employee social media to counter employee unionization. Tesla’s recent activities include AI-powered presence patrols that notify employees when they haven’t swiped their badge at work enough to meet company standards. Overwatch analysts utilized a simple Google Dorking technique to search the TeamBlind.com website, a social media site for anonymous employee rants, to find several threads about how employees feel about such actions.

Our results are here.

The overall feeling from the anonymous employees who commented is that Tesla is justified in their actions, but the decision comes at a high cost to employee morale. Some even speculate that such activities are intentionally being used to assist with the ongoing downsizing the company is conducting in expectations of future economic limitations.

When it comes to ensuring safe work procedures are being implemented, AI has additional management roles to fulfill. For example, Amazon’s “Last Mile Safety” team has partnered with an “intelligent fleet safety” company called Netradyne to install AI-powered cameras in their delivery vehicles. According to Netradyne’s website, they are working to “transform the transportation ecosystem through Computer Vision and in-depth data analysis” powered by AI. This means that more than half of the Amazon delivery trucks you see are now equipped with an AI-powered camera system that monitors 270 degrees of visibility from the truck’s cab. This includes monitoring the drivers for safe driving behaviors. Last Mile Safety’s Sr. Manager, Karolina Haraldsdottir, explains what the system can do and how they work in an unlisted video shared with all driver teams.

Front view from Netradyne camera system.

Side views from Netradyne camera system

Driver view from Netradyne camera system


As you can see, this system is designed to use AI to enhance Amazon drivers’ safe driving skills. Videos are reviewed for driver improvement, tracking, and monitoring hazards and driving incidents. According to Haraldsdottir’s instructional video, the cameras will send reports back to Amazon if it detects any of the 16 pre-programmed signals that they deem unsafe. The system will also provide audio alerts to drivers when they run a stop sign, follow too close, speed, or the camera detects that they are distracted. These events are then used to give ratings of “poor,” “fair,” “good,” or “fantastic” to drivers. This may sound similar to those devices that insurance companies provide you to monitor the breaking and g-force of your car for safe driving but upgraded with an intelligent camera. Kudos to their PR team for not making the cameras red like the one from HAL 9000!  “Sorry, Dave, you can’t merge into that lane….”

One of the most considerable drawbacks of this technology is that AI is limited by the flaws of the programmers who created its algorithms.  As a result, AI can lack contextual awareness. For example, some drivers report losing points for following too closely when they get cut off. One such driver gave his anonymous story to help shed light and mentioned that his performance is now constantly monitored by an impartial system. He reports, “a car cuts me off to move into my lane, and the camera, in this really dystopian dark, robotic voice, shouts at me.” Think of an AI-powered back seat driver that never takes naps on the road, and they are in charge of your quarterly performance review.

Something that is less commonly known is that Amazon delivery drivers are not actually employees of the Seattle-based giant. Instead, Amazon utilizes sub-contractors through its Delivery Service Partners (DSP) program to fill these positions, thus protecting Amazon from immediate issues with the drivers as they implement their policies to the companies that serve these contracts.

In a 2021 Bloomberg report, it was noted that Amazon uses this relationship to dictate behaviors and activities of their drivers down to their grooming standards, appearance, body odor, and even their behaviors on and off the job. These standards are often monitored using the Netradyne monitoring systems. So how do employees protect themselves from these policies? The short answer is – they can’t. Every employee must sign consent agreements to keep the job. While this sounds like an infringement of the “legitimate expectations of privacy at work” listed in the Privacy Act of 1974 (recently updated in 2020), it is not. The privacy act focuses solely on what a Government Agency can do, and there are few rights given in the private sector outside of some State laws that protect individual privacy. However, at the state level, individual privacy is generally characterized as:

  • Intrusion of solitude
  • Appropriation of name or likeness
  • Public disclosure of private facts
  • False light

So it looks like Amazon’s cameras are here to stay despite many privacy activists telling news agencies such as Telegraph that they are “creepy, intrusive, and excessive.”

While there are many ways to monitor employee activity, incorporating an always-on camera and workstation monitoring systems can affect employee morale and corporate stigmas. According to CompTIA statistics on the usage of AI, “91.5% of leading businesses invest in AI on an ongoing basis.” However, the policy, oversite, and ethics of this employment are still very nascent. So nascent, in fact, that CompTIA lists the lack of governance as one of the top 5 reasons companies don’t adopt AI. Most of our policies and ethics have always focused on a government’s ability to infringe upon our expectations of privacy. Very few ever dictate what private companies can do as everything happens under the guise of “consumer consent.” If you buy the product or do the job, then you consent to its use in any way the builder deems fit.

As these companies continue to grow in size and influence, they push the bounds of ethics further and further with every decision. They can do this because of their leverage over their employees, who depend on their employment during challenging economic times. Silkie Carlo, the director of Big Brother Watch, equates this to Orwellian monitoring of our lowest-wage employees, implying that it’s not the governments that threaten your privacy the most but the companies that provide your everyday needs.

What’s next?

