Geolocation by photo is an exciting and dynamically developing field that opens wide opportunities for analysis and research. In this article, we look at the key aspects of geolocation, using photos as the main tool. This method is especially important in the context of cyber security, where accurate location can be critical for investigations and security. First of all, geolocation by photo includes the analysis of metadata, which can contain information about the location and time of shooting. Also an important element is the recognition of visual features, such as landscapes, famous buildings, and other unique characteristics that can be used to determine a location. The development of artificial intelligence and machine learning technologies has significantly increased the efficiency and accuracy of geolocation analysis.
Deep learning algorithms can automatically recognize and classify objects in photos, making the process faster and more accurate. However, the use of photo geolocation requires a responsible approach, especially in the area of privacy and ethics. This means that legal and ethical standards must be followed when collecting and analyzing information. Overall, photo geolocation is a powerful tool in the hands of cybersecurity professionals, researchers, and law enforcement agencies. It opens new horizons for the understanding and interpretation of visual information, allowing to obtain important data for a variety of research and operational activities.
While searching for images near Pavlivka, the site of artillery attacks from Russia on Ukraine, we find a series of images of a soldier named Stanislav Tarasov. These photos can be found on various geomapping services for photos posted on Instagram, including Gramfeed.
Looking at other images on his Instagram, one that stands out is a soldier holding a rifle, facing the village in the background. The image was later removed from Instagram, but it can still be found on Tarasov’s other social media accounts, including VK (archive) and Odnoklassniki.
When looking for suitable places that fit this image around Pavlivka, the numerous landscapes that open in front of the small village seem plausible, but only one will match all the visible characteristics. Using Google Earth, we can use historical images that most closely match the time of the photo (summer 2014). Fortunately, there are numerous satellite images of Pavlovka, Russia from August 2014 that allow us to precisely match the satellite images with the ground view from Tarasov’s social media account.
By changing the camera angle in Google Earth, we can recreate the look of the image. By matching rooftops, trails, and crop patterns, we can approximate the geolocation of this photo. Looking east from 47°56’10.33″N 39°50’2.55″E, the patterns of the road, bushes, and roof line up perfectly.
Many factors have changed in the satellite image since the photo was taken: worn fields with additional roads, some grass patterns, etc. Additionally, some landmarks visible in the satellite photos, such as additional houses and what appear to be hay bales, are not visible in the original photo due to a soldier blocking the view. Most importantly, however, the static landmarks match—particularly strong correspondence with the angles of the roofs, the spacing of the buildings, and their sequence. In connection with this, as well as the existence of indirect evidence of the presence of this soldier in Pavlovka at the time of uploading the photo, it can be confidently stated that the photo was taken facing east in the direction of the village of Pavlovka in the summer of 2014.
Comment by “Markus W.” sent the following images that further confirm the geolocation above using additional landmarks visible on satellite images. With his permission, below are his findings:
Many questions remain about how open source data can be used or presented in court as evidence.
After all, the field of open source investigations is still relatively new in the grand scheme of things. But with the ongoing war in Ukraine presenting a mountain of open-source data for prosecutors to work with, understanding these questions and how to answer them is vital.
The recent decision of the European Court of Human Rights (ECtHR) in the case of Ukraine and the Netherlands v. Russia (Application Nos. 8019/16, 43800/14 and 28525/20) provides some insight into how such evidence may be treated and the challenges it may face .
The ECtHR is an international court of the Council of Europe that tries to interpret the European Convention on Human Rights, while the case brought by Ukraine and the Netherlands aimed to prove human rights violations in the territories of Ukraine occupied by Russia since 2014.
Among the evidence provided by lawyers representing Ukraine were details of research and articles compiled by Bellingcat and others on topics such as Russian involvement in Ukraine, the fate of MH17, cross-border artillery attacks and Russian military operations in eastern Ukraine.
Lawyers representing Russia tried to undermine the evidence provided from open sources. This included questions about whether photos showing a Russian soldier standing in front of a vehicle in southern Russia were faked.
The photos were used by Bellingcat in an article to demonstrate a geolocation exercise, placing a soldier on a training field near the border with Ukraine.
