Dataharvest 2026 - the European Investigative Journalism Conference

In our digitally connected world, perpetrators feel so safe online that they build their networks openly: on public-access porn websites and messenger apps such as Telegram. Our investigation for STRG_F/NDR in Germany uncovered an international rape network that had formed on porn websites and in dozens of private chat groups on Telegram. One group had more than 70,000 members.

Users exchange detailed information on how to drug and rape women who are already close to them, such as their wives, girlfriends, sisters, or mothers, without them noticing. The rapists share videos and photos of the assaults online. One man from Germany drugged and raped his wife for more than 15 years and generated millions of views with the footage. Our investigation triggered a police investigation, and he was stopped.

We'll share how we began investigating these networks, how we gained access to them, how we investigated the users for years by also going undercover, what tools we used, what ethical and moral challenges we have faced, and how we kept an overview of all the footage we documented and saved over the years.

We will address:
- How do you conduct online research in criminal networks? (Structures, dynamics, and mechanisms)
- How do you gain access to them?  (User's communication and behaviour) 
- What opportunities and limitations did we encounter? (Laws and journalists' rights, ethical and moral responsibilities)
- When should you consider undercover research, and what can it look like? (Journalistic standards and guidelines)
- How do you protect your own mental health when confronted with disturbing content?

The Great Firewall, censorship, and language barriers make open source research on China really difficult, if not impossible. In this session, we aim not only to make you aware of obstacles you may face, but to show you solutions and strategies, especially for journalists and researchers working from outside China who don't speak the language.

We’ll show you the research resources, toolbox and we'll share tips on:

1) how to navigate Chinese social media: WeChat, Douyin, Rednote and others,
2) how to reconcile information inconsistencies in English and Chinese,
3) how to read the ownership of Chinese companies: private, state owned and central government enterprises,
4) mobile device setup and translation applications.

This talk will show the methodology behind The Guardian’s exclusive investigation into properties advertised as tourist destinations on Airbnb and Booking.com located in Israeli settlements that are illegal under international law. The Guardian found 760 rooms being advertised in hotels, apartments, and other holiday rentals in illegal Israeli settlements in the West Bank, as NGOs and activists warned that these companies are violating international law and profiting from war crimes.

In their investigation, they used geospatial tools, like PostGIS and QGIS, to localise accommodations on a specific geographical area, and to join these accommodations with shapefiles representing the borders of illegal settlements to identify those based within settlement boundaries. Using OSINT methods and Google Sheets, they designed a methodology to solve data challenges like duplicate and multi-platform listings, and listings with approximate locations.

In this session, attendees will come up with a robust methodology to find tourist accommodations in any geographical area, so they can reproduce the method for new stories.

Analysts estimate that at least $28 billion tied to illicit activity has flowed into cryptocurrency exchanges over the last two years. ICIJ's Coin Laundry investigation, in collaboration with 37 media partners, exposed part of this shadow financial system, collecting dozens of cryptocurrency wallet addresses and uncovering hundreds of millions of dollars' worth of illicit funds linked to suspected criminals, including a Cambodian conglomerate that facilitated money laundering for hackers and scam compound operators.

In this hands-on session, the panelists will explain how any reporter can use open source resources as well as advanced techniques to investigate major crypto exchanges, find leads, and "follow the crypto." The session will blend an intro showing the kinds of stories you can do on crypto, starting from scratch, the kinds of tools you can use, and then show how we use those tools to compile the data for analysis.

Hundreds of thousands of Europeans were tricked after receiving text messages on their phone claiming they had missed a payment at a toll road or that they needed to pay a fee for a parcel they ordered. Who is behind it?

In this session, we will share the methods that led us to unmasking the person calling himself “Darcula” - the lead developer of one of the major Chinese phishing-as-a-service platforms. The software Darcula created, called Magic Cat, is used by hundreds of scammers worldwide.

The presentation will also go into analysing a large throve of victim data shared by security researchers, re-constructing the phishing software, and infiltrating Telegram groups. The OSINT section will go into detail about using technical data sources and leveraging visual cues in photos shared by the criminals.

This investigation was led by NRK (the Norwegian Broadcasting Corporation) in collaboration with Germany's public broadcaster ARD and Le Monde.

Come to this session to learn more about Chinese cybercrime and how to investigate it, as well as hear more about the data trove the NRK journalists still have that might be relevant to your country.

The stories (in English) can be read here:
https://www.nrk.no/spesial/inside-the-scam-network-1.17399135
https://www.nrk.no/spesial/the-hunt-for-darcula-1.17399157