Reflexive Control as a Risk Factor for Using OSINT: Insights from the Russia–Ukraine Conflict

Abstract Special governmental services, security services of leading companies, and private researchers rely on open-source intelligence (OSINT). With the development of the Internet and social networks, open-data intelligence is increasingly turning from a subtle art into a “mechanical” process—the more data, the better. OSINT professionals’ competence enables verification of information and minimizes the chances of deception unless the intention of the investigation and the data’s locale are previously known to their adversary. In this very case, the hunter can get into a trap dexterously rigged by an adversary. This article discusses the risks of disinformation through open sources in the context of the Soviet concept of “reflexive control”; that is, imposing unfavorable decisions on the enemy through the introduction of incorrect premises, exemplified by the experience of the Russian–Ukrainian conflict since 2014. The article evaluates the influence exerted on the governmental and military decisions by disinformation through open sources, examining several reported cases. Systematization of data on previous attempts at reflexive control, such as Russian information operations, can increase the accuracy of assessing the depth of an enemies’ reflexion, which helps to reveal their operational plans and predict further actions because disinformation often precedes other forms of aggression.

known as "chickenfeed"-necessitates rigorous cross-checking of any data obtained through human intelligence (HUMINT), while information gleaned from OSINT tends to be perceived as a serendipitous discovery, due to the contrasting nature of its chain of custody (e.g., random social media users can be considered independent from the adversary).Moreover, some organizations do not have enough resources to crosscheck sources, especially when it comes to social networks. 6The quantity of evidence to support a particular speculation is occasionally misconstrued as proving its quality, although such illusions are not uncommon when analyzing information obtained by other methods. 7he reflexive analysis of the situations presented in this work is based on the principles formulated by Vladimir Lefebvre in his classic monograph Conflicting Structures, 8 and the classification of reflexive technologies by Vladimir Lepskiy. 9Lefebvre is the founder of the Soviet theory of reflexive control, which was intended as an alternative to the then widespread game theory. 10Its key difference lay in the fact that it had considered the impact of the surrounding people's values on decisionmaking even before game theory, influenced by behaviorism, began to allow for sociocultural factors as well as the limitations of information and cognitive capacity.A similar approach is applied in this work.Although the theory of reflexive control does not claim to be exhaustive when it comes to predicting the risk of disinformation, in order to obtain a better insight into patterns of thinking within the post-Soviet special services, we can limit ourselves to what appears to be a locally established, and therefore contextually relevant, strategic methodology.An approach to the analysis and forecasting of international conflicts tailored to the behavioral and cultural characteristics of the population (e.g., Russian) under consideration seems to be a useful addition to the tools for not only OSINT specialists, but also scholars in security studies and international relations.
The very term "disinformation" is of Russian origin and traces back to the first Soviet special information and propaganda department, with the speaking name "Disinformation Bureau," created in 1923. 11Its tasks included creating specific articles and news stories for the periodicals to facilitate the spread of fabricated materials. 12During the early years of the Soviet Union, the Disinformation Bureau was supposed to counter negative images of the country in the foreign press and to promote communist ideology.Later, the bureau served to support Soviet foreign policy objectives, such as expanding its influence in Europe, Asia, and Africa, discrediting the Western powers and their allies, and portraying the Soviet Union as a champion of peace and social justice.
Careful consideration of applying reflexive control through open sources raises some methodological issues, such as what distinguishes ordinary propaganda in the media and certain anonymous pages on social networks from disinformation through open data.Classic propaganda techniques like those involving distracting attention to a worthless object for an internal audience, or the so-called firehose of falsehood, indicate simple reflexive control of the first rank.Based on the simplified decisionmaking scheme, proposed by Lefebvre, various first-rank reflexive control technologies can be reduced to the following interaction between a subject and an object.A subject conveys an object, the premises from which the object deduces the decision predetermined by the subject.This indicates the object's reluctance or incapacity to create an exhaustive reflexive representation of the subject and therefore a zero rank of reflexion, implying unawareness that the subject could be manipulating them.However, intelligence specialists, having a higher rank of reflexion and knowing about potential manipulations, may try to form a reflexive image of the subject gained through OSINT, considering open sources independent of the subject.The subject, meanwhile, having formed a more advanced reflexive representation of the object (the second rank of reflexion), may have a lead on which sources they would rather look to for information and falsify it in advance; this is simple or double reflexive control of the second rank.More elaborate options are also possible, when the subject, aware of the object's mistrust, reports real facts to make the object come to opposite (false) conclusions.Thus, although the propaganda intended for a wide audience is a particular case of the same reflexive control technology, disinformation targeting a subject who has at least basic criticalthinking skills and fact-checking capabilities understandably presents a far more complicated task.However, reflexive control operations can be multistage and imply, for example, influence on the political leadership through public opinion.
Another difficulty in the implementation of reflexive control stems from the challenge of deducing the most probable open sources into which a potential object of influence can tap.In fact, to maximize efficiency of disinformation through open sources, the organizer of the operation also needs detailed information about the methods and objects sought for in an adversary's OSINT investigations.However, even without extensive preparation, the dissemination of slanted disinformation in open sources, entailing neither significant risks nor significant resources, can be conducted on an ongoing basis.
