My Hash Browns. What’s Inflation Got To Do With It?






The Correlation Between a Hash Brown Shortage and Inflation

With the hustle and bustle of the holidays, it is hard to escape the glooming thought of inflation. Inflation is a topic consuming mainstream media, daily conversations, and even store checkouts. Many treat inflation as a binary topic – a simple cause-and-effect equation. This may help simplify a complex macroeconomic situation to a single factor, but it fails to take into account a further understanding of what factors signal that inflation is occurring. Understanding these different factors has the added benefit of helping to explain why certain commodities or services seem to be hit particularly hard when economic turmoil appears.   

For this week’s Overwatch, analysts looked at the different signals that indicate the presence of inflation and how these signals helped inform one man’s quest for hash browns. This journey helps businesses and everyday consumers understand the day in the life of an open-source intelligence (OSINT) analyst whose innate curiosity leads them down the discovery, develop and monitor (D2M) framework of analysis. By the end of this brief, your perspective and the world around you will be an open forum of information to develop your own hypotheses to make wiser investments, business decisions, or simply stock up on hash browns.

The Journey of an OSINT Analyst in Search of Hash Browns

As a 30-plus-year Army veteran, I had not given too much thought to the overall impact of inflation until a very obscure fact intruded upon my weekend breakfast routine with my family. We have become accustomed to potatoes on Sunday mornings, specifically hash browns. During the months of October and November, hash browns disappeared off the shelves of central Florida, nowhere to be found. My reaction rang true to how most people analyze the impacts of inflation through consumer costs such as gas, food, and other staples that are tangential to their lives with a bit of frustration. 

As I pondered my disappointment week after week, I wondered if this was another sign of inflation or something more significant. This stirred up the Army officer in me, leading me down an OSINT journey into the topic of inflation. As an OSINT analyst, we can gauge the empirical, but more importantly to many researchers in the field, the emotional responses and behaviors of populations or sections of populations addressing inflation. Like muscle memory, I started down the path of discovery by first visiting forums like food blogs and Reddit threads, discussing the disappearance of not just hash browns but potatoes in general. Most conversations on Twitter, Reddit, and other blogs cited inflation, Covid, and supply chain problems. Some more animated bloggers blamed Wall Street, which is an interesting place to go in search of hash browns.

There are excellent sources of information on the inflation rate and its impacts on consumers and the economy: the Federal Reserve, USA FACTs, and World Bank are a few good places for an OSINT analyst to obtain an official baseline of inflation. That said, inflation does not consider food prices such as hash browns. 

The World Bank maintains a database encompassing 196 countries over the period 1970-2022, with six measures of inflation in annual, quarterly, and monthly increments. The database also provides aggregate inflation for the global economy, advanced economies, emerging markets, and developing economies and measures of global commodity prices. Because no one index captures the full range of price changes in the U.S. economy, economists must consider these multiple indexes to get a comprehensive picture of the inflation rate. The U.S. Bureau of Labor Statistics calculates the Consumer Price Index (CPI) monthly based on the changes in prices consumers pay for goods and services.

It would be worthwhile to stroll down Wall Street searching for my disappearing hash browns. Let’s take a moment to see what factors investors monitor as signs of inflation. First, utility stock prices or utilities are known for their relatively stable share prices and above-average dividends. Because stock prices look forward, not backward, a prolonged sell-off in utility stocks can represent a Wall Street consensus that interest rates–and, therefore, inflation–is likely to rise. A sustained rise in the yield on the bellwether 10-year Treasury note can mean the same thing. For an OSINT analyst, the monitoring of Wall Street can be notoriously shortsighted; therefore, an analyst needs to look for a significant, sustained drop in utility prices, not just a one-week panic. 

One early warning sign of inflation is an increase in raw-material prices, such as copper and lumber, which are harbingers based on their importance to housing and construction, two areas that are prone to inflationary effects. A sharp increase in base commodities means that demand for raw materials outstrips supply. With the move or emphasis of transition to a digital or greener economy, many rare earth metals will also serve as potential inflationary tripwires. In our case, the raw material was the heroic potato which clearly had disappeared. Precious metals are always great hedges against inflation; historically, gold prices rise when the dollar falls on the international currency markets, so a sustained rise in gold prices should at least be on an OSINT analyst’s early inflation-warning radar. It is also a good indicator for subtle adversarial actions such as currency manipulation but not so much for my hash browns query. 

Another area for OSINT monitoring is the obscure data that the Federal Reserve uses to evaluate hourly businesses that are keeping up with demand by looking at their respective factory capacity utilization. To provide a perspective, economists saw this figure drop to 66% during the 2009 financial crisis. Worries around inflation begin to emerge in the minds of economists when factories begin to operate at 84% or higher. So looking at the significant potato processing plants in the U.S. and the world plays a role in determining their rates. 

Wages are another area to monitor, as inflation is defined loosely, as too much money chasing too few goods and services. In other words, one condition for inflation is a large increase in the money supply. On the opposite end is what can be called a wage-price spiral, which works like this: As demand increases, so do prices. As prices rise, employees demand higher wages. And, if the labor market is tight enough, they get high wages. That, in turn, pushes up prices. A good source for an OSINT analyst is monitoring the monthly job openings and the Labor Turnover Survey from the Department of Labor. My brief search on Wall Street directed my attention to commodity prices, factory utilization, and CPI, which pointed me west to Idaho after a brief stop at the USDA. For the OSINT analyst, the beauty of USDA crop report yields is the fact that they are not written to emote strong emotional responses, so mis- and disinformation designed to arouse emotions will contrast with these reports.

During a review of crop reports both at the state and local level, it began to paint the picture of a shortage in yields of potatoes in 2021, which decreased frozen stocks, which maintain a supply of hash browns and other potato-based staples throughout the year. More specifically, using various restaurant and food blogs to quickly sift through data for the backend network of the hash brown process, we came to the following explanation, which official public government data, reports, and statements could vet. U.S. potato yields have declined by 7% over the past five years.  This is despite an increase in Idaho potato acres by 15,000 acres in 2021, but the yields dropped by 20-30%.  In the research, the rut potato is a brand to watch as it is a regular and common potato that does not fluctuate in commodity prices wildly, but prices did increase for this brand used in batter and mashers for the first time this past year.  

Compounding this situation is the USDA recalled hash brown potatoes because they recalled more than 30 million pounds of frozen hash browns due to possible contamination with listeria monocytogenes. When 2022 yields were also lower than normal, the shortage was exacerbated as the frozen reserves were exhausted. So demand grew faster than supply. In times like these, the U.S. food industry will rely on exports from abroad, which does not embroil the hash brown in the web of disrupted international supply chains and associated transportation energy costs. These were the primary drivers behind my displeasure with no hash browns, a decrease in supply due to weather-low crop yields, and snarled disruptions in the supply chain.

Our Assessment 

Our journey from Wall Street to Washington, D.C. to Idaho and beyond led Overwatch analysts to conclude that there were a series of bad potato crops, compounded by the effects of disrupted supply chain issues affecting how the food industry processes frozen potatoes. This all led to the scarcity of hash browns in the Fall of 2022. This OSINT quest is a reminder of how important this discipline relates to intelligence, whether it’s intel for the governement, the battlefield or business. OSINT provides an understanding of the network and/or environment. This understanding allows the OSINT analyst and other intelligence practitioners the foundation to ask the right questions and judiciously apply resources, whether it is looking for your favorite comfort food or looking for a terrorist.

As we enter the new year, this story will encourage you to investigate further into headlines, be more aware of shifts in your surrounding environment, and apply critical thinking skills. Critical thinking will help us discover the correlation of events to develop hypotheses, test variations of solutions, and draw conclusions about what future impact indicators have on a macro scale. Start to ask yourself, what signals do you anticipate will indicate recovery from the recession? 


 “Inflation may be easing, but grocery prices are still way up” – CNN Business

 “Inflation in America: Track where prices are rising” – NBC News

“How media divides us” – Reddit thread

The Exchange Rate on the AI App You Downloaded

Artificial intelligence (AI) technology can transform pictures taken on a phone into a masterpiece worthy of sharing on social media in a few minutes. Sometimes, this can be done for the nominal cost of $5.99. Behind the scenes, this exchange also includes you handing over access to your camera, self-selected photos, and possibly personal information from your phone.  

At the time of this Overwatch brief, 3 out of the top 10 apps are AI-generator filters, proving their growing popularity. While many consumers are skeptical of the risk versus reward factors when using their email address to sign up for a service, they often do not confront downloading an app with the same analytical rigor. This is for many reasons: the infrastructure of app stores that make the path to purchase seamless, demographics, the company or industry, the type of digital format, and most importantly, the understanding of privacy legislation for consumer data. All are factors that contribute to consumer trust.  

 This week, Overwatch analysts will explore how consumers determine the ‘value’ of their personal information and the ambiguity behind data privacy that has potential impacts ranging from personal loss to national security.  

