Briefing: World Cup scams and disinfo

Our weekly Briefing is free, but you should upgrade to access all of our reporting, resources, and a monthly workshop.

Craig published a guide to setting up your machine for OSINT. It covers the free apps, browser extensions, and OPSEC tools you need to get started, including VPNs, virtual machines, web capture, username enumeration, and more.

We also published the latest episode of Show & Tell. Our guest this month was Omer Benjakob, the disinformation and cyber reporter for Haaretz. He walked us through how he and colleagues infiltrated a shady disinformation-as-a-service operation dubbed “Team Jorge.” You can check it out on YouTube, Spotify, or Apple Podcasts.

Plus! We won the CJF Geoff Hinton Award for AI Safety Reporting for our work exposing the infrastructure behind nonconsensual deepfake nude generators. The award, presented by the Canadian Journalism Foundation and the AI Safety Foundation, is named after Nobel laureate Geoffrey Hinton.

To celebrate this win, we removed the paywall on all our AI nudifier coverage through the end of June.

📍 Arjun Bisen, the CEO of OverWatch Data, warned that “a large cluster of templated messages [sent] from a swarm of accounts” is targeting aspiring FIFA World Cup ticket buyers on X. The likely goal is credential harvesting or malware installation.

📍 Speaking of the World Cup, Aos Fatos collected some of the misleading images and videos related to the tournament, many of which pushed politically sensitive ragebait.

📍 Late last week, the US Department of Justice seized two deepfake nude sites, CFAKE[.]com and SOCFAKE[.]com, in partnership with French and Italian law enforcement. Per Cyberscoop, a 47-year-old French man was arrested in Nice with $48,000 worth of Ethereum, allegedly amassed from the sites' ad revenues.

📍 A few weeks ago, controversial entrepreneur Kim Dotcom posted an image on X falsely claiming the US embassy in Kyiv was being evacuated. A Community Note attached to the tweet mistakenly asserts that the image is old, attributing the claim to a Grok reply. The image is actually AI-generated (and we are fully cooked — Alexios).

📍 “Big 4” firm KPMG had to retract a report on “excellence in the age of agentic AI” because it included untrue or misleading case studies from major institutions. The errors were likely the result of AI hallucinations.

📍 Security firm Varonis discovered a vulnerability in Microsoft’s Copilot that used the string of a URL after the “q” parameter as a prompt injection to extract information from a target’s email. Microsoft has since patched the vulnerability.

📍 Irish prime minister Micheál Martin warned people that a deepfake video of him is being used to promote a financial scam.

📍 Google sued a Chinese criminal network it calls “Outsider Enterprise.” The tech giant alleged that the group distributes phishing kits “that allow criminals to blast out fake text campaigns that look like they’re from Google and other trusted brands.”

The Reuters Institute for the Study of Journalism published a detailed look at how a team at BBC Eye built a multi-agent AI system to help with its investigation of Russia’s nationalist vigilantes. The system, called Haystack, helped the journalists “harvest, analyse and surface leads at a scale we could never have handled using traditional methods.”

The piece explains how they built and tested Haystack, emphasizing the importance of keeping a journalist in the loop:

If you’re curious, they built it using LangChain.

📍 Ubikron launched a public beta of a new version of its web capture tool. You can install the beta here and learn more here. (Check out our guide to web capture tools.)

📍 Henk van Ess created an open-source tool that you can use to split up massive files in order to be able to upload them into an LLM for analysis. He’s also leading an upcoming paid training for the Global Investigative Journalism Network, “AI Without the Guesswork: Smarter Journalism Without Prompting and Hallucinations.”

📍 Cidint published a PDF guide to OSINT techniques for Telegram. (Don’t forget about our guide to investigating Telegram.)

📍 Lieutenant Anthony Lavarone wrote an article for the U.S. Naval Institute, “Prediction Markets Could Be a Valuable OSINT Tool.”

📍 Pavel Bannikov moved his list of OSINT Resources/Tools by Country to a new GitHub repo. It currently has resources for 32 countries.

📍 The latest edition of The OSINT Newsletter looked at “Using Generative AI for Sock Puppet Creation and Identification.”

📍 The New York Times published a profile of visual forensics expert Dr Hany Farid, “The World’s Leading Deepfake Expert No Longer Trusts His Own Eyes.” An excerpt:

📍 The University of Southern California is hosting the second Open Source Journalism Conference. It’s Oct. 9 and 10 in Los Angeles. Craig attended the first event and it was excellent. Early bird pricing is $100 for working journalists and $30 for student journalists. Info and registration.

📍 A new preprint by friend-of-Indicator Hal Triedman and co-authors Tingwei Zhang and Vitaly Shmatikov at Cornell Tech found that targeted minor contributions to popular UGC sites like Quora or Reddit can successfully inject desired content in Google’s AI Overviews. The researchers were in some cases able to get the AIOs to cite an injected comment between 20.0% and 51.4% of the times. (404 Media has a good write-up).

📍 An analysis by the Institute for the Estonian Language found that French AI darling Mistral performed worst at detecting pro-Russian propaganda in a battery of 75 queries across English, Estonian, and Russian.

📍 The number of fact-checking websites has contracted again, according to the Duke Reporters Lab, but perhaps less than one might have expected. Fact-checkers are meeting this week at the annual Global Fact summit where IFCN director Angie Holan called on “the technology platforms that are absent from this year’s gathering” to “rejoin us in the work of making high-quality, accurate information accessible to everyone. Fact-checking is not censorship; it is not a partisan cause. It never was.”

📍 The RQ1 newsletter on journalism research is always great but the latest issue feels especially relevant to Indicator readers, including its review of two interview studies: one on how young adults navigate the credibility of content on TikTok, and another on expectations and reactions to AI labels in journalistic content.

📍 A teacher who was the subject of a deepfake nude made by her students plans to move states and change her name. Changing school districts wasn’t enough to escape the stigma. She told The Wall Street Journal that “to the middle-schoolers I taught, the deepfake is real. For them, I am the teacher who was a porn star.”

Want more studies on digital deception? Paid subscribers get access to our Academic Library with 75 categorized and summarized studies:

Please upgrade to access all of our content, including our how-to guides and Academic Library, and to our live monthly workshops.