Conversing With Data
My Chat With an AI Mind-Map to Analyze an Anonymous Russian Data Leak
As many of you know, we recently launched Story Prism 2.0, and it's exciting to see where it's going. Our goal is to support writers like us. But repeating that phrase made us stop and ask, “What does it mean? How exactly are we assisting?
To put it into plain English, we’re helping people take a lot of information and turn it into actionable intelligence, which is useful for many writers. Whether you’re working on History or a screenplay, it’s often the case that you’re trying to assemble an informational matrix so you can create something meaningful.
Cool. So what does that mean in practical terms? Well, imagine you're an independent journalist who comes across a treasure trove of information from a leaked hack. But it’ll take weeks to sift through. With Story Prism, you can quickly uncover the key details and connect the dots much faster.
It's still in beta, so uploading information can be a bit clunky, but overall, it works! And to prove it, I decided to feed it leaked data from the recent Anonymous Russian Hack to see what I could find and how quickly I could do it.
Initial Set-Up
It took a minute to load some of the data onto the canvas. But when I was finished, this is what I got.
At first glance, the information looks organized, but I can assure you it’s not. The documents were difficult to understand, so I couldn’t dig into the specifics, especially since I rushed this. Titling the notes was also challenging since many documents were named in Russian or random strings of letters and numbers. So I resorted to using short phrases from the file names. Much of the material was in Russian or written in computer code, which meant skimming a few lines definitely wasn’t going to cut it.
However, some documents were easy to identify, such as internal company records or financial reports. Others were completely unclear. I assumed they were sensitive backend data from the hacked websites. There were also a few Anonymous videos promoting their beliefs.
Then there were the disturbing images, apparently showing civilian casualties, likely tied to the conflict involving Ukrainian forces. I didn’t spend much time on these. Honestly, I didn’t want to. I’ll leave that investigation to others.
The Code
Since there were a lot of documents with code, I wanted to understand what I was looking at, so I prompted the assistant with this question:
Me
Find the most interesting note with code, and explain why it's interesting.
Assistant
The most interesting note with code-like content is the extensive list of vulnerable server paths and scripts under the "/s/dtlive/" and "/s/kedmi/" directories, which includes references to numerous known security vulnerabilities (CVE identifiers) and descriptions of potential exploits.
**Why it's interesting:**
1. **Diversity of Vulnerabilities:**
The note catalogs a wide variety of web applications and server components—shopping carts, webmail, CMS, admin tools—with many known security flaws such as remote command execution, directory listing, SQL injection, and password exposure.
2. **Real Exploit Potential:**
The detailed mention of CVE numbers and direct links to advisories (e.g., CVE-2003-0104, CVE-1999-0607) indicates these are not theoretical vulnerabilities but known, documented security issues that attackers can leverage.
3. **Scope of Exposure:**
The sheer breadth of vulnerable entry points—scripts, config files, admin pages—suggests the server environment is highly exposed and could be easily compromised if not patched or secured.
4. **Insight into Target Environment:**
The note reveals that the environment hosts critical business functions—e-commerce, mail, content management, and admin consoles—making any exploit potentially very damaging.
5. **Potential for Malicious Activity:**
Given the vulnerabilities, attackers could remotely execute commands, steal data, upload arbitrary files, or bypass admin controls, which aligns with common vectors for spying, data theft, or sabotage.
This note stands out because it provides a comprehensive technical map of security weaknesses on a complex web server, highlighting real risks and actionable intelligence for either attackers or defenders.
If you want, I can help you analyze specific vulnerabilities or suggest ways to prioritize fixes based on this data.
________
It’s easy to imagine the rabbit holes one could venture into with this kind of information, even if someone has a limited understanding of computers. That's what makes this app so powerful and useful. You can quickly hone in on the information you need for your specific project and ask a wide range of targeted questions to gain diverse perspectives.