Overwatch assesses that large-scale implementation of an effective ethics policy is unlikely to occur. Employee morale will rarely outweigh the benefit of AI in the workplace. While 38% of employees expect their job to be automated by 2023, most AI integrations are employed to assist skilled labor with rudimentary tasks and to help increase safety and efficiency. Amazon alone has reported a 48% decrease in accidents, seatbelt wear has increased by 60%, and distracted driving has fallen by 75% due to their use of the Netradyne systems.

There is no doubt that AI is the wave of the future, and there are no (or at least very few) limits to how employers can use it to enhance their production. However, as we’ve seen in these few examples, it doesn’t take much for employers to go too far. With little room for recourse when an employer oversteps the bounds of civil liberties, the result is a smaller or more demoralized workforce. In some situations like this, a unionized workforce may become desirable. According to this Washington Post article, Amazon factory workers are striving to do just that to combat the overbearing micromanagement that Amazon exerts on its employees. In addition to Union talks, employers should monitor the market of available jobs. Big tech companies will likely find healthy competition for their workforce in those places that genuinely value employee morale over the bottom line.

As experts in combining publicly available information to answer questions, Echo Analytics Group wants to empower employers and employees to protect their information and build an #OSINTforGood society. However, for every bit of information an employer gathers on their employees, they become a bigger target for cybercriminals who want to use that information to exploit anyone they can. Also, freely communicating and applying a practice of transparency may help with morale in the culture when AI steps into a managerial role in the workforce. However, taking note of the reactions of Tesla and Amazon employees only shows that these choices to enhance safety and performance may come at the cost of lowered morale and production. The human race has always fought for civil liberties. It may only be a matter of time before the enemy of that fight changes from the Governments of the world to the big industry giants that pose an even more significant threat to life, liberty, and the pursuit of happiness.

What is Driving the Assassinations of Mayoral Politicians by Cartels in Mexico?

On March 10, 2020, at approximately 4:40 pm local time, Cèsar Valencia Caballero, the mayor of Aguililla, Michoacan, Mexico, was found dead. According to reports by the Agence France-Presse, a French-based international news agency, the man had been shot at least twice in the chest and neck.

This killing came just three weeks after the mayor, previously a local rancher and farmer, had allegedly declared an end to the cartel wars in the area. This announcement had been prompted by action taken by the federal police and military of Mexico to “free” the city after months under the control of the Cártel de Jalisco Nueva Generación (CJNG), also known as the Jalisco Cartel.

For this Overwatch, analysts will leverage publicly available data from various sources to statistically answer the question: what is driving the assassination of mayoral politicians by cartels in Mexico?

Mayor Caballero’s death is just the most recent in a long line of mayoral assassinations, as seen in Figures 1 and 2, created using data from The Justice in Mexico Project. According to the Justice in Mexico Project 2021 Special Report, a mayoral figure, defined as a mayor, candidate, or former mayor, was four times more likely than the average citizen to be killed in Mexico in 2020, as opposed to 13 times more likely, which was the statistic the year prior in 2019.

By looking at the context in which Caballero’s assassination took place, we can begin to pull out salient factors that might affect the assassination of mayoral politicians throughout all of Mexico.

The city of Aguililla was one of many in the region that have served as the focal points of a battle between Carteles Unidos (CU) and CJNG. The fighting between these groups has seen the State of Michoacan become the state with the fifth-highest homicide rate (59.3/100,000) in the country from June 2021 to May 2022. This was an increase of approximately 8.7/100,000 compared to one year ago.

Unlike the CJNG, which resembles a more traditional cartel, the CU started as a loose affiliation of cartels and gangs native to the Michoacan who had once come together in 2010 to fight off the encroachment of the Los Zetas cartel. As the original cartels of the region began to fall from power, what replaced them was a series of localized gangs, coalitions of smaller cartels, and self-defense forces. Most of these armed groups are made from the remnants of those former groups and often fight amongst each other or against external threats to seize control of the territory they inhabited.

This fragmentation process, the process through which large national cartels are reduced to smaller localized regional cartels and criminal cells, is not only underway in the state of Michoacan. A look at the series of maps (Figures 3, 4, and 5) shows an increasingly fragmented cartel landscape. According to the International Crisis Group, there were roughly 205 in 2020, a sharp increase from the 76 present in 2010.

As a result of this fragmentation, criminal actors, necessity, and a desire for profit have increasingly turned their sights inward to domestic sources of profit. As early as 2014, it was reported that the Zeta and the Knights Templar cartels were no longer making most of their earnings through drug trafficking but through iron ore. However, diversified illicit profit streams extend outside the extortion of mining companies and illegal mining operations. They include the extortion of avocado farmers, the extortion of local businesses, oil and gas theft, endangered wildlife trafficking, kidnapping, and smuggling.

The prevalence of these forms of extortion and looting of the local population by criminal actors in Mexico can be seen in the worries of the residents of Aguililla. After the end of their occupation by the CJNG, they are not celebrating. They are described as being worried about possible reprisal killings and the continuation of the CU “War Tax,” an extortion method in which the CU targets lucrative agricultural resources grown in and exported out of the area, such as avocados, limes, and mineral wealth.