 The Varying Exchange Rate for Consumer Data 

According to McKinsey and Pew Research Center research, healthcare and finance industries rank highest in trust because they commonly work with highly sensitive data and are protected by federal legislation. However, the pace of technological advancement and the relative newness of personal data as a valuable commodity has limited regulation and conversation about the subject has caused consumers to undervalue their personal data.  

mckinsey_business_trust_visualThis point is proven in the chart below. Whereas email data tops the chart for consumer privacy and protection concerns, apps and programs are towards the bottom. Arguably, email has been around since 1971, whereas apps and programs were not introduced until 1994, when the first smartphone was launched. The adoption of new technology has a life cycle, and privacy and protection are often an afterthought. The more familiar people are with the medium, the greater the understanding on benefits and abuses when personal information is mishandled.  

mckinsey privacy chart

As mainstream media continues to report on data breaches, cybercrimes, and spam, which are undoubtedly rising alongside technology, people are beginning to realize how vulnerable their data is. Along with this growth in worry has come increased concern about the lack of regulated privacy laws around their consumer data and where vulnerabilities lie. 

The Vulnerability of Personal Data 

Every 39 seconds, there is a new cyberattack somewhere on the web and an estimated 64 percent of companies worldwide have experienced some form of cyberattack, according to the University of Maryland and TechJury. 

Not all data breaches are hacks. Many bad actors looking to capture personal data keep their eyes on cultural trends like AI filters that spark virality by creating FOMO (fear of missing out) among the masses, in hopes the buzz to try a new app overshadows privacy concerns. It is why countries like Argentina who have seen a 403% increase in cybercrimes are seeing marketing campaigns like the video below from HBSC to educate consumers about information voluntarily provided.

This tactic is similar to what we saw in 2019 with the popularity of FaceApp, a face-filter aging app oscillating images of faces from young to old. Over 100 million people downloaded the app without questioning its origin. Then, on December 2, 2019, the Federal Bureau of Investigation (FBI) raised security concerns about the Russian-developed app. Ian Thornton-Trump, a CompTIA faculty member, summarizes the magnitude of this risk saying, “Concerns are only really valid if you are a high-profile name, a company that holds sensitive IP, or someone who works in the intelligence services. Russia would very much appreciate and encourage the use of FaceApp by anyone with a security clearance and their immediate family.” Similar concerns have been raised around Tiktok, an app owned by ByteDance in China. In both cases, the app companies in question have insisted U.S. user data is not shared and is safely stored, although concerns around anti-American influence still exist and data privacy laws are not the same.   

With the AI-generated apps and more conversation around potential usage of #chatgpt and artificial intelligence, information campaigns like HBSC need to be designed to encourage users to pause before downloading. App stores have attempted to deliver on transparency, although the information is buried and literacy around best practices is somewhat unknown vernacular to many.  

Overwatch analysts decided to investigate further into Wonder, one of the AI-apps topping charts. In plain sight, the app store confirms the company is based outside of the U.S. in Istanbul, Turkey. Analysts scrolled down further to find security practices and app privacy at the bottom of the details. At a quick glance, the information seems to provide clarity with two distinct columns describing what data is linked to you and what is not, but how “User Content” and “Usage Data” are in both columns sends mixed messages. 

To avoid bias of companies outside the U.S., Overwatch analysts explored the available information on Lensa AI, which is also topping app stores. Lensa AI is owned by Prisma Labs, a veteran in the filter app business. Prisma Labs operates out of San Francisco, California. Through further research, analysts uncovered the company Co-Founder and Chief Technology Officer, Oleg Poyaganov, is a Soviet from Moscow City who studied at Moscow State Technical University. This is an indicator to proceed with caution, and apply additional critical thinking skills to develop a deeper analysis before downloading the app to thoroughly understand the risk over the reward. 

The Market Value of Personal Data 

Depending on the buyer and how the information will be used, the going rate for personal data varies whether the lead was obtained legally or not. The average market price range varies and can be approximately $90 – $161 per person.  

The Harvard Business Review provides a great visualization on how the value of data can vary depending on how the information is used and protected. The visual goes on to display use cases with companies like financial institution, Mint, who restrain from sharing sensitive data for profiling usage and set parameters for the data that is sold. The alternative is Meta, who collects and sells all data with the expectation of delivering the most value to their users.  

Our Assessment 

Technology, like artificial intelligence, is rapidly advancing, improving scale, efficiency, and creativity for companies and consumers. The life cycle of technology is outpacing regulations, potentially creating vulnerabilities that cannot be recovered from, such as data leaks.  

Healthcare and finance, with a head start on regulations, will likely lead the way in educating consumers about data privacy vulnerabilities, much like HBSC did in Argentina. As more awareness campaigns educate consumers, transparency among companies and app stores will respond with disclaimers and features to protect users. The challenge will be collecting enough data to find the balance between leveraging information to improve users’ experiences and deliver value while protecting their privacy. Unfortunately, consumers may ignore warning signs and learn from being hacked directly, and at a similar pace to companies investing trillions into cybersecurity.  

This will likely occur before consumer data regulations are formalized; therefore, the homework lies in the hands of the consumer. Determine the market value wisely.  


“The consumer-data opportunity and the privacy imperative”; McKinsey 

“The First Ever Email, the First Tweet, and 10 Other Famous Internet Firsts”; Yahoo! Finance 

“Your selfies are helping AI learn. You did not consent to this.”; The Washington Post 

“The FBI Investigated FaceApp. Here’s What It Found.”; Forbes 

“Panic over Russian company’s FaceApp is a sign of new distrust of the Internet”; Washington Post 

“That Face-Aging App Made by a Russian Company Has an Odd Privacy Policy”; GQ 

“Consumer Data: Designing for Transparency and Trust”; Harvard Business Review 

“For Consumers, Data Privacy Has a Fluid Definition”; Morning Consult 

“How many cyberattacks happen per day?”; TechJury 


Vulnerabilities and Attempts to Collect Intel on U.S. Military Installations

Russia’s war in Ukraine. The creation of parallel institutions like the Shanghai Cooperation Organization (SCO) and the Belt and Road Initiative (BRI) led by the Chinese. Both are examples of the U.S.-led unipolar world transitioning to a multipolar world defined by great power competition. 

This shift in the international landscape raises security concerns as countries like Russia and China enter direct competition with the United States. This competition will not occur on a singular plane but most likely across multiple domains – economic, diplomatic, cyber, and technological – and undeniably affect the military. One example from a report by the Center for Strategic and International Studies notes that between 2000-2020, there were 160 reported cases of Chinese espionage against the United States and 1,000 cases of intellectual property theft. Within that, 85 percent were cases “involving Chinese agents trying to acquire U.S. military and commercial technologies.”   

This week, Overwatch analysts look at some historic vulnerabilities facing U.S. military installations, domestically and abroad, to understand how adversarial nations may be attempting to gather intelligence on the United States’ critical military infrastructure. One of the biggest challenges when researching historical or potentially existing vulnerabilities facing U.S. military installations is the lack of data released by the Department of Defense (DoD). This information is naturally protected for national security reasons. Publishing current or past vulnerabilities, or tactics used to exploit them, can inspire adversarial nations to exploit them. With that limitation in mind, analysts looked at publicly available and historical reporting on the topic. 

Base Comparison 

Domestically, the United States has roughly 450 to 500 military bases spanning all 50 states. When expanded to the U.S. military’s foreign footprint, the number increases to roughly 750 bases in approximately 80 countries. The map below highlights the position of these foreign bases. 

Adversarial nations comparably have less. Russia has approximately 20 overseas bases, and China is estimated to have one foreign military base in Djibouti. The map below shows the comparative presence of the U.S. military in comparison to Russia and China.  

Vulnerabilities Continue to be an Area of Concern 

While bases and installations are a source of power for the United States, they are a desirable target for adversarial nations. The U.S. has several historical sources of vulnerability, ranging from open-source information, data breaches, apps, technology developed by countries like China, business/land purchases by adversarial nations, and human intelligence collection techniques.  

Open-source vulnerabilities facing U.S. military installations vary from applications used by denizens of the base to satellite imagery and breached data. These sources provide adversarial nations with multiple ways to gather information about critical U.S. military infrastructure and service members. A simple search for sensitive U.S. military installations, such as Area 51, supplies aerial views and pictures from March and April 2022. Using ESRI’s Wayback machine, it is even possible to view the construction and internal operations of more recently constructed installations. 








Even more concerning was a 2018 incident involving the fitness app Strata. The app charted users’ exercises, supplying routes and patterns of life information that could be leveraged to target their users. Due to the apps prevalence among service members, there was concern about identifying military members abroad. A series of Twitter threads from this time used the app to quickly identify U.S. service members serving in sensitive areas, like bases in warzones such as Afghanistan, and even alleged CIA black sites.  








Since then, the app has seemingly fixed this problem. However, the historical data remains, and the possibility that future applications may reveal the same vulnerabilities is a definite possibility.  

Somewhat connected to vulnerabilities caused by application data is the threat of breached data released on the deep and dark web. A cursory search of email domains such as,,, and resulted in thousands of breached emails and associated passwords, many of which were linked to names of individuals whose online presence could be further developed. 

*Analysts did not include photos of this data, given its potentially sensitive nature. 

Engrained Tech Infrastructure 

The second vulnerability source is Chinese-owned tech infrastructure used by service members or near U.S. military installations. The placement of technology used to intercept communications near military bases is not new. In 2014, for example, the CEO of ESD America, a company specializing in highly secure cell phones, charted out several false cell phone towers near U.S. military installations. 

