During an ongoing war, it is often extremely difficult for outsiders to gain a sense of what’s truly going on in the theater of combat as each side employs propaganda to understate their losses and embellish enemy weaknesses. The ongoing war in Ukraine is rather unique and unusual for a number of reasons, one of which is the unprecedented activity of open-source intelligence, or OSINT — a community of journalists, researchers, and amateurs who are employing open and freely available information to cast fresh light on this humanitarian crisis. Here’s why that matters.
What is open-source intelligence?
OSINT is an umbrella term that refers to any information that can be legally gathered for free from public sources about an individual or organization. Any publically available information is subject to OSINT scrutiny, including satellite data, books, reports, and newspaper articles — although in practice intelligence gathering is mostly performed on the internet, using information posted on social media and instant messaging groups, along with many other online sources.
OSINT can be used for both good and evil. For instance, publically available information can be used to gather intelligence on a potential victim to profile them and narrow down possible vulnerabilities. Hackers can use publicly available information that is virtually hidden to unsophisticated users to improve the security of a friendly system or, conversely, to attack an unfriendly cyber target. OSINT is, essentially, intelligence produced from public sources of information.
There are many readily available tools found online that the OSINT community uses to support its efforts. Some researcher-favorites include Nmap and Recon-ng. Simply by inputting an IP address — a unique number assigned to all information technology connected devices such as printers, routers, modems and even IoT refrigerators — into Nmap can reveal what hosts are available, what services those hosts offer, the operating systems they run, what firewalls are in use and many other details. But even using search engines like Google and Bing can be used to retrieve PDFs, Word documents, Powerpoint and Excel files from a given domain if you know how to make the right queries.
Other important tools allow OSINT researchers to geolocate pictures and videos, revealing fake war footage such as videos from old military exercises or previous conflicts unrelated to the current one.
OSINT exposing war crimes and assasination plots
While OSINT has been mainly associated with cybersecurity, in more recent times OSINT researchers have been documenting war zones, sort of like remote war correspondents armed with a digital forensics kit. Eliot Higgins, the founder of the investigative journalism group Bellingcat, is one of the first such researchers who achieved mainstream recognition after he exposed the use of various weapons in Syria starting in 2012.
Initially posting under the alias Brown Moses, Higgins monitored and scrapped information from hundreds of YouTube channels, Twitter feeds, and WhatsApp groups searching for images and footages of weapons employed in the Syrian civil war and by whom. He did all of this unpaid while looking after his young daughter in a Leicester suburb, thousands of miles away from the Damascus hotspot. Many of his reports were picked up by media and human rights groups, revealing harrowing accounts from the war. For instance, Higgins has put together a database of 491 videos of cluster bombs being used across Syria, together with map references and details of the type of weapons used.
“Before the Arab spring I knew no more about weapons than the average Xbox owner. I had no knowledge beyond what I’d learned from Arnold Schwarzenegger and Rambo,” Higgins told The Guardian in an interview.
“My wife sees me doing all this work and thinks I should be getting paid for it. But I’m doing it because I see stuff that isn’t being reported in the mainstream media and want to record it.”
Since Higgins’ first investigations in Syria, the British OSINT researcher has recruited a crew of experts, turning Bellingcat into one of the world’s foremost investigative journalism organizations. For instance, Bellingcat was the first to uncover evidence that Syrian dictator Bashar al-Assad used chemical weapons against his own people. But some of their investigations are so shocking they sound like they must have been performed by a spy agency with billions in funding like the CIA or MI6 — not a motley crew of volunteers working with public data; and yet, that’s exactly what it is.
Using a combination of open-source flight data, satellite images, and leaked Russian databases, Bellingcat exposed the identity of Russian operatives working for the military intelligence service GRU involved in the poisoning of MI6 double agent Sergei Skripal and his daughter Yulia in 2018, in Salisbury, England. Using the same techniques, Bellingcat was able to reveal that Russian intelligence officers from the FSB followed Alexei Navalny on over 30 trips since 2017. In one such trip, they poisoned Navalny in August 2020 with a secret nerve agent. Navalny, one of the most important opposition figures in Russia, survived the assassination attempt, but was later jailed on what seem to be false charges and is facing 15 years of prison.
