In November, Christo Grozev, a researcher at Bellingcat, an open-source investigation collective, called Alexey Navalny, the Russian opposition leader. Three months earlier, Navalny had fallen grievously ill on a flight departing the Siberian city of Tomsk; he was evacuated, in a coma, to Berlin, where the substance that had nearly killed him was identified as Novichok, a Russian-made nerve agent, the use of which appeared to lead straight to the Kremlin. When Grozev reached Navalny, he was recuperating in Ibach, a small town in Germany’s Black Forest. As Grozev recalled, he told Navalny, “I think I may have found the people who tried to kill you.”
Grozev, who is fifty-one, is originally from Bulgaria and spent much of his career opening independent radio stations in Russia. His affiliation with Bellingcat grew out of investigations that he had published on his personal blog, where he had documented Russian covert operations in Bulgaria, Greece, and Ukraine. At the time of his call to Navalny, Grozev had recently completed an investigation for Bellingcat into the St. Petersburg State Institute for Experimental Military Medicine of the Department of Defense, which he believed played a central role in Russia’s undeclared Novichok program. After Navalny was poisoned, Grozev searched his reams of telephone metadata—leaked records of calls made with Russian mobile-phone numbers—and discovered a flurry of calls between high-ranking figures at the institute and numbers linked to the F.S.B., Russia’s domestic-security service.
On the call, Grozev asked Navalny to provide information on his recent travels around Russia, which Grozev and others could cross-check with whatever data he could collect on the movements of F.S.B. officers. A month later, the results of Grozev’s investigation into Navalny’s poisoning were published on Bellingcat: using telephone metadata and flight records, he had identified more than a dozen F.S.B. officers, many with backgrounds in nerve agents, who had shadowed Navalny on thirty-seven trips, including his fateful visit to Siberia. “These operatives were in the vicinity of the opposition activist in the days and hours of the time range during which he was poisoned with a military-grade chemical weapon,” the report alleged. One F.S.B. officer, the report noted, turned on his mobile phone on the night the poisoning likely took place, pinging a nearby cell tower and revealing his location just north of Navalny’s hotel. (In January, Navalny returned to Russia, where he was charged with parole violations and sentenced to more than two years in a penal colony; on Wednesday, he announced that he had begun a hunger strike to protest the conditions of his imprisonment.)
Bellingcat had unravelled the F.S.B.’s operation without ever launching a spy satellite, tapping a phone line, or deploying a single agent to the field. “We stumbled onto the truth purely by observing data from thousands of kilometres away,” Grozev told me. The collective’s innovation has been to recognize that the digital-age panopticon actually works in two directions. “Data is the great equalizer between an individual and the state,” Grozev told me. “It’s far more symmetrical than people in the secret services imagine: they think they benefit from all this information in terms of their ability to surveil and control, but they have yet to understand how much it exposes them.”
In his new book, “We Are Bellingcat,” the group’s founder, Eliot Higgins, describes the group as “an intelligence agency for the people.” As he puts it, “We are not exactly journalists, nor human-rights activists, nor computer scientists, nor archivists, nor academic researchers, nor criminal investigators, but at the nexus of all those disciplines.” Its members are a loose collective of “detail-oriented obsessives” who spent “formative years at computers, enthralled by the power of the internet,” Higgins writes. “But we had enough of a moral compass to repudiate the other routes to an outsized impact online, such as trolling and hacking.”
I reached Higgins by phone in his home in Leicester, England, where, in 2012, he launched the Brown Moses Blog, a personal site named after a Frank Zappa song. A consuming interest in the Arab Spring led him to spend hours sifting through the images emanating from the conflicts, especially in Syria. Higgins didn’t speak Arabic or possess formal expertise in the region; his métier, rather, was for what might be called long-distance digital forensics. Many people were sharing user-generated photos and videos from the war zone, but few were trying to use them to determine how obscure markings on bomb casings revealed who dropped them, and from where.