This article asks how reflexive control is carried out through open sources and to what consequences it leads.The topic is highly relevant, because successful application of reflexive control by disseminating misleading or biased information through open sources creates the risk of making decisions for the benefit of an enemy by the military command or public authorities. 13n order to assess the risks of using OSINT to collect information about an adversary, it is necessary to have at least a rough estimate of their expected rank of reflexion in various situations, which shows how many further steps in disinformation measures they can plan ahead. 14The scholarly literature has repeatedly provided evidence of the impossibility of successfully implementing reflexive control above the second rank in wide practice, due to objective limitations of human cognitive potential and computing power. 15owever, given the data on HUMINT operations and other historical experience in intelligence, some researchers question the sustainable effectiveness of "strategic" deception even in second-rank reflexive control operations. 16So far, the only methodological approach to determining the expected enemy rank of reflexion consists in a rough estimate of its probability based on the usage frequency of certain ranks of reflexion during already-investigated adversary activity in the past. 17Thus, the purpose of the study presented in this article is to systematize the description of the most common scenarios for the use of reflexive control through open sources, to assess the depth of reflexion and analyze their impact on the course of the Russian-Ukrainian conflict since 2014.The results of the study can help us to uncover an adversary's operational objectives and accordingly to plan protective measures against them.
Ranking reflexion without complete impartial information about the intentions of belligerents can present some difficulties, including the risk of overrating a current operational rank of reflexion, as illustrated by the following example.Ukrainian military experts in November 2022 worried what statements by Russian officials and journalists about the retreat of the Russian Armed Forces from captured Kherson could really mean.It could have been the preparation of public opinion in Russia for a painful decision (the first rank of reflexion), or a deceitful maneuver to lure the Armed Forces of Ukraine (AFU) into a trap (the second rank of reflexion), or even disinformation to make the AFU apprehensive about an eventual trap, thus slowing down their advance toward Kherson (the third rank of reflexion).Unfortunately, even knowing the outcome-the AFU liberated Kherson without a fight-we cannot assert confidently what probable intentions the Russian speakers actually had before the operation.However, even in the absence of exhaustive information about all aspects of modern Russian information operations, they are worth examining to estimate the Russian command's capability to use reflexive control.
Notably, the 2023 Annual Threat Assessment of the U.S. (IC) ranks Russia as a significant foreign influence threat to the United States, using its intelligence services, proxies, and a wide range of influence tools to undermine U.S. global standing, sow discord, and influence U.S. voters and decisionmaking.According to the U.S. IC, Moscow achieves this through a network of state media, proxies, and social media influence actors, and spreads original stories or intensifies preexisting popular or divisive discourses aiming to penetrate the Western information environment, including disseminating false content or amplifying information that benefits Russian influence. 18

MATERIALS AND METHODS
Due to regulatory restrictions on the timing of the disclosure of either the Russian or the Ukrainian state archives related to special operations, the article uses only open data to describe current events.Because the study is dedicated to public opinion, the views of the expert community and officials as well as references are drawn from sources that envisage the technical possibility of verifying the authorship and authenticity of the relevant beliefs.If official statements are cited in the media, the links to publications in their respective online versions are offered.Given that a significant portion of the article is devoted to OSINT in social media, there are links to original social media posts that were later covered in the press.Certain materials that have already been deleted from the origin sources are provided with links to relevant copies in open archives of Internet resources.The article also contains materials from official state websites regarding the statements that were distributed through them rather than through official social media pages.
The methods of collecting information from different source categories vary significantly, but almost all of them can be falsified.In general, open sources can be divided into two types: authenticated open sources, which have a reliable intelligence chain of custody, and unauthenticated open sources, for which the chain of custody remains unverified or unestablished.The following empirical sections focus on examples of disinformation operations that have been, or could be, carried out for each respective source category.

AUTHENTICATED SOURCES
There is reason to believe that intervention in the official registers and archives of many states by their special services has long been a widespread practice.This is especially widely used when preparing a legend for intelligence agents, who are given false passports and biographies, while appropriate changes are made to the archival documents of educational institutions and enterprises, up to graduation albums and even "halls of fame."The exception is a leakage from databases of the state organizations, banking sector, and large companies published on the dark web forums.For example, with little effort, one can find, through the dark web, the database of the State Tax Service of Ukraine for 2006, which contains the names, dates of birth, and addresses of the vast majority of Ukrainian citizens and foreigners who received a Ukrainian tax number before that year, not excluding intelligence officers who were registered at the addresses of departmental dormitories during and after their studies.Such archives contain valuable historical data, primarily reliable identification information on suspected agents, even if classified or distorted later on.An example of the successful use of such materials is a series of journalistic investigations published by bellingcat, which revealed the real names and biographies of many Russian intelligence officers. 19As for Internet services that provide access to personal data or search by biometrics, they can be secretly controlled by special services, thus supplying no information on covert agents and instantly informing their curators about such requests.Consequently, recourse to these services may carry unacceptable risks for investigations against hostile states.