The best example of this vulnerability is the telecommunications company Huawei, which was banned in the U.S. in 2019. The company continues to be unsuccessful in lifting the ban even with the introduction of new technology. As early as 2018, the Pentagon banned the sale of Huawei phones on military bases. However, this did not stop the companys alleged attempts to spy on the U.S. military. Huawei partnered with multiple local network providers in the United States, placing communications infrastructure near critical U.S. military locations, including a U.S. nuclear arsenal. The map below shows examples of some networks using Huawei technology and their proximity to U.S. military infrastructure. 

Despite the bans and investigations, the problem persists. According to a July 2022 report by Politico, small telecoms networks, many of which are in rural areas near U.S. military infrastructure, remain in place due to the expense of removal and repair. This means many of these vulnerabilities are still active and will continue to pose a threat until the issue is fully addressed.  

The purchasing of businesses and farmland provides bases of operation and operational cover for potential intelligence operatives from adversarial nations. The acquisition of American farmland and western businesses by adversarial nations, like China, poses an economic threat. However, it also poses a potential threat to U.S. military infrastructure.  

For example, in 2022, a Chinese company, the Fufeng Group, purchased 300 acres of farmland 20 minutes from Grand Forks Air Force Base in North Dakota. The purpose of the purchase was allegedly to create a corn processing plant. However, its closeness to the base, which specializes in drone technology and housing a “new Space Networking Center,” has some concerned that the factory could be used to surveil drone and satellite transmissions. 

In addition to land purchases, investment in businesses utilized by U.S. citizens could allow espionage on service members who use the app. For example, according to the U.S. Department of Justice and Treasury Department, when the dating app Grindr was acquired by a Chinese investment firm Kunlun Tech, it posed such a risk. Though the app claims no data was ever released, the U.S. government demanded the Chinese company sell its stake in the application in 2020. The same story played out with TikTok, which was banned from government and military service members’ phones due to national security concerns.  

Despite best efforts, the pace of technological development and the economy generally means that more businesses tied to adversarial nations will gain access to service members and military installations physically and through the digital domain. Due to the time it takes to evaluate their threat and the number of apps that need to be assessed, it is likely that companies owned by adversarial nations may be able to exploit sensitive data related to U.S. military personnel.  

Human intelligence collection is one of the oldest forms of information gathering. The media tends to focus more on high-profile politicians and individuals who are seduced by female and male spies in operations called “honey pots.” This was the case with a Chinese spy associated with Representative Eric Swalwell, a House Select Committee on Intelligence member, or Russian spy Maria Butina, who was attached to multiple high-level Republican officials. But this is not always the case. The threat to a member of the U.S. military or someone with access to classified military information is genuine.  

In November of 2022, a former U.S. Army helicopter pilot and government contractor pled guilty to spying for China. He was recruited by a female intelligence officer with whom he began a relationship. However, not all these operations are sexual. In September, the U.S. charged former Army reservist Ji Chaoqun with spying for the Chinese. Chaoqun was recruited while studying engineering in Chicago and instructed to join the reserves in the hopes of getting U.S. citizenship and gaining access to classified information, according to reporting on the incident. While these more traditional cases highlight a concerning problem, perhaps even more alarming is the ease with which this can be done almost entirely digitally by utilizing social media to reach out to potential assets. This puts those that proudly display their position and status in the field of national security at risk. Even less sophisticated than the above examples have been attempts by alleged spies for China posing as diplomats or tourists to access U.S. military installations in 2019 and 2020. 

While exact figures on the number of successful or attempted recruitments of U.S. military personnel are not reported, the above stories prove that it is a tactic being actively used by U.S. competitors and focused on infrastructure and commercial businesses tied to the U.S. military. 

U.S. military installations in foreign countries also have vulnerabilities that adversarial nations can exploit. While the U.S. has more control and ability to surveil domestically, in foreign countries, U.S. forces depend upon host countries or partners to assist in maintaining security. For example, in 2021, it was announced that Japan would start taking a closer look at land purchases near U.S. military bases to diminish the ability of adversarial nations to collect intelligence on the United States. While we will not go into deep detail during this brief, four specific instances of attempts to gather intelligence regarding U.S. military installations in foreign countries help shed light on the threat. 

In 2021, eight individuals associated with the Russian mission to NATO in Brussels were expelled. It was discovered that these eight individuals were undeclared Russian Intelligence Officers. Then in 2022, Maria Rivera, AKA Olga Kolobova, was discovered to be a Russian spy living in Italy. Through social and organizational connections, she gained access to several NATO officials in Rome, including a member of the U.S. Navy. In April, following the release of data on Russian FSB agents by Ukrainian intelligence, it was discovered that two individuals posing as lieutenant colonels in the Russian Army had used their cover as observers of the Organization for Security and Cooperation in Europe (OSCE) to spy on U.S. military infrastructure in Latvia. Finally, in November 2022, the FBI, in partnership with Swedish State Security Forces, arrested two Russian spies living in the country for almost 30 years. The couple was believed to be in the country and were identified when it came to light that they were surveilling U.S. military assets.  

Operating critical defense infrastructure in a foreign country will never be 100 percent safe. Foreign defense systems suffer from many of the same vulnerabilities as domestic military installations highlighted above. However, awareness of past incidents helps highlight the importance of partnerships with host countries and the standard operating procedures of those hoping to exploit this vulnerability.  

Our Assessment 

Overwatch analysts assess that as competition between the United States and its near competitors increases, the desire to find vulnerabilities and collect intelligence on critical U.S. infrastructure will also elevate. These attempts will likely look to collect information using several, if not all, of the tactics outlined above. As a result, we will likely see the U.S. military and government take several actions to moderate this risk. We will also likely see more guidance released by the DoD regarding the use of apps, further government oversight in land and business purchases, increased vetting of foreign diplomats and members of the U.S. military, and increased coordination with countries hosting U.S. military bases. 

It will be imperative for individuals, especially those working in organizations and businesses tied to national security, to do their proper due diligence on companies and individuals they associate with and the apps they download on their phones. Proper open-source research techniques and literacy are not only good tools for offensive intelligence gathering, but they are also imperative for lowering the chance that an intelligence official from a hostile nation exploits an individual. 

Digital DNA Heating Up Cold Cases

overwatch cover image






In the United States, approximately 250,000 unsolved murders occur each year, according to the Uniform Crime Report. This is a clearance rate of about 50%, a drastic decrease from the 90% clearance rate for homicides in the 1960s. While this decrease is in some way due to criminal justice reform and more accurate reporting, it is undeniable that this decrease is also affected by the increasing murder rate we saw starting in 2020.  

Unsolved criminal investigations (homicides or abductions) that are no longer actively pursued because of lack of evidence are defined as cold cases. In other words, when an investigation goes idle, it is often assumed that the case is hopeless, impossible, and will never result in justice. Historically, this suggests that these violent offenders who have not been caught will continue committing crimes. Many of these violent crimes are still unsolved despite the full potential of deoxyribonucleic acid (DNA) evidence and national DNA databases. 

Beyond DNA evidence is the power of open-source intelligence (OSINT). With advancements in technology and social media engrained in today’s culture, it is rare for individuals not to have digital footprints – potential evidence for law enforcement. This raises the question: when DNA or other traditional forms of investigation fail, could a few quick online clicks help investigators keep a case from going cold? 

In this edition of Overwatch, analysts interviewed two individuals at the Criminal Investigations Division at the Hillsborough County Sheriff’s Office (HCSO) in Tampa, Florida to understand how digital footprints can aid law enforcement. Analysts also selected a cold case provided by the Hillsborough County’s Sheriff’s Office, an unsolved homicide, showing how OSINT could be applied to support an investigation. 

Interview with Hillsborough County Sheriff’s Office Criminal Investigations Division 

Overwatch: How often does a homicide or violent crime have a digital footprint? Has law enforcement increasingly turned to social media to find suspects of crimes?  

HCSO: We try to use social media searches in almost every homicide, except open and shut ones that are closed in 24-48 hours. However, we lack advanced tools, tips, and tricks of the trade to narrow down the information found online. We rely on free knowledge but using social media platforms in investigations today is extremely common, especially in shootings and gang violence, specifically in neighborhoods with turf wars. So, looking on social media has been helpful because people aren’t typically forthcoming.  

Overwatch: What are some of the challenges faced when it comes to pursuing a digital footprint of a potential suspect? For example, are search warrants needed? Are laws applicable in the digital space? 

HCSO: Privatized accounts are a huge issue. If you want information from private accounts, detectives need enough information to send a warrant to the social media company. The Sheriff’s Office here often gets Facebook and Instagram search warrants; however, the speed at which we receive the information back from the company is decided on a case-by-case basis. Sometimes it can be super slow, especially if it’s not a pressing matter.  

Overwatch: Can you tell me about a time when the Hillsborough County Sheriff’s Office was able to solve a cold case or homicide because of a victim or perpetrator’s strong digital footprint?  

HCSO: There was a case that we came to a dead end. However, our investigation found a couple that often made TikTok videos. We monitored their profiles, and while they didn’t make videos about the crime or anything like that, the lead came because they made a video in a vehicle that placed them in the suspect’s vehicle. So, their digital presence provided a clear lead which, coupled with other evidence, allowed the case to be solved. 

