Alex McKeever, a part-time furniture mover in Ridgewood, Queens, woke up Wednesday and started scrolling on his phone. Like many of us, he’s been obsessed with the invasion of Ukraine and has been spending ten hours a day trying to piece together what was happening from news coverage and social media. That morning, McKeever, who is 30, saw that someone had tweeted a video of destroyed vehicles in a suburb of Kyiv called Bucha. It appeared to be the aftermath of a significant battle. The blackened wreckage of numerous Russian military vehicles lay scattered and smoldering along the road. Where exactly, McKeever wondered, had it taken place?
He wasn’t idly musing. For the last six years, McKeever has been active in open-source intelligence, or OSINT, which involves gathering and analyzing online information in much the same way that government intelligence professionals analyze classified data: identifying when and where events took place, who was involved, what kinds of weapons were used, and so on.
The movement began in 2011, when internet hobbyists began studying social-media posts to identify war crimes and human-rights violations in Syria. It grew steadily in the years that followed, then accelerated when Russian forces started massing near Ukraine late last year. OSINT findings proved vital in validating the Biden administration’s claims throughout February that an attack was imminent, and they informed subsequent coverage by traditional print and broadcast outlets. That exposure, in turn, drew a wave of new volunteers, many of them eager to help the Ukrainian cause. “I’ve had 50, 60 people a day getting in touch, offering their skill sets,” says Ross Burley, executive director of the Centre for Information Resilience, a U.K. nonprofit focused on countering misinformation. “We’ve had teachers, engineers, doctors. It’s staggering how everyone is coming together for this.”
McKeever, who works part-time as an OSINT researcher for a Syrian human-rights group, took a closer look at the Bucha video. Finding no distinctive landmarks that would help him pinpoint the location, he searched for “Bucha” on Twitter and found an image that showed the same scene from a different angle. Two buildings with distinctive roofs stood side by side behind a fence.
Poking around the area on Google Maps, he found only one road wide enough to match the image: a major artery that ran from the suburb into Kyiv. Using Google’s Street View mode, he explored along the road until he found a pair of buildings under construction that might fit the bill. The image was from 2019. He switched to Google Earth and found an image of the completed buildings from 2020 that looked “pretty compelling” but whose resolution was too low to provide definitive proof. Returning to Street View, McKeever compared the details of the fence and the trees across the street. They matched. He took a screenshot and tweeted it alongside the original image with the exact coordinates: 50.543838 degrees north, 30.226820 degrees east. “The whole process took 20 or 30 minutes,” McKeever says.
Geolocation is just one of the methods that OSINT researchers are using to clarify what is happening in Ukraine. Others include identifying Russian projectiles from the fragments they leave behind, locating military convoys in satellite imagery, and tallying equipment losses. And clever researchers are forever adding to the tool kit. One enterprising college student uses automated air-traffic data to keep tabs on Russian oligarchs’ jets.
On its own, a single tweet like McKeever’s doesn’t mean much for the outcome of a war. But taken together, OSINT contributions can provide a panoramic perspective. The sheer volume of thousands of eyes poring over a vast stream of information allows the community to digest information on a scale that not even a superpower spy agency can manage. Marco Rubio, the ranking member of the Senate Intelligence Committee, underlined the value of OSINT in a recent tweet: “Much respect to the international online #OSINT community, many of whom may not realize how much of their geolocation & vetting of videos & satellite imagery is integrated into the broader work of the intelligence community.”
Lukas Andriukaitis, who used to serve in the Lithuanian special forces and is now the associate director of the Atlantic Council’s Digital Forensic Research Lab, says that information produced by OSINT often makes its way to NATO intelligence officials. “Open source is a huge part of the work they’re doing,” he says. “There’s no need to rely on a huge network of spies because guess what? It’s out there for free.”