The overall fate of the town of Aguililla and the region remains to be seen. Still, from the events described, we begin to get a picture of an evolving landscape of cartel violence in Mexico, especially compared to the 2006-2014 period of the conflict. Two key features mark this ongoing situation. First, the number and type of actors in this conflict have shifted, and second, the revenue streams these actors draw from have diversified. These and some control variables will be the main characteristics tested in the model below to understand local political violence.

To understand what factors are significantly contributing to this type of violence, Overwatch will use a method of quantitative analysis. This information places environmental factors derived from open-source state-level data[1], such as cartel fragmentation, political pluralization, the killing or arrest of cartel leaders, mining output, avocado output, and the number of illegal pipeline taps against the event of a mayoral assassination, allowing us to see what factors are statistically significant in predicting incidents of mayoral assassination in a State. The model will control for several factors, including election years, the number of municipalities in a state, the homicide rate of a state, the estimated population of a state, the end of Mexico’s gas subsidy, and the Human Development Index (HDI), an aggregated measure of prosperity in the area. The model will be run twice, first from the time of 2006-2019 and then from the period of 2012-2019, to consider the roles that fuel theft is playing when it comes to mayoral assassinations.

[1] Sources used for the quantitative models

Mayoral Assassinations: Justice in Mexico Project Memoria Dataset. Supplemented through advanced queries for missed assassination events.

Cartel Fragmentation, Political Pluralization, Arrest/Death of Cartel Leaders 2006-2015: Laura Blume’s academic article The Old Rules No Longer Apply: Explaining Narco-Assassinations of Mexican Politicians – Laura Ross Blume, 2017 (sagepub.com)

Cartel Fragmentation, Political Pluralization, Arrest/Death of Cartel Leaders 2016-2019: supplemented through open-source research queries.

Mining Output: The Mexican Geology Service

Illegal Pipeline Taps: IGAVIM (NGO charting fuel theft in Mexico)

Avocado Output: Secretary of Agriculture and Rural Development

Number of Municipalities, Estimated Population, Violent Homicide Rate: National Institute of Statistics

Human Development Index: Global Data Lab


  Model 1 (2006-2019) Model 2 (2012-2019)
Dependent: Mayoral Assassinations ZINB ZIP ZINB ZIP
Avocado Production Value (100,000s of pesos) 3.25e-06***




3.09e-06*** (9.66e-07) 3.09e-06***


Designated Red Triangle Area .3440403 (.293146) .3776276 (.3067098) .1315405 (.2806082) .131554


Number of Illegal Pipeline Taps Detected .0004163** (.00014) .0004163** (.00014)
Total Value of Mined Lootable Resources (100,000s of pesos) -3.34e-07 (8.46e-07) -3.18e-07 (8.39e-07) 6.49e-07 (8.54e-07) 6.49e-07


Gas Shock 1.644253* (.6910199) 1.711019* (.6824836) .5952097 (.3603463) .595184


Total Cartels .1492155 (.0783382) .1459798 (.0777265) .0086074 (.0920103) .0085645


Kingpin .1536357 (.2005211) .122137 (.199723) -.0923125 (.1881991) -.0923967


Lagged Political Pluralization 1.172203 (.9245133) 1.1806 (.9493756) .6671332 (.9917837) .6671474


Human Development Index -8.823877** (3.138733) -9.3168***


-16.481*** (3.742241) -16.4833***


Homicides/100,000 people .0173533*** (.002475) .0170105*** (.0022406) .0158983** (.0048266) .0158989***


Population Estimates 1.03e-07*** (1.78e-08) 1.01e-07***


9.74e-08*** (2.08e-08) 9.75e-08***


Number of Municipalities .0032946*** (.0005619) .0031435*** (.000582) .0025737*** (.0005316) .0025733***


Inflated Total Cartels -1.014295* (.4326191) -.3714208 (.873021) -1.631413** (.5462995) -.8482871*


# of observations (N) 434 434 248 248
Wald chi^2 302.97 *** 304.31 *** 277.79 *** 277.79 ***

Standard errors in parenthesis, p-value *=.05 **=.01 ***=.001

After running these models, it was determined that for every unit, 100,000-peso (~$5,000), increase in estimated value from avocado farming, there is an expected increase in the mayoral assassinations rate of .000003, all else being equal. Additionally, for every additional illegal tap detected, we expect the number of mayoral assassinations in a region to be a .000416 increase in mayoral assassinations. Though these numbers may seem insignificant, they have a statistically significant effect, meaning that when predicting incidents of mayoral assassinations, these two variables are better indicators than factors that focus on the fragmentation of cartels.

Notably, the control variable HDI is also significant, meaning states with lower HDI scores are more likely to suffer from mayoral assassinations. This is possibly because fragmented criminal groups cannot easily target affluent and well-secured regions in Mexico and prefer to prey on lower socio-economic areas.

