Monitoring Riots on the Deep Web: A Case Study Using Lunar

In today’s digitally interconnected landscape, the coordination of riots, from planning to execution, often unfolds within the confines of chat applications. These riots cause significant disruptions to public order and safety, threatening the stability of communities and inciting fear among residents. Moreover, they lead to substantial economic losses, property damage, and sometimes even loss of life. We conducted a query on Lunar, our deep and dark web monitoring tool, to explore this phenomenon. Over the last month, 70.5% of the posts originated from chat applications, with Telegram emerging as a primary platform for such activities:

 This article delves into a case study concerning the riot at Makhachkala Uytash Airport in Dagestan, where extremist Islamics stormed the airport following a Tel Aviv-bound flight on October 29th. In this case study we will demonstrate how to use Lunar, our dark-deep monitoring tool, to monitor and glean actionable insights from such events, aiding governmental and law enforcement entities in proactive riot preparation and response.

Case Study: The Riot at Makhachkala Uytash Airport, Dagestan

This case study will examine Lunar’s role in monitoring riots and events that police face daily. Government agencies and law enforcement can use the intelligence found on the deep and dark web as complementary information for better preparation.

Gaining relevant and actionable insights from Lunar to help prevent events like the riot at Makhachkala Uytash Airport involves three phases:

Phase one: Discovery

In the initial phase, we employed Lunar to locate sources housing discussions on radical topics within extremist groups in Russia. We executed a search query that incorporated various radical keywords, such as “anarchy”, “rebellion”, “protest”, and “demonstrations.” We also applied several filters, including the external links filter. These steps allowed us to identify a post with an invite link to a channel containing indications that users are planning extremist riots. 

Upon entering the channel, we discovered a heated discussion among extremist Islamic members. Notably, the channel’s admin had pinned a message outlining details of a specific riot, including the designated gathering time of 21:00 local time.

Phase two: Investigation

Having pinpointed the channel mentioned above as a focal point for riot planning, we added it to our coverage and intensified our investigation using Lunar. We aimed to unearth more comprehensive data regarding the planned Makhachkala Uytash Airport riot and its orchestrators.

During our inquiry, we stumbled upon a screenshot of a chat showcasing the recruitment tactics employed by these group members. It vividly illustrated how members were enticed with promises of payment for their participation in the planned activities.

Additionally, we were able to uncover potential identifiers of individuals possibly linked to this riot, which include their names.

Expanding our investigation, we discovered additional closed Telegram groups discussing the riot, some of which engaged in conversations featuring anti-Semitic themes.

Phase three: Monitoring

Using Lunar, we created an alert to monitor these groups and channels in order to find data regarding upcoming events and invite links for associated new sources. Lunar lets you set alerts based on predefined queries, ensuring you remain on top of any potential threats or risky events. You can also set a time range, specifying how often you receive notifications and their priority.

Following the riot, Telegram shut down the channel promoting it. However, we identified a new channel as a replacement. We promptly updated our alert system to include this new channel, enabling us to gather intelligence and seek indications of forthcoming events.

Predict and prepare for emerging threats with Lunar

The deep web and dark web serve as primary arenas for extremists to coordinate and incite riots. The case of the Makhachkala Uytash Airport riot represents just one facet of a larger trend observed in deep and dark web circles. Governments and law enforcement agencies need tools like Lunar that help them predict, investigate, and mitigate emerging threats, whether they manifest in cyberspace or as physical disturbances like riots. With Lunar, organizations can take proactive steps to ensure the safety and security of local communities and prevent substantial damage from the actions of threat actors.