About Bellingcat’s claim: “Russian sat pics fake”

June 1, 2015

Preliminary review about Bellingcat’s newest report ‘Forensic Analysis of Satellite Images Released by the Russian Ministry of Defense’. (Link to Bellingcat)

Author

This review is written By Charles Wood B.Sc MIEEE MACS.

Mr Wood is an experienced forensic expert with one specialisation being
forensic analysis of digital images and metadata. Mr Wood has over 20 years years experience in digital media and 10 years experience in digital media forensics for criminal and civil cases. Additional experience includes formerly working in applied physics (meteorology, climate research, toxic gas research, and oceanography) and also 5 years parttime service in the infantry.

Executive Summary

This report is on the quality and validity of the Bellingcat report. This report makes no assertion that the images were or were not faked; it simply points out the almost completely fallacious basis for the Bellingcat report and its conclusions.
The Bellingcat report is hopelessly flawed from the very start. It relies on unsophisticated use of a (free) online ‘image checker’ to detect ‘evidence’ of forgery and relies on Google dates for imagery dates. Neither reliance is at all justifiable and any conclusions made from them cannot be used by any serious party.

They also rely on EXIF data as evidence of manipulation without addressing the very simple point that images have to be prepared for publication and so will naturally be processed by photoshop or equivalent to trim and enhance and annotate.

Image Error Analysis Failure

The error analysis program they use is incapable of detecting forgeries in any but the most obvious cases. They rely on vague patterns well below noise level that are expected in any image with a small object on a relatively plain field.

Their first error is resorting to (free) fotoforensics.com to do the analysis rather than a tunable command line tool that can perform more intelligent analysis.
They then submit the images to fotoforensics without knowing what algorithms are being used and what the precise meaning of the error image is.
Practical experience says that Image Error Analysis produces remarkably odd results for even the most mundane of images. This is affected to some degree by the image source and preprocessing and is affected significantly by high frequency changes in the image. That is if you have say a black bird on a blue background you will get a spike in the error levels around the bird. This can be seen clearly in the alleged BUK launch photos also on Bellingcat which for Bellingcat chooses to not denounce as an obvious forgery (neither do I by the way).

Without wasting too much of my time I suggest interested people submit known unforged photos to fotoforensics and see what ‘forgery’ signatures they produce. However I’ll illustrate with some photos from a randomly selected source that ‘show’ signs of tampering using the Bellingcat criteria.

Original picture
&
Fotoforensics

or

Original picture
&
Fotoforensics

or

Original picture
&
Fotoforensics

Google Earth Date Failure

Bellingcat rely on Google Earth dates when practical experience shows that many of the dates are aggregate and simply do not apply to parts of an image or image tile. This is a result of the Google imagery provider performing all sorts of manipulations to present an aesthetically complete set of images without tagging each part of the image precisely with different dates. Even Google doesn’t know the exact dates of many of its imagery picture elements.
Bellingcat as per usual practice did not point this out in their report – though they surely must have known of this issue. The effect this date uncertainty has is that every conclusion they made as to when images were released is flawed. They simply have no idea of the precise date

EXIF Data Relevance

Bellingcat reports adversely on the EXIF tags in images showing the last editor was a variety of photoshop. This may be factually correct but is completely irrelevant. The images were prepared for publication including annotations, cropping, and rescaling. They will of course have the last editor listed in the EXIF data. There is nothing sinister about it at all.

Phrase “Highly Probable”

The Bellingcat report uses the phrase “highly probable” when attributing malevolence to unnamed Russian authorities. It’s extremely clear that there is no high probability at all. There is simply wishful thinking by the anonymous Bellingcat author. There is no hard evidence of any sort to show deliberate tampering of images no matter how much Bellingcat wants there to be.

Bellingcat Investigators

There is no evidence that any of the ‘investigators’ or ‘team’ listed in the report have any qualifications to do this type of analysis.
For certain Mr Higgins has no qualifications or training in any relevant discipline. A temporary job in haberdashery does not make the grade. The other names are a puzzle. The ‘forensic’ investigator appears linked to a company specialising in computer gaming and creating false identities.
The ‘team’ has not provided any qualifications or experience for any of its members which is a pretty good indication they are simply a bunch of people off the internet pushing – badly – some agenda

Redux

In conclusion I reiterate the main issues

– Bellingcat ‘investigators’ are unqualified
– Their use of Error Level Analysis is incompetent
– Their reliance on dubious imagery dating is incompetent
– They have no idea about publication processes for digital
documents
– They make totally unjustified guesses at ‘probabilities’ and
present them as fact
– Their conclusions are unsound.

I say again about the purpose of this document. It’s not about
proving or disproving or rebutting anything. It’s about showing
how Bellingcat is fundamentally incompetent at best and quite
possibly malevolent at worst.

**********************************************************
*Comment webadmin*: see also first analysis from Russia
May a fruitful open sourse debate begin.

**Comment webadmin*: see also See also: Bellingcat photo ‘proof’ = spoof (February 2015)