Login
Get started Get started
Get started Login
Products
Solutions
KNOWLEDGE
HELP CENTER
COMPANY

Open web

DARK WEB

DATASETS

TECHNOLOGIES

Learn

Your hub for web data

BLOG

Featured Article

Transparent Risk Scores: The Secret to Faster Incident Response in 2025

In this webinar we will reveal how our product team worked with our cyber analysts to rate risk the way we do on Lunar. We will showcase examples of monitoring stealer logs, ransomware and CVE threats to show risk based on your domain

Back to all Dark Web Pulses
Web Intelligence

Monitoring Riots on the Deep Web: A Case Study Using Lunar

April 11, 2024    
Monitoring Riots on the Deep Web: A Case Study Using Lunar

In today’s digitally interconnected landscape, the coordination of riots, from planning to execution, often unfolds within the confines of chat applications. These riots cause significant disruptions to public order and safety, threatening the stability of communities and inciting fear among residents. Moreover, they lead to substantial economic losses, property damage, and sometimes even loss of life. We conducted a query on Lunar, our deep and dark web monitoring tool, to explore this phenomenon. Over the last month, 70.5% of the posts originated from chat applications, with Telegram emerging as a primary platform for such activities:

Top sources with riot-related content

 This article delves into a case study concerning the riot at Makhachkala Uytash Airport in Dagestan, where extremist Islamics stormed the airport following a Tel Aviv-bound flight on October 29th. In this case study we will demonstrate how to use Lunar, our dark-deep monitoring tool, to monitor and glean actionable insights from such events, aiding governmental and law enforcement entities in proactive riot preparation and response.

Case Study: The Riot at Makhachkala Uytash Airport, Dagestan

This case study will examine Lunar’s role in monitoring riots and events that police face daily. Government agencies and law enforcement can use the intelligence found on the deep and dark web as complementary information for better preparation.

Gaining relevant and actionable insights from Lunar to help prevent events like the riot at Makhachkala Uytash Airport involves three phases:

Phase one: Discovery

In the initial phase, we employed Lunar to locate sources housing discussions on radical topics within extremist groups in Russia. We executed a search query that incorporated various radical keywords, such as “anarchy”, “rebellion”, “protest”, and “demonstrations.” We also applied several filters, including the external links filter. These steps allowed us to identify a post with an invite link to a channel containing indications that users are planning extremist riots. 

Screenshot of a post from Lunar where we found the invite link to a new Telegram channel containing risk indicators of new violent riots
Screenshot of a post from Lunar where we found the invite link to a new Telegram channel containing risk indicators of new violent riots

Upon entering the channel, we discovered a heated discussion among extremist Islamic members. Notably, the channel’s admin had pinned a message outlining details of a specific riot, including the designated gathering time of 21:00 local time.

Screenshot from the Telegram channel where the riot was planned
Screenshot from the Telegram channel where the riot was planned
Expose Radical Chatter & Activities on the Deep Web

Phase two: Investigation

Having pinpointed the channel mentioned above as a focal point for riot planning, we added it to our coverage and intensified our investigation using Lunar. We aimed to unearth more comprehensive data regarding the planned Makhachkala Uytash Airport riot and its orchestrators.

During our inquiry, we stumbled upon a screenshot of a chat showcasing the recruitment tactics employed by these group members. It vividly illustrated how members were enticed with promises of payment for their participation in the planned activities.

A screenshot of a private chat that shows how they recruit members for their activities
A screenshot of a private chat that shows how they recruit members for their activities

Additionally, we were able to uncover potential identifiers of individuals possibly linked to this riot, which include their names.

Screenshot of a member that can be linked to the riot (originally including his name)
Screenshot of a member that can be linked to the riot (originally including his name)

Expanding our investigation, we discovered additional closed Telegram groups discussing the riot, some of which engaged in conversations featuring anti-Semitic themes.

Screenshot from a closed Telegram group providing further details about the riot, alongside discussions involving anti-Semitic themes
Screenshot from a closed Telegram group providing further details about the riot, alongside discussions involving anti-Semitic themes

Phase three: Monitoring

Using Lunar, we created an alert to monitor these groups and channels in order to find data regarding upcoming events and invite links for associated new sources. Lunar lets you set alerts based on predefined queries, ensuring you remain on top of any potential threats or risky events. You can also set a time range, specifying how often you receive notifications and their priority.

Screenshot from the new channel that was opened to replace the closed channel
Screenshot from the new channel that was opened to replace the closed channel

Following the riot, Telegram shut down the channel promoting it. However, we identified a new channel as a replacement. We promptly updated our alert system to include this new channel, enabling us to gather intelligence and seek indications of forthcoming events.

Predict and prepare for emerging threats with Lunar

The deep web and dark web serve as primary arenas for extremists to coordinate and incite riots. The case of the Makhachkala Uytash Airport riot represents just one facet of a larger trend observed in deep and dark web circles. Governments and law enforcement agencies need tools like Lunar that help them predict, investigate, and mitigate emerging threats, whether they manifest in cyberspace or as physical disturbances like riots. With Lunar, organizations can take proactive steps to ensure the safety and security of local communities and prevent substantial damage from the actions of threat actors.

ExtremismTrending
Yhonatan Harari
Yhonatan Harari

Senior Cyber Analyst

Spread the News
Previous Post
Next Post

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Read More

Could Panasonic’s Breach Have Been Prevented?
January 24, 2022    

Could Panasonic’s Breach Have Been Prevented?

On November 26, 2021, Panasonic joined a long list of companies that suffered a data breach over the past year. See the posts we found in the dark web that could indicate that an attack was in the making.
Top 5 Ransomware Group Trends in 2021
January 24, 2022    

Top 5 Ransomware Group Trends in 2021

Ransomware gangs ramped up their cyber attacks in 2021. Here are 5 trends related to these groups that you need to know.
The Rise in Use of Alternative Social Media Platforms for Illicit Activities
January 24, 2022    

The Rise in Use of Alternative Social Media Platforms for Illicit Activities

The year of 2021 has seen the rise of alternative social media platforms. Discover the top illicit discussion topics we monitored on these sites.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED
Join our webinar to learn how transparent risk scores can speed up your incident response
Register Now

Expose Hidden Risks to Your Domain

Uncover dark web threats with Lunar, the next gen dark web intel platform

Keep Reading
Learn more
Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
get started
Create your API account and get instant access to millions of web sources
SEE DEMO