Close

Bellingcat Crowdsources Spycraft, Scales Up Sleuthing

'Net-smart investigations hunt smuggled weapons, downed jetliners, and Russian assassinations

6 min read
Eliot Higgins (C), founder of online investigation group Bellingcat, addresses a press conference on findings in research on Malaysia Airlines flight MH17 in Scheveningen, The Netherlands, on May 25, 2018.
Eliot Higgins (center), founder of online investigation group Bellingcat, addresses a press conference on findings in research on Malaysia Airlines flight MH17 in Scheveningen, The Netherlands, on May 25, 2018.
REMKO DE WAAL/AFP/GETTY IMAGES

Spies, gumshoes and hard-driving investigative reporters—no matter how amazing they may be at their jobs—all suffer one inescapable drawback: They don’t scale. 

By contrast, consider the case of Eliot Higgins. In 2012, this business administrator began blogging about videos and other social media feeds he was following on the conflicts in Libya and Syria. By systematically and minutely analyzing the locations, people, and weapons he saw, Higgins was able to identify the use of cluster bombs and chemical weapons, and eventually uncover a weapons smuggling operation.

In 2014, he used a Kickstarter campaign to launch Bellingcat, an online platform for citizen journalists to verify and publish research that taps into the hive mind approach to worldwide, Internet-era collaboration and open-source sleuthing. Whereas traditional investigative journalism—commissioned and published by newspapers or foundations or blogs—is only as expansive and wide-ranging as the team of reporters assigned to any given project, Bellingcat is more like an online meritocracy of ideas à la Wikipedia: Start a thread or page or investigation or project, and if it yields something good, some will read while others will contribute. Get enough people involved, and things can even start to snowball. 

Bellingcat has gone on to conduct important investigations into the downing of the MH17 airliner over Ukraine, atrocities in Cameroon and Tigray, and the poisonings of political rivals by the Russian government. The organization has collaborated with human rights agencies, the International Criminal Court, and traditional news outlets, including the BBC and The New York Times. Bellingcat now has 22 staff and a host of volunteers.

Many of the tools Bellingcat uses in its investigations are available online, for anyone to use or improve upon, including software to determine the time of day from shadows in photographs, identify the locations of Instagram posts, or find cloud-free areas in satellite imagery.

The following is a condensed version of a phone interview IEEE Spectrum conducted with Higgins in June.

Spectrum: What’s the story behind the name “Bellingcat”?

Higgins: I wanted part of the website to be dedicated to showing people how to do open source investigations, and a friend suggested the fable of “Belling the Cat.” This is about group of mice who are afraid of a ferocious cat, so they come up with the idea of putting a bell around its neck to protect them. We’re teaching people how to bell the cat.

Spectrum: It’s interesting that with their phones and digital activity inadvertently documenting their movements, some of the “cats” you investigate are now belling themselves.

Higgins: As smartphone technology has become more available, people are recording and sharing every aspect of their lives. They give away a huge amount of information, everything from their day-to-day activities to war crimes and some of the most horrific acts you can imagine. Some of that is done on purpose, and sometimes it's just accidental or incidental. But because that’s all online, it’s all information that we can use to piece together what happened around a wide variety of events.

It doesn’t have to be a particularly complex task, but if you can get half a million people working on it, you often get a correct answer.

Spectrum: So how does a typical investigation come together?

Higgins: We break it down into three steps: identify, verify and amplify. Identify is finding information, such as videos and photographs from a specific incident. We then verify that by figuring out if we can confirm details. We don’t have any special high-end tools—it’s all stuff that's free or very cheap for anyone to access. Google is probably one of the most useful tools, just having a search engine that can help you trawl massive amounts of material. Satellite imagery from Google Earth is a very important part of the geolocation verification process, as is Google Street View.

Amplification might be a blog on Bellingcat or a collaboration with a media outlet or NGO. One of the reasons that these organizations work with us is that we use stuff that’s on the internet already. They don’t have to worry whether this information is actually correct. There are concerns that Wikileaks, for example, is being sent stuff by intelligence organizations. But with us, we can show the social media posts or the videos that make our point, and then tell them how we analyzed it.

For Bellingcat, building an audience isn’t just about reaching more people, it’s about involving more people in the investigation. Getting more eyeballs on the things we’re trying to discover is often something that’s quite important.

Spectrum: How does that audience engagement work in practice?