Tracks Left Behind 

In 2020, Hillsborough County had 37 homicides reported, with 27 solved or cleared. This was the highest rate of homicides in the last 10 years, according to the Federal Bureau of Investigation’s Crime Data Explorer 

In today’s world, the internet is entrenched in everyone’s daily life, increasing the opportunity to use the massive amounts of publicly available information to reopen cold cases. We have all heard of cases where a suspect’s or victim’s digital footprint pointed law enforcement in the right direction during an investigation, despite a lack of DNA evidence. Examples include a university student who was discovered dead after her last cell phone signals were found in a remote area with another person or a mass murderer who left cryptic messages on digital forums days before carrying out an attack. Like DNA left at a crime scene, the same can be said for online activity varying from malicious websites, social media posts, interactions, and connections – all of which leave digital data in their wake. 

Murder Case Gone Cold 

Overwatch analysts visited the Unsolved Homicide website run by the Hillsborough County Sheriff’s Office to find an unsolved homicide and apply advanced search OSINT techniques. Analysts selected the cold case of Ariel Pagan-Colon. They started discovery by focusing on online chatter, looking at the date of the murder, the scene of the crime, and the victim’s social media presence.  









The event occurred on July 13, 2019, when Ariel Pagan-Colon was “shot to death outside of a house party…” according to the Hillsborough County Sheriff’s Office Unsolved Homicides website. Analysts implemented advanced search queries to narrow down social posts related to the murder of Mr. Pagan-Colon.  

On July 13, 2019, Twitter user @jason_rohena posted about the victim’s death, insinuating that he was shot by one of his friends. The tweet was posted at 9:16 pm. A search on the Hillsborough County Sheriff’s Office “Calls for Service” website shows the location and date of Mr. Pagan-Colon’s incident. The service call was at 9:09 pm. This means that the Twitter user posted moments after the 911 call. Due to the speed of the post, it is possible that the user was at the crime scene and has more information about the suspects.  

A further look into the victim’s lifestyle and close associates revealed that his girlfriend was possibly at the location where the crime occurred. Moments before the deadly event, it appears that he was waiting outside the home where a party was occurring while his girlfriend was making her way outside to meet him, according to a Facebook post from the victim’s mother.  

The victims girlfriend was found on Facebook, and analysts were able to examine the information posted there about the victims passing. She wrote on Facebook, Not seeing your message has me broken, on December 31, 2019. It was not revealed what the message she received from the victim was. However, its possible that she received information minutes before his death that could add to the timeline of events or even insinuations about who the murderer could be. 

Analysts also found a social media post that denigrated the victim and alluded to a potential foe. This is not proof that the person who commented is accountable for Mr. Pagan-Colons death. Yet, the post may lead to a list of people who did not get along with the victim, despite the gap in time between it and the date the victim was killed. 

Our Assessment 

On television shows or movies, DNA, like fingerprints on a weapon or saliva on a discarded cigarette, are typically the evidence that solves cases. In reality, DNA is not always available in violent crimes, particularly homicides. However, many people do leave digital evidence. In the case of Mr. Pagan-Colon, his robust digital footprint can aid law enforcement in developing the case further based on discreet digital clues. 

In the case of Mr. Pagan-Colon, the victim was in his early 20s and often attended parties and clubs using social media to keep in touch with his old high school friends and family. A trail of photos and memorable moments from these events were often posted on social media by the victim. A timeline and biography of the person of interest can be found by following his digital footprint. It is possible that the details surrounding the house party where he was murdered can be found online. While we are unsure of the specifics of the crime, analysts can confidently state that the victim’s digital footprint supplied a clear picture of his lifestyle, social network, and activities in the days preceding his death.  

As the homicide rate rises, analysts assess that more crimes will become cold cases. More consideration of digital footprints in cold case homicide investigations is necessary, given this possible rise. Due to the budget constraints facing many police departments, the investment of open-source intelligence (OSINT) tools creates a financial barrier for many police departments. This makes it even more crucial that cost-effective resources and manual methods be spread to departments nationwide to surmount this artificial barrier. While traditional investigation methods such as DNA analysis will always be necessary, proper OSINT training and techniques can be a cost-effective resource to help deal with crimes that have gone cold. 


A Thanksgiving Recipe for navigating misinformation with family and friends

A good resource is “How to Detect Media Bias and Propaganda in National and World News” by Dr. Richard Paul and Dr. Linda Elder.
Challenge naysayers around you to show gratitude – at home, work, the grocery story, online – everywhere. The benefits of gratitude is good for your mind, body, and health. Some ideas on ways to show gratitude: compliment your loved ones, be the positive energy in the office, serve others when and where opportunities exists, especially those in the hospitality industry, and thank those who challenge you.

If all else fails, change the conversation – share a cute animal video, rave about grandma’s mashed potatoes or start the classic debate about whether or not Die Hard is a Christmas movie.
Ending conversations that are too heated or have hit a lull can be challenging. In these cases, do not mistake the power of non-verbal communication that can politely close a conversation. Simple gestures like gazing into the distance, making eye contact with someone else, or pointing your feet in another direction can be civil way to exit.

Remember: with the correct angle and velocity, a turkey leg will bounce and take out multiple arguments quickly, and concisely.

Happy Thanksgiving! We hope you enjoyed our special edition of Overwatch.

Share this Thanksgiving recipe with others, as well as any additional tips!

Opioid Pandemic 3.0 – The Real Cost

The opioid epidemic, though somewhat supplanted as a national talking point in America since the beginning of the Covid pandemic, has by no means disappeared from the United States. The epidemic reached national attention in the mid-2010s, with books such as Hillbilly Elegy: A Memoir of a Family and Culture in Crisis and Dopesick: Dealers, Doctors, and the Drug Company that Addicted America being released in 2016 and 2018, respectively. However, despite these books’ recentness, the opioid epidemic has been ongoing since the mid-1990s. This week’s Overwatch brief will pull publicly available data, reporting, and academic articles to explore the costs of the opioid epidemic and attempt to assess whether a new phase is on the rise.

From 1999-2018 the Center for Disease Control (CDC) estimates that approximately 760,000 people died from a drug overdose in the United States, with over two-thirds of those deaths involving an opioid. Those numbers have only grown in the three years since that estimate was reported. The maps below show drug overdose deaths by state every two years from 2014-2020. As can be seen, the Midwest, Appalachia, and northeast of the United States are among the areas most highly affected consistently throughout the period.

2014 2016

2018  2020

While the loss of life is in and of itself an issue, the sheer economic cost of the epidemic is also cause for concern. Data from the CDC estimates that in 2017 alone, the cost of opioid use disorder and fatal overdoses was approximately $1.02 Trillion. This cost was calculated by estimating the cost of healthcare, substance use treatment, criminal justice costs, lost productivity, and value of statistical life lost. Many of these costs are directly or indirectly spread to taxpayers and businesses, as the local, state, and federal government attempt to deal with this issue.

A look at the costs by state reflects a similar pattern to the maps charting opioid deaths, with those states in the Midwest, Appalachia, and northeast paying the highest costs. Taking just Ohio for example, we see that in 2017 opioid use disorder cost roughly $23.01 Billion, while fatal overdoses cost roughly $49.5 Billion, bringing the total to $72.58 Billion, or $6,266 per resident of the state.

Outside of just a loss of life and the general economic cost, a specific look at the epidemic’s effects on the lives of children adds some context to the severity of the issue. Analysis of Child Welfare Resource Utilization and Costs Attributable to Opioid Misuse between 2011-2016 shows the toll the epidemic had on children during that time. The graph below shows that the cost associated with children affected by the opioid epidemic neared $10 million, with the highest cost coming from foster care associated with opioid misuse.

As stated previously, the epidemic of opioid use in the United States entered the mainstream American consciousness in the early and mid-2010s. However, studies and articles about the epidemic show that its origins are much earlier and date back to the mid-1990s. In a 2022 interview with Howard Koh, a Harvard University Professor of Public Health and member of the Stanford-Lancet Commission on the North American Opioid Crisis, he points to the release of OxyContin and the promotion of the painkiller by Purdue Pharma as the inciting event that made the opioid possible. This claim is seemingly backed up by 2020 guilty pleas from the company regarding fraud and kickback conspiracies, resulting in numerous fines and the Sackler family paying a $225 million fine. Additionally, a $6 billion civil settlement was agreed to in March 2022.

However, while prescription drugs may have kicked off the opioid epidemic in America, it was by no means its final evolution. According to experts, including the CDC, the epidemic has three distinct phases. The first phase is, of course, opioid deaths and abuse tied to prescription drugs. The second phase saw a rise in deaths and abuse vis-à-vis heroin. Between 2010 and 2015, it is estimated that death attributed to heroin use tripled, according to the Drug Enforcement Administration (DEA). The final phase is primarily thought to have started in 2013 with the introduction of synthetic opioids, such as fentanyl, to the public. Fentanyl’s strength, addictiveness, relative cheapness, and ability to be mixed with other drugs have made it particularly deadly, even compared to the first two periods of the epidemic. A graph charting overdose death between 1999 and 2020 highlights the distinct phases described above and the deadliness of all three forms of the drug.

Echoes from the prescription drug-driven phase of the crises can still be seen in the most recent phase. For example, according to the DEA, fentanyl is often distributed in a way that makes it look like prescription painkillers.

Outside of the different vehicles through which opioids are distributed, geographical differences must be considered. While the maps above show the differences at the state level, a deeper layer can be analyzed. According to a study by the U.S. Department of Agriculture’s Economic Research Service, the first prescription drug phase of the opioid epidemic hit rural areas harder than urban areas. This can be seen in the graph below, which shows a sharper increase and the eventual surpassing of opioid death per 100,000 people in rural areas between 1999-2011. However, as crackdowns on prescription opiates took effect, this growth slowed, and the growth of opioid-related deaths in urban areas surpassed that of rural areas.