In both models, factors such as the extradition or death of a cartel boss, the number of cartels in an area, and political polarization were insignificant, meaning they do not act as statistical predictors of mayoral assassinations. The insignificance of these three variables could be due to the changing environment in Mexico. As seen in Figure 6 above, most states house multiple armed groups. At the same time, the process of leadership decapitation that started in 2006 has turned the criminal landscape into several independent cells and loose affiliations that are becoming more immune to the arrest of leaders. These two factors, present throughout most of Mexico in the last few years, do not go nearly as far in predicting mayoral assassinations as a state’s natural resource wealth.

Overall, what this model shows is that a mayoral politician of a town experiencing inter- or intra-cartel conflict but whose municipality is not rich in lootable natural resources, or sources of extortion, is in a relatively safer position than a mayoral politician suffering from the same predicament, but also finding themselves in charge of an area with high amounts of lootable natural resource wealth and points of extortion. In addition, it reveals that the assassination of these mayors is concentrated in states that rank lower in terms of socio-economic status. In other words, the criminal and socio-economic environment may lead to initial vulnerabilities, but the economic incentives provide the drivers for political violence.

Our Assessment:

Using the above findings, Overwatch analysts assess that if trends in criminal fragmentation and diversification of illicit revenue streams continue, there will be a surge in political violence in Mexico starting in late 2023 and culminating around Mexico’s 2024 election. This would follow trends seen during the 2018 and 2021 election seasons. If the above model is correct, political violence in 2024 will likely concentrate in states and municipalities that are rich in lootable natural resources and targets for extortion. In addition, political violence will likely concentrate lower socio-economic areas surrounding the 2024 election.

Additionally, Overwatch analysts assess that much of business surrounding local resources in Mexico will continue to involve cartels and criminal actors moving forward, likely leading to the fluctuation in prices of key natural resource markets and previously agreed upon business contracts.

These problems will likely be exacerbated as the Mexican government attempts to “decapitate” the Jalisco Cartel or other large cartels still operating in Mexico. This will probably increase the violence aimed at local citizens and politicians, as groups like the CU disintegrate without an external enemy to fight against. In addition, splinter cells of the now headless cartels turn towards their local economies and surrounding territories to supplement their affected revenue streams.

How a Culture of Being First Fuels Information Disorder

According to Pew Research, we live in a digitally connected world where 71% of Americans turn to social media platforms to get their news content. We no longer are limited to conversing with friends at school or our colleagues in the office; in a matter of seconds, we can broadcast news traveling across the globe – every like, retweet, or share, adding credibility to the original post regardless of its factual authenticity.  The original version of a story can quickly be shared, becoming a digital telephone game where the narrative has morphed into an entirely different story.  Social media has given us an incredible opportunity to learn more about the world, connect with people, and learn things we would have never known otherwise, but with any great innovation comes tremendous responsibility.

In this brief, Overwatch reports some of the significant events leading to the growth of misinformation, examples, and the impact it has on today’s society, economy, and businesses.

Information Overload Leading to Information Disorder

 Today, an incredible amount of information is available at our digital fingertips.  It is estimated that at least 2.5 quintillion bytes of data are added to the internet daily. Google alone processes approximately 63,000 search queries every second, translating to 5.6 billion daily searches and about 2 trillion global searches annually.  The average person conducts between three and four daily searches, exposing us to multiple perspectives and opinions of every news story. Even then, as people turn to the world’s best search engine, former CEO of Google, Eric Schmidt, tells the world that 99% of the data is hidden.

This means it will become more difficult to spot what Dr. Wardle and Dr. Derakhshan call information disorder.

What is Information Disorder?

Claire Wardle, Ph.D., and Hossein Derakhshan reframe fake news as information disorder, a spectrum that ranges from falseness to intent to harm. Breaking the concept into specific terms helps us understand how it operates and causes harm. Wardle and Derakhshan use a Venn diagram to explain information disorder as having three parts, including:

  • Misinformation: Some spread false information without the intent to spread harm. People spreading misinformation believe it to be true before sharing it with others.
  • Disinformation: People may spread information to cause harm or manipulate people.  Disinformation describes lies people tell for money, influence, or to cause disorder.
  • Malinformation: Information that may be true but is spread with malicious intent or taken out of context.  Examples include divulging private information or manipulating facts to fit a false narrative.