Higgins: Europol had a Stop Child Abuse campaign where it was asking members of the public to identify objects from abuse imagery. We amplified that to our audience and just through sharing these object images, children have been rescued and perpetrators arrested. It doesn’t have to be a particularly complex task, but if you can get half a million people working on it, you often get a correct answer. It’s about a community built around Bellingcat, not just Bellingcat doing stuff itself.

Anything that we’re using or publishing is triangulated with other open source evidence, or sources independent from the original.

Spectrum: Talk me through one of your recent investigations, that uncovered sensitive details of security procedures at US nuclear bases.

Higgins: One of our contributors saw on social media a photo of what appeared to be a nuclear weapon at a foreign military base. As he was doing keyword searches on terms related to nuclear weapons, he started getting results from flashcard apps [smartphone apps people use to prepare themselves for school and work tests].

He discovered that people were using these apps to save quizzes about the security at nuclear bases, seemingly unaware that they were discoverable on Google. And he searched for the names of more bases believed to have nuclear weapons, he found more and more profiles, and more and more information about the storage of nuclear devices.

Open source investigation is often like this—choosing the right words to find the thing that you’re looking for and then digging through all the information.

Spectrum: But then you had to decide how much of that information to make public.

Higgins: Right. We published only a very small selection that was older and out of date, and gave them a good chance to take precautions, like changing their protocols and passwords.

One of the paradoxes of our work is that we want as much information available online for our investigations but we also recognize that it can pose a risk to society. It’s interesting but also probably quite a bad thing that it is all out there.

Spectrum: How much do you worry about misinformation, such as fake social media profiles, misleading geocoding, or other information created with the intention of driving investigators in the wrong direction?

Higgins: We often deal with actors who will put out fake information and part of the verification process is looking out for that. Russia put out a massive amounts of falsified images during our MH17 investigation, for example, all of which we could check and verify using open source investigation techniques. Anything that we’re using or publishing is triangulated with other open source evidence, or sources independent from the original.

So if a really important video appears on a brand new YouTube account, you are immediately suspicious. And it's actually very hard to make a convincing fake. It’s one thing to post a single fake image but it's not just the thing you’re posting, it’s also the social media account itself. Where and when did it originate? Who is it following, who follows it? If something’s fake, it doesn't exist in the network that genuine information exists in.

No matter what restrictions there are, there’s always something else to investigate.

When Russia presented satellite injury with MH17, we were able to show it was actually taken six weeks before they claimed, based on various details we found on [publicly available] satellite imagery.

Spectrum: I’m interested in whether the cat ever listens to its bell? Does Russian intelligence, for instance, learn from your investigations, or are they making the same mistakes over and over again?

Higgins: Open-source investigation is so new that even if one nation starts figuring this stuff out and [takes] steps to stop us, the rest of the world isn’t so aware. And no matter what restrictions there are, there’s always something else to investigate.

There are a million worthy things we could be looking into, any day of the week. That’s partly why Bellingcat does so much training and involves such a big audience. The more people who are doing it, the more stuff gets investigated.

And because so much of open source investigations is online, you don't have to be in the same country you’re writing about. Most of the work that has been done on Syria, for example, is by people who are not Syrian and who don’t live in Syria,

We have a sense of the internationalism where people in the UK and Germany support people in distant countries. They’re on the ground gathering the evidence and we’re the ones piecing it together and analyzing it.  

Spectrum: What’s your take on digital technologies like social media now? Are they a force for good that can create positive change, or a malign influence where misinformation spreads and polarizes communities?

Higgins: There’s good and bad in all of it. Some of the work we’re doing now is focused on teaching students and schools to do open source investigations on issues in their area and working with local media.

I’ve been helping a community in the UK that rescues stolen dogs by using license plate analysis from security camera footage. Often the plates are too blurred to read but we’ve developed technology as part of our investigations into things like murders, to help them track down these missing dogs.

It’s not Syrian war crimes or Russian assassinations but having your pet stolen is a big issue. We're doing tech development as well, creating new tech platforms for volunteers to organize on, and new ways for evidence to be gathered for justice and accountability.

If you can teach people on a large scale and start building communities around that, you’ll also build resilience to people being drawn into conspiracy theories, where they think they're finding answers but they’re just getting a false sense of power.

What our students are finding is a way to do the work themselves and discover something for themselves, and that’s having an impact which has measurable results.

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less