The image was important in the ECtHR case because it allowed investigators to place the depicted individual, and thus his military unit, at the Pavlok training camp near the Ukrainian border. Pavloka was the site of artillery strikes in eastern Ukraine in 2014.
However, the image published in the Bellingcat article seemed to contradict a similar picture presented by the Atlantic Council think tank on page 23 of this report.
In the Atlantic Council version of the image, the license plate appeared on a military vehicle behind the soldier. This number is missing from the image in the published Bellingcat article.
Russia’s representative at the ECtHR argued that this discrepancy shows that the Bellingcat image was manipulated using very “sophisticated” methods and “artificial intelligence”. This ensured that what was presented to the court was no more than “propaganda”, they said.
Explaining how this discrepancy arose and proving that nothing was wrong was a key factor in ensuring that this particular open-source evidence – and open-source investigations more broadly – were considered reliable in the eyes of the court.
It is obviously correct to state that the number plates visible on the vehicle are missing from one of the images. But the claim that Bellingcat deliberately manipulated him was false – as further evidence from open sources showed.
First, the purpose of Bellingcat’s article was to offer an example of geolocation – as the title of the article suggests. It doesn’t look like why the license plates on the vehicle appeared in some images and not others. But, considering that this issue was raised by the representative of Russia, it had to be considered.
Many of the original posts and links used in the Geolocation and Atlantic Council report were found to be no longer active, deleted by the user, or made private.
Fortunately, the links have been archived by researchers using sites like archive.org and archive.today. This ensured that the first versions of the pages on which the images appeared could be made available to the court – a useful reminder to researchers why it is important to archive as much as possible during the research process.
For example, a LiveJournal blog from August 2014 had screenshots of a version of a photo with license plates taken from a soldier’s VK page. The blog also shows that this image was posted in mid-2014. This was the version of the photo used in the Atlantic Council report.
Another archived tweet from July 2014 included a screenshot of a soldier’s social media post with a photo showing the license plate. In other archive images, the vehicle was without a number plate.
This was the case in a December 2014 post from the soldier’s own VK page. However, closer inspection revealed that the image appears to have been rather crudely photoshopped, with the part where the number was being blurred. Upon closer examination of the archived images, it seems clear that the first versions of the image showed the number plates on the vehicle, but at some point in 2014, new photos without the number plates began to appear online.
Another archival version of the soldier’s VK.com page showed that he had “updated his profile picture” with an edited image on December 23, 2014.
All this indicated that the soldier had in fact posted an altered version of the photo on his social media profiles after posting the original with the car’s number plate months earlier. A footnote to the Atlantic Council report even notes that the soldier posted the photo and then deleted it before re-uploading it in late December 2014.
The suggestion that Bellingcat was involved in photo manipulation is clearly untrue, as supported by publicly available open source material. The court agreed, saying it “does not agree that these criticisms demonstrate any general tendency to tamper with the evidence or any general flaws in the analysis or approach used by the authors of the reports.” His full response can be read here.
Russian officials also questioned the credibility of open source investigators in general. The strategy for this was made clear when they stated that the work of the Joint Investigation Team (JIT) in the MH17 trial relied on “dubious digital materials and reports by ‘so-called’ citizen journalists”.
They again argued that such material “was susceptible to fabrication or manipulation.” The techniques for doing so “were now so sophisticated that counterfeit material was virtually impossible to detect,” they said.
Russian officials seemed to believe that if they could undermine the open-source evidence provided by the likes of Bellingcat and other independent actors, they could then combine it with the JIT and cast doubt on the credibility of the criminal investigation into the downing of Flight MH17. . However, the ECtHR did not support this argument either.
In his decision, he noted that:
“First, there is no evidence that the JIT relied on external bodies, including Bellingcat, in its analysis of the material and the preparation of the criminal case file. Rather, it is abundantly clear from the record that the JIT conducted its own analysis of all the evidence in the criminal case file, including the issues discussed in the Bellingcat reports and the issues covered in the DSB [Dutch Security Council] report. There is no reason to believe that the OM and JIT materials were not independently compiled and verified. The fact that their findings are consistent with those of the DSB and Bellingcat only demonstrates that there is support for the conclusions reached and serves to further increase the credibility and reliability of the findings.”