The state of OSINT in the Iran war

(Ahead of a panel for IRMI on methodologies of OSINT applied to the Iranian war, we’ve written down a few thoughts on this unique and important situation, which we share here.)

What is unique about the use of OSINT in the Iran war?

The regime has put most of the country in an Internet blackout, which means that OSINT investigation, to a large extent, cannot happen. This is a situation that is not likely to happen in many Western countries, but in some countries, where the online access is centralised, such as Egypt, Iraq, and Syria, it can.

So how do we use open-source intelligence to get a sense of the Iranian street?

There is no such thing as a 100 percent blackout. There is activity on social media through satellites, some people are close to the border, the regime itself makes use of the internet, and there is a very dynamic online discourse through proxies, both pro-regime and anti-regime.

You do, however, have to take this unique situation into your assessment.

For example, you know that a lot of what does come out is initiated by the regime to sway public opinion. In those campaigns, Iran is portrayed winning, its enemies are brought to their knees. Iran uses a lot of AI-generated images to give this narrative a visual flair.

If a narrative is strong enough to get out of the country, and it is suspected to be manufactured by the regime, which might explain why it managed to evade the blockade, there is still information to be learned from it. You can see the intent of those who produced it.

Interestingly, although Iran targeted at least 11 countries in this war, with the UAE being the most targeted, the campaigns feature Israel first and foremost as the victim of Iran’s military achievements, many of which never happend. This is telling of the east vs west scenario the regime wishes to establish.

Any examples for this misalignment between chatter and reality?

According to a NewsGuard report, Iran unleashes two campaigns per day. Most of those do not come directly from the government, but from pro-regime voices around the world. (Iran, in both the physical and influence arenas, is heavily invested in the notion of proxies). Only 8 percent of monitored campaigns are against the regime.

Now, most prewar assessments place the percentage of the population that favors the regime at 15–25 percent. That is a stark contrast to the roughly 90 percent of pro-regime content coming out of Iran today.

So how do you differentiate chatter from important things to watch for?

One needs to prioritize what they are focusing on. A use case can be one that looks at understanding street-level sentiment, or it can be a way to understand the physical density of population in order to know which areas to avoid striking.

Once you have that use case defined, there are three elements that will help you decide which threads are worth following:

1.     If a narrative lives across platforms, even if there is little chatter coming from TikTok or Instagram, important narratives will have appeared there as well.

2.     The narrative is connected to a real-life event we can corroborate via HUMINT, SIGINT, or news reporting.

3.     The narrative has some longevity. A story that erupted out of nowhere and died the next day is most likely engineered. Real narratives reverberate across people and geographies.

How can technology play a role in this task?

As a starter, technology can operate at a much larger scale, scanning all chatter in Farsi, and at a much higher speed, highlighting all the new narratives that emerged in the last 24 hours. Agentic OSINT can actually do both of these without being asked, simply by being designated to uncover influence campaigns related to the current war.

Can OSINT change the course or outcome of the war?

Influence lives within the world of OSINT. If you can find it, you can potentially generate it. If we have learned anything over the past decade, it is that while bombs rarely topple regimes, influence can shake them to the core, relatively easily.

Maybe this is why Iran enacts the blockade, not to lock voices in, but to block those that come from the outside.

Further reading: This New York Times article discusses Iran’s information war and its efforts to influence the war debate in the United States. The article also cites our client, HonestReporting, as one of its sources.