Materials from the press, radio and television, and news websites are the most heterogeneous category of information sources for OSINT.For example, Russian state media, figuratively speaking, represent part of the armed forces of the Russian Federation. 20But the situation is complicated by what is known about entire journalistic platforms in Europe (e.g., Bonanza Media in the Netherlands) and Africa created or developed with the covert assistance of Russian intelligence agencies to conduct propaganda. 21eanwhile, real European citizens can be involved in such media projects, confident that they are conducting objective journalistic investigations supported by "crowdfunding."Bonanza Media's "documentaries" feature interviews with "eyewitnesses" to the 2014 downing of flight MH17 by some Ukrainian fighter jets and with a "cyber security expert" from Malaysia who claims that the audio recordings of some intercepted phone calls from pro-Russian separatists appearing in the criminal case are forged. 22Such evidence is then used for recursive internal propaganda in the Russian Federation, wherein it is even more convincing for its citizens if backed by some foreign and often adversarial sources. 23However, it also affects European independent researchers.Thus, for example, the Dutch take third place, after English speakers and Russian speakers, among Twitter users supporting conspiracy versions of the downing of the MH17. 24Remarkably, according to the same 2018 study, the groups of supporters and opponents of the official version of the investigation are almost equal in number.The fact that they are real users (and do not belong to "bot farms"), partly from the expert environment, indicates, in this particular case, the effectiveness of Russian propaganda through the press and social media.
Open-source research is a traditional tool for scientific and technological intelligence.Periodicals, patent databases, specialized international exhibitions, open presentations, and the marketing materials of leading companies are all carefully studied to extract information about real progress in the development of the state's defense potential.No surprise, then, that it was this area where the most famous examples of reflexive control of the twentieth century arose, namely: the Strategic Defense Initiative in the United States and military parades in Moscow with mock-ups of intercontinental ballistic missiles, which were never deployed. 25Therefore, the classic problems of scientific and technical intelligence, which can be described as a "lack of information about the development does not mean that it does not exist" and "information about the impossibility of development is not always reliable," have been replenished with another one-namely, that "information about the existing development also does not guarantee that it exists." 26In 2015, during a broadcast on the Russian state Channel One, a description of some Russian unmanned underwater vehicle equipped with a nuclear power plant called "Status-6" (later known as 2M39 "Poseidon," North Atlantic Treaty Organization [NATO] reporting name-Kanyon), allegedly accidentally flashed briefly onscreen. 27Its technical report indicated some specific deadlines for deploying the underwater complex, ostensibly capable of inflicting "guaranteed insufferable damage to the territory of a country."According to most experts, this leak was deliberate to force the United States to reconsider their plans to supply Europe with missile defense. 28In 2018, the Poseidon system was openly presented during Vladimir Putin's annual address to the Federal Assembly, alongside other recent developments of the Russian military-industrial complex, which had either been stuck at the stage of testing, like the "Burevestnik" intercontinental cruise missile (NATO reporting name-SSC-X-9 Skyfall), or had been produced in minimal quantities, like the "Avangard" missile system, meaning they could not change the global balance of power.Notably, the Russian Defense Ministry willingly invited U.S. inspectors to evaluate this promising missile system in Udmurtia, in 2015, although, according to the "New START" treaty, 29 any verification can be carried out by national technical means alone. 30Being rather superficial, these information operations, aimed rather at a wide range of experts and the civilian population than at the IC, led to the maintenance of a sustainable image of the "second army of the world" until 2022.This impression still plays into the hands of the Russian Federation, making the European public reluctant to confront it and ready to exercise pressure on their governments to avoid any frightening escalation (e.g., caused by expanding support of European states to Ukraine). 31he U.S. decision to disseminate intelligence directly among the Ukrainian government and media during the onset of the Russian invasion in 2022 turned classified sources into valuable open sources.The intentional declassification and sharing of this intelligence were meant not only to inform but also to deter.American officials indicated possible Russian plans to use chemical weapons in Ukraine, a statement later reiterated by Joseph Biden.Nevertheless, in April 2022, three officials clarified that there was no evidence of Russia positioning such weapons near Ukraine, asserting the intel's release was rather meant to dissuade Russian use.Claims were also made of Russia seeking military assistance from China, but these lacked substantial evidence according to U.S. and European officials.Again, the allegations were purportedly made to deter China from supporting Russia. 32

UNAUTHENTICATED SOURCES
Online maps, directories of phone numbers (both online and offline), and other resources that include the functionality of updating by ordinary users hold huge potential for OSINT and a significant risk of being used for disinformation purposes.In response to ongoing speculation that the Russian Armed Forces might be utilizing Google and Apple's geoservices to identify targets within civilian infrastructure and eventually guide missiles, both companies temporarily suspended certain features for Ukraine in spring 2022.These features included displaying traffic congestion in real time, specifying the occupancy level in establishments, and the option of adding new geotags. 33Popular phone number tagging apps like "GetContact" also have no safeguards against the deliberate spoofing that facilitates the planning of information operations.Moreover, due to the ease of interference, such directories and online maps are often deliberately filled with false information intended for pranks, let alone unintentional errors, which makes risks in the context of reflexive control highly unpredictable.
Forums, blogs, and other websites are the largest category of OSINT content sources.It is difficult even to list all the risks to which an analyst is exposed because of an indiscriminate approach to searching the Internet.Generally, these include outdated information, inaccurate information, misinformation posted by agents-administrators of the resource, misinformation posted without authorization through hacking the resource, software that informs the developer of interest in a particular topic and reveals the source of interest ("canary tokens"), and materials with embedded malware.
