top of page

Investigating Disinformation Online using OSINT

Disinformation and ‘fake news’ have infiltrated our vocabulary in a big way over the last several years. In this blog, we’ll continue to investigate the concepts of information validation and verification – this time, with a focus on investigating inauthentic content.

We’ll look at OSINT tools and tradecraft to identify and investigate information operations and campaigns in the online space, including:

  • Resources for understanding the online operating environment

  • Collective tools for key word and hashtag analysis

  • Pivoting from usernames and images

  • Investigating disinformation websites and domain metadata

We will also consider some of the challenges facing analysts and researchers who seek to identify and analyse inauthentic content online.

Disinformation in History

In or around 1903, a notorious antisemitic hoax known as The Protocols of the Elders of Zion first appeared in a Russian newspaper called Znamya (The Banner). Over the next few decades, this text was circulated in Russia and the West. In 1921, the London Times debunked the document, showing that it was plagiarised from other texts including a French political satire. Nonetheless, the Protocols were used in Nazi propaganda and schools in to inculcate an antisemitic ideology. Since then, the Protocols has been leveraged by antisemitic groups to continue to incite fear and hatred.

The very fact that inauthentic content published over a hundred years ago is still used to promote ideological narratives and manipulate audiences reflects how pervasive disinformation campaigns can be. Even after ‘fake news’ is soundly debunked and proved to be false (as the Times demonstrated way back in 1921), the content can still be used to sway and influence, and permanently muddy the waters of the information environment.


The Origins of Disinformation

The English term ‘disinformation’ originates from the Russian term Дезинформация, transliterated to dezinformatsiya, which was used as early as the 1920s to describe official dissemination of false information to influence public opinion. Disinformation isn’t a new phenomenon – ‘fake news’ and inauthentic content has been used to influence and manipulate for as long as we can remember.

Investigating Disinformation Campaigns and Inauthentic Content

So how do we begin to identify inauthentic content in the online space? Where do we look? And what are we looking for? Inauthentic content spans a wide range of topics – from macabre urban legends to bizarre conspiracy theories, to perhaps well-meaning but misinformed health advice. For researchers and investigators looking at disinformation campaigns, identifying key terms, narratives, and methods for disseminating and amplifying inauthentic content can not only help to debunk and counter disinformation, but can also help identify the actors that seek to influence the information environment.


  • Disinformation is false information that is deliberately spread to mislead others.

  • Constructed and spread to serve a particular purpose as part of information operations and warfare.

  • The intent of disinformation is to manipulate – the agent of disinformation knows that it is untrue.

  • Misinformation is inaccurate information that is unintentionally shared.

  • It is often a strategic output of disinformation – directed disinformation leads to the spread of misinformation.

  • The original intent or agenda is unknown to the disseminator.

  • Propaganda is the use of communications and information to promote a political or ideological agenda.

  • Propaganda is often biased, but it may not necessarily be untrue. Facts may be misrepresented to support or promote narratives about the world

  • Malinformation is when mainly factual or true information is used to cause harm to a person, country, or organisation.

  • Malinformation may present true information in a disingenuous way to achieve a divisive agenda.

Understanding the Online Operating Environment

Disinformation campaigns might not be new, but the internet has drastically altered the scale and effect of information operations. Having a thorough understanding of the online operating environment is essential for researchers and investigators seeking to understand how, where and why inauthentic content is disseminated online.

When planning an information operations investigation, we should ask which platforms are being used to disseminate and amplify inauthentic content?

Social media penetration varies significantly depending on country. DataReportal publishes reports on digital trends and social media usage, which can help answer questions about platform usage and reach for specific demographics: