You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
"We deem the forensic investigation to be complete and we are ready to answer any questions". The judge proposes a half-hour break before resuming with - the telephone intercepts. (The judge knows how to tease the next episode)
While we wait, here's a slow-motion video of the BUK blow-up & damage assessment experiment the JIT conducted in 2016pic.twitter.com/XOgAxAmNj1
Prosecution now explains why SBU were able to publish intercepts several hours after the shootdown. SBU had been tracking these phones for months already. After the incident SBU engaged its field offices to listen to recent calls to find relevant conversations.pic.twitter.com/zyX2Fk6fOe
These initial "hits" were only starting points, and not the final evidence. They provided leads to look for other calls, and to start interpreting topics and references. Data was aggregated from 3 different sources: intel, ongoing criminal investigations, and MH17 investigationspic.twitter.com/c8We0YAtnO
Depending on the source of telecoms data, different clearances were needed under Ukraine law - the most cumbersome and time-consuming was data that came from ongoing criminal investigations. There a court decision was needed to declassify the data.pic.twitter.com/zmvgBOiLxF
Initially, SBU searched for references to "BUK"s to find relevant convos. But soon it became clear Russia's FSB had provided special secure phones that couldn't be tappedpic.twitter.com/Ylgo5xcjdI
Here, Girkin doesn't know how to turn on the encryption...pic.twitter.com/PhL0qU40oc
In another call, with Vladimir Ivanovich (identified by us as FSB's Gen. Andrey Burlaka), it could be heard how encryption can be turned on and off during a call.pic.twitter.com/5fG8QrYyvs
JIT didn't just take SBU provided intercepts at public value. It applied a holistic validation method - comparing Ukraine data with international call metadata, confirming content with some participants, and finding open-source confirmation of certain calls having taken placepic.twitter.com/wXcru1bfeN
In addition Dutch IT forensic experts conducted on-the-ground network experiments in Ukraine and compared it to the metadata obtained from Ukrainian mobile operators.
Network measurement near the launch site and along thte suspected BUK route could only be made a year after the crash, due to hostilities and local militant restrictions. LNR for example didn't allow measurement (red segment).pic.twitter.com/ZVKNdyeqk5
Although incomplete and delayed by a year, the network measurement data provided valuable data to both validate telecom data and to identify the location of people speaking. Care was always taken not to jump to conclusions due to distance b/n cell tower and telephone, etc.
The network connection data was used as additional, and not as primary source of data, to validate other findings (such as discussion of a movement of a suspect, or a visual sighting).
Another validation route was by cross-referencing hardware signatures (IMEI) among different operators, and call duration and timing metadata (i.e. to ensure there was no overlaps or other inconsistencies)pic.twitter.com/8Q5NY3Dwju
Dutch telecoms experts with large forensic experience analyzed the comprehensive Ukraine-provided data and concluded that its integrity is the same as would be expected in any Dutch investigation.
Whenever any Ukrainian intercept included an international call, JIT retreived the corresponding call metadata (or audio) from the other (Polish, Spanish etc) mobile operator. All such cross-checked matched.
JIT also used admissions by call participants that they did indeed speak the words contained in the intercepts.pic.twitter.com/ZXemBfSJIp
JIT and journalists also confronted other persons of interests who claimed that they did speak the content that was heard on intercepts, but on a different date. Dubinsky was one example. However data from such other date showed no such calls were made or possible.
Another "validation" example was an intercept between Girkin and Konstantin Valeryevich (identified by us as Malofeev). The content of the call was confirmed by contemporaneous news reports in the Russian mediapic.twitter.com/S8bc1aHeP1
In one last example, suspect Dubinsky reported on 16 June 2014 that Bezler's unit had just downed a Ukrainian SU fighter jet. This was also confirmed by contemporaneous news reports.pic.twitter.com/haSICiRiQS
In summary, JIT conducted a holistic, multidisciplinary validation of all calls shared by Ukraine, and have concluded that it's implausible that any manipulation of the handed-over call data may have taken place.
Prosecutors describe how they searched for witnesses. The first way was by using tips provided by SBU from ongoing investigations. Second were other countries that provided access to witnesses. Third, repeated appeal for witnesses were made by JIT via web, radio ads etc.
JIT also targeted individual potential witnesses via DM's, phone calls and social media. Many of these targeted individuals referred JIT to other people who might have had more information. This approach led to dozens of witness statements both in and out of Eastern Ukraine
These witnesses include former Russian mercenaries, Donbass separatists, journalists, local residents. Some of them were and/or are in Russia. We took their security as our primary goal.
Different approaches to witness safety were taken depending on the risk level. In some cases they were just assigned an ID number, their identity known only to JIT investigators. In other cases parts of the testimony was excluded by the investigative judge to protect identitiespic.twitter.com/Z3z3ZoFglC
Witness came forward between 2014 and 2019, and in 2019 the investigative judge started hearing each witness, and studied their individual safety situation to approve or not their anonymization. The judge also independently assessed the credibility of such witnesses.
Per Dutch law, an indicted party may challenge the anonymization of witnesses. In this case Pulatov challenged the anonymization of all secured witnesses, and a separate review court accepted that for one of them the procedure was not followed properly. All others remain anon.
JIT now will discuss the gathering of video and photo evidence, as well as the digital open source investigations, including the private investigations by journalists and citizen investigators.
Prosecutors explain the mammoth work that needed to be undertaken to monitor, capture and archive ALL potentially relevant online posts, images, video publications that might in the future provide evidence. This was done on a mass-scale basis using ML algorithms.
Initially only purely openly accessible sites were monitored and scraped. Later, JIT decided to create passive accounts to access membership status to certain closed online groups to be able to collected shared data therein. JIT obtained court-approved decisions for such access.
Following the prosecutor's presentation of the types and methods of evidence gathering and validation, the hearing for today is adjourned, and will resume tomorrow.pic.twitter.com/nE3deQt2Yd
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