This pattern holds until at least 2019, with heroin-related death being higher in urban areas between 1999-2019 by 1.5 times and synthetic opioid death being higher in urban areas from 2015-2019. Overdose death from prescription drugs, on the other hand, remained higher in rural areas between 2004-2017, with urban prescription drug deaths reaching parity in 2018 and 2019.

This reversal in the pattern is interesting as the opioid epidemic is still primarily thought of as an epidemic affecting rural America or small former mining towns in the mountains of West Virginia. While it is undeniable that those areas have been affected by opioids, it is equally undeniable that the epidemic has spread to urban and suburban regions of the United States.

The most likely explanation for this shift is that prescription opioids are more accessible for those living in rural areas than the illicit products that took over the market after the crackdown. Illicit forms of the drug often brought in through the southwest border and ports of entry, often make their way to urban environments and slowly trickle into more rural environments. This means that effective combatting of the opioid epidemic in its newest phase should continue to focus on societal recovery and social services for those in rural areas to address the economic causes and local/familial distribution of opioids. Urban areas, on the other hand, should focus their efforts on enforcement and stopping the supply of drugs coming in.

As the opioid epidemic now approaches its 27th year, it is essential to consider whether we are approaching a new phase of the epidemic. Beginning in 2020, the Covid-19 epidemic caused a rise in opioid-related fatalities in the US. The map below demonstrates how overdose deaths significantly increased in every state during the first year of the pandemic. This trend continued with a 15% increase in deaths between 2020 and 2021, according to reporting by CNN. While explanations for this increase range from isolation, economic turmoil, overdose emergency drug (Naloxone/Narcan) shortages, and extra capital in the form of stimulus checks, the numbers paint a grim picture and eviscerate any idea that this epidemic is over.

While this pandemic rages, psychostimulants, such as methamphetamine, have made their way into previously unaffected U.S. markets leading to increasing deaths year over year since 2007, according to the DEA. According to a study by the Rockefeller institute of government, there has been a sixfold increase in positive methamphetamine drug tests in the United States since 2013. Additionally, while previously not as affected by methamphetamine as the American Southwest, in the Northeast of the United States the same areas heavily affected by the opioid crisis, have seen increased deaths and incidents involving psychostimulants. A map of domestic meth labs discovered by the DEA in 2019 highlights this changing geography.

The increased presence of this drug in geographical areas that align with the opioid epidemic suggests a possible connection. Whether that connection is due to the drug supply chain or some other factor cannot be determined during this assessment. However, the popularity of methamphetamine and other drugs of that class in rural areas, the correlation between overdoses and mixed use of meth and fentanyl, and the trend of adding fentanyl to other illicit drugs means it is a trend that is likely to cause increased damage.


The first phase of the opioid epidemic, which mainly targeted rural and Appalachian America, has been the subject of much conversation and popular media depictions. However, as the epidemic has evolved over the decades, the effects of illicit opioid products have shifted geographically to include urban and suburban areas of the country.

Considering the data pulled from government sources and academic studies surrounding the opioid epidemic, Overwatch analysts assess that this trend is likely to continue until such a time that sustained and effective reform and policy are put into place to combat it. Even as Covid-19 ground the United States supply chain to a halt, the pandemic appeared only to exacerbate the number of people dying from opioid-related overdoses showcasing the long-term staying power and stickiness of this problem. While post-pandemic numbers may fall slightly, there are no signs that they will return to levels lower than those of 2019.

Additionally, analysts assess that we will continue to see other classes of illicit drugs growing in those areas most affected by the opioid epidemic. This will likely lead to increased or purposeful mixing of synthetic opioids, such as fentanyl, with other drugs, leading to increased overdoses and death.

As this trend continues, we will likely see a shift in the national conversation around drug use that moves it away from a problem of rural America and deals with it as an issue affecting urban, suburban, and rural environments simultaneously. Further enforcement, specifically along the southwestern border of the United States and around ports of entry or significant shipping hubs and airports around the country, is likely to be increased, and counter-trafficking partnerships with Mexico will be strengthened.


A New Twitter and What It Means for OSINT






The recent Twitter takeover is a perfect example of why open-source intelligence (OSINT) is a critical discipline for analysts. It shows that technology and tools are always in beta. It also illustrates that you can always expect change and reassures the growing demand for a discipline like OSINT. 

Regardless, publicly available information on Twitter will look a lot different in the Elon Musk era. Eliot Higgins from Bellingcat summarizes it well in his tweet: 

Musk may have been slow to purchase Twitter, but he is proving changes are quick now that the purchase has been finalized. In this brief, Overwatch analysts hone in on a change that has shaken up the Twitterverse and could have significant impacts for how OSINT analysts discover, collect and vet publicly available information found on the platform. That change? Charging for the iconic blue checkmark.  

Earlier this week, we polled our LinkedIn community for a temperature check on sentiment regarding the new Twitter regime. Here are the results:  


Chasing Clout Behind the Blue Checkmark 

The blue checkmark was never conceived of as a signifier of importance on the platform, but according to the Twitter support team in 2017, it has become one. One article, for example, notes that in the early days of verification in 2013, Twitter rolled out a filter for verified accounts that helped them connect and view information shared by other verified users. A second article also notes that even Musk’s interactions on Twitter trend towards those with blue checkmarks. In 2022, 57% of Musk’s interactions on the platform were with verified users. On Twitter, or any social media platform, it is one thing to garner engagement and another to receive validation by, from or with an influencer. In this case, blessed by the blue checkmark.

As of 4:40 p.m. EST on Wednesday, November 9, 2022, Twitter defines the blue checkmark as:

With the addition of the Twitter Blue subscription service where users pay $8 for Twitter validation, the simple icon of a blue checkmark becomes a greater point of confusion on what it is defined on Twitter’s website, the community and among those who hold a blue checkmark and those who do not. 

Because If Everyone Is Verified, No One is Verified

The Twitter Blue verification has not even rolled out yet, but the likelihood that implementation is already set. Already Musk has taken to Twitter, proposing what Twitter Blue verification would look like, only to redact it 24 hours later. 

verification redaction

New verification initiatives suggested by Musk have many potential consequences for OSINT, both in terms of whose voices are easily accessible on the platform and the sincerity of the message those voices are putting out. Much of this will be determined by how verification is conducted.

Which Voices Will ‘Twitter Trends’ Favor

While Musk may try to change this perception and “empower the voice of the people,” that does not mean previous perceptions of what the blue checkmark means will change overnight. This leftover impression of the blue checkmark as an indicator of truth and, therefore, worthy of inclusion in the public discourse, can lead to issues as verification expands to the population at large.  

Verifying questionable accounts in this climate is a source of potential concern. This was already an issue before Musk’s takeover of Twitter. In 2017, for example, Twitter halted verification after the platform was found to be verifying accounts belonging to white supremacists. Additionally, in 2021, Twitter was found to be giving Blue Checkmarks to fake accounts. However, with Twitter Blue being rolled out, we can already see specific individuals like QAnon John, a conspiracy theorist, attempting to pay for verification. It is likely more will follow, and while the argument for freedom of expression is strong, it is undeniable that it will take time for the blue checkmark to change in the popular zeitgeist from a trusted source of information to a simple receipt of purchase.   

TPV Tweet The second issue that arises depending on the verification method is that bot farms, some made of actual humans, will not only be able to be active on the platform but will receive the added benefit of verification and, therefore, legitimacy. While fully digital bots may be a thing of the past, human-run accounts participating in information operations will easily be able to pay eight dollars a month for this added benefit. Additionally, these accounts will be favored by the algorithm once verified, at least according to Musk, who spoke about the favored treatment verified accounts will receive in terms of positioning relative to non-Twitter Blue accounts. 

This new verification system also threatens the voices of certain individuals, everyday Twitter users and those who, due to safety or desire to express their opinions freely, may wish to operate anonymously. These compose two sources of information that are highly valuable for OSINT analysts.

A look at polls conducted by Pew Research Center in 2019 highlight a few noteworthy statistics regarding Twitter users. The top 10% of Twitter users are responsible for 90% of tweets. Additionally, the bottom 90% of Twitter users Tweet on average twice a month. Additionally, research by Scientific American, published in 2015, found that lower-income individuals in the United States used Twitter to communicate socially, while wealthier individuals used it as a place to disseminate information.  

As price becomes a barrier to entry, we may lose the ability to gauge the sentiment of the bottom 90% of people using Twitter or those who use Twitter to communicate socially. This, in effect, will create an echo chamber of wealthier, primarily liberal, politically driven Twitter users. While this could be useful if your goal is to gauge this audience, it becomes less useful to an OSINT analyst if they wish to gauge this second more representative audience.  

A Subscription Model Muffles Voices Even Further 

According to our poll, 56% predict more dis-/misinformation in this new age of Twitter. This is a problem that prevails on Twitter already, and artificial intelligence and machine learning can only moderate to a degree. Humans and labor force are required, although one immediate action Musk took shortly after the news sunk in was laying off half of the Twitter workforce. Yoel Roth, head of safety and integrity at Twitter, reassured that the mass layoff did not impact front-line review. 

