Solving the MH17 and the Skripal Case: How Bellingcat Demonstrates the Power of OSINT

The nature of publicly available data has changed profoundly and as a result OSINT has emerged as a powerful tool for everyone. What are the key elements of that change?

Long before the official Joint Investigation Team issued their findings on the MH17 disaster, a journalist collective known under the name ‘Bellingcat’, published a very detailed and evidenced account on what happened, and who was likely involved. Most remarkably, their account was entirely based on data that was publicly available.

Last year Bellingcat – again based on publicly available data – identified the real identity of the two men involved in the murder attempt on the Russian defector, Sergei Skripal, in Canterbury. Moreover, the Bellingcat team was able to link them to Russian Military Intelligence Agency, the GRU, and identified other likely GRU agents that have been active in Western Europe. With their research, Bellingcat clearly demonstrated the power of data and information available in open sources.

In Intelligence, the collection, analysis and dissemination of data available in open sources is known by the acronym for Open Source Intelligence: OSINT. Intelligence services have recognised OSINT as a separate discipline long ago. Generally, the establishment of the BBC Monitoring Service in 1939 is seen as the first structured institutionalised application of OSINT. For decades the sources from which data was collected consisted mainly of printed media, broadcasts and so-called ‘grey’ (meaning: not formally published) literature. Due to its analogue character, the collection, processing and analysis of this data took considerable effort.

With the rise of the internet (or actually the Information Age), over the past decades, the nature of data in open sources, and thus of OSINT, has profoundly changed. That change can be attributed to five developments.

First, today exponentially more data is produced and stored than a few decades ago, and the amount of produced data keeps rising. The chances that relevant data for any type of problem is publicly available have increased significantly.

Significantly, data produced nowadays is digital in nature instead of analogue and older analogue datasets have been (or are being) digitalised in a high pace. An an important and often overlooked consequence is that digital data is – on contrast to data stored in an analogue way – easy to index and to search. Compare for example your current University library full text search access with the ancient catalogue systems. 

Third, the interconnectedness of data sources via the internet makes data from all over the world instantly accessible from our desktop. There is hardly any reason to undertake painstaking research in damp archives anymore to obtain data, other than it is an interesting academic experience of course. 

Also, new types of data have emerged. For decades OSINT was dominated by content from traditional media, however, the internet gave rise to many new data types. A key example is of course the user created content in Social Media, including linkages, locations, sentiments as well as user-generated photo and video. 

But also think of the open (Internet of Things / government) data and ‘data-breach data’. In particular this latter type, data-breach data, which includes data on the activity of users across the internet (e.g. leaked passwords, phone numbers and credentials) and leaked government registry data, has been leveraged by Bellingcat in their Skripal research. 

The fifth and last important development that contributed to the power of OSINT is the wide availability of computational power and digital tools to the general public. While collecting and processing large data sets used to be the prerogative of state (and academic) institutions which had access to large mainframes, nowadays there is an abundance of inexpensive tools available to the general public that allow for the collection, processing and analysis of large data sets. For example, the scraping of personal data of all citizens of the Kyrgyz Republic is actually not that hard. 

To conclude, it can be argued that the Information Age has brought profound changes to the amount, type and processing of (publicly available) data. OSINT has become much more powerful and can also be leveraged by everyone, and not just intelligence agencies. As a result, for example, a cover identity for an operative that would have been almost bulletproof only twenty years ago can potentially now be unraveled by anyone. This is what Bellingcat has shown in practice with their Skripal research. Like other technological advances, the power of OSINT brings significant opportunities and challenges for the work of intelligence agencies, now and in the coming years.

(slightly altered from the original version which was published on 6 May 2019 on the LeidenSecurityandGlobalAffairsblog)

  1. May 21, 2021 - Reply

    […] Solving the MH17 and the Skripal Case: How Bellingcat Demonstrates the Power of OSINT […]