Dragonfly - Accelerating Media Intelligence

The ever expanding mountain of internet data has created an overwhelming volume of information and content. This has served to create increased anonymity for those who desire it; lower the threat of accountability and convictions due to lack of (or uncertainty surrounding) evidence; and reduce trust in media outlets, posts and sources, that can be utilised to unmask criminals, prove falsehoods and protect against malicious tampering or forgery. These meta signals hold the information which many believe secret and untraceable, yet when carefully investigated, pose to be a ground-breaking advancement in the constant struggle against cyber crime. By exploiting these system-wide features, Polygeist aims to counter the malignant spread of disinformation and propaganda, remove criminals’ faith in online anonymity and create fact checking capabilities for images and videos; to guarantee trust in both posts online and evidence used in professional settings (such as courtrooms). As such, we hope metadata technology can be deployed as a vital weapon on a multitude of fronts, stretching from domestic and professional settings, in countering cyber crimes and scams, to government or military fields, where information accuracy is paramount to success.

As evidence for the necessity of such counter-measures, Putin claimed: “Whoever leads in AI will rule the world”¹. As technology has become a vital component of businesses, communications, geopolitics and daily life, the digital ecosystem built over the last thirty years is perhaps testament to this statement. However, the underbelly of society has increasingly weaponised it, costing the world up to £6 trillion a year², comparatively making it the world’s third largest economy after China and the US. Likewise, hostile use of technology stretches through all areas of the modern world, with a Freedom House finding 47 governments deploying bots online to spread propaganda³, and the Russian-Ukraine war seeing a myriad of novel developments in the fields of war, pushing conflicts further into the realm of cyberspace. Interestingly there are a number of reports concerning Russian hackers attempting to break into the files where war crimes are stored⁴, and blatant use of AI has been used to attack soldiers morale, with the famous instance of president Zelenskyy being deep faked urging Ukrainian soldiers to surrender to the invaders, showing the growth and potential of this threat. More so than ever before, societies are becoming critically aware that the problem many saw as one for the future, is quickly coming to the forefront of global security issues.

With all this in mind it is imperative that measures are taken to counteract these growing issues, in order to (i) Counter the immediate threat the illicit use of technology poses, (ii) Be able to quickly and accurately discern falsehood, specifically when it comes to the spread of information online, (iii) Prevent the unrestrained spread of misinformation and/or disinformation within professional and legal settings, which holds the potential to yield massive disruptions, (iv) Organise contingency plans to counter and manage future advances so that defensive systems are able to adjust to alterations in current technology.

In response to this, Polygeist has developed a sophisticated, cutting-edge counter measure in the form of ‘Dragonfly’, a state-of-the-art programme that exploits structural metadata signatures. This is used to detect image alterations, metadata tampering, generative AI (either within images or the whole image generated), identify source camera device (make and model of smartphone, android or iOS or SLR camera), and identify transmission history (i.e. whether the image has been transmitted using popular social media platforms such as WhatsApp). By harnessing the inbuilt signatures within the metadata of images, the tool is able to extract operational evidence vital for investigative work. These techniques allow real-time monitoring of online activity, ensuring the validity of images, notably important documentations (such as passports and contracts). Dragonfly has been tested in collaboration with the Ministry of Defence, demonstrating a device identification accuracy of 99% and a 97% accuracy for identifying transmission methods: it can extract and analyse image information in under a second. Dragonfly is set to ‘lead the charge’ against cybercrime, which could potentially save trillions in lost funds to scammers; save time spent paying for fact checkers; mitigate the uncertainty in image-based evidence that is slowing down the judiciary process; and abate issues concerning military misinformation.

How Dragonfly works

As an explainer, lets consider JPEG images, which have become the de facto method for storing images on mobile phones and social media, using comparatively little storage at a minimal cost to image quality. However, there are many different implementations of image compression, with each containing subtle differences in file encodings. This is because every different manufacturer (and software application) organises and writes their metadata slightly differently, with each unique structure acting as a meta-meta signature.