 Quick to retract and rehire some employees that were fired, hopefully this will slow down some other proposed changes Musk has tweeted about. First, verification. The blue checkmark: an amorphous icon that individuals associate with clout and/or validation. The most popular request may now come with a price tag.  

The majority of Twitter users, 90%, are passive observers, listening to the 10% of active users with occasional activity. With the new subscription model, this minority voice will be pushed down further and analysts could see the migration to other social media platforms. Twitter will still serve as an indicator of current trends and views through watching its ripples and evolve into more virulent or inciteful rhetoric across the social/digital space. 

Gone Are The Days of Anonymity  

The potential loss of anonymous posting through this system is also under threat. Despite Musk’s assurances that “A balance must be struck” between anonymity and authentication, analysts have seen no indication that there is room for anonymity on his new version of Twitter. This potential loss of anonymity poses two main problems for the open-source community.  

The first is that those who post anonymously often more freely express their genuine opinion or thoughts. While this may lead to trolling or inflammatory speech, the lack of a language filter also allows OSINTERs to more accurately gauge the sentiment of an individual or group of accounts. If verification ties content to a real person, we risk people filtering themselves and losing out on genuine reactions and feelings about specific topics. 

The second and more consequential effect of a loss of anonymity will come from a loss of content coming from less permissive environments. Tweets about protests, dissatisfaction with the government, or even critical information from war zones are often sent out anonymously to protect the posters from retribution. Countries like Myanmar, Saudi Arabia, Turkey, India, China, etc., often arrest individuals for criticizing the government on Twitter. This goes for journalists, activists, protesters, and supporters of opposition parties. If the identity of those pushing out information from these places is no longer shielded by anonymity, we will no longer see tweets sharing information about these countries.  

Even if Musk can marry the paradoxical concepts of anonymity and verification, Musk’s takeover of Twitter has relied on investors from several countries such as China, Saudi Arabia, The United Arab Emirates, and Qatar. It is unknown at this point what level of influence these investors will have in Twitter’s operations and what sway they will have over Musk in general. This puts anonymous tweets from these countries at risk. 


The push to “democratize” verification on Twitter comes with several challenges and potential pitfalls, not only analysts, but for the platform. The success with which these pitfalls can be avoided will be a product of how they are implemented. However, with the seeming speed with which Musk wants these new features to become available, unintended consequences will be unavoidable.  

Much discussion had been given to the potential impacts to the easement of moderation policies on curbing mis- and disinformation. Current social media platforms such as Twitter’s reliance on metrics of engagement and activity as an underlying part of their business model will be difficult for them to address. The fact remains that inflammatory and derisive language drives stronger responses and activity by a smaller but vocal segment of the Twitterverse. Easement of moderation rules would allow the platforms to sustain the most important driver of current metrics. Enactment of moderation policies requires labor and overhead costs that work inversely of the underlying business drivers. As previously referenced, the responses are coming from 10% of users with the remaining 90% remaining quiet on current social media platforms such as Twitter. In addition, the boisterous 10% will pay for the subscription as their activity is tied to their own pursuits. 

As noted by New York University Thomas Cooley Professor of Ethical Leadership Jonathan Haidt, that far left and right fringes of our society numbers 7-8%, but social media platforms metrics and their exuberance produces a disproportionate impact on social discourse, debate and activity or lack thereof in social media space and in greater society in general. He defined this impact in a recent 60 Minutes segment as “Structural Stupidity,” where organizations or spaces populated by smart and thoughtful people are placed in situations where dissent is severely punished. They then go dormant which limits critical debate and critique of the dominant or prevailing opinion or view. This could be very true of Twitter at present. 

 Our Assessment 

As we examine the impacts of Twitter’s moderation easement policies on curbing mis- and disinformation, the aforementioned metrics driving engagement and activity will likely have minimal impact on curbing the growth of mis- and disinformation. While the measure may, to some degree, better identify the sources of disinformation and designate them properly, it will not significantly reduce the spread of misinformation for a few reasons. 

Fact checking remains a critical piece of combating misinformation but must compete in the current models where it loses out in dissemination to the public. Even with technological advances like machine learning and artificial intelligence, the endeavor to identify misinformation is labor intensive. Le Monde’s Adrien Sénécat covered for Décodeurs, a study of the 2018 French elections and what the spread of misinformation on Twitter looks like, noted that fact checks of misinformation get approximately four times fewer shares than the original falsehoods. Twitter’s moderation easement and layoffs will not address this underlying aspect.  

Disinformation and misinformation compose to varying degrees of importance in the OSINT analysts to identify and assess threats and vulnerabilities. Understanding of the impacts of Twitter’s changes over the last few weeks do not make Twitter any less important of an OSINT tool; it requires exercising additional critical thinking. Unless bolder systemic changes are made, it will remain a place where we see actors who benefit from promoting inflammatory rhetoric, misinformation, and disinformation to further an agenda. It is unlikely they will be the major instrument of action for threats as it would undercut their pursuits.  

Twitter will be a platform where those ripples begin. For analysts it will be important to track the resonance of those ideas and personalities across more ideological affiliated platforms throughout the stratified web. The growth of memberships in these platforms will be important as people in the 90% migrate away from paying subscription fees as well as aligning themselves with groups they identify with, which is a very human thing to do. Since joining Twitter in 2014, their success aligns with Musk’s. And much like other Twitter influencers, Musk learned the formula of success to be “heard” or retweeted in the Twittersphere: tweet often and tweet loudly. The more outlandish, the more engagement. 

The Reality of Mainstream Apps like BeReal

The Reality of Mainstream Apps like BeReal

Nearly three years since launching, BeReal is topping app charts and was arguably the app of the summer. Currently estimated to have more than 22 million monthly users with over 450,000 Apple user reviews, averaging a 4.8 star rating, all eyes are on BeReal, leaving users blind to the dangers and vulnerabilities of the app, and its main feature to capture a photo utilizing both front and back cameras. While most apps would kill for successful milestone metrics like BeReal’s, these statistics also pique the interests of investors and bad actors who want access to real-time data as authentic as BeReal’s. 

The difference that has many flocking to BeReal are people who are over glamorous, curated feeds of “filtered” content found on popular social media platforms like Instagram and TikTok, where staged reality is the norm. BeReal is bringing the reality back or so the tagline says, “Your friend, for real,” speaks for itself.  

To keep reality in check, BeReal controls when users post to ensure authenticity is the default. A single push notification is randomly sent alerting users, “Time to BeReal.” Users then have a two-minute window to capture a photo, limiting the time for any staging. When capturing your BeReal moment, the app accesses both cameras, front and back, to simultaneously capture your current status with a location stamp, unless settings are turned off. Within that single second capture, the innovative social capture also collects a lot of real-time data.

As BeReal has made its way up app charts, Overwatch analysts have been monitoring the accumulating indicators contributing to the rise in popularity and investigating the potential threats that grow alongside the mainstream attention that comes with the mission to oscillate the trend from content curation to real-time captures. 

The Founding Fathers and Funders of BeReal

BeReal’s founders, Alexis Barreyat and Kevin Perreau, keep a fairly low profile with media and even on social media. Neither have conducted media interviews, which is right in line with their motto and mission of their app.

The strong purpose and story from founders was compelling enough to move the needle in drumming up over $30 million in Series A funding from Andreessen Horowitz, Accel Partners and New Wave back in June 2021. This was the first of three funding rounds for BeReal, estimated to be valued at over $600 million, according to the Financial Times. Private equity firms familiar with the digital app space, like New Wave and DST Global, were quick to jump on BeReal seeking success from their previous investments, like WhatsApp, Spotify, and Twitter.

According to a Venture Prose blog, “Zenly and BeReal, what do they have in common?,” the success of BeReal stems from Barreyat’s aspiration to bring focus back to reality. Barreyat was previously working at GoPro, where he captured mountain biking events and observed the disconnect between capturing a moment and influencers curating moments. This aspiration became more of a need than a business objective. 

The Grassroots Swell on U.S. College Campuses

BeReal’s popularity first rose in France, Barreyat and Perreau’s home country, and quickly gained traction in the U.S. from its grassroots ambassador program. The program was activated across college campuses, recruiting teams to help spread word-of-mouth. Ambassadors would receive a marketing budget to drum up downloads and reviews, paying anywhere from $30 per referral to $50 for an app download with reviews, according to Brown University students.

Many attribute BeReal’s summer success to the ambassador program as seen in the timeline below. Milestones escalated quickly with additional investors, organic brand activations, and media attention. 

All Eyes on BeReal 

After the summer, many indicators reflected that BeReal was now a player among mainstream media. The obvious indicator is capturing the number one spot on app charts the week of July 11, with 1.7 million installs that week, the largest weekly gain ever according to Sensor Tower, a digital analytics platform. Another public indicator was a dedicated skit on Saturday Night Live (SNL), a show known for leveraging cultural trends into comedic parodies. 

Looking back, there were early signs of BeReal’s swell with strong indicators in social conversations and downloads. When the app was mentioned, it was interchangeable as both a noun and a verb. Dispo, another photo-sharing app, entered the space at a similar time as BeReal and towards the end of 2021, downloads showed a clear winner in user adoption.

Another gauge is when brands begin inquiring about an ad platform. With over 55% of BeReal’s audience being young U.S. Gen Z’ers, it was only natural for brands to follow where their audience was. To date, BeReal does not have an advertising platform, nor have plans been announced. This has not stopped brands like Chipotle from getting creative.

