How Bellingcat outfoxes the world’s spy agencies

20 October 2018

9:00 AM

20 October 2018

9:00 AM

Bellingcat is an independent group of exceptionally gifted Leicester-based internet researchers who use information gleaned from open sources to dig up facts that no other team of journalists has been able to discover.

Or, Bellingcat is a sophisticated front used by western intelligence agencies to disseminate stories that would be considered tainted if they came from an official source.

Which is it? The answer matters, not just because Bellingcat’s investigators — a tiny outfit with just 11 staffers and around 60 volunteers around the world — have apparently identified Sergei Skripal’s would-be assassins, pinned the blame for chemical weapons attacks in Syria squarely on the Assad regime and the responsibility for the downing of Malaysian Airlines flight MH-17 on the Russian army. It matters because Bellingcat’s methods have transformed the way that news — and intelligence — is gathered.

Bellingcat’s pioneering technique involves cross-referencing social media posts, tweets, news photographs, publicly available databases, Google Street View and maps into a detailed mosaic of apparently irrefutable data. Their information has been judged watertight enough to be used by the official commission investigating the downing of MH-17 and has been cited in the United Nations as proof of Syrian war crimes.

And if Bellingcat truly is a group of dedicated nerds armed with nothing more than an internet connection and a talent for creative Googling, they’ve proved not only more effective than other journalists but they have quite possibly outdone the West’s intelligence agencies too.

‘I’d say they’re way ahead of us on many things,’ admits a senior British security official. Bellingcat’s methods are ‘way too innovative for the great majority of lemmings in government,’ says one former CIA officer. Today’s spooks live in constant fear of enquiries over possible failures. ‘MI5 would just hold them back, almost certainly’ if researchers strayed into illegality, says the source. Bellingcat’s willingness to buy information on the black market or scoop it up from pirate sites makes them better than governments at gleaning information from open sources in ‘almost all’ cases, he says.

Of course, if you believe that Bellingcat is an MI6 or CIA front, then the West’s traditional spooks would have every interest in standing up the upstarts’ credibility. ‘Bellingcat looks to me very much like the information warfare department of MI6,’ says former Russian member of parliament Sergei Markov. ‘Very professional people are working on this falsification… they are liars and work for British intelligence.’ For Charles Bausman, editor-in-chief of the pro-Kremlin Russia Insider alternative news website, the story that Bellingcat founder Eliot Higgins ‘is just a remarkable young man doing God’s work sells well to a large, dumbed-down MSM [mainstream media] market… But the alt-media universe holds him up as a classic example of subversion and fake news.’

Bellingcat’s latest scoop — unmasking the identity of the Skripal hitmen — has also been their most controversial. In a departure from their earlier adherence to only open-source material, the group admitted using confidential human sources for some of their information. To many, that rang alarm bells. Julian Assange’s Wikileaks was once fêted by western media for its willingness to release suppressed information — for instance, footage of US choppers shooting up unarmed civilians in Iraq — but later turned into a channel for political dirt stolen by Kremlin-sponsored Russian hackers. Was Bellingcat also allowing itself to be manipulated by the spooks in the same way? ‘Might not the group’s good name be being used to get information into the public domain that officials do not want to vouch for?’ asked Mary Dejevsky in the Independent. ‘And, if so, would this be to inform, or to mislead?’

But the inside story of Bellingcat’s Skripal scoop, reported here for the first time, paints a very different picture — not of a group using unsourced leaks, but rather of researchers willing to break the law and use Russia’s thriving commercial black market in personal information to obtain confidential data from the state.

For their investigation into the identity of the Skripal suspects, Bellingcat teamed up with a group of investigative journalists in Russia who publish the Insider (not to be confused with Russia Insider)  — a site that regularly investigates corruption and came to prominence in 2014 when it was able to independently corroborate the accuracy of much of a trove of stolen Russian government emails leaked by a Russian hacktivist group. The Insider’s founder, Roman Dobrokhotov, was a prominent opposition activist before going into journalism.

Initially, Bellingcat wasn’t interested in the Skripal story — until the suspects appeared on the Kremlin-controlled RT channel with their now-infamous cock-and-bull story about wanting to visit the ‘123-metre-tall spire’ of Salisbury Cathedral. The ham-fisted official denial confirmed to Bellingcat that the Russian state was covering up something juicy. ‘If it hadn’t been for the RT interview, we probably wouldn’t have looked so closely,’ says Higgins.

The first assumption checked by Bellingcat’s team was whether any of the personal details in either passport used by ‘Alexander Petrov’ or ‘Ruslan Boshirov’ were actually true. To do that they needed the passport data of millions of Russian citizens — which turned out to be the easy part. ‘In Russia there are a lot of people who have access to this kind of data,’ says Aric Toler, a Bellingcat staffer. Bellingcat’s researchers downloaded a 650-gigabyte file of passport data for free from a Russian torrent site (where it is still available today), and cross-referenced it with other publicly available databases. ‘Ruslan Boshirov’ came up with no matches. But one man — Alexander Yevgenyevich Mishkin, a military doctor — shared a birthday and first and patronymic names with the fictional Alexander Yevgenyevich Petrov.

Then came the legally dubious part. Russia has a thriving black market in personal information. ‘These services are very cheap, which shows that there is low risk and high demand,’ says Roman Dobrokhotov. A search on Yandex, the Russian equivalent of Google, does indeed turn up dozens of such agencies offering, more or less coyly, to obtain copies of passports, driving licences, business registration documents and marriage certificates for a fee of around 100 euros. Bellingcat commissioned several searches from such agencies. One turned up the original passport application for Petrov and Boshirov’s nearly consecutive fake passports, issued by an office dealing exclusively in officials’ passports and stamped ‘Do Not Give Out Information’. They also obtained Mishkin’s real passport and driving licence.