At its core Dragonfly abstracts the metadata that is stored in image files. By parsing the metadata and producing a number of ‘tokens’ representing its file structure hierarchy, it is possible to aggregate the tokens from the image sources and extract unique identifiers. The tokens are then vectorised so that numerical analysis and classification models can be applied. As a result, the meta-meta signatures extracted from a photo (obtained via the system) shows, for example, that there is a difference in metadata between an android device and an iphone. The basic essence of this is that Dragonfly analyzes the specific, unique pattern in the metadata by allocating each level of coding a distinct token,akin to a barcode. These feature lists are loaded and converted into n-gram tokens (a contiguous sequence of n items) that encode the uniqueness of tokens. This enables the entire corpus to be utilised, creating a fixed length encoding for each file. With this all set, the relationship between vectors and corpus labels can be modelled, enabling automatic learning of the unique features for each image source, be it operating system, device type or transmission platform. Accordingly, it becomes possible for Dragonfly to determine the source of the image, and/or technology used in its creation/alteration, or editing feature within the photo. This is appropriated only from the meta-meta signature without any need to unpack the pixel data.

Why Dragonfly works

Dragonfly relies on two components: the fact manufacturers incorporate their own meta-meta signatures in their encodings; and that images and videos are privy to these, which allows programmes and software to be identified.

Two images can contain visually and/or byte-wise identical pixel data, yet have completely different marker structures. The value of this is that two images can contain the same image information details but differ in metadata structure, indicating which photo editor or specific platform it was passed through. This opens the gateway to information regarding the origin of photos, evidence of tampering and AI generation, providing valuable information to investigators.

So what is Metadata?

Often described as ‘data about data’⁵, metadata holds the key to countering the illicit uses of media and technology, whilst monitoring the spread of illegal of false information and images. With the amount of existing data stored on the internet doubling every year⁶, analyses by IBM predicts that metadata analysis cab reduce the time needed investigate data breaches by up to 50%⁷. Within cybersecurity, a known issue is the ‘attribution problem’, an unavoidable consequence of the technological space malware operates in, which provides a great deal of anonymity for the technologically apt⁸. In layman’s terms, it is difficult to identify people online. So, one way to force this issue is by unpicking the metadata of posts and backtracking until enough information is revealed to recover an identity.

The current process incorporates a large amount of human input, which due to the mundane nature of reading through metadata tables, and the growing complexity and volume of information stored, will inevitably lead to human errors and a continuing drop in confidence in digital documentation. As a result, the creation, and subsequent implementation, of algorithms that can analyse and dissect the metadata will become crucial in the pursuit of justice.

current leading models, as outlined in ‘Metadata forensic analysis as support for digital investigation process by using metadata-extractor’, only have an accuracy of 55% in regards to metadata analysis⁹, far below that which is required. Polygeist’s Dragonfly is thus surpassing the performance of many of the current tools that are available closing the gap on criminal capability.

Importance: Crime

since 2013, when cyber crime topped the US security rankings, above terrorism¹⁰, cybersecurity has trumped the lists in regards to national and international security agendas, especially as fears arise around potential attacks on essential services, or the hacking of senior figures in politics and business. The threat was aptly summed ip by Deputy Director of National Intelligence, Susan Gordon, when she stated “[baring WMD’s] all the really vexing threats are to and through data”¹¹. Whilst this is the current concern at the national level, it must not be forgot that the immediate danger at the local, domestic level is higher than it ever has been as well.

A constant and often devastating drain on society, the risk that scammers pose on businesses has resulted in the loss of trillions of pounds. This can range from huge, multi-billion pound corporations being duped into transferring millions to foreign accounts, to pensioners clicking on pop-up ads and giving away their bank details. Between 2017-18, over four in ten businesses and one-fifth of charities were subject to cybersecurity breaches, with Uk citizens more likely to be victims of cyber-crime than any other offence¹². This resulted in an estimated £4.6 billion being stolen from 17 million internet users in 2017¹³. Importantly, these figures have not improved over the years, as the total sum lost to cyber crimes in the UK was £27 billion in 2022, with a large portion of this sum coming from attacks on businesses¹⁴. Again, in comparison, the Uk government in 2024 reported that 50% of businesses had been victims of cyber attacks of breaches¹⁵. Cyber crime has continually proven to be a lucrative enterprise, and one which will only be subdued if the right technology is is deployed in the right places, either to deter or directly target scammers and hackers.