Even though the other half of these scenarios, which are directly related to reflexive control, are uncommon, they still pose a significant threat.The websites of government agencies in both countries have been regularly hacked throughout the Russian-Ukrainian conflict, sometimes under false flags.One such incident occurred on 14 January 2022, when the website of the Cabinet of Ministers of Ukraine was hacked, 34 and then an announcement with some threats based on historical issues of a highly sensitive nature for the Poles and aimed at inciting ethnic hatred was posted on it. 35Being posted in three languages-Ukrainian, Russian and Polishthe content of the text and metadata of the image were supposed to hint at the Polish origin of the advanced persistent threat. 36The links that the text urged to click likely contained malware.Given the combination of accompanying historical circumstances, it is difficult to call this a convincing attempt at reflexive control.Nonetheless, it proves that unauthorized interference with the operation of web resources can have more complex goals than typical sabotage or reconnaissance.
However, the biggest "battles" over modification of static web content unfold in the public Internet encyclopedia Wikipedia, which has gained a reputation as a universal source of information.For example, due to the appearance of a new account of the MH-17 incident suggesting the flight was downed by a Ukrainian Air Force SU-25 fighter, in 2014 a "war of edits" began on the page of the encyclopedia about the role of the fighter jet.The characteristics of the fighter, including a practical ceiling of 7,000 meters, meant it could not even theoretically shoot down a civilian airliner at an altitude of over 10,000 meters.Thus, it was this feature that Russianspeaking users sought to replace with higher values based on data, gleaned from the technical literature, on the modification of SU-25T (with an airtight cockpit), although the Ukrainian Air Forces were not armed with these.A certain Wikipedia user even noticed that the Internet Protocol (IP) addresses from which these edits originated belonged to the Federal Security Service of the Russian Federation. 37A journalistic project revealed 6,909 edits to Wikipedia made from the IP addresses of Russian government agencies during 2003 and 2014, 38 and a 2022 study found that 86 Wikipedia editors had been banned for biased edits to articles related to Russia. 39n the classification of Lepskiy, 40 these information operations refer to simple reflexive control of the second rank: party A, knowing that party B has a unit that deals with OSINT, falsifies those materials in open sources such that party B's specialists form a false impression about the actions of party A. The following example illustrates the double reflexive control of the second rank.On 25 September 2019, unidentified attackers hacked the Lviv municipal community's website Ratusha, which features local news. 41Then they posted there the news that during the international military exercises "Rapid Trident-2019" (in the Lviv region), a serviceman from Poland shot a Ukrainian soldier.The news was accompanied by a screenshot of an allegedly relevant message from the regional website of the Ukrainian National Police.A few hours later, this fake news was consistently refuted, first by Ratusha, whose editors reported that a hacker attack had been made on the site, then by the police, whose communication department denied it had provided this news item or made it available on its website.Later it turned out that the photography in question was taken in 2018 at the scene of a murder in Odessa.However, by the time of debunking, several national Ukrainian media, as well as a large number of Russian ones, had spread the fake news.Experts dismissed this episode as an attempt to discredit the Rapid Trident-2019 exercises in the Ukrainian and Russian public, as well as to undermine the efforts of Ukrainian and Polish diplomats to resolve complicated issues of interethnic relations. 42Such simple reflexive control of the second rank is depicted in Figure 1.
Yet the most prominent and dynamic category of information sources for OSINT is social media-the main location for user-generated content.The intelligence discipline in this field has become so specific that it has received its own name-SOCMINT.A cultural phenomenon that implies a constant desire for self-presentation leads criminals to publish photos with their accomplices and stolen items, impels dishonest officials and their relatives to flaunt their wealth, prompts the military to reveal their positions and weapons, and so on.Social media and the associated basic level of publicity form such an essential part of modern culture that avoiding the creation of any public account is no longer advisable because its absence would seem suspicious.To provide necessary anonymity there is a practice of creating fake identities from scratch or stealing the identity of another individual.However, particularly interesting is falsification or publication of specially selected open data to manipulate the enemy, because it is quite difficult to verify the reliability of the source in social networks.
For example, Ruslan Leviev, a founder of the Conflict Intelligence Team (a group of Russian opposition bloggers who conduct open-source investigations into various circumstances of armed conflicts), has argued that PMC Wagner could have deliberately provoked the strike by the AFU at their base in Popasna city on 14 August 2022 43 in order to detect the positions of HIMARS rocket systems. 44Almost six months had passed since the beginning of the full-scale aggression of the Russian Federation in 2022, so it was well known that both sides were actively using OSINT, including surveillance on the social networks of all possible participants in the hostilities.However, the photographs, which Russian war correspondent Sergei Sreda published on his Telegram channel on 9 August (five days before the shelling), provide not only enough information to determine the location of the PMC Wagner base, but even depict a sign with the name of the street, and a man remarkably similar to Yevgeny Prigozhin, who is considered to be the founder and head of the military company. 45n the same day, the publication was reposted to the GRAY ZONE Telegram channel, which, according to some researchers, is affiliated with PMC Wagner, 46 while Sergey Sreda works for the Federal News Agency, which some experts consider to be another part of Yevgeny Prigozhin's media conglomerate. 47The next day, on 15 August, the head of the Luhansk regional military administration, Serhiy Gaidai, reported on the strike: The AFU again successfully worked out attacking the enemy base, which had been pointed out by one of the representatives of the Russian media.This time it was yesterday in Popasna, where the Wagner's base was smashed with a precise blow. 48rainian journalist Andriy Tsaplienko wrote the following: "Several Russian military propagandists report that they have not been able to establish contact with Yevgeny Prigozhin since the moment the AFU hit the Wagner headquarters in the occupied Popasna, Luhansk region." 49That is, the AFU and public figures reacted exactly as one would expect when a priority target was discovered.It is all the stranger that the correspondent, Sergei Sreda, allegedly guilty of a gross violation of the standards of his profession and the death of an unknown number of allied fighters, not to mention the threat to the life of his indirect leader, was not called to account and in the end retained his position in the Federal News Agency.On 6 September 2022, he was the first among Russian journalists to visit the village of Kodema in the Donetsk region, invaded by the Russian Armed Forces. 50herefore, there is reason to believe that the purpose of the operation was to draw the attention of the AFU to a certain object in Popasna, to track the activities for additional reconnaissance of the target and, thanks to this, or at the time of the shelling, to identify the positions of the Ukrainian HIMARS complexes.