In 2013, Higgins was among the first to link a rocket system used in a chemical attack in the Syrian town of Ghouta to the regime of Bashar al-Assad. That same year, the Times used Higgins’s identification of Yugoslav-made weapons as the basis for an article that revealed a secret supply of weapons purchased by Saudi Arabia from Croatia, and shipped to anti-Assad rebels. My colleague Patrick Radden Keefe subsequently profiled Higgins for the magazine, calling him “perhaps the foremost expert on the munitions used in the war.” “On YouTube, he scans as many as three hundred new videos a day,” Keefe wrote, “with the patience of an ornithologist.”
In the summer of 2014, Higgins launched Bellingcat. “A progression of my hobby,” he told me. Three days later, Malaysia Airlines Flight 17, a passenger flight headed from Amsterdam to Kuala Lumpur, was shot out of the sky over the Donbass, a region in eastern Ukraine, killing all two hundred and ninety-eight people on board. Almost immediately, online ephemera—cell-phone photos taken from someone’s balcony, dash-cam footage from inside a car speeding down the highway—offered clues as to what happened. The most likely suspects were separatist forces in the Donbass, who were backed by Russia in a war against the Ukrainian state. Several videos surfaced of a Russian-made Buk anti-aircraft missile system passing through rebel-held territory hours before MH17 went down. Bellingcat pulled together other bits of evidence, such as a photograph of the Buk heading back toward Russia with one of its four missiles missing. In October, 2015, Bellingcat published its investigation, which traced the path of the Buk launcher from the base of the 53rd Anti-Aircraft Missile Brigade, in western Russia, to an empty field near the Ukrainian city of Snizhne. A patch of burnt ground, visible in satellite photos, marked the place of the probable launch site.
One of Bellingcat’s central principles is that its investigations should be transparent and replicable—“akin to the scientific method applied to journalism,” as Higgins puts it in his book. In its MH17 report, all the video, images, and associated data are on display, along with how each item was geolocated or time-stamped. There are no leaks or secret sources. It’s a rare form of journalistic investigation, in that the audience’s trust isn’t strictly required. Tech-savvy readers can corroborate everything for themselves.
Higgins also shared the report with the Joint Investigation Team, a multilateral task force led by the Netherlands, which is responsible for collecting evidence for the criminal investigation. “It’s a pretty one-way process,” he said. “They say thank you and that’s about it.” A person close to the J.I.T. investigation expressed admiration for Bellingcat’s work. “It was a real eye-opener that so much information was available on social media,” the person told me. “We were surprised by the depth of their investigations, and, in many ways, they have served as starting points for our own.”
Russia is by no means Bellingcat’s only target. A series of reports on U.K. arms sales to Saudi Arabia, which Bellingcat linked to military strikes in Yemen, were cited in hearings in the British Parliament. Another report revealed that Frontex, the E.U.’s border guard, had pushed boats of refugees out of E.U. waters, in the direction of Turkey. More recently, the collective played a role in identifying several people who stormed the U.S. Capitol. “I’d like to live in a world in which we’d never have to write about Russia again,” Higgins told me. “But it’s not like we can just ignore something like a secret nerve-agent program.”
In September, 2018, six months after Sergei Skripal, a former Russian double agent, and his daughter Yulia were poisoned with Novichok in Salisbury, a city in southwest England, British prosecutors announced attempted murder charges against two undercover Russian operatives. They provided the names of their cover identities—Alexander Petrov and Ruslan Boshirov—and published their photos, taken from security-camera footage and passport images. “It was an immediate challenge,” Grozev told me.
No open-source information was available on the aliases of Petrov and Boshirov. Instead, Bellingcat unmasked their identities, in large part, using data purchased on Russia’s vast gray market of “probiv,” a term that comes from the Russian verb for an online search. As Ben Smith explained in a recent column for the Times, “Today, it refers to the practice by which anyone can buy, for a couple of dollars on the social media app Telegram or hundreds on a dark web marketplace, the call records, cellphone geolocation or air travel records of anyone in Russia you want to track.”