I dug around some more, and my speculations appeared correct. These were hacked companies, accounts, government institutions, etc. But why were they hacked? What specifically is it about these places that Anonymous was salivating over?
Key Players
Let’s start by looking into the key players, based on what I added to the canvas.
Finding them was surprisingly simple. All I did was ask the following: “Use the meaning maker to find the key players.” For context, the meaning maker is the name of a pre-made prompt in Story Prism that you can upload to the canvas. It helps make sense of discrete pieces of information.
For this demonstration, I attached all the notes to the meaning maker prompt, which made it the master note—the central prompt that coordinates and interprets the connected notes. So, when you ask for the “meaning maker,” it uses that prompt to help analyze your canvas notes.
Okay, I asked for the key players, and here’s what it gave me:
Assistant
Synthesizing all the information from the notes, here is the big picture along with the identified key players and what is known about them:
**Big Picture Overview:**
The notes outline a network of Russian trolls and disinformation spreaders involved in pro-Russian propaganda and anti-Ukraine messaging. There appear to be multiple subnetworks or tiers of influence within this broader network.
**Summary of Key Players by Tier and Influence:**
- **Primary Ringleaders:** Geroman, Zoka, Von Clownsewitz, Fabushka, RussianZedSign, Ghost of Zepo, LvivTyler, Just me, Anya the oil princess, Levi, and others with direct active roles in spreading disinformation.
- **Secondary Network ("Hammer and Sickle"):** Frog, Joey, Black in the empire, Stealyoredbull, Dallas Steele, Ecotourism understander, Joe Clark, Jballin — notable for pro-communist and aggressive anti-Ukraine propaganda.
- **Mid-Tier Trolls (Polina subnetwork):** Elensky, LiLi, FainaZ, Polina, Akim, Angie, ZloyBryuzga — supporting roles with moderate influence.
- **Additional Affiliates and Linked Accounts:** Uncle Abou Ali, DrunkleZov, Mae Change, Jack Beaton, Ahmed, Wumao Tankie, and others, with varying degrees of involvement and specific ideological alignments.
This layered structure reflects a complex network with distinct clusters of influence and thematic focuses (e.g., pro-Russian nationalism, communism, anti-Ukraine narratives).
If you want, I can help further analyze their roles for storytelling or strategic narrative development based on this network.
______________
That was fast and pretty effortless. I just used a laptop and a few questions. And yes, I could quickly turn this into a narrative arc for a journalistic piece, if I wanted to. But I was much more interested in understanding how they operate. So I asked:
Me
How do they operate?
Assistant
The network operates through coordinated, multi-tiered disinformation campaigns leveraging social media accounts to amplify propaganda, infiltrate adversary spaces, foster divisive narratives, and sustain influence over targeted audiences.
Me
How do they amplify their reach?
Assistant
Based on the notes, the secondary subnetwork—the “hammer and sickle network”—amplifies its reach through several coordinated methods:
1. **Cross-Sharing and Retweeting Within the Network:**
Members of the hammer and sickle network frequently share, retweet, and echo each other’s content. This internal amplification creates multiple touchpoints where the same message appears, increasing its visibility and perceived legitimacy.
2. **Branching from Related Networks:**
This subnetwork is described as a branch of the Polina network, meaning it leverages established connections and follower bases from related groups. By linking into the wider Polina network, their messages reach a broader combined audience.
3. **Targeting Diverse Ideological Audiences:**
The network’s members focus on a range of themes—pro-communism, anti-US/NATO, pro-China, and anti-Ukraine. This thematic diversity allows the network to penetrate various online communities with overlapping interests, expanding its overall audience.
4. **Accounts with Significant Followers:**
Several accounts have large follower counts (e.g., Black in the Empire with 95,000 followers, Joey with 29,000 followers). By using these influential accounts to spread messages, the network taps into large, engaged audiences, boosting reach exponentially.