Another remarkable example of an information-psychological operation of the Russian Federation was the fanning of mass hysteria about the so-called marking in Kyiv and other settlements in Ukraine during the first weeks of the full-scale invasion.Several anonymous Telegram channels were created to offer Ukrainian citizens money for drawing signs at specified geopositions, putting up advertisements on poles or buildings in the streets, or shining a flashlight through the window at a certain time. 51he links to these channels were actively spread through patriotic Ukrainian resources, encouraging people to identify collaborators and eliminate the marks.Most likely, the calculation was that the population and law enforcement agencies would try to search out nonexistent voluntary "aimers" instead of focusing on real saboteurs, who did not need any marking, being equipped with modern means of communication and maps of the area.It should be noted that the goal was achieved and did indeed work for a time.Ukrainian law enforcement agencies and the authorities of several cities, including Kyiv, officially appealed to citizens with a request to identify and immediately report any marked places, adding relevant photographs. 52evertheless, the following features of the channels' content make it dubious that their creators actually planned to recruit such "aimers": 1. the name of the channel (e.g., "Booms Claymore Air") clarifies the ultimate goal of the tasks, which scares off potential performers; 2. mention is made of hand-to-hand handover of tools, which is a completely unjustified risk for alleged agents, the location of which is disclosed online; and 3. payment for the implementation of the task is offered in advance, making misappropriation of the payment without performing any work possible and risk-free, which in fact eliminates the target audience's motivation to fulfill their obligations.
On 27 February 2022 (on the fourth day of the invasion), the advisor to the Office of the President of Ukraine, Oleksiy Arestovich, gave a press briefing at which he stated that "marking" cannot be used to target military equipment or aircraft, and yet can be a reason for the spread of "spy mania." 53eing rather trivial, "throw-in" or "stuffing" information through social networks has gained popularity, spreading lightning fast both purposefully and naturally if the topic of the publication is resonant.The classic example is "air traffic controller Carlos," who is the source of the fake account of the downing of MH17.For unknown reasons, Spanish citizen Jose Carlos Barrios Sanchez, as Radio Liberty found out in their investigation, had been writing a personal blog on Twitter since 2012, where he pretended to be an air traffic controller at the Kyiv Boryspil airport. 54In 2014, he began to publish his account of the events allegedly witnessed while on duty, putting them in the context of the Russian narrative about Ukraine.On 17 July, the day of the accident, he tweeted that before the Boeing 777 disappeared from the radar, there had been two Ukrainian fighter jets next to it.It was this report that many Russian news agencies, 55 officials, and even Vladimir Putin, 56 as well as some independent researchers, referred to as an eyewitness account in the initial attempts to investigate the causes of the crash.It turned later out that the version of the Ukrainian Air Force involvement was untenable, Carlos must have never worked as an air traffic controller, and on top of everything, he had been repeatedly prosecuted for fraud by law enforcement agencies in Europe.In 2017, Carlos made a sensational confession on Radio Liberty about having published fake messages on Twitter at the behest of the Russian state broadcaster RT, for which he had been paid a total of $48,000.While it was not possible to confirm this statement, it has been revealed that, two months before the MH-17 crash, the Spanish branch of RT interviewed him as a Kyiv air traffic controller of Spanish origin.This precedent shows that the Russian special services and allied government agencies can perform multistage information and psychological operations, although this usually implies a long-term and fundamental preparation of the core resources that precedes the crucial stage of their application.In the mentioned case, when the second phase of the operation was launched, Carlos' blog had already had several thousand subscribers, and his title had been confirmed by the television and radio interviews in several countries.