In addition to this, cybercrime has increasingly inflicted a psychological blow that can stretch far beyond what surface level analysis shows. This facet largely spreads through the proliferation of misinformation (the unwitting spread of false information), disinformation (its deliberate spread) and propaganda. This has led to the development of two phenomenons:

1. ‘Censorship through noise’, which occurs when there is so much “stuff” that we cannot distinguish or determine which message we should all listen to¹⁶
2. ‘Liars dividend’, where authentic content can be decried as synthetic, AI-generated or simply false¹⁷

In 2018, former Undersecretary of Defence Policy, Michele Flournoy, stated: “The immediate threat is more corrosive than explosive”¹⁸, which clearly displays that: (i) There is no telling to what extent the damages from cybercrime will cause, (ii) That if a solution/counter is not developed soon, we run the risk of weakening our unity within society, subsequently making it harder to respond to further developments. For most government bodies, it is the growing disparity between trust and images seen online that poses the greatest long-term threat. There is also serious concern for the judiciary system, as if all faith in digital evidence is lost then it jeopardises an already slow, cumbersome, convoluted system further.

What does Dragonfly offer as a solution:

Dragonfly has the power to disrupt these criminal activities. Even though scammers are becoming increasingly sophisticated and harder to detect, their use of AI-generated face calls/voice calls/images leaves them vulnerable to Dragonfly’s detection capability. When deployed strategically it can and will counter scammers ‘chancing their arm’.

Dragonfly is also a powerful tool for fact checking and counter-propaganda analysis. It is known that altered and fake imagery regularly gains traction on social media and at times has stirred unrest and unease in its target population. One such example is the riots that erupted in England in summer 2024, where popular anger grew following provocation online, which at times included ‘evidence’ that was blatant lies or images that had been either edited or fully AI-generated to show minorities (particularly migrants) involved in criminal activity, criminal gangs and anti-social behaviour . In such cases, a system capable of quickly and accurately disproving such ‘evidence’ could catch these posts at the source and shut them down before they gain undue momentum.

Importance: war

For every side in war, the stakes become a net-zero sum, any compromise or slight disadvantage can quickly become the downfall of entire military set-ups. As a result, ensuring that cyber-networks aren’t compromised is paramount for success. Defending these networks, maintaining them and taking precautions to check that nothing has been lost or altered requires valuable manpower, whose skills are better deployed in different operating circles. This ideology has become synonymous with the Russian-Ukraine war, which can arguably be seen as the first fully digitalised, and at times automated, conflict. Due to this fact, numerous reports have arisen from the conflict surrounding subversive use of technology, either to breed discontent, undermine adversaries technological devices, or to alter, hence discrediting, official documents that can slow down judicial or litigious processes.

As mentioned, one of the biggest challenges for the Ukrainian special forces is reports of Russian hackers targeting the Ukrainian prosecutor generals’ office, the entity for documenting war crimes. If these attempts are successful there is a real chance of hackers being able to steal, edit or delete important documents. The effect on the public could be widespread doubt over Ukrainian accusations, however the most serious problems are long-term judicial issues where evidence is rendered doubtful, undermining its validity. This means the required court process will become more complex, convoluted and enduring, which aids the Russians who seek acquittal. This has led to the head of the Ukrainian state service of special communications and information protection, Yurii Shchyhol, claiming: “You need to understand that the cyber war will not end even after Ukraine wins on the battlefield”¹⁹. In this instance, technology (such as Dragonfly) could be instrumental in preserving the evidence to avoid confusion surrounding the very serious, yet complex, accusation of war crimes, and in reducing the amount of manpower needed to fact-check documents.

Another important facet of the Russian war machine is that they maintain over 100,000 social media pages, along with a vest network of popular telegram channels, all being used to spread false narratives about Ukraine²⁰. A key component is military bloggers known as ‘Voyenkors’ or ‘Z-bloggers’, who have a global audience of around 10,000,000 subscribers²¹. These bloggers played a fatal role in the attack on the Donetsk regional academic drama theatre in Mariupol, which was a shelter for civilians, with the attack violating humanitarian law and is a war crime. A crucial part of Russia’s war on Ukraine is perpetrated online by weaponising information, including the use of propaganda, misinformation and disinformation. Whilst it is impossible to put a complete stop to such operations, fact checking systems and analysis can be crucial in mitigating the effects by attacking the roots of the problem, targeting the pages themselves and the people operating them.