5. **Repetition Across Multiple Accounts:**
Operating numerous accounts that post similar or coordinated messages creates a sense of consensus and ubiquity. This repetition across different handles makes the propaganda seem widespread and credible, encouraging further sharing beyond their immediate network.
________
Now, of course, you can’t have a big conspiracy like this without a financial apparatus supporting it. I needed to poke a little deeper.
Me
Based on all the notes, what is the likely way this is secretly financed without anyone knowing?
Assistant
Considering the context and the nature of the operations described, we can infer a few relevant points based solely on the available information:
- The notes reference multiple **data leaks and breaches** related to various organizations (e.g., Accor, Yves Rocher, Yandex, Alibaba, Danone, Aeroskan), but there is no direct connection stated between these companies and the disinformation network.
- Some leaked data points involve **Russian IPs, Iranian IPs, and other infrastructure-related assets**, which could indicate exploitation of compromised networks or use of infrastructure tied to certain service providers, but again, no specific companies are named as collaborators or financiers.
______________
Hmmm. Now, that was interesting. It listed all these companies but didn’t draw any connections, likely because I didn’t include the rest of the information. However, the fact that they were part of the anonymous hack indicates they may have been involved, whether unwittingly or not. So, I went even deeper.
Me
What are the reasons why Accor Group and other companies may have been used, knowingly or unknowingly?
Assistant
Companies like Accor and others may be unknowingly exploited to provide infrastructure cover, amplify propaganda, or lend credibility to disinformation efforts. This exploitation serves the network’s operational security and narrative influence without requiring direct company involvement.
Me
What about companies that might be willing participants? Can you find me any information about that?
Assistant
- No direct note identifies any company as knowingly complicit in disinformation/spying conspiracies.
- Russian IP camera providers and related internet service companies (e.g., Byfly Russia) are the most probable candidates for willing or unwitting involvement based on the leaks and vulnerabilities noted.
- Further notes or intelligence would be required to pinpoint a specific company with high probability.
Me
Why Byfly?
AI
Byfly is highlighted due to its technical infrastructure vulnerabilities, strategic position in Russian internet services, and its connection to the broader context of Russian cyber activities and leaks. This makes it a company with a higher probability of involvement, whether willing or unwitting, in conspiracies related to disinformation or spying, based on the current notes.
________
Big Picture
None of this is groundbreaking news. It’s widely reported that Russia has been conducting extensive disinformation campaigns against the U.S., employing a “holistic” approach that involves big business, big tech, social media, and academia. In many ways, the U.S. engages in similar operations to influence public opinion and shape desired narratives.
But what’s interesting to note is that leveraging AI in this way provides strong leads that can help me go deeper in the right direction. If I had added all the notes, it would have been overwhelming to sort through. Using AI in this context means I can prompt it to find the right stuff even when I don’t know what I’m looking for. Also, in this case, since I can’t read Russian or code, it would have been even harder to accomplish without AI.
So, big picture? AI can offload tasks you may prefer to do yourself. That makes perfect sense, which is why the most successful people who use AI rely on it as an assistant to offload the skills they’re bad at and don’t have the time or desire to master, since they’re too focused on perfecting a set of skills they love.
In the case of Story Prism, that’s offloading the complicated task of going from information to intel by helping you connect everything into a mind-map that you can interact with and understand through conversation.
So journalists can talk to the information they’ve gathered. D&D World-builders can run simulated campaigns to stress-test before playing with their friends. Screenwriters can develop whodunit murder mysteries faster by providing more bandwidth to their memories for what they’ve written down. Marketers can add transcripts from their conversations with prospective customers to find the common pain points and feature requests.
The list is endless because it adapts to the writer’s purpose. Yes, this is just a simple app that lacks robust functionality when you compare it to the existing mind-mapping apps. But not too long from now, you’ll be able to do a lot more with this. I don’t want to spoil the surprise, so I’ll leave it at that.
I hope you found this interesting, and as always, best of luck in your creative endeavors!
Story Prism,
_____________________________________