Conducting OSINT research related to the dark web and cryptotransactions presents a significant challenge compared to other categories of information sources. 57This is a consequence of the fact that these technologies were originally designed for maximum secrecy and anonymity.For the same reasons, there are practically no popular social networks on the dark web, and most of the resources are aimed at selling certain goods or services.This means that practically no "random" materials appear there, while experienced users are well aware that even a minimum of published information can be carefully investigated by law enforcement agencies.Moreover, the simplest and relatively safe "business" for the dark web is ordinary fraud.Due to the specifics of the goods offered, victims are unlikely to seek legal assistance in case of loss of prepayment, which makes fraud the most rational and attractive illegal craft. 58Therefore, if the task consists of exploring markets or offers during open-data research on the dark web, while lacking reliable information about the reality of specific transactions, one should bear in mind that the vast majority of "sellers" do not have the declared goods or the ability to provide the services they offer. 59That is, a significant part of the information on the dark web, even presented in the form of "white" and "black" lists of resources, contains disinformation.However, there are other examples of reflexive control through publishing falsehoods on the dark web in order to discredit the individuals to whom certain illegal economic activities have been attributed.Thus, officials in a number of European countries have noted that Russia is conducting an information campaign against Ukraine, accusing it of insufficient control over the circulation of weapons received from allies in 2022. 60In the course of monitoring Russian Telegram channels, experts of the Ukrainian Center for Security Studies "CENSS" discovered examples of fake advertisements for the sale of weapons through dark web marketplaces, wherein the Ukrainian origin of retailers was artificially emphasized. 61n April 2019, Russian state-run media began frequently quoting the anonymous Telegram channel "Confession of an FBK employee," FBK being the Anti-Corruption Foundation led by the Russian oppositionist Alexei Navalny. 62Using the open blockchain of the Bitcoin cryptocurrency, the authors of the channel found overlaps between the dates of large transfers to FBK wallets for donations and the release of several well-known FBK investigative videos, while large withdrawals coincided in timing with Navalny's vacations, known to be spent with his family abroad. 63Thus, they conclude that FBK receives payment for the publication of compromising materials about certain individuals or for corresponding investigations, and the head of the fund spends cryptocurrency for personal needs.Using open data, it is not possible to ultimately prove or disprove these statements; nevertheless, this correlation pattern does not hold if tracked over extended periods.That is, the use of cryptocurrency, where there is no information about the parties to the transaction and the purpose of the payment, opens a wide space for information speculation in certain scenarios.
The so-called showdown of reflexive control is here worth considering because it could exemplify more rare technologies of the same kind.Party A wants to influence party C, causing it to distrust party B. Knowing that party B is carrying out intelligence activities, party A falsifies compromising material about itself and places it in such a way as to ensure it is discovered by party B's specialists.After party B publishes these materials, party A publicly discredits party B in the eyes of party C, demonstrating the unreliability of the published materials.In such a scenario, party A does not incur any reputational losses, even if their involvement in this fabrication is revealed.In 2017, Ukrainian political blogger Anatoly Shariy, who is accused by the Security Service of Ukraine of treason and of working for the Russian special services, 64 organized a provocation against journalists from the Fifth channel, owned at that time by Ukrainian President Petro Poroshenko.One of the covert blogger's supporters reported on Facebook that he had exclusive compromising information about Shariy.When journalists showed an interest, the user sent them a series of photos and videos prepared in advance.After the journalists had demonstrated, on air on the television channel, the received materials about Shariy's fraud and the money obtained for pro-Russian propaganda, the same blogger released the full versions of the videos, clarifying that they had been staged.In the next episode of the television program, the Fifth channel journalist was forced to admit that he had become a victim of an information operation.Characteristically, some Russian media widely covered the incident, even suggesting that Minister of Information Policy of Ukraine Yuriy Stets, who was believed to oversee the Fifth channel, resigned on the same day precisely because of this situation. 65his example of second rank double reflexive control is shown in Figure 2.
However, information operations of this kind are much less common than ordinary fakes because, in practice, they require lengthy preparation, limited opportunities to double-check the materials by the object of the provocation, and a certain serendipity, or at least a good opportunity.In its complexity, this special operation is comparable to the transmission of "chickenfeed" through a double agent.Perhaps one of the most illustrative among known examples of a comprehensive approach to organizing such a provocation is the operation held by the First Chief Directorate of the State Committee for Security (KGB) of the USSR under the code name NECRO in 1986.According to materials from the declassified archives, 66 the ultimate target of reflexive control was Yaroslav Stetsko, the chairman of the overseas center of the Organization of Ukrainian Nationalists, one of the then most powerful organizations fighting for the independence of Ukraine and pursued in the USSR as a terrorist organization.According to the chairman of the KGB of the UkrSSR Stepan Mukha's memorandum, an obituary of Yaroslav Stetsko, who, although seriously ill, was still alive at that time, was broadcast through operational capabilities, on behalf of the Ukrainian editorial office of Radio Liberty.The obituary was republished by some foreign print media owned by Ukrainian nationalists.The organization began discussing vigorously the candidacies of Stetsko's successor, which, according to the KGB, caused his severe nervous breakdown and, consequently, premature death.Thus, the third rank of reflexion was applied (see Figure 3).
The rapid development of machine learning technologies and neural networks allows for the creation of increasingly advanced deep fakes.The sufficient level to deceive OSINT specialists has not been convincingly achieved so far.However, deep fakes are already being used for information operations.For example, on 24 June 2022, the mayor of Berlin, Franziska Giffey, talked through a video call with the fake mayor of Kyiv, Vitali Klitschko, for about half an hour. 67Suspicions arose only after the "mayor" had begun asking obvious provocative questions that could ignite international tensions.Later, a recording of the conversation was published by Russian pranksters Vladimir Kuznetsov and Alexey Stolyarov (better known as Vovan and Lexus), whom UK officials had previously dubbed Russian state actors. 68n March 2022, the Main Directorate of Intelligence of the Ministry of Defence of Ukraine stated that they had been informed that Russia had been preparing a deep fake with Vladimir Zelensky's image.69 It was assumed that the video with the "President of Ukraine" declaring the necessity for capitulation would be published at the moment of greatest social tension in Ukraine.As shown above, a wide audience of ordinary users of social networks can provide a convenient transitional object for double reflexive control.Nowadays, one of the most common methods for creating fake news is borrowing a photo or video from an old publication, although this forgery is not difficult to detect using publicly available technologies (searching for similar images).Nevertheless, the widespread use of deep fakes, which could be massively shared by real users of social networks, may create serious challenges for OSINT in the near future.

