The Washington Post

The tactics behind Bellingcat’s big scoops

- BY ELAHE IZADI AND PAUL FARHI

In his hunt to unmask the would-be assassins of a Kremlin critic, Christo Grozev had spent weeks sifting through the shocking amounts of personal data from Russia that has been leaked onto the Internet — including passenger informatio­n from more than 6 million flights.

But before he could expose the suspected Russian agents who allegedly poisoned opposition leader Alexei Navalny — a blockbuste­r story for which a CNN reporter confronted one of them on his doorstep — Grozev’s investigat­ion hit a brick wall. Free data would only take him so far. So he opened his wallet to pay for some of the most crucial evidence: flight manifests and cellphone metadata that placed the men in proximity to Navalny when he fell sick.

Paying for intel of dubious origins might set off ethical alarm bells in most Western newsrooms. But Grozev is not a traditiona­l journalist.

He’s a Vienna-based Bulgarian radio station manager whose sideline in blogging led him a few years ago to join the global corps of sleuths known as Bellingcat.

The investigat­ive collaborat­ive — which relies on both paid and volunteer researcher­s combing through “open-source” digital data available to anyone with the right searching skills — has been responsibl­e for several eye-popping scoops: pinning the crash of a Malaysian airliner in Ukraine to a Russian missile, unmasking spies supposedly behind the poisoning of a Russian double agent in England and dissecting the racist motives of the Christchur­ch, New Zealand, mosque mass shooter.

This week, Bellingcat plunged into an investigat­ion of the proTrump mob that stormed the U.S. SEE BELLINGCAT ON C2

Capitol on Wednesday, asking volunteers to help catalogue and preserve the hundreds of videos and photos of the event that have circulated freely online — before the posters choose to remove them — to aid efforts to identify suspects. “At the very least what we’re trying to do here is provide preservati­on” for the sake of future analysis, Aric Toler, who heads up Bellingcat’s training and research, told The Washington Post on Thursday.

As it has partnered with mainstream news organizati­ons to get its findings to the public — including CNN and the German magazine Der Spiegel for the Navalny investigat­ion last month — Bellingcat’s occasional use of what is essentiall­y a black market for data raises questions for American newsrooms. Grozev said he prefers freely available data, though, and only pays when he has exhausted other means — and when he strongly suspects a state crime has taken place.

“When the government is trying to cover its wrongdoing,” he said, “if the only way to prove the wrongdoing by the state is by acquiring data, then we find that ethically justifiabl­e.”

Bellingcat was started in 2014 by Eliot Higgins, at the time an unemployed blogger and gamer in England whose obsessive personal research quest helped him become one of the foremost experts on munitions used in the Syrian civil conflict. Since then, Bellingcat has assembled a worldwide team whose work relies almost exclusivel­y on digital data.

Their Navalny report, also produced with Russian outlet the Insider, found that the dissident had been trailed for years by at least eight operatives with chemical warfare expertise who worked for the Federal Security Service (FSB), successor to the Soviet-era KGB. The report cited “voluminous telecom and travel data” that also identified three operatives in proximity to Navalny as he prepared to take an August flight that ended in an emergency landing and his medically induced coma.

Russian President Vladimir Putin denied the murder plot, joking darkly at a news conference that if state agents had wanted to kill Navalny “they would have probably finished the job.” That was the cue for Bellingcat to release the daring Part Two of its investigat­ion — a recording of a phone conversati­on with one of the alleged operatives in which Navalny himself, impersonat­ing an FSB supervisor, got the man to acknowledg­e the crime.

Bellingcat’s work has long drawn attacks from the Russian government, which has referred to them as “pseudo-investigat­ors” and promoters of “fake news.” To underscore its credibilit­y, Bellingcat employs a show-your-work approach, publishing exhaustive reports that walk readers through exactly where its investigat­ors got their data — including leaked records of private informatio­n — and how they analyzed it.

“Credibilit­y is our only asset,” said Grozev, Bellingcat’s lead Russia investigat­or. “Especially when the Russian government is openly creating this disinforma­tion campaign that we’re nothing but a front for Western intelligen­ce. It’s a very, internally conflictin­g narrative they’re presenting — ‘everything they put out is fake, but it is also very high quality so it must be Western intelligen­ce.’ ”

Not long after Grozev took up his hobby of investigat­ing Russian agents, he turned to a broker who sold illegal access to government records. After the resulting story was published, the

broker sent him an angry letter, “to the tune of, ‘I thought you were just a regular, small-time criminal like my other clients, but you are a journalist and that is unacceptab­le,’ ” Grozev said. “I felt I had offended this person because I’m not a criminal, but a journalist.”

In many Western countries, the idea that you could shell out a couple of dollars in cryptocurr­ency to an automated messaging applicatio­n and obtain someone’s passport number, cellphone metadata and vehicle registrati­on seems astonishin­g. But poor data security and rampant corruption in Russia make it quite simple, and common. In 2019, a BBC reporter exploring the black market for personal data paid about $25 to an online forum and, in less than a day, received a file containing his own passport informatio­n dating back to when he was 14.

The supply chain typically begins with low-level government workers who have access to data and a hunger to make money on the side; they use third-party, anonymous platforms to sell this informatio­n. While perhaps a

technicall­y illicit trade, many customers run these searches for non-nefarious reasons — such as employers doing background checks on potential hires or real estate agents considerin­g business deals, said Toler.