Source: Wardle and Derakhshan, 2017

Information Disorder Examples

  • The Mueller Report found that during the 2016 Presidential election, the Internet Research Agency (IRA), in a bid to “provoke and amplify political and social discord in the United States,” purchased over 3,500 advertisements, totaling $100,000, which were “falsely claimed to be controlled by U.S. activists.”
  • UNICEF reported that with increased digital use comes increased exposure to mis-/dis-information: in one 2020 study, 76 percent of 14–24-year-olds reported seeing online mis-/dis-information at least once a week, a rise of 50 percent from the previous two years.
  • In 2019, Cybersecurity firm CHEQ, in conjunction with University of Baltimore professor Robert Cavazos, estimates that $78 billion is lost annually to disinformation. CHEQ stated, “Fake news isn’t just a term coined by a politician; Fake news isn’t just buzz.  Fake news isn’t something that was born recently in terms of being anecdotal.  Fake news is a major, major problem.  At these figures, fake news is almost controlling our lives, who we vote for, what we decide to do, what we consume, and so on and so forth.” According to the study, the areas most significantly impacted are health misinformation, which includes anti-vaccination stories, financial misinformation that leads to significant stock drops, the amount of money brands lose to disinformation, and the amount of money people spend to repair their reputations because of misinformation.
  • In December 2017, ABC News falsely reported that Michael Flynn would testify that President Trump instructed him to contact Russian government officials during the campaign. This reporting led to shares plummeting an estimated $341 billion on the S&P that day.  The story was corrected after the trading day ended, but it was too late; the overall loss was estimated to be $51 billion.

Whether we trust the news or not, news stories tremendously impact our daily economy and business decisions.  There has been significant research in this area over the past few years.  A research team led by Alison Holman and her colleagues at the University of California, Irvine, reported in their article published by the British Broadcasting Corporation (BBC), reinforced that being first, and getting it wrong, can be detrimental to our health.  “It turns out that news coverage is far more than a benign source of facts.  From our attitudes to immigrants to the content of our dreams, it can sneak into our subconscious and meddle with our lives in surprising ways.  It can lead us to miscalculate certain risksshape our views of foreign countries, and possibly influence the health of entire economies.  It can increase our risk of developing post-traumatic stress, anxiety, and depression.  Now there’s emerging evidence that the emotional fallout of news coverage can even affect our physical health – increasing our chances of having a heart attack or developing health problems years later.”

The Assessment

The information age is still in its infancy, and innovation speed is ever-increasing.  Our exposure to more information will only increase as advanced technologies are invented, making us more reliant on the Internet of Things (IoT).  In turn, the challenge will be sifting through the vast amounts of information to make informed decisions in a timely manner.

Information disorder has proven to impact our infrastructure, our economy, and even divided our communities.  Fortunately, there are technologies available to assist us with finding accurate information faster, but they are not being developed at a pace to keep up with the spread of information.  To manage the impact of information disorder, we must emphasize critical thinking skills and continue investing in technologies that enable businesses and the government to identify and validate content.

Critical thinking is a crucial skill set to empower us to share accurate information for practical analysis.  One of the best ways to improve your critical thinking skills is by reading books published by The Critical Thinking Foundation, including The Thinker’s Guide to How to Detect Media Bias and Propaganda, which provides the reader with an entire critical thinking framework to spot and assess propaganda.

Here are the questions they suggest we ask ourselves when analyzing and interpreting news stories:

  • Who is the intended audience?
  • What point of view is being privileged?
  • What point(s) of view is (are) being dismissed or played down?
  • How can I gain access to the point of view negated (from those who most intelligently understand it)?
  • Which stories are featured on the front page and why?
  • What information is “buried” in the article and why?

This data is an excellent example of why Open-Source Intelligence is an emerging field and why companies adopting the discipline early will have a competitive advantage before it becomes necessary.  In short, whether you are a consumer, the media, or a brand, you could save a great deal of money by doing your due diligence in validating the information you read online and sharing responsibly.

Chinese Government Attempts to Collect American DNA Data

Overwatch analysts are diving into the possible dangers of targeted genetic data collection. Entire nations can be disarmed with DNA surveillance or the creation of modern bioweapons, including fatal viruses that target specific genes. When millions of Americans utilized the mail-in DNA services of genealogy companies to learn about their ancestors, they knowingly gave their genetic data away. Is it possible that we are overlooking the risks of sharing our DNA with consumer-based genetic testing companies, especially as China aims to become the world’s bio-data leader?

In 2016, China announced a $9 billion project to collect and sequence genetic data, which is reportedly used for “a method designed to give individualized treatments based on genetic makeup, environmental, and lifestyle factors of individual patients.” This investment highlights that the Chinese government is interested in the health ramifications of ethnic gene isolations. The opposite of individualized treatments to improve health is individualized bioweapons that deteriorate health. “An adversary could develop a bioweapon that induces auto-immune diseases or avoids immune detection only in people with specific genetic variants,” according to Geneinfosec, a genetic information security firm.

For this brief, Overwatch analyzed China’s various attempts to obtain American DNA, as well as China’s history of targeting select groups of individuals to gather genetic data, specifically the Uyghurs. To acquire American genetic data, our research uncovered evidence that reveals China focuses on partnerships and investments with U.S. Medical Research Universities, biotech corporations, mail-order genetic testing companies, and Covid-19 testing facilities to retrieve American genetic data.

Theory of Biological Dominance

China’s People’s Liberation Army (PLA) has refocused its strategy to embrace biology and genetic research development as of 2019. This is not surprising, given that the philosophy of biological warfare dominance was promoted through a series of Chinese literary works, including War for Biological Dominance, published in 2010 by China’s Third Military Medical University. The author’s claim that biotechnology will become central to national defense: from biomaterials to brain control weapons. According to the Washington Times, a similar notion was put into doctrine in the 2017 edition of the PLA National Defense University textbook, which discussed the potential for bioweapons with the capability of “specific ethnic genetic attacks.” This is significant because it reveals that the PLA has a strategic interest in the biological components of ethnic DNA for military and security purposes.

