Inside the OSINT Operation to Get Foreign Students Out Of Ukraine | #cybersecurity | #cyberattack


African people studying in Sumy arriving at the main train station in Lviv, Ukraine on March 9, 2022. Students with Indian, Chinese and different African nationalities have arrived today in Lviv from Sumy, a city located in eastern Ukraine, through a humanitarian corridor created to evacuate them. Image: Salido/Anadolu Agency via Getty Images

Chimee, a 29-year-old Nigerian student, distinctly remembers a painting flying off his dormitory wall and smashing to the ground as explosions rang in the distance. Just five months ago, he had left Nigeria to finish his Master’s degree in Sumy, a city in eastern Ukraine—now one of the focal points of the Russian invasion. Friends and family spammed his phone with messages telling him to leave Ukraine, but fighting had already begun and the railway tracks around the city had been damaged. 

Still, a few days later, Chimee had once again packed his most important belongings into a suitcase and set his Google maps in the direction of a new country, Poland—this time as a refugee. 

Chimee, who asked that his last name not be printed to avoid repercussions when applying for European residency, is one of hundreds of foreign students who has been helped by an informal consortium of Open Source Intelligence (OSINT) experts that have used everything from open flight data to geolocation tools to help them evacuate Ukraine. The effort comes as BIPOC students have faced documented discrimination on the road to safety, including not being allowed on trains.

Five hundred kilometers to the north, as Russia began its invasion of Ukraine, Chris Kubecka found herself in a similar situation. The American cybersecurity expert was stationed in Kyiv to help in the event of a large-scale cyberattack on core infrastructure, such as nuclear power plants. Kubecka fled in a van with a haphazard group of people she’d met during the chaos. She hastily managed to get in touch with some friends and colleagues who worked with Open Source Intelligence (OSINT) who helped guide her safely over the Romanian border.

Immediately after arriving, Kubecka decided to put her connections and skills to work to help others in the same way she had been. Before long, she had brought together a ragtag consortium of hackers and OSINT experts to help evacuate people from parts of Ukraine under attack. Of significant concern were the country’s thousands of foreign students—many from the Global South—who have few domestic connections. 

Despite its hasty creation, the group estimates it has helped more than 900 foreign students—many who have received only sporadic help from their embassies and Ukrainian authorities—flee the country. That estimate is based on a spreadsheet, which Motherboard has viewed, where the group tracked how many hotel rooms and transportation it booked for students. Among them was Chimee, who is now hunkered down in an undisclosed location in Germany. 

Chimee came into contact with Kubecka and the others on March 5, after he and other students had begun posting about their situation on social media. With dwindling access to food and water, videos of foreign students filling up plastic bottles with snow circulated online. As Kubecka and the team worked with the Red Cross on an evacuation plan, they sent the students money to buy scarce food, medicine, and tips on how to hold out for the right moment to flee. 

Chimee recalls receiving a Google Doc titled “Survival Guide” put together by Kubecka as well as some students who had already escaped, and a former U.S. special forces operative, among others. The guide, seen by Motherboard, includes advice on what to do when caught in a crossfire (“if there is a lull in firing, attempt to improve your cover”) and shelling (“cover your ears and keep your mouth open to reduce the effect of blast pressure”). 

On March 6, Chimee took his chance and approached a Ukrainian family parked next to the railway station. The family, which Chimee described as “incredibly kind,” drove him to a nearby city. Along his journey he received a continuously updated guide from the OSINT-group showing, for example, routes blocked because of fighting or demolished bridges, as well as ephemeral humanitarian corridors. When he made it to a railway station, he took a stretch of trains and multi-kilometer long walks before finally making it to the Polish border, and to accommodation that Kubecka had arranged for him and other students. He remembered tears welling in his eyes when he finally realized he’d made it out alive.

“Making sure that these people have access to reliable and real-time intelligence and information can make the difference between life and death,” said Kubecka.

A few days later, Kubecka contacted the driver who drove her out of Ukraine. He owned a transport company and managed to get her in touch with other drivers in Ukraine willing to take the students. The students—mostly from the Global South, including Nigeria and India—had all studied at Sumy University. With relatively low tuition fees compared to its European neighbors, Ukraine is a common destination for non-EU students. 

Working with a group of OSINT veterans, including former Bellingcat researcher Nico “Dutch OSINT Guy” Dekens, the group used geolocation tools to track the students’ movements in real-time and route them around Russian air-raids and ground troop activity. They sent them a constant stream of texts informing them to avoid certain roads and crossings, and pinpointed nearby shops and warehouses where they may be able to find food and shelter. Once the students reached a safe location, the team arranged for buses to pick them up and transport them further west toward safe countries. 

“I have been using a mix of manual and (semi)automated tools to monitor a radius around Chris and the students. With monitoring I mean looking for Russian Military ground and/or air activity within a specific radius of the groups at that time, live and last known location in Ukraine,” Dekens wrote in an email to Motherboard. 

“These tools and techniques give insight into various media and social media activity that is live and (near)real-time geolocated ‘eye witness’ reports that gave me the insight where it was safe or not safe for the group to move to,” he added.  

Many of the evacuated students are currently in Poland and Germany, and are looking to continue their studies at European universities, if they agree to take them. A few others have decided to return home to Africa and India. 

One of the largest challenges has been keeping track of where foreign students actually are, so they can be guided around potential perils. Kubecka has been working with Google on creating a secure way for students to transmit GPS data which can then be overlaid with OSINT-data on Google Maps to establish safe evacuation routes. In order for this to work, more coordination with embassies is vital, she emphasized. 

After helping to evacuate students from Sumy, Kubecka and the group say they are now working to help 74 foreign students trapped in Kherson, a city in southern Ukraine occupied by Russian forces. So far, the group has not been successful in trying to evacuate students from cities surrounded or occupied by Russian forces—finding the opportunity to leave their homes to find basic necessities is already difficult. 

With dwindling access to food and water and stuck in freezing temperatures, some of the 74 in Kherson students have fallen ill—some with Covid symptoms, said Kubecka. 

“We sent them information on how to use charcoal, burnt material, and pebbles to filter the water from melted ice after hearing that they’d just been drinking it—that can get you really sick,” Kubecka said on a Signal call. “It’s gross, but I’ve even advised them to drink water from the toilet tank if that’s all they can find.”

“The hardest advice I’ve had to give, especially to students who are starving and thirsty, is just to lay low and stay put,” she added. 

Original Source link

Leave a Reply

Your email address will not be published.

− 2 = two