The agency paid to leak information was one of Bellingcat’s controversially confidential sources — and Dobrokhotov says that they protected the agencies’ identity from journalistic principle, not to protect a hidden leaker. ‘If you are sent a document, that is the least reliable possible source,’ he says. ‘It means someone wants to prove something… If you find the documents yourself, that’s very different. In this case… we ordered the copy of [Mishkin’s] passport from a person who knew nothing about our investigation.’

Is it possible that Bellingcat were being played? Dobrokhotov went on to order legal copies of publicly available information on Mishkin, such as his apartment and car registration (his vehicle turned out to be registered at the headquarters of Russian Military Intelligence at Moscow’s Khoroshovskoye Shosse, 76). He also sent a reporter to his home village in the Russian Arctic to question friends and family members. ‘Several sources correspond to each other,’ says Dobrokhotov. ‘Each single stage can be falsified — but all together they can’t.’

The search for ‘Boshirov’ was more challenging. Since cross-referencing Boshirov’s fake passport with real information hadn’t yielded any results, Bellingcat trawled the social media accounts of military men of similar age who had attended Russian military intelligence academies in the early 2000s. The organising principle of the Russian social media site Odnoklassniki (literally ‘Classmates’) helped — the site works on the principle of uniting people with old school and university contemporaries. A group photograph of the Far Eastern Military Command Academy yielded an image of a man who resembled ‘Boshirov’ — one Anatoliy Chepiga, whose later photographs and personnel records had been carefully and systematically expunged from social networks and official photographs, immediately arousing suspicion.

Bellingcat also used a Swedish-designed app widely utilised in Russia called Truecaller, designed to crowd-source telephone numbers by scraping the telephone address books of all its users — to identify people who could be connected to Chepiga. Using that data, Bellingcat approached some of Chepiga’s old comrades to verify the identity of the man in the photograph — confidential sources again, but covered by journalistic source-protection rules rather than to conceal a targeted leak, insists Toler. And Bellingcat also obtained a copy of Chepiga’s passport through the same agency route and found a clear match in the photographs. A flood of open-source information — including car registration data and official records of Chepiga’s being honoured as a Hero of Russia by Vladimir Putin — confirmed what the human sources had told them.

‘We are not being approached with anything at all,’ says Toler. ‘We don’t do that. With human intelligence, we have only done that kind of stuff when there are no other options.’ Obtaining passport information from shadowy agencies ‘was the nuclear option for us. We did this because [we had] exhausted all other info. This was the only thing left for us. This will not be a habit. Ninety–nine per cent of our work will remain very open source.’

If anything, Bellingcat’s buccaneering approach to data mining actually strengthens the case for them being a genuinely independent outfit willing to do things most government agencies would balk at. The use of black-market information ‘is more than a little WTF,’ says the former CIA source. ‘I’d say it proves Bellingcat is non-government (or non-government linked).’ But if Bellingcat isn’t linked to government, who is it linked to?

The alt-media universe has made much of Higgins’s now-lapsed affiliation to the Atlantic Council, a conservative thinktank in Washington DC (‘Higgins’s real identity as a neocon, Atlantic Council stooge is being brought to light,’ says The Duran blog). The frequently anti-Russian tone of Higgins’s tweets have also come under attack (‘Higgins either vehemently hates, or has been told to hate Russia, and Russia’s president Putin… his Twitter timeline can read at times like one man trolling an entire country,’ writes sometime RT journalist Graham Phillips, aka The Truth Speaker). And even the entirely mainstream Dejevsky claims that Bellingcat ‘has never, so far as I am aware, reached any conclusion that is inconvenient to the UK or US authorities.’

In reality, despite Higgins’s personal Twitter stance, plenty of Bellingcat’s reporting has attacked the US — and even exonerated Russia. When a mosque in Al-Jinah, a Syrian village located in the western part of the Aleppo governorate, was bombed in March 2017 a Bellingcat investigation linked photographs of bomb fragments taken by a Dutch journalist to stated US air raids on that day to prove that a US AGM-114 Hellfire missile was responsible, not the Russians. And one of Bellingcat’s most consistent ongoing projects has been keeping track of airstrikes in Yemen — including on a hospital and a market — by Saudi aircraft using US supplied munitions.

Bellingcat’s funding also has every appearance of transparency. Higgins says that some 60 per cent of the funding for his 11 staffers comes from giving training seminars on their investigative techniques to journalists and researchers (sample topic: ‘How To Scrape Interactive Geospatial Data’), and the rest from grants from NGOs such as the Google Digital News Initiative, Adessium (a Dutch free speech foundation), the Open Society Foundation and, later this year, the Dutch postcode lottery.

If these guys are for real, the question becomes, why isn’t everyone, from spooks to newspapers, doing what they do? Part of the answer, at least in the case of news gathering, is simply time. Some Bellingcat investigations — for instance, a recent report on how social media can act as a gateway to fascist organisations — take dozens of contributors months of work.

The real secret of Bellingcat is that they have stumbled upon a disturbing truth: that it has become impossible to tell analogue lies in a digital world. In an age where almost all personal data is searchable and every event photographed, the most secret information is often hiding in plain sight. All you need to know is where to look for it — even if that means delving into the internet’s darkest corners.

Got something to add? Join the discussion and comment below.

You might disagree with half of it, but you’ll enjoy reading all of it. Try your first 10 weeks for just $10

Show comments