China’s History of Targeted Genetic Data Collection

China has a history of utilizing genetic data to target select groups of individuals. From 2016 to 2017, the Beijing Genomic Institution (BGI), a Chinese state-sponsored lab, was involved in the targeted collection of DNA samples and biometric data from the country’s Uyghur population under the false premise of a free health check. According to the New York Times, those who did not willingly give their genetic data were contacted by local authorities and were told a healthcare check was required. For decades, China has persecuted the Uyghur population, a predominantly Muslim minority community. In the past, the government has arrested hundreds of thousands of Uyghurs and placed them in detention camps where DNA collection is also conducted. Other targeted DNA collection efforts include:

In 2016, China required DNA samples from all Uyghurs needing travel documents.

In 2019, reports of the Chinese government developing technology to predict physical appearances based on the DNA collected from Uyghurs in Xinjiang province.

Beijing Genomic Institution office building in Shenzhen, China. Photo Credit: CGTN

American Genetic Data Collection

In 2019, The Pentagon advised military personnel not to take DNA tests by mail. Admiral John Richardson, the then Chief of Naval Operations, warned of scientific advances in DNA collection, which make biological weapons more tailorable. Similarly, the Office of the Director of National Intelligence (ODNI) warned that China prioritized collecting American healthcare data. This includes genomic data potentially used for nefarious purposes such as targeting military personnel, as China “already has a significant record of exploiting DNA for social control and surveillance of their Uyghur population.”

However, Chinese biotech companies, particularly WuXi healthcare and BGI, have found their way around the U.S. government warnings and successfully increased their involvement with American biotech institutions to access American DNA.

In 2011, BGI announced a partnership with the University of California, Davis, to establish a BGI Genetic Sequencing facility for immediate use. During this time, BGI also partnered with the Children’s Hospital of Philadelphia to conduct a large-scale human genome sequencing and collection of bioinformatics.

In 2015, WuXi Healthcare invested in 23andMe. Direct-to-consumer genetic tests such as 23andMe allow consumers to identify genealogies and potential familial diseases.

In 2021, BGI partnered with Advaite, a Pennsylvania-based biotech company, to conduct the diagnostics of the Rapid Covid-19 test.

Also, in 2021, claims were made that BGI Genomics partnered with the Chinese military to harvest DNA samples from millions of women worldwide from prenatal testing kits. It is unclear how many American women participated or how much American DNA was gathered from this collection.

These partnerships show the clear roadmap that China continues to use to obtain American genetic data.

Our Assessment

The global pandemic in 2020 showed China and the rest of the globe the devastation that a health crisis may cause. Using genetic data to target nations, communities, and ethnic groups or create a bioweapon undetectable by the naked eye poses a significant threat to society. Any government that positions itself to become a pioneer in the field of biodata gives itself the potential to gain an immediate competitive advantage.

We assess that, if left unchecked, China will continue to pursue avenues to develop relationships with commercial corporations and research institutions in the U.S. to obtain health and DNA data. Consequently, if the U.S. Government ignore that corporations and medical institutes are sharing our DNA with China, future generations of Americans will be at a greater risk of genetic targeting, DNA surveillance, undetectable health problems, and genocide, just as the Uyghurs in China have. It is unclear whether American DNA companies have sold data to China directly. However, China’s military and government are increasingly interested in DNA collecting and sequencing through various means.

NFT Promoter Scams – One of Crypto’s Biggest Problems

On June 8, 2022, Devin Finzer, the co-founder and CEO of OpenSea, the world’s largest NFT marketplace, pledged to double OpenSea’s efforts to fight fraud and plagiarism.

Scammers frequently look for ways to defraud NFT project creators. One area that is endemic for NFT scams is NFT promoters on social media. While we cannot quantify the amount of money lost in NFT promoter scams as no open-source data set tracks that figure, analysts found multiple NFT promoter scams over our research. For this brief, we identified how people running NFT promoter scams operate and provided some strategies to help mitigate risk in the NFT space.

Our Use Case

Twitter, which has 330 million active monthly users, is frequently used by people involved in NFT promoter scams.

A person involved in an NFT promoter scam often pays for a Twitter profile with an established history and tens of thousands of followers. Our research suggests that those followers are mostly bots. One NFT promoter running a scam that we identified is Spoogy_NFT.

Spoogy_NFT set up his Twitter account to make it appear as legitimate as possible. First, he has a Bored Ape Yacht Club (BAYC) NFT for his profile picture. A BAYC is worth about 135k USD. In addition, Spoogy_NFT lists himself as a Marketing Manager, and he claims he owns the 4,232nd BAYC NFT.

However, scrolling through Spoogy_NFT’s tweets shows that he has only tweeted 190 times, despite having an account with Twitter since 2011.