With the war in Ukraine, OSINT researchers have been helped by the huge amount of data generated every day by the local population. “This is the first war which is almost live-broadcast,” says Andriukaitis. “We’re getting so much information from social media.” Then there’s all the data being shared by Russians inadvertently. Invading troops made little effort to conceal their encampments from satellites, leaving trunks and tanks lined up in plain sight. Short on military radios, they have reportedly had to communicate via unencrypted transmissions, some of which have been intercepted and recorded by ham-radio hobbyists and then published on Twitter.
With no real rules governing the movement, some of the activity approaches or crosses ethical lines. Pro-Ukraine hackers managed to steal a database with the names of 120,000 Russian soldiers and publish it on the web. And after the 2014 Russian shootdown of Malaysia Airlines Flight 17 over Ukraine, the Dutch journalism collective Bellingcat used stolen data to track down the culprits.
Still, the work being done by OSINT practitioners is growing in scope and influence, and not just in the realm of war. Traditional news organizations are building out their own open-source departments — the New York Timescalls its division “Visual Investigations,” while the Washington Post prefers “Visual Forensics” — and using them to examine topics from police shootings to the January 6 riot at the Capitol. “Originally, open-source was quite a sort of geeky thing to do,” says Ben Strick, director of investigations at the Centre for Information Resilience. “Now, we’re almost like the people’s army.”
People interested in getting involved, McKeever says, should start by learning the basics. Of the many guides available online, he recommends Strick’s YouTube channel. From there, it’s a matter of jumping in and taking a whack at an image or video. If you’re able to reach an interesting conclusion, you can post it to an online discussion or as a reply to a Twitter thread. “A lot of the people in this community are open to people who reply to them with work that’s accurate and clear,” McKeever says.
For advice and guidance on projects to work on, there are OSINT-focused discussion groups both on Reddit and at the Project Owl server on Discord. Volunteers can also pitch in at nonprofit organizations like the Digital Forensic Research Lab, Bellingcat, and the Centre for Information Resilience. The latter has set up a centralized resource called the Russia-Ukraine Monitor Map that collates hundreds of OSINT reports about military movements, bombings, civilian casualties, and destroyed equipment.
“People want to contribute towards a bigger picture and do good,” says Strick, “and there are people doing good already that have never done this before.” He cites the case of a new volunteer who so expertly analyzed photos of shrapnel that Strick assumed he had a background in the field. “I said, ‘You must be some sort of explosives expert.’ And he said, ‘No, I’ve got Google Images. I can just cross-reference the pictures.’”
This story originally ran in New York magazine on March 4, 2022.
Very interesting Jeff! I had a feeling you’d be weighing in on the Ukrainian affairs.
This article reminds me of some recent reports of a similar but much less sophisticated, and far more human, example of this type of intelligence. Apparently Russian soldiers, lonely and away from home, tried to connect with Ukrainian women via the dating app Tinder once they neared Ukraine cities.
The women were naturally appalled by this and used the opportunity to put photos of what the destruction the Russian soldiers were doing to Ukraine in their profiles to show the soldiers. An interesting propaganda tool. I can imagine how a Russian tank driver might feel about bombing an apartment building in Lviv if he believes a woman lives there that he just swiped right on.
I also read some women were able to glean combat-useful intel and relay that to those in the field. A lot of it could be a set up with fake profiles, and I have no doubt that does exist. In any case, honey-potting is probably as old as war itself.
So how legitimate all of this is is anyone’s guess. But it’s certainly believable IMO. This may have been part of the reason Putin ordered Russian soldiers to turn off their phones (that being said, there’s a ton of bad ideas about using your cell phone in battle).
Let’s face it, you send a bunch of 18-25 year old, lonely young men into an area full of the most beautiful women in the world, and good luck with getting them to do anything sensible. Of course they will want to contact the girls. Guys that age are stupid, and for lack of a better word, horny. I certainly was.
Who would have imagined that Tinder could be a weapon of war?
It’s nice to see great content on Ukraine Jeff and I look forward to reading more.
Not sure if you have seen the tik tok of the possible location of mh370 on google earth, whether real or not, mite want to go to investigate that.
https://www.tiktok.com/t/ZTR7LLrC6/
Bryan, That’s cool. I think what you’re seeing is a plane captured in mid-flight.