Importance: Deepfakes

The growing sophistication of deepfakes render them among the world’s most exciting yet terrifying global developments. With or without consent, deepfake technology enables any face to be inserted into any scene taking the world be storm²². In combination with developments in AI-generation, they have pushed the boundaries of what was believed technologically possible. The criminal community has been quick to adopt this technology for fraud, stretching from local criminals to international-level attacks. The really vital element of this, which worries senior figures the most, is that deepfakes threaten to erode the trust people inherently place in video and photo evidence, which is currently a cornerstone of the legal system. Due to the rapid development of this novel technology, there are neither legislations in place, nor a system capable of responding to the problems they create as they arise. With this in mind, it has become imperative for detection methods (which have perpetually lagged behind) to be produced to mitigate against this threat.

Modules for detecting AI based on appearance can reach almost perfect accuracy, though it often varies, especially when video quality is poor ; whilst humans typically average between 65-80% detection accuracy²³, and the latest generation of AI models are even more convincing. Similarly, most of the more effective detection methods analyse biological signals (blinking, head positioning, heart rate, etc)²⁴, yet with further advances in deepfake technology always being released, it is uncertain for how long these will be viable methods. Also, unacceptable, they are programmed to detect facial irregularities, so are unsympathetic to natural facial distortions.

Focus on the file containers, rather than the pixel content, will ensure that the detection capabilities keep pace with creation capabilities. In a similar vein, audio deepfakes pose a substantial danger, mainly in regards to online scam calls, though this can easily stretch into critical voids such as politics. The aforementioned Zelenskyy deepfakes and the Malaysian minister scandal (where a video emerged of him engaging in physical activity with an aide, which the minister claims are deepfakes, but the aide attests are real²⁵), are both testaments to the developing risks. It is evident, therefore, that the problem will not stand still and the solution won’t simply reveal itself: it must be sought after, invested in, and thoroughly checked so that a valid countermeasures can be employed.

Summary

Cybersecurity is a multi-front war, and one which will never really have an end, in such a way that it never really had a beginning. It is a developing, evolving, ever changing field that affects more of the world’s population than any other threat in living memory. Likewise, it is a threat we cannot simply ignore and which requires constant attention, as it can very quickly spiral beyond what was ever believed possible. Polygeist’s Dragonfly offers one critical step along the journey to pushing back against the growing threat, but further development, funding and innovation are necessary in order to build up strong, robust defensive networks, capable of eventually repelling new designs, a feat that has so far eluded security services. Cybersecurity is an area that will only grow in the coming years, so investing in top end, reliable systems early on provides temporary insurance against current issues. But, more importantly, it can provide the basis from which to build a long-lasting network of defensive measures that can ensure long-term stability, reducing the risk of breeches and attacks, which allows vital resources to be redistributed into more pressing areas. Dragonfly can accordingly offer a great return on investment for a sustainable future in any field, be it government, military or private sector.

About the author

As a student of War Studies at King’s College London, the current and growing threat of cybersecurity is one which is of increasing interest. Having been surrounded by technology practically my whole life, understanding the advantages and dangers is crucial for everyday life. However, looking at these changes and threats from a global or military perspective can be fascinating in helping explain why governments operate like they do, and why billions are invested in one field in the place of other ventures. Whilst traditionally I’ve been more interested in the historical side of war and politics (think Napoleonic wars, age of empires and world wars), having explored this more modern theatre of conflict for Polygeist, the similarities within the styles of martial conduct, the logical and illogical reasoning behind decisions and the consistent attempts to establish advantages through more illicit means has been fascinating to research.

A constant theme of study has been the similarities and differences between symmetric and asymmetric warfare, with it being an interesting development that the cyber side of conflict, currently asymmetric, is seemingly shifting towards becoming the centre of military institutes and becoming a staple of future conflicts. Some examples of these changes are the pager attacks deployed by the Israeli defence force and the proliferation of drones used in Ukraine and Russia. It is these shifts in tactics, the reasoning and causes of change which I find most absorbing. I find it interesting as well that locating the roots of these changes not only helps to explain the military aspect, but also domestic and political changes concurrent with such movements. With a few years of study left, I hope to continue to research and explore the reasonings and details behind these subtle yet vital changes in the world (though specifically in militaries) to be able to understand why, and to what end, key decisions, that affect millions, are made and the purposes for them.