In addition, Spoogy_NFT has no public interaction on Twitter, which indicates Spoogy_NFT likely purchased his Twitter profile.

With our suspicions heightened through reviewing Spoogy_NFT’s social media activity, analysts reached out to him on Twitter to see what he charges for using his services.

Spoogy_NFT told us that he charges 0.222 ETH, which is, at the time of writing this brief, around $390.47. He also claimed to be well-connected in the NFT community. Spoogy_NFT said, “From the Telegram communities, I’ll bring people that will buy into your project, people I worked with before and with who I had good results as well. I want to be straight with you and let you know that I’m here to stay for the long term and not just for some posts, meaning unlimited time collaboration. I would like to make your project known in the NFT’s communities where I have influence as soon as possible so let me know when you are willing to start cooperating with me. I’m waiting for a feedback from you and hope we can get started!”

We told Spoogy_NFT that we would agree to his terms. However, when we asked him to sign an NDA before receiving his marketing services. Spoogy_NFT said, “Sure, but I’m not opening any file for security reasons.”

Spoogy_NFT said that we could send the NDA in a Jpeg format, and we would edit it and send it back. He wasn’t willing to go outside of Twitter for communication, suggesting a significant lack of transparency, which analysts note is typical for cybercriminals.

Because we wanted to identify more about how Spoogy_NFT’s scam works, we agreed to send him some cryptocurrency for his services. Spoogy_NFT provided us with his Bitcoin wallet address.

When analysts input the Bitcoin wallet address into an investigation tool, there was no history of transactions—having no activity with a wallet address for a person that does NFT promotions is exceptionally unusual. When we asked for a different wallet address, analysts continued to find no transactions to review. These findings suggest that Spoogy_NFT sets up a new wallet whenever he finds someone to defraud.

As we looked further into Spoogy_NFT, he had no digital footprint on the open web outside of Twitter.

We wanted a deeper analysis of Spoogy_NFT’s Twitter profile, so we used Sparktoro, which analyzes Twitter accounts for fake followers. Sparktoro returned results that show that 63.3% of Spoogy_NFT’s Twitter followers are fake.

Since the writing of this brief, Twitter suspended Spoogy_NFT’s profile.

Overwatch spoke with someone that Spoogy_NFT defrauded. That individual mentioned how Spoogy_NFT’s initial approach was “very professional,” but after he sent money to Spoogy_NFT, he was blocked from communicating with him. The victim said they were convinced that Spoogy_NFT was a legitimate promoter and that’s how he had set up his profile was persuasive. Because of that, the victim did not research Spoogy_NFT.

Analysts note that Spoogy_NFT is just one NFT promotion scam we identified. However, for the sake of brevity, we are only including one use case.

Things You Can Do and What to Look Out For

A basic Google search of a Twitter username or NFT can tell an investigator or consumer a lot about a project. If there is no digital footprint outside of one social media platform, that should give more cause for additional research.

If a Twitter account has tens of thousands of followers but only retweets profiles and doesn’t interact publicly, it suggests a lack of transparency from the account holder.

If the user tells you they want to conduct all business through direct messaging in conversation with the Twitter account holder, it further confirms a lack of transparency.

If you search the wallet address on a website like blockchain.com, and the wallet comes up with no transactions, it indicates that the person may be opening a new wallet each time they defraud a victim.

Additionally, you can copy and paste the Twitter handle into sparktoro.com to get an analysis of the profile’s fake followers.


While Twitter suspended Spoogy_NFT, he could immediately purchase a new Twitter account and begin scamming victims again. Until Twitter has more robust security measures to identify bots and cryptocurrency scams, users like Spoogy_NFT will continue exploiting Twitter’s vulnerabilities. Twitter will likely not allocate significant resources to a problem like NFT promoter scams until a data set tracks how much money people are losing to this scam.

Additionally, with Twitter suspending Spoogy_NFT, he is likely to be more cautious with his criminal activity in the future. Analysts also assess that as the cryptocurrency market and NFT projects expand, cybercriminals will continue to identify loopholes and weaknesses to defraud their victims.

100 Days of War: Disinformation and Threats Against the West

100 Days of War: Disinformation and Threats Against the West

One hundred six days ago, the Russian state invaded Ukraine, destabilizing the region and isolating the world’s largest country. Within that time, Russia has been able to take control of 20% of Ukraine, is being investigated for war crimes, has caused an estimated $600 billion in infrastructure damage, and continues daily attacks in Ukraine.

Outside of Ukraine, Russia has launched multiple disinformation campaigns trying to discredit any source or government that challenges its narrative for invading Ukraine.

For this brief, Overwatch partnered with Olga Lautman, a Subject Matter Expert on Russia and Senior Fellow at the Center for European Policy Analysis (CEPA). Our research indicates that as the war continues, Russia will increase its disinformation efforts against the West, could potentially annex occupied territory in Ukraine, and tensions between the U.S. and Russia may escalate further.

