Information operations · Information Warfare · Russia · Ukraine

Meet Bellingcat


Aric Toler is part of Bellingcat, an international Internet research organization that has meticulously investigated conflicts around the world. This week, the online group outed one of two Russian agents believed to have been involved in poisonings in the U.K. Meredith Rizzo/NPR

The idea of Open Source Intelligence began in the 1990s but bumped up against a deeply entrenched Intelligence Community and powerful new media corporations.

One open source researcher went so far as to predict that with open source, there was no need for conventional intelligence.

20+ years later, that prediction is becoming somewhat of a reality.

Bellingcat used access to VKontakte, the Russian equivalent to Facebook, and many other online databases to uncover Russian operations in Donbas, Crimea, and Syria. Bellingcat exposed the identities of Russian GRU intelligence officers attempting to assassinate Sergei Skripal and his daughter in Salisbury, Russia and helped expose shoddy GRU cover procedures. 305 probable GRU agents were exposed as a result.

Bellingcat and its members have been the subject constant Russian efforts to undermine their efforts, expose them, and even blackmail them.

Open source intelligence is at the forefront of discovery, giving news organizations and the intelligence community a run for their money.

</end editorial>



Meet The Internet Researchers Unmasking Russian Assassins

October 12, 20185:06 PM ET

Aric Toler isn’t exactly sure what to call himself.

“Digital researcher, digital investigator, digital something probably works,” Toler says.

Toler, 30, is part of an Internet research organization known as Bellingcat. Formed in 2014, the group first got attention for its meticulous documentation of the ongoing conflict in Ukraine. Toler used posts to Russia’s equivalent of Facebook, VK, to track Russian soldiers as they slipped in and out of eastern Ukraine — where they covertly aided local rebels.

Since then, Toler and his colleagues have been up to a whole lot more. They’ve used commercial satellite images to track Chinese air bases; watched security operations unfold on social media in Ven

Now Toler and the nine other full-time members of Bellingcat’s small, international staff are increasingly being drawn into some of the biggest news stories in the world. This week they unmasked one of two Russian agents believed to be behind a spate of poisonings in the U.K. (they exposed the other one last month). And they’re collaborating with news outlets to help identify suspects in the disappearance of Saudi journalist Jamal Khashoggi.

It’s a rapid rise for what was, just a few years ago, a group of amateurs. Bellingcat was founded by Eliot Higgins, a British native whose previous jobs included helping the settlement of refugees in the U.K. and administrator in a women’s lingerie factory.

Chemical exposure

Higgins’ work began with the brutal civil wars in Syria and Libya. He was astonished by the amount of information about the conflict that was available online in social media postings and videos. “I just asked myself, how can I prove this information was true?” he said in a 2015 interview with NPR. He didn’t speak or read Arabic, so he started looking at the one thing he could identify: the weapons and munitions being used by the combatants. He posted what he found on his personal blog. “When I wrote about something, I’d say this is what I think and this is why I think it; I’d show my work,” he said. The goal, he said, was to be “very transparent” about what he had discovered.

Higgins was among the first to identify the munitions used in a grisly chemical weapons attack in the Damascus suburb of Ghouta in August 2013. “I’d actually seen them before because they’d been used in previous chemical attacks that hadn’t been quite as large-scale,” he said. His work linking the munitions to the Syrian military was meticulous and strong enough that it was later cited by organizations such as Human Rights Watch.

In Bellingcat, Higgins has drawn together a troop of like-minded, newly professionalized researchers. They are scattered across the globe — Higgins lives in the U.K., Toler in Kansas City, Mo., others are in the Netherlands and elsewhere. They communicate via online messaging and Twitter, in a constant exchange of satellite imagery, social media postings and videos.

“It’s like a game — you kind of find stuff and put it together,” Toler says.

Toler says the organization is funded half through grants from places like Google and the Open Society Foundation. The other half comes from training workshops, including one NPR recently visited in the Washington, D.C., area.

“We firmly believe it’s so important that more people are aware of how to do these kinds of things,” says Christiaan Triebert, a 27-year-old former Dutch journalist who is also on Bellingcat’s staff.

In fact, the name Bellingcat comes from one of Aesop’s fables — Belling the Cat — about a group of mice who decide to put a bell on a stealthy cat to expose its presence. Triebert says that’s why the group sees training sessions as a key to its success: “I hope the group of mice keeps growing, and I hope we can bell more cats.”

Bellingcat’s identification of the two suspected Russian intelligence agents shows the benefits of knowing where to look. On March 4, a former Russian double agent, Sergey Skripal, and his daughter, Yulia, were found unconscious on a bench in the English town of Salisbury. British authorities later determined a rare nerve agent had been used to poison the couple and that the poison was also responsible for the death of a U.K. citizen in July.