Grozev’s investigation for Bellingcat into Navalny’s poisoning was heavily reliant on probiv databases—flight data showed F.S.B. officers with chemical-weapons backgrounds flying to the same destinations as Navalny, car-registration files linked undercover officers to F.S.B.-linked offices and scientific institutes, and telephone billing records revealed how the hit team kept in touch before and after the assassination attempt. Higgins told me that Bellingcat’s foray into the world of probiv presented a “complex moral question.” “This data shouldn’t be available,” he said, “but it is.” Ultimately, the stakes of the investigation felt too high and the utility of the information potentially too decisive: “Russia appears to be running an illegal nerve-agent program, and there’s literally no other way that I could imagine we could pull off this investigation.”
Toward the end of the investigation, however, data that brokers had promised to deliver to Grozev inexplicably didn’t show up. When he ordered the passenger manifest of the flight from Tomsk to Moscow on which he assumed the F.S.B. hit team would have flown home, he didn’t see their names, even though he later found them on an archived version of that same document. He assumed the probiv market was being scrubbed of incriminating data. “At some point, we knew that they knew,” Grozev said of the F.S.B.
In recent weeks, Russian police have arrested multiple mid-level police officers who, they claim, used their access to government databases to sell probiv. “The market for phone metadata is handicapped,” Grozev said. Many of the remaining brokers are concerned about what he called the “toxicity” of his subjects: if a Google search suggests someone connected to the Kremlin, rather than, say, a spurned business partner or divorced spouse, the deal quickly dies.
Still, the Russian authorities can delete only so much: Bellingcat alone has hundreds of archived databases, presumably full of data on countless secret operatives and their missions that now, once downloaded, can’t be manipulated or erased. And the Putin system’s twin attributes—authoritarianism and corruption—mean that the market will never fully disappear. As Roman Dobrokhotov, editor of The Insider, a news site that regularly partners with Bellingcat, told me, “The state, whether through the F.S.B. or any number of other agencies, tries to keep tabs on its citizens by collecting a huge amount of data on them. And then, in parallel, agents of this same state sell this data on the side to make money for themselves.”
Probiv is material that is nominally meant to stay private or secret and thus is not, strictly speaking, open source. Its increasing role in Bellingcat’s investigations has nudged the organization toward the tactics of traditional intelligence agencies and journalistic outfits—both of which, to varying degrees, make appeals to the individual motives of those who provide them with information. In some cases, this has worked to Bellingcat’s advantage. Grozev said that, for every source who has gone silent, others are growing more interested in aiding his investigations. “If the level of discontent inside the system continues to go up, the drying up of the market won’t matter as much.” When I spoke with Higgins, he relayed that one of the brokers who provided data for the Navalny investigation got in touch after its release, telling Bellingcat, “We now know who you are and we’re glad to be able to help.” Higgins said, “It was actually quite touching.”
Such an evolution also raises the degree of confrontation with the Kremlin. In the wake of the Skripal revelations, Alexander Yakovenko, Russia’s ambassador to the United Kingdom, called Bellingcat a “tool for the deep establishment.” When asked for evidence, he replied, “I cannot present you the evidence. . . . We have a feeling.” That same year, the Russian foreign ministry issued a statement referring to the “pseudo-investigators from Bellingcat, which is well known for spreading false information.” This past December, Putin responded to Bellingcat’s report on Navalny’s poisoning. “It’s not an investigation,” he said. “It’s the legalization of the materials of American intelligence agencies.”
One imagines the Kremlin’s loathing of Bellingcat stems, at least in part, from a genuine disbelief that a Web site run by a scattering of people on their laptops could consistently expose its secret operations. Dobrokhtov suggested to me, “Perhaps this is even a good thing: if Putin believed that Bellingcat and I are capable of doing all this ourselves, the hunt would begin for us.” He added, “In the past few months, I’ve had the feeling the situation might be changing.” Grozev, for his part, said, “It feels less like a hobby than it once did. I’ve already made adjustments for my security, and in the future many more major changes are going to have to take place. These are guys with long memories.”
Higgins, who regularly gets into fights with doubters and critics on Twitter, told me, “Weirdly, it feels like an evolution of what I was doing when I started: arguing with people on the Internet and using open-source evidence to prove them wrong. Now I’m just doing that with the Russian state.”