Disinformation Efforts

In an interview with Rossiyskaya Gazeta on April 26, 2022, Russian Security Council Secretary Nikolai Patrushev claimed that the U.S. is forcing Russia to give up its sovereignty. Patrushev is a member of Russian President Vladimir Putin’s inner circle and has known the head of the Russian state since the 1970s when both were in the KGB.

Patrushev said, “The United States is doing everything to ensure that other centers of the multipolar world do not even dare to raise their heads, and our country not only dares but publicly declares that it will not play by the imposed rules. They tried to force Russia to give up its sovereignty, self-consciousness, culture, independent foreign and domestic policy.”

On May 11, 2022, the Chief of Russian Foreign Intelligence (SVR) Sergey Naryshkin said that the U.S. State Department is like the Nazi “propaganda machine” run by Reich Minister of Propaganda, Joseph Goebbels. Analysts note that this is the first time Naryshkin has publicly compared the U.S. to Nazi Germany.

On May 27, 2022, Russia’s Chief of Radiation, Chemical, and Biological Protection Force Igor Kirillov said that U.S. Biolabs in Nigeria needed to be investigated, claiming the monkeypox strain originated from Nigeria. Kirilov’s comments about monkeypox and the U.S. follow a similar pattern on how Russia blamed the U.S. for COVID-19.

On June 6, 2022, the Russian Embassy in the United Kingdom tweeted that the West aggravated the food crisis.

Additionally, we identified smaller-scale disinformation on VK (Russia’s version of Facebook). In a VK post on June 7, 2022, a user claimed that the Red Cross harvested organs in Mariupol, Ukraine.

The source of the claim: chinarising.puntopress.com, is a website run by a dual U.S. and French Citizen with sympathies for the Russian state and the Chinese Communist Party. However, we haven’t seen Russian officials adopt this disinformation narrative.

Further, the Russian state has a pattern of spreading disinformation before a major election in the United States. Because of weakened U.S.-Russia relations resulting from U.S. support for Ukraine, Russia may launch a disinformation campaign before the midterm elections to exploit hot button political issues and attempt to sew distrust in the American electorate.

Russian troll farms also have a history of pushing disinformation on a large scale online, specifically, The Internet Research Agency, which was active in spreading disinformation on social media during the 2016 Presidential Election. The Internet Research Agency is also allegedly behind disinformation efforts with the Russia-Ukraine War.

Annexation of Ukrainian Territory

Before Russia’s invasion, we assessed how Russia could potentially annex the Donetsk People’s Republic and Luhansk’s People’s Republic as a pretext for invading Ukraine. While Russia has not annexed any territory at this point other than Crimea in 2014, there are concerns that they could annex Kherson, which is in Southern Ukraine.

Russian forces have occupied Kherson since early March 2022. Since that time, there have been rumors of a referendum. In mid-March, we were in contact with a Ukrainian in Kherson, who said that “there will be no pseudo-republic.”

Despite his comments, things appear to be trending in that direction. For example, Kherson is now using the Russian ruble under Russian occupation.

Also, in a briefing on May 31, 2022, the State Department said, “As we approach the hundredth day of Russia’s war against Ukraine, we remain concerned about steps Russia is taking to attempt to institutionalize control over sovereign Ukrainian territory, particularly in Ukraine’s Kherson region.”

According to the Kherson Chamber of Commerce and Industry, Kherson’s is a leading producer of fruits, vegetables, and wheat in Ukraine. In addition, the “Kherson region is the territory with a well-developed agricultural industry. The region possesses about 2 million hectares of agricultural land, which is the greatest share of plowed fields in Ukraine.”

Threats to the West

The U.S. and European nations have provided Ukraine with significant military aid to date. The latest weaponry that the U.S. and U.K. will supply Ukraine with is long-range missiles capable of hitting long-range targets.

This development resulted in comments from Russian Security Council Deputy chairman Dmitry Medvedev, saying, “If God forbid, these weapons are used against Russian territory, then our armed forces will have no other choice but to strike decision-making centres. Of course, it needs to be understood that the final decision-making centres in this case, unfortunately, are not located on the territory of Kyiv.”

Russian President Vladimir Putin added, “We will strike at those targets which we have not yet been hitting.”


We assess that the Russia-Ukraine War will continue, with Russia amplifying disinformation narratives against the West. With surging fuel and gas prices globally, Russia could use its troll farms to launch an extensive disinformation campaign online, blaming the U.S. and Europe and causing social unrest in European or U.S. cities.

SVR Chief Sergey Naryshkin’s comments comparing the U.S. State Department to Nazi Germany’s Ministry of Propaganda shows an escalation in rhetoric from Russian intelligence against the U.S. government. However, with minimal relations between the U.S. and Russia, we don’t anticipate such rhetoric resulting in a significant response from the United States.

Should Russia annex Kherson, they will likely do the same with other occupied territories in Ukraine.

With the U.S. supplying advanced weapons to Ukraine, Russia could retaliate against the West through a cyber-attack or attacking a weapons delivery. Russia launching an attack on a NATO country would lead to a more significant conflict on the world stage, which it wouldn’t be able to sustain long-term with its military losses in Ukraine and heavily sanctioned economy back home.