DISCUSSION
Sometimes versions of a planned provocation can be easily dismissed because sound decisionmaking at the level of the military command or the state should never rely on one single data source.Thus, as for the shell that hit the headquarters of the private military group (PMC) Wagner in the town of Popasna, some researchers noted that the Guided Multiple Launch Rocket System (GMLRS) strike had been inflicted on the house situated next to the one depicted in the photographs.This testifies to the successful completion of additional reconnaissance by the AFU a few days after the photographs were published.Hence, assuming that the activities around the headquarters were staged, the PMC was supposed to put dozens of people, posing as military guards and other servicemen, awaiting Ukrainian intelligence and a strike, at mortal risk.There are also photographs by eyewitnesses, which show wounded militants being carried out from the place of impact after the strike, 70 which goes beyond reasonable staging.There is another possible explanation.Namely, the information operation was meant to provoke an attack on exactly the (empty) house shown in the photographs by Sergei Sreda, while they had not considered the GMLRS powerful enough to damage the real base located in the neighboring house.Nevertheless, this operation cannot be considered successful, because the PMC suffered at least image losses, and there was no evidence of the destruction of any HIMARS complex on that day.However, discovering undisputable proof for the success of special intelligence operations is rather problematic.It is due to the secrecy surrounding the process of making military-political decisions that it is sometimes almost impossible to establish conclusively whether an influence operation or other factors affected an adversary's decision.The same problems occur in its more transparent areas (e.g., in competitive intelligence). 71he higher the rank of reflexion that investigators can comprehend, the more apt they are to overestimate an adversary's guile, and, in an attempt to unravel a hidden agenda, the greater the tendency to perceive reflexive control where it is absent.For example, some military experts suggested on 14 February 2022 that the amount of open data on the movement of Russian troops to the borders of Ukraine signaling the preparation for an invasion was too large to be true. 72Alongside the interpretation that Russian military counterintelligence cannot cope with their tasks at all, they put forward two additional options.Either the Russian Federation did not plan to invade Ukraine, yet organized a large-scale bluff to put pressure on Western countries by threatening to intervene; or, should the unlikely intervention take place, the Russian troops would not advance in the directions wherein their concentration had been massively recorded and reported in social media.Nevertheless, immediately before the invasion, the Russian command still tried to spread disinformation about the end of the exercises and the return of their troops to places of permanent deployment. 73The Ministry of Defense and the departmental television channel Zvezda showed photographs and videos of the transfer of military equipment back into Russia, which did not convince even independent OSINT specialists that preparation for invasion had stopped. 74However, some Ukrainian officials and experts admit that the entry of Russian troops from the territory of Belarus in February 2022 surprised them.In their opinion, thanks to a coordinated disinformation campaign and ensuring operational security, the grouping of Russian troops in the northern direction of the invasion has achieved a twelvefold numerical superiority over the AFU. 75The reasons aggression was expected only in the southeastern regions include the public goals of the Russian leadership ("protection of the people of Donbass)," statements by the leadership of Belarus about the impossibility of using its territory to attack Ukraine, the apparent concentration of Russian troops on satellite imagery, and other data from open sources.
Yet, as is the case with most of the current data on intelligence successes, we can rarely obtain definitive confirmation of the operations being planned or conducted.There is every reason to believe that in order to damage relations between Ukraine and the European Union, the Russian special services, directly or through pro-Russian politicians in Ukraine, tried to create fake right-wing radical organizations, like the virtual far right party Ukrainian National Assembly (UNA copied the name of the real Ukrainian organization Ukrainian National Assembly -Ukrainian People's Self-Defence [UNA-UNSO]).Its leader, Eduard Kovalenko, was engaged in provocations using Nazi symbols, making public statements of a xenophobic and anti-Semitic nature from 2004.For organizing protests against mobilization to the AFU in 2015, he was arrested by the Security Service of Ukraine and subsequently imprisoned, but in 2019, following the Russian-Ukrainian negotiations, he was exchanged for Ukrainian prisoners. 76owever, the influence of the pseudo-UNA was limited, while the connection between the pro-Russian "Party of Regions" and the largest Ukrainian right-wing party "Svoboda" proves to be quite dubious.Thus, a study of the "black accounting" of the "Party of Regions" showed that at least once, in 2010, a tranche of US$200,000 was transferred to their main opponents, the Svoboda party.It is also known that representatives of the Svoboda party often appeared on Ukrainian television channels controlled by pro-Russian politicians and were accused of lobbying for pro-Russian oligarchs' interests. 77In 2012, the European Parliament adopted a resolution expressing concern about the popularity of the Svoboda party in Ukraine and called on the democratic parties of the Ukrainian parliament not to interact with it. 78emarkably, the Svoboda party actually initiated the abolition of the law "On Language" on 23 February 2014, resulting in the lowering of the status of the Russian language.The fact that the new Ukrainian Parliament supported the decision (although in fact it was vetoed by the acting president of Ukraine, Oleksandr Turchynov) was actively exploited by Russian propaganda, especially in the Russian-speaking regions of Ukraine.Several experts consider this initiative one key reason for the success of the subsequent annexation of Crimea in 2014, 79 owning to the nonresistance of the government and most of the population against the Russian troops.However, it cannot be unambiguously classified as a large-scale influence operation based on the historical experience of the Soviet special services, such as operation "The Trust," or the uncontrolled consequences of the political technologies used by the "Party of Regions" to polarize the electorate, thus mobilizing their supporters.
