Anyone who has ever taken an OSINT course with me has heard me say, “Metadata is in play far more often than people think.” To help demonstrate that, I often reference a talk by Patrick Warren from the Reconnaissance Village at Defcon31. Warren and his team (some fantastic people I had the privilege of spending time with) identified sensitive information about a Chinese disinformation group through metadata from images.
Many major sites like Facebook may remove metadata, but searching for the same images posted on other sites can often find the metadata intact. It’s a fantastic 26-minute video you can watch here, but let’s take a look at the results from the fabric summarize pattern as discussed in yesterday’s post:
Processing “https://www.youtube.com/watch?v=h3_9Cvpd4n4&list=PLVwzzufdy9isTHn2d1Aal6LSyEat40xqG&index=5”
ONE SENTENCE SUMMARY:
Patrick Warren demonstrates how analyzing media variants and metadata can reveal the structure and behavior of Chinese influence operations like Dragon Bridge.
MAIN POINTS:
1. Dragon Bridge is a prolific Chinese disinformation actor using fake accounts to spread anti-US and pro-China narratives
2. They create original cartoons and videos in multiple languages to spread across social media platforms
3. Starting with seed images, researchers use reverse image search to find variants across the internet
4. Metadata from image variants can reveal software, hardware, locations, and organizational structure
5. Images found on non-social media sites often retain valuable metadata that Twitter/Reddit strip away
6. Analysis showed Dragon Bridge’s media creation was decentralized, using various software and systems
7. The campaign successfully flooded platforms like Pinterest, forcing shutdown of certain search terms
8. Traditional reverse image search may become less effective as AI-generated content increases
9. Future detection may require AI/computer vision to identify thematic similarities rather than exact matches
10. Multiple account usage patterns help validate legitimate campaign connections versus false flags
TAKEAWAYS:
1. Media variant analysis is more effective than text analysis for tracking influence operations
2. Metadata from image variants can reveal crucial organizational intelligence about operators
3. Influence campaigns can succeed through flooding platforms even with obviously fake accounts
4. AI-generated content will require new detection approaches using computer vision
5. Cross-platform analysis is essential as campaigns spread content across diverse websites