In September, British police released photographs of two Russian suspects, along with the aliases they traveled under. Bellingcat took what little information they released and got to work.

Leaky data

“Russia is extremely corrupt and everything leaks like a sieve, so you can find leaked databases of various types online,” Toler says. “Things like insurance databases, driver’s licenses, voter databases, stuff like that. This stuff isn’t 100 percent legal, but it’s out there.”

Bellingcat tracked down a second man it believes to have been involved in the poisonings through searching databases online.

Meredith Rizzo/NPR

Bellingcat teamed up with a Russian news site known as the Insider to mine the databases. They used some of the leaked databases to show that the passports for the two suspects in the Skripal case were issued in 2009, under aliases. Believing the two worked for Russia’s military intelligence, known as the GRU, they began to work backward. Given their rough ages, the group figured one or both attended training at the Far Eastern Military Command Academy in Blagoveshchensk, near the Chinese border. Eventually they found a photo related to the academy with one of the suspects, identified as Col. Anatoly Chepiga. Subsequent searches of databases turned up numerous links between Chepiga and the GRU, including his photo on the wall of the military academy where he trained.

The group exposed the man it believes is the the second suspect on Monday. Known as Alexander Mishkin, he was tracked down through a series of database searches that showed, among other things, that his car was registered to GRU headquarters. Toler says that the group, in partnership with Russian journalists, even managed to send someone to Mishkin’s hometown, in the far north of the country. “They had his picture, and were showing it around to people in the town,” Toler says. Many villagers instantly recognized him. They said Mishkin’s grandmother had a photo of him receiving a medal from Russian President Vladimir Putin. “She’d show it to people, but you can’t touch it — it’s her most prized possession,” Toler says.

This still taken from CCTV and issued by the Metropolitan Police in London on Sept. 5 shows two suspects in the Skripal poisoning at the Salisbury train station in England on March 3.

Metropolitan Police/AP

Russian retaliation

The Russians have noticed the group’s work. After Bellingcat’s initial reports, Russian state media released interviews with the two suspects, who said that they were sightseers. Russian media also attacked the Bellingcat group, stating it was funded by the U.S. government with the sole purpose of undermining Russia and other NATO adversaries.

The group members bristle at such allegations. “We’ve never cooperated or spoken to or had anything leaked to us by any security services,” Toler says. The group does receive anonymous tips, he adds, but it tries to make sure any information it receives is independently verifiable so that “we’re not being taken for a ride by some spooks.”

Triebert also points out that they have investigated U.S. airstrikes in Syria. “When we investigate the Pentagon, [Russian media] calls us independent investigators that show the Pentagon killed civilians,” he says.

But in the background, Triebert and Toler are also aware of the researchers and whistleblowers who have come before Bellingcat. Many have not succeeded in maintaining an impartial stance. The website WikiLeaks, for example, gained fame through leaking U.S. documents that many saw as shedding light on the wars in Iraq and Afghanistan. But in recent years, the organization has also gained notoriety as a conduit for hacked emails from the Democratic National Committee. It later emerged that Russian hackers had stolen those emails with the goal of swaying the 2016 election.

Christiaan Triebert is a former Dutch journalist who now works with Bellingcat. The organization’s members come from all over the world.

Meredith Rizzo/NPR

“When I was a student, I was inspired by the work of WikiLeaks, right? This is what got me into this stuff,” Triebert says. “If I look at WikiLeaks nowadays, I’m disappointed by what it has become.”

“Of course we think about that, because we don’t want to be co-opted,” Toler says. At the same time, he thinks their open approach provides a degree of protection. “We’ve been doing this for years and years and years, and we can kind of sniff out when something’s been planted.”

But Toler and Triebert also admit the challenges will only grow with the group’s popularity. Looking to the future, Toler says that fake posts and doctored videos will only grow in sophistication. Triebert expects intel agencies may feed them leads to get classified findings into the public sphere. “You could call it whitewashing of their information, right?” he says.

Neither knows what the future holds for the group, but both say they are ready. “So I think yeah, interesting times ahead,” Tiebert says.

Source: https://www.npr.org/2018/10/12/656869598/meet-the-internet-researchers-unmasking-russian-assassins

Advertisements

3 thoughts on “Meet Bellingcat

  1. What do you think of these guys, Joel? Juliana

    On Sat, Oct 13, 2018 at 10:13 AM To Inform is to Influence wrote:

    > Joel Harding posted: ” The idea of Open Source Intelligence began in the > 1990s but bumped up against a deeply entrenched Intelligence Community and > powerful new media corporations. One open source researcher went so far as > to predict that with open source, there was no n” >

    1. Bellingcat? I think it is the way of the future. Crowdsourcing and open source research. The problem is meticulously documenting what is found.

      Too many open source researchers do not use logic and extrapolate to the point of absurdity.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.