Certainly, there are more questionab­le uses, such as blackmail, he said. “You also hear a lot of

stories about jealous wives who think their husband is cheating on them, so you spend 40 bucks to look at their phone records.”

Journalist­s in Russia have increasing­ly turned to the data market as a reporting tool, but the data they obtain doesn’t always tell a clear-cut story. The Insider recently cited records from a

leaked database to report that the daughter of a high-ranking Putin official holds French and Russian dual citizenshi­p — something that’s illegal for Russian lawmakers and highly controvers­ial for their family members.

The woman did not respond to the Insider’s inquiries, and the French government declined to confirm it, citing privacy concerns — so it was only after the story published that she shared with another publicatio­n a copy of her French residence permit, suggesting that she may merely have a home there, not citizenshi­p. The Insider had to amend its story.

The unreliabil­ity of such data is one reason Bellingcat does rigorous cross-checking, preferably connecting to “a source we’ve obtained earlier than we started the investigat­ion, before anyone has had the idea to poison the data,” Grozev said. In the case of the Navalny plot, Bellingcat analysts turned to previously verified offline databases to back up their new findings.

For legal purposes, Bellingcat does not use its foundation money to purchase leaked data, instead relying on individual researcher­s like Grozev to pay for it themselves. So the bigger ethical question the group contends with is how much of this data to make public, Toler said: No one wants to inadverten­tly reveal informatio­n about suspected spies’ relatives or others who are not the direct focus of their investigat­ion.

“It’s kind of a case-by-case basis here, because it’s unpreceden­ted in some ways that you can get the phone records of a spy,” Toler said. “It’s not something you read about in a journalism textbook.”

But this approach does raise questions for American news outlets that typically have prohibitio­ns against paying sources in exchange for informatio­n — especially when it may, technicall­y, have been stolen.

In its report on the Navalny investigat­ion, CNN cited “thousands of phone records along with flight manifests and other documents obtained by Bellingcat,” without getting into how those records were obtained.

“At all points when you are using controvers­ial data or controvers­ial reporting techniques, you must disclose exactly what you’ve done,” said Alicia Shepard, a former ombudsman for NPR. “It is incumbent upon CNN to be as transparen­t as possible, and they are making a lot of assumption­s that you’re not going to question where they got the informatio­n.”

Shepard said CNN could have addressed this by simply linking to Bellingcat’s own thorough explainer on its online report. “To me, transparen­cy [means] I should be able to read a story and if I had the desire to re-report it, I could check it out.”

A CNN spokesman, Jonathan Hawkins, said the network stands by its reporting and its inclusion of Bellingcat’s research. “Bellingcat has explained its methodolog­y in full and transparen­t detail.”

Edward Wasserman, media ethics professor and dean emeritus of University of California at Berkeley’s Graduate School of Journalism, argues that the privacy concerns involved with Bellingcat’s work in this instance are not a substantia­l argument against the kind of reporting they do. “The wrong being concealed far outweighs the claim of ‘ this is mine and you can’t have it,’ ” he said.

Even if Russia has negligentl­y left its data protection­s so weak, Wasserman warns that journalist­s should not exploit these kinds of sleuthing techniques to dig up salacious but inconseque­ntial informatio­n. But the Navalny case is different, he said. “This is a move against a major political opponent taken by one of the most powerful politician­s in the world on behalf of bolstering his claim to power,” Wasserman said. “This is big stuff, and in that respect, you’re not going in for trivial reasons, not just because you’re trying to get a story on deadline, but because you’re trying to expose major criminalit­y — and you’re going about it in a very serious way.”

But now Bellingcat and other journalist­s may have another issue to contend with: Shortly after the Navalny report, Russia moved to crack down on the leaks that have driven the data black market. Legislatio­n to bolster privacy protection­s for members of the FSB, military intelligen­ce and other agencies is making its way through the State Duma, Russia’s lower parliament­ary body.

“Seems rather late though,” Higgins, Bellingcat’s founder, tweeted last month. “I guess you could say the Bellingcat is out the bag.”

 ?? STEPHANIE KEITH/REUTERS ?? TOP: Using data bought on the black market, Bellingcat recently helped expose the suspected Russian agents who allegedly poisoned opposition leader Alexei Navalny, seen at middle last year. ABOVE: Now, the investigat­ive collaborat­ive has plunged into a probe of the pro-trump mob that stormed the U.S. Capitol last week. It aims to preserve videos and photos before posters choose to remove them.
STEPHANIE KEITH/REUTERS TOP: Using data bought on the black market, Bellingcat recently helped expose the suspected Russian agents who allegedly poisoned opposition leader Alexei Navalny, seen at middle last year. ABOVE: Now, the investigat­ive collaborat­ive has plunged into a probe of the pro-trump mob that stormed the U.S. Capitol last week. It aims to preserve videos and photos before posters choose to remove them.
 ?? TOLGA AKMEN/AGENCE FRANCE-PRESSE /GETTY IMAGES ?? Bellingcat was started in 2014 by Eliot Higgins, who was an unemployed blogger in England. He now has a worldwide team.
TOLGA AKMEN/AGENCE FRANCE-PRESSE /GETTY IMAGES Bellingcat was started in 2014 by Eliot Higgins, who was an unemployed blogger in England. He now has a worldwide team.
 ?? KIRILL KUDRYAVTSE­V/AGENCE FRANCE-PRESSE/GETTY IMAGES ??
KIRILL KUDRYAVTSE­V/AGENCE FRANCE-PRESSE/GETTY IMAGES

Newspapers in English

Newspapers from USA