Bellingcat is also at the forefront of OSINT in Ukraine. One of their investigations has revealed the use of cluster munitions — weapons specifically designed to inflict casualties to civilians — on non-military targets in Ukraine.
OSINT and the war Ukraine
Bellingcat is far from being alone. The OSINT community has grown and is very active on the Ukraine invasion. Intel Crab, a 20-year-old student at the University of Alabama, has been sifting through thousands of TikTok videos, security camera feeds, and satellite images to reveal troop and weapon movements.
Other Twitter accounts like Calibre Obscura and Oryx have been documenting war footage posted online and have kept tallies of varified major equipment losses on both sides. As of today, Oryx has documented 209 tanks, 130 armored fighting vehicles, 187 infantry fighting vehicles, 64 armored personnel carriers, 39 infantry mobility vehicles, 9 communications stations, 41 engineering vehicles, 13 aircraft, and 408 trucks and jeeps lost by Russia in the war so far.
The Ukrainian war is very different from previous major conflicts, in the sense that it is much more open. Everyone, military or civilian, carries a phone with a camera, whose footage can be uploaded online in a matter of seconds. The challenge lies in knowing where to look and having the necessary skills to find that needle in the haystack that everyone else is missing among the mountains of irrelevant information posted online.
Other OSINT discoveries are just obvious — if you have the right tools. By now, you have mostly heard about the ominous “40-mile Russian column” advancing menacingly towards Kyiv. Every major news organization used images released by Maxar, a space technology company that provides real-time satellite imagery. Earlier, on 24 February — just hours before Russia’s invasion — Jeffrey Lewis, an arms control expert who leads a team of analysts at the Vermont-based Middlebury Institute of International Studies, posted a Google Maps traffic jam forming on a road near Ukraine’s border. Those were actually Russian military forces that were about to storm the border.
Online tools like Flightradar24 and ADS-B Exchange have allowed journalists to track surveillance aircraft operated by the military and its contractors in the days leading to the invasion, as well as during the ongoing conflict. This includes a US Air Force RQ-4 Global Hawk surveillance drone, which was visible on Flightradar24 in Ukrainian airspace, apparently watching the Donbas region on February 24. These same sites have been used by the OSINT community to track the movements of the private jets and luxury yachts of Russian oligarchs hit by international sanctions.
The level of sophistication of some of the OSINT information is simply stunning. OSINT groups, for instance, have been able to intercept shortwave radio-based communications employed by Russian forces. The video below shared by Bellingcat’s Christo Grozev is simply surreal, showing how unencrypted Russian communications are getting jammed by Ukraine forces with their national anthem. This is meme-level trolling you’d expect to see between two teenagers playing an online video game not during an actual war between two major countries. But such are the times!
Piercing the fog of war
Governments or warring parties — once the only ones with eyes on the battlefield — can no longer control the narrative of a conflict, at least not in the way they once did. It’s just not possible to straight out lie anymore with a straight face.
Take for instance Russia’s false flag attempt from February 22, when separatists in the Donbas regions claimed that three people had been killed by an IED explosion that destroyed a car and van. The blame was pinned on Ukraine by Russian state-controlled media, but Bellingcat showed that the result of the explosion didn’t match the profile of an IED device. Moreover, the victims were almost certainly cadavers planted at the scene, with images clearly showing cuts made to the skull, most likely by a bone saw. This kind of procedure is typically performed during an autopsy. After this botched attempt, Putin gave the order to invade two days later anyway on the ridiculous pretext that it must protect Russian native speakers from fascists.
All of these developments, and much more, are revealing the horrors of war in unprecedented detail to the world. The sheer volume of open data from this conflict is staggering, allowing the OSINT community to provide a panoramic perspective that rivals or perhaps even surpasses the operations of spy agencies in some instances. In fact, some of this information often makes its way to NATO intelligence officials, according to Lukas Andriukaitis, who used to serve in the Lithuanian special forces and is now the associate director of the Atlantic Council’s Digital Forensic Research Lab.
“There will always be a fog of war, but I think it is the thinnest veil of war we’ve ever had,” Intel Crab said. “It’s surprising to me because it’s been, for the longest time, so niche on Twitter and the internet as a whole,” he told Rest of World.
We’re getting an unprecedented view into the very heart of a war and we have access to unprecedented information. How much of a difference this will make remains to be seen.