Overt claims of successful strategic deception themselves often prove to be excuses or cover-ups for certain harsh facts.For example, the liberation of the majority of the Kharkiv region begun on 30 August 2022, which has been one of the most successful military operations of the Armed Forces of Ukraine so far, 80 seemed, at least superficially, to have come as a surprise to the Russian army.This might result from the fact that from April to 7 September 2022, 81 many Ukrainian officials, the military, as well as President Volodymyr Zelensky, 82 and even some American officials, repeatedly stated that the AFU were launching a counteroffensive in the Kherson region. 83owever, on 12 September, the Cable News Network (CNN) called these statements a brilliant information operation that forced Russia to transfer part of its troops from the Kharkiv region to the south, 84 leading some researchers to explicitly label the statements an exercise in "reflexive control." 85The version of the "distracting maneuver" has become widespread in Ukraine, and has been repeatedly confirmed by officials. 86Meanwhile, groupings of the AFU concentrated in the Kherson direction were not less numerous than those in the Kharkiv area, and counteroffensives were attempted in both locations.The speaker of the Defense Forces of the South of Ukraine, Natalya Gumenyuk, stated on 10 September that Russian troops in an unnamed area of the Kherson region retreated to backward positions. 87he minister of defense of Ukraine, Oleksii Reznikov, in an interview with the New Yorker in October 2022, also confirmed that the AFU had planned a simultaneous counteroffensive in the south and east of the country for September. 88It can be assumed that the lack of sustained success in the south prompted Ukrainian officials and their allies to conduct an informationpsychological operation, which consisted in denying the real intention of a counteroffensive toward Kherson in September.Separately, it should be noted that the hypothesis of a Ukrainian distracting maneuver in the Kherson while preparing a real counteroffensive in the Kharkiv region had gained popularity in many Russian and Ukrainian open sources a few weeks before the AFU could secure their success. 89lthough the leaked documents of the U.S. Department of Defense revealed in April 2023 are not a reliable source of information, and some researchers consider them partially or completely falsified, journalists from Radio Liberty discovered within them a signals intelligence (SIGINT) report on a Russian information operation.The document claims that in February 2023 the Main Operational Directorate (GOU) of the Russian General Staff reported on "successful operation masking efforts" designed to convince Ukrainian intelligence of the possibility of a new offensive against Ukraine from the territory of Belarus.To prove its success, a representative of the GOU cited a report by the Russian Foreign Intelligence Service on Ukraine's reaction to the public coverage of the joint tactical flight exercises of the Russian and Belarusian military aviation units, which began on 16 January, and the transfer of division "Iskander-M" to Belarus, as well as to shifting the focus of Russian-Belarusian exercises from "defensive" to "offensive."The AFU also allegedly considered the training in Belarus of those mobilized into the 2nd Motorized Rifle Division of the 1st Tank Army with the 6th Motorized Rifle Division of the 3rd Army Corps of the Russian Federation to be an attempt to covertly prepare combat-ready groups for rapid deployment in the Volyn axis to disrupt support from Western countries.As stated in the document of the U.S. Department of Defense, the Russian GOU recommended continuing the operation to misinform the Ukrainian command about the likelihood of an offensive from the territory of Belarus.Earlier, in March 2022, the General Staff of the AFU reported on "a great threat of an offensive from Belarus to Volyn"; on 21 February 2023, Ukrainian Minister of Defense Oleksiy Reznikov said that he "does not believe" in a new attack on Ukraine from Belarusian territory, saying that the purpose of the joint Russian-Belarusian exercises is to "scare Ukraine." 90 According to Reznikov and other Ukrainian officials, there were not enough Russian troops in Belarus at that moment for a new offensive, although there is still a need to keep a significant grouping of the AFU in the north of Ukraine to prevent such a scenario.methodology of the concept of reflexive control, which was formed by Soviet scientists, is still relevant and allows modeling of complex processes in hybrid conflicts, including information and psychological operations.Reflexive control models can be used not only to predict risks but also to plan countermeasures, including improving the efficiency of OSINT.The applied aspects of reflexive control have such significant potential that some experts perceive or wish to see reflexive control where it is not even attempted.

Figure 1 .
Figure 1.Scheme of reflexive control operation to spread disinformation on behalf of the news website Ratusha.

Figure 2 .
Figure 2. Scheme of reflexive control operation to provoke the fifth channel into showing fake material.

Figure 3 .
Figure 3. Scheme of reflexive control operation to cause Yaroslav Stetsko's deep dismay at the Organization of Ukrainian Nationalists and loss of confidence in his recovery.