Most likely advertising has been, and may be an afterthought for BeReal, especially since the tagline is rooted in authenticity, a characteristic brands struggle with. This is the harsh reality when mainstream mayhem hits, meeting the demands of both investors and the community.

Now that the app has captured the attention of investors, Gen Z, mainstream media, and brands…it is only a matter of time before BeReal is included in the hook of a top 10 single. 

Best Form of Flattery: Duplication

To date, the app reported a 315% increase in usage with more than a 1,000 percent increase in downloads. These are metrics that are causing other applications to have major FOMO (fear of missing out) or more fear of losing community. 

And as Oscar Wilde said, “Imitation is the sincerest form of flattery that mediocrity can pay to greatness,” and it is very true for apps where features are not considered intellectual property and can easily be duplicated. The same curated apps Barreyat turned away from are jumping on board BeReal’s concept, cloning the feature to leverage both camera captures and encourage authenticity through a push notification. This is where first-to-market does not always win out and other social media platforms have an advantage of an existing community, algorithm and ad platform that may give BeReal less staying power. 

Potential Vulnerabilities of Reality

Beyond staying power, the biggest threat is the appeal for bad actors, not only for BeReal but for this feature across multiple platforms. “Your friend, for real.” The tagline is catchy and has proven to be a success story but being in the spotlight is a slippery slope and as we all know, your friend may not be a real friend. Remember Snap Map, and the number of scams and security dangers unleashing this real-time location data to your “friends?” 

Bad actors and AI will continue to create a presence where communities are built, and much like brands, they follow where content curation and engagement exists. The unique element of BeReal is the authenticity of capturing content at the same time, utilizing both front and back cameras – unfiltered, unaltered – capturing images, screens and documents you do not even want your best friend to see. If you pair that with open location settings, it does not not take a skilled open-source analyst to create a pattern of life for daily routines, starting points, or missing intel. 

On a broader scale, there is the threat of hackers. Most successful apps from Meta to Snapchat are all too familiar with data breaches that can unlock more than your BeReal but also your account information. As BeReal enters its third year, it needs to proceed with caution and remember Snapchat’s third year, when it experienced two data hacks, iimpacting over 4.6 million accounts. 

Our Assessment

The reality is that you can be authentic while still creating a filter. Technology has advanced more rapidly than the education of those users jumping onboard to create and curate. An app to encourage authenticity is a step in the right direction but placing a tool that seeks to showcase an unfiltered reality in novice hands can lead to a digital footprint that cannot be erased. In the quest to capture an authentic moment, inexperienced users will unknowingly build a wealth of information like this that7y can be more harmful than entertaining. As a user rushes to capture their BeReal moment, they run the risk of inadvertently sharing sensitive data or images of unknowing participants without their consent.   

Whether BeReal is here to stay, the feature and demand for more authenticity has arrived and will continue. Because of this, BeReal and the copycats that follow will become additional resources for analysts and bad actors to tap into and developers to expand upon, potentially enhancing the capture with audio and accessing users’ microphones, which is another perk for users, analysts and bad actors. 

Lastly, wherever BeReal lands with its ad platform, investors will continue to see this type of content as the next digital revolution. If this is the case, vetting investors at each seed round and building security measures for platforms will only need to elevate even further to protect user’s data. Whether the content generated by BeReal, or the apps who copy the feature, it is truly content that showcases more information about people’s everyday lives. 

Women Challenge the Iranian Regime and the Patriarch Status Quo

The death of 22-year old Masha Amini at the hands of the Iranian Morality Police on September 16th, after a three-day detainment for improperly wearing a hijab has triggered countrywide protests. These protests triggered a brutal and lethal response by Iranian security forces, including the Iranian Republican Guards Corps (IRGC) over the last month. 

Recent foreign policy efforts by academics and researchers have focused on great power competitors like China and Russia, however, Iran holds significant open-source intelligence (OSINT) through social media streams. 

This Overwatch brief will focus on the OSINT indicators that will address whether the Iranian regime views the demonstration as a security threat or a political issue. 

The Green Revolution

In 2009, the Green Revolution played out on social media and was missed by the U.S. Intelligence community due to discounting OSINT as an intelligence discipline. The Iranian instance is notable for demonstrations since the Green Revolution spilled into streets and leveraged the internet and social media to coordinate messaging and actions. In response, the Iranian regime relied on traditional state media sources, blocking internet access and violent repression to counteract protests. The recent demonstrations follow a similar cycle: countrywide protests and demonstrations, with the regime utilizing the state media apparatus, internet outages, and violent responses, particularly against minority ethnic and tribal groups. 

Combating a Digital Evolution through Traditional ‘Blackout’ Tactics

Since the Green Revolution, the digital landscape has evolved substantially but the Iranian government methodology has not. With Facebook and Twitter rising in popularity among Iranians, the Iranian government saw this as a disruptor and imposed a week-long digital blackout initiating a brutal crackdown in 2019

Today the Iranian government decided to adopt rolling blackouts, targeting specific provinces that are composed of larger minority/ethnic groups. On September 21st, Iran curtailed access to Meta platforms, Instagram and What’s App. The routine blackouts are not inclusive to Meta-owned apps, TikTok and YouTube have routinely been blocked as well. Most of the blackouts are centered on Kurdish areas in Iran; Amini was Kurdish. Real-time network data shows a nation-scale loss of connectivity on MCI (First Mobile), Iran’s leading mobile operator, and Rightel.  

Because there is no private news site, the internet is the primary source of information outside Iranian government-controlled media. Most information comes from second-long video snippets activists manage to send through intermittent internet access as the Iranian government’s censorship efforts. 

Today’s Protest is not a Pattern of Past Protests

Up to now, the Iranian government does not appear to feel more vulnerable than they did in years of previous protests fueled by economic grievances: 2019, 2021, and earlier this year. That said, the real question is whether or not the regime leadership understands there are differences. According to Sanan Nivkol, a senior research fellow for the Middle East and North Africa Program at Chatham House in London, the people are asking for significant political change, generating solidarity among different social groups. Over the past week, October 7-14, 2022, reports of strikes across other sectors of the economy have surfaced raising stakes. 

As noted by Esfandyar Batmanghelidj, founder, and CEO of the Bourse & Bazaar Foundation in London, “if they (the regime) see this as a security threat and not as an issue of political expedience, then they are more likely to respond to using tools of their security apparatus” and “the government has far more capacity for repression than it does for reform at this stage.”

Batmanghelidj poses a fundamental question concerning how the regime perceived these demonstrations as a security threat or a political problem. OSINT plays an important role in assessing the Iranian’s regime’s perception of events. One significant event occurred on October 8, 2022, when a group identified as “Adalat Ali” or “Ali’s Justice” hacked the Iranian News Agency (IRNA) and played a 30-second video. 

The video features a picture of Iran’s supreme leader, Sayyid Ali Hosseini Khamenei, with a target on his head. The video clip also includes photos of the women Iranian authorities killed: Nika Shakarami, aged 16, Hadis Najafi, age 20, Mahsa Amini, age 22, and Sarina Esmailzadeh, age 16. One of the captions read, “join us and rise up,” while another said, “our youths’ blood is dripping off your paws.”

The young women have become symbolic of the Iranian population, which is largely young and unaware of Iran outside the control of the current regime. The women and responses challenge the regime’s political views as changes to women’s laws would not be welcomed by the current regime. To control the narrative, the Iranian government has used their official state-run print, radio and television to attribute the womens’ death to natural causes, freak accidents, and/or suicide. Beyond these instances, the regime has relied on silence or attributing the violence to foreign influence and/or unknown separatists. It has purposely refrained from referencing women or the role of women in public statements. 

Anti-regime Iranian hackers have not backed down, instead they have started releasing emails and documents associated with the “Iran Atomic Energy Production and Development Company” seemingly making good on a threat they made in response to the regime’s crackdown on protesters. If these leaks are valid and continue, this could prove a critical vulnerability for the Iranian regime and may solicit an even greater swell of a response. 

Our Assessment

The protests and landscape is one to monitor with a close eye across the social streams, as many turn to social media to show their support and fight against the challenge of the patriarchal regime, and potential indicators to determine the regime’s perceived level of vulnerability.

Instagrammer: @ninaansary

One indicator is a direct mention of women in their state-run media. This would be a shift in the regime to begin and acknowledge the role of women and young females in protests. It also shows the regime is concerned that protest demands have grown beyond the control of traditional repression tactics. Even further, the state-run media has not acknowledged the burning of hijabs and haircutting in their public statements. If they begin to, this communicates dissent within the regime’s political and security apparatus, potentially manifesting other officials to leverage social media to call for political change or reform on women’s issues or moderating other issues. All potential signs that they seek to resolve this politically to avert further instability and strikes across the Iranian economy. 

Secondly, the control of the internet. Currently, the regime appears convinced rolling internet outages in regions such as Kurdistan and other minority-dominated areas are sufficient. The short video clips on social streams depict protesters clashing with security forces are not currently impacting the regime’s internal calculations. The videos do validate the narrative that these are security threats from separatists and/or foreign-sponsored actors. An outright internet shutdown and other national communications would indicate that the regime perceives substantial threats from protestors’ social content and will resort to brutal tactics to suppress demonstrations. 

