Analysis Roundup: Kenyan Elections, Syrian Rebels, and MiniDuke Malware

Posted: 7th March 2013
Analysis Roundup: Kenyan Elections, Syrian Rebels, and MiniDuke Malware

There are several new posts available at Analysis Intelligence this week that include interactive visualizations and research using Recorded Future. Here’s a quick rundown with excerpts from each in case you missed any of them, and if you’re not already subscribed, grab the Analysis Intelligence RSS feed!

Violence Looms Over Closely Contested Elections in Kenya

Since violence erupted after Kenya’s elections in 2007, a combination of wariness about the political process, the growth of corruption, and the spectre of inter-ethnic tensions continue to haunt the country. With much anticipation and attention on Kenya’s upcoming elections, this post uses Recorded Future data to analyze possible triggers of unrest and political instability.


With a query comparing coverage of candidates Uhuru Kenyatta and Raila Odinga, explore the interactive visualization below to evaluate if there is a pattern of communication about the topics and frequency of discussion. Try hovering over each of the event types and comparing distribution over time.

One pattern that emerges is that both candidates speak frequently about a location when there is high-profile incident of violence. The two differ, greatly, however, in their narrative — between political legitimacy and the role of foreign entities (ICC, al Shabaab, etc.). By looking at Garissa, Odinga has made numerous statements about the recent bombing, using it as an opportunity to highlight which changes should happen under his administration.

Read the full post here.

Guide to Syrian Rebel Media Spokespeople and PR

We used Recorded Future to identify key voices in the media related to five particular groups outlined in a previous blog post – Jabhat al-Nusra, Ahrar al-Sham, Tawhid Division, the Syrian Liberation Front, and Fatah al-Islam – as well as the Free Syrian Army (FSA). We then looked at their recent appearances in the media for mentions of a spokesperson and compiled a watchlist out of the network.

Recorded Future provided an easy way to scope out an unfamiliar topic. We were able to quickly generate a watchlist of key rebel media voices in Syria as well as quickly learn about their interests. We learned that the militant Jihadi groups in Syria are less vocal or connected to the media versus the formally recognized Free Syrian Army. However, the distribution and lack of coordination across the FSA shows very clearly in the above findings; it has an overabundance of “spokespeople”. This may cause cooperative difficulties and conflicting missions.

Read the full post here.

Meet MiniDuke: Espionage Malware Hitting European Governments

We’ve long discussed applications specifically for real-time surveillance of open source intelligence on cyber threats, so we’ll use this as an opportunity to arrange a “dashboard” on MiniDuke that our readers can consult for developments and new details on attackers, targets, and threat vectors.

The below timeline highlights events related to MiniDuke from 2011 to 2012. In the event that further evidence of past data breaches emerges, this timeline will fill in to reflect those historical events. The image below was captured on March 5, 2013; click to interact with the most up-to-date data.

Read the full post here.

Interested in conducting similar open source analysis? Check out our pricing and plans to start using same tools for your research today.