📚 Finished reading We Are Bellingcat by Eliot Higgins.
This is the story of how Elliot Higgins went from curious internet user, through to an increasingly renowned commentator on blog articles, to starting his own blog all the way through to running an increasingly large and influential organisation dedicated to open source intelligence investigations called Bellingcat.
Open source intelligence, or OSINT, is “the collection and analysis of data gathered from open sources…to produce actionable intelligence”.
Bellingcat, named after the fable “Belling The Cat” , has famously used this technique to investigate and produce damning evidence on many geopolitical episodes, including the Malaysian Airlines flight MH17 crash, the poisoning of Putin’s enemies Alexei Navalny and Sergei Skripal, the unmasking of neo-Nazis in Charlottesville’s rally as well as various unpleasant and illegal incidents occurring in recent Libyan and Syrian conflicts . This book contains details of many of their increasingly complex and impactful investigations.
They also run training courses to let other folk learn their very transferrable, very versatile skills. They’re open about how, why and what they did. Transparency is one of the key tenets of their organisation. Knowing that there’s no reason for you to trust them beyond any other voice on the internet, they make a big deal of recording and sharing exactly what they did, what their sources were, what they inferred vs validated and all the outstanding questions that they couldn’t answer.
…an online claim is nothing more than a hypothesis, one validated only with backing evidence that others should be able to corroborate themselves.
Their motto became “Identify, Verify, Amplify”.
The most fascinating aspect to me is around the tooling. We all splurge our data every day all over the internet. Most notably on social media of course but many of our daily transactions that we don’t explicitly share are in someone’s database somewhere - records of your phone usage, travels, identity, financial transactions, property ownership and a whole lot more. Sometimes this kind of data is publicly available legitimately for free or at a reasonable cost. Other times hacked versions are floating about the lesser known parts of the internet. On occasion the Bellingcat team seem to slightly deviate from the “open source” aspect of OSINT and hold their nose and resort to paying off employees of various organisations to share data with them.
Knowing what sources they’ve found useful in their work both enables you to conduct your own investigations as well as be a bit more aware of what you’re potentially unknowingly sharing. This is surely a recommended skill for anyone who’s been alive in at least the past decade or so. Some of the tools they’ve used include:
- Several Google products: Earth, Maps, Translate, Youtube, reverse image search.
- An app called SunCalc that lets you estimate the time of gday a picture was taken via the shadows in it.
- Search engines less known to the average British or American internet user, such as Russia’s Yandex.
- Online catalogue and databases of munitions, vehicles, property.
- Various specialist message boards, military sites like Janes or sites like Uxoinfo that describe unexploded ordnance.
- Hobbyist sites - e.g. plane-spotting or license plate websites.
- Wikimapia
- Dashcam videos that have been shared online
- Pixifly , allowing searching of Instagram by location and time (seems like this is now shut down).
- Panoramio for seeing geotagged photos users post.
- Any social media site you’re likely to have have heard of, and others you may not have - VKontakte, Odnoklassniki.
- Zello, a chat where users share audio clips.
- Digital Globe and other commercial producers of satellite imagery.
- Checkdesk - an app that lets people sign up to join an investigation.
- Syrian Sentry - an app where volunteers recorded planes taking off from military airfields.
- Europol’s “Trace an Object”
- Calling people up on the phone to get an audio sample that can be compared with other snippets.
- Leaked customer databases
- Open source phone databases. There are also apps that share phone numbers people have in their contacts list such as TrueCaller - key here is that people’s names appear as they do in individual’s contact books. And some people list agents working for secretive organisations with the organisation as part of their name!
- The many messenger apps that let you see if a given phone number is currently online.
- Leaked data from phone companies showing where a phone was at some point in time.
- …and many more.
Some of these may no longer exist in the form they were originally used in. But Bellingcat keeps an up-to-date list of tools they find useful in their investigations here - their “Online Investigation Toolkit”. It’s quite eye-opening.
For anyone who’s nerdy enough to be able to cope with running scripts or compiling code, they also develop their own in-house tools which are available on their Github repos to all and sundry. As they note in the book, there is a tension between being entirely transparent and open when building killer new investigative tools and the fact that many of them could be used for nefarious purposes by folks with bad intentions, so, you know, please use them wisely.
The Bellingcat method has endless applications. What unifies our work is a drive for accountability. We take scattered facts online and try to turn them into justice.
My fuller notes on this book are here.