Lastly, an interesting aspect would be the emergence of a leader or leaders within the movement. The regime’s allowance of the formation of such a structure, which would allow some negotiations and/or acceptance of a political solution serves as a potential indicator of the regime’s intentions and/or willingness. If the regime elects to stifle or eradicate such nascent structures could lend credence to their perception that the movement is a security threat. The extent of women’s rights or women leaders in this leadership will also provide indicators of the regime’s thinking. The scope of women’s involvement or presence in an emerging organization would paint a picture of the regime’s view of the situation as a security threat or a political adjustment.

All Roads Lead to Rome: A Look at the Recent Italian Election and its Potential Consequences for Europe and the War in Ukraine

On September 25th, 2022, the country of Italy held a snap election after the previous unity coalition government fell apart. The election would decide the composition of Italy’s 68th government in the last 76 years. The result of that election was the formation of Italy’s first self-identified, far-right government since the end of World War II. The new governing coalition consists of three parties, listed in order of the percentage of votes they received: Fratelli d’Italia (Brothers of Italy), Lega Nord (The Northern League), and Forza Italia.

Italy is known as a country defined by divisions: separatists and nationalists, monarchists and republicans, partisans and fascists, northerners and southerners, communists and capitalists, and leftists and conservatives. These divides are deep, and many have existed since before the country’s unification in 1861. With all these deeply embedded divisions, Italy has averaged roughly 1.12 governments a year.

Despite these ever-present divisions, the coming to power of a self-proclaimed, far-right government in the country, excluding the fascists, is an anomaly worth further investigation. In this week’s Overwatch, analysts will look at the political landscape, economic data, and popular opinion coming out of Italy to understand what factors caused this electoral anomaly and its implications for U.S. interests and the current conflict in Ukraine.

A Look Back at World War II

Before diving into the more recent politics of Italy, it is worth summarizing the political landscape in the country after WWII. After its defeat in WWII and subsequent occupation by allied forces, Italy, like post-Cold War Eastern European countries, was under the control of the Christian Democratic party (DC) until the early 1980s. The Christian Democratic Party was a political party comprised chiefly of ideologies that spanned from the center-left to the center-right. The party’s main opposition during this time was the Italian Communist party.

During the Cold War, Italy and the success of the control of the Christian Democratic party were deemed crucial to U.S. national security interests due to its centrality in the Mediterranean, its access to Western Europe, and the Communist leanings of the population after living under fascism. The country was so important that one of the first covert actions undertaken by the newly minted CIA aimed to influence Italian elections to assist the Christian Democratic party. Whether those actions tipped the scales is a subject of debate, regardless, the Christian Democrats remained in control of Italy, and the Italian Communist party was kept from power.

An additional layer to the stable political was the social-political environment marred by political violence. This violence included bombings, kidnappings, and political assassinations, undertaken by neo-fascist groups, left-wing terrorists, and organized crime.

By the beginning of the 1980s, the DC began to lose power and control of the Italian government switching hands several times. The reasons for the decline of the DC are subject to some debate. However, some, such as academic Giancarlo Cristiano, point to political fragmentation caused by the declining intensity of Cold War politics. Others point to corruption common to political parties that remain in control for decades. Additionally, high levels of political violence in Italy began to subside by this period.

The period of roughly 1994-2008 can best be described as an era of bipolarism. This means that at the end of the Cold War, Italy’s political landscape shifted to one in which multiple parties unified into center-right and center-left coalitions and competed with one another. While political control switched more frequently during previous periods, acceptable ideologies remained within certain foreign policy boundaries, including support of NATO, the E.U., and the United States.

The Modern-Day Rise in Populists

Fast forward to the modern-day landscape – Italian politics from roughly 2009 to the present. For many, this is seen as the rise of populism in Italy. There are several reasons behind the rise of populism; the three most common are economic crises, such as the Great Recession and the impending post-Covid Recession, the migrant crisis, and deteriorating trust in Western institutions such as the European Union. These issues all interact to form an environment friendly to populists on both the left and right.

Populist parties that have seen their power increase during this period include the left-wing Five Star Movement, the Brothers of Italy, and the Northern League. The rise of these parties poses a potential problem for U.S. foreign policy interests. The Five Star Movement, Brothers of Italy, Lega Nord, and Forza Italia are all pro-Russian to varying degrees, potentially threatening U.S. foreign policy interests.

Silvio Berlusconi, head of Forza Italia, describes Vladimir Putin as a friend, having vacationed with him in Sardinia in 2003, Siberia in 2015, and even visited Putin in Crimea shortly after its annexation by Russia in 2015.

Matteo Salvini and his party, the Northern League, are known to have connections to Putin and Russia. A 2015 post by Salvini shows him wearing a t-shirt with a picture of Putin and the caption, “Here in Strasbourg. President Mattarella (then President of Italy) has just intervened, [and] said that ‘closing and controlling European borders is not necessary.’ No, of course, let’s bring in millions more immigrants. I’ll give two Mattarella in exchange for Putin!”

Additionally, Salvini’s party has been accused of taking Russian money to help fund their political campaigns. In 2019, a phone call between a close aide of Salvini and an unidentified Russian individual discussing how to funnel Russian oil money into his political party was released. More recently, in January 2022, Salvini was exposed as having met with the Russian Ambassador to Italy at least four times; he claims he was attempting to create a peace deal to end the conflict and help all parties involved.     

Giorgia Meloni, Italy’s new prime minister and leader of the Brothers of Italy, has recently been supportive of Ukraine, publicly promising to continue sanctions and arms shipments to the country in its fight against Russia. However, this stance is a change from the past. A search of Meloni’s Twitter profile revealed tweets from 2014, 2015, 2016, 2018, and 2020 all calling for sanctions against Russia to be lifted due to their effect on the Italian economy. Given her past stances and the pro-Russian leanings of her coalition partners, her recent public support of Ukraine could change, especially given Italy’s economic and political realities outlined in the data below.








Political data from the most recent election demonstrates cause for concern for those looking to ensure that Italy remains tied to the E.U. and, by extension, the United States. A report by Open Online shows that the Brothers of Italy (dark blue)  and the Northern League (Green) are particularly strong in the country’s north. The Brothers of Italy also made significant inroads in traditionally centrist regions such as Tuscany and Emilia Romagna, signifying a solid support base for right-wing populists in the country’s north. In the south, things do not appear much better as the Five Star Movement, despite gaining third place nationally, firmly beat out the centrist party in the south. This leads to the conclusion that the political parties with the most power in the north and south of Italy are sympathetic to Russia.

Italy has also seen a noticeable decrease in election participation since 1979. The number one reason for this dip in participation, according to a report by the Italian government, was alienation, defined as radical criticism, dissatisfaction, and distrust. However, this apathy, while present throughout the country, is not spread equally. The south of Italy suffers the most from apathy, according to data from 2018, while the northeast suffers the least. With the northeast being a stronghold for Italy’s right-wing populists, they will likely not be as affected by lack of participation as their competitors will be in future elections.

Economic factors driven by the conflict in Ukraine will also play into the calculus of whether Italy’s current governing coalition continues to back the United States and its allies in supporting Ukraine. According to the International Monetary Fund (IMF), Italy is projected to be one of the only two European countries entering a recession in 2023. A look at data from the Organization for Economic Co-operation and Development assesses that Italy’s GDP growth for 2023 will be only .4%.

Outside of high-level economics, there is also the reality of gas shortages. The shortage is estimated to be 5-6 billion cubic meters during the coming winter. As of September 2022, the Italian government began asking its citizens to lower their heat by one degree and turn it off for one hour daily. It is also likely that the current leading coalition’s supporters in Italy’s northern region will suffer more from these shortages in terms of winter heat when compared to the south.

Italian public opinion in the face of these projected economic challenges is still favorable to the continued defense of Ukraine. According to an April 2022 poll from the Italian Institute for International Political Studies (ISPI), 86.6% of Italians supported reducing their family’s energy consumption. However, the poll also revealed that 37% of Italians believe the sanctions against Russia are hurting their economy. Furthermore, a second poll conducted by the European Council on Foreign Relations in June 2022 saw responses from Italians nearly evenly split, between Russia on one side and Ukraine, The U.S., and the E.U. on the other, as to who was the biggest obstacle to ending the conflict.

Our Assessment

As the war in Ukraine and its potential economic consequences continue to begin to take effect, Overwatch analysts assess that the new government and Prime Minister Meloni will be under immense pressure to break with the current NATO response and work with Russia in some capacity to either secure them favored peace terms to end the conflict or lift economic sanctions placed on them by the West.

The pressure will come from multiple places. First will be her desire to keep her and her party from being viewed as the cause of the projected recession and gas shortage, especially as the shortage is likely to affect regions that are considered strongholds for her party. The second will come from her junior coalition partners. They have shown past support for Russia and may attempt to utilize the economic fallout to reclaim supporters from the Brothers of Italy. Either could pressure Prime Minister Meloni to reverse her support of Ukraine or the dissolution of the current coalition if the war in Ukraine continues through the winter.

Secondly, while it was not the focus of this brief, analysts assess that Russian influence operations will likely ramp up as winter approaches. These operations could play off existing divisions in Italian society and politics regarding conflict, blaming the E.U., the U.S., and Ukraine for continuing the conflict instead of suing for peace. The goal of these operations will be to influence the Italian population and, in turn, the governing coalition. The best course of action is to end the conflict in Ukraine as quickly as possible, likely by cutting arms supplies to Ukraine and supporting a peace settlement that favors Russia.