Bibliography

• There is no cyber shock and awe: plausible threats in the Ukraine conflict’, Maschmeyer and Kostyuk (war on the rocks, 2022

• ‘A theory of actor-network for cyber security’, Thierry Balzacq, Myriam Dunn Cavelty (Cambridge university press, 2016, pp177-191)

• ‘I warbot: the dawn of artificial intelligence conflict’, Kenneth Payne (C.Hurst company limited, 2021, pp8-20)

• ‘Deter, disrupt, or deceive: assessing cyber conflict as an intelligence contest’, ed.Rober Chesney & Max Smeets (Georgetown university press, 2023, pp1-15)

• ‘Private actors and the intelligence contest in cyber conflict’, JD Work (pp225-261) (in above):

• ‘UK active cyber defence’, Stevens, O’brien, Overill, Wilkinson, Pildegovics, Hill (the policy institute, KCL cyber security research group, 2019, pp1-20)

• ‘The rise of artificial intelligence and deepfakes’ (Buffett brief, July 2023)

• ‘Faking it: navigating the new era of generative AI may be the most critical challenge to democracy yet’, Nina Schick (RSA Journal, vol 169, no 2 (2023), pp40-43)

• ‘Deepfake detection by human crowds, machines and machine-informed crowds’, Groh, Epstein, Firestone, Picard (proceedings of the National academy of Sciences of the USA, vol 119, no1, 2022, pp1-11)

• ‘The AI threat’, Nouriel Roubini (Horizons: Journal of international relations and sustainable development, no 24, 2023, pp26-45):

• ‘Deepfakes generation and detection: state-of-the-art, open challenges, countermeasures and ways forwards’, M Masood, M Nawaz, KM Malik, et al (applied intelligence 53, 2023, pp3974-4026):

• N.D Arizona et al ,‘Metadata forensic analysis as support for digital investigation process by utilising metadata-extractor’ (journal of intelligent software systems, vol 3, no 2, 2024, pp27-31):

• ‘Threat of deepfakes to the criminal justice system: a systematic review’, MP Sandoval, M de Almeida Vau, J Solaas, et al (Crime Science 13, 41, 2024, pp1-16):

• https://www.bbc.co.uk/news/60981238

• https://www.forbes.com/sites/ewelinaochab/2025/06/08/russias-strategic-disinformation-warfare-and-war-crimes-cover-up-campaign/

• https://warontherocks.com/2024/05/file-not-found-russia-is-hacking-evidence-of-its-war-crimes/

• https://www.forbes.com/sites/bernardmarr/2024/11/06/the-dark-side-of-ai-how-deepfakes-and-disinformation-are-becoming-a-billion-dollar-business-risk/

• https://hai.stanford.edu/news/disinformation-machine-how-susceptible-are-we-ai-propaganda

• https://www.technologyreview.com/2023/10/04/1080801/generative-ai-boosting-disinformation-and-propaganda-freedom-house/

• https://www.gov.uk/government/news/government-cracks-down-on-deepfakes-creation

• https://www.holbornadams.com/post/how-do-police-extract-data-from-phones-uk

• https://belkasoft.com/detecting-forged-images

• https://www.ironhack.com/gb/blog/metadata-forensics-when-files-can-speak-and-reveal-the-truth

• towerforensics.co.uk/blog/what-is-metadata-analysis/

• https://www.technologyreview.com/2023/10/04/1080801/generative-ai-boosting-disinformation-and-propaganda-freedom-house/

• https://www.lawsociety.org.uk/topics/ai-and-lawtech/partner-content/a-deep-dive-into-deepfakes

• https://www.govtech.com/question-of-the-day/how-accurate-is-openai-at-detecting-ai-generated

• https://www.twenty-four.it/services/cyber-security-services/cyber-crime-prevention/cyber-crime-statistics-uk/

Footnotes