February 15, 2021

“Who is the real Bellingcat?” That was the question asked by journalist Mary Dejevsky in a recent article for UnHerd, and while I hope that the contents of the book We Are Bellingcat would go some way to answer this question, helped by our unusually open online methodology, I would like to tell our story.

In early 2012, I began the Brown Moses Blog, under a pseudonym I used on various forums, borrowed from the title of a Frank Zappa song. In the previous year, I had spent a lot of my free time arguing about the conflict in Libya on the Guardian Middle East Live Blog and posting, somewhat obsessively, the latest news and links on a thread on the Something Awful forums. Having my teenage years bookended by the Gulf War and the 2003 Invasion of Iraq, I developed an interest in conflict and the Middle East from what might be described as a leftist Western perspective, devouring books by the likes of Robert Fisk, Noam Chomsky and John Pilger. So, in 2010, I gravitated towards discussions on forums and social media about the Arab Spring.

Several things frustrated me about those discussions. While information, videos and photos were being shared online, they were often the subject of much debate if they showed one particular side in a bad light. Usually the question was “how do you know it’s real?” or “how do you know they’re telling the truth?” These are, of course, reasonable questions. But in early 2011, when rebel forces in Libya shared a video of the  town of Tiji, which they claimed had been captured, I stumbled across a way to at least show where videos were being filmed.

By using satellite imagery, freely available on Google Maps, it was possible to match features visible in the Tiji video, such as the dome of a mosque and its position in relation to a major road, to prove the video had been filmed there. I reviewed the footage over and over, looking at smaller and smaller objects, such as trees, walls and utility poles, and matched them to what was visible in the satellite imagery. This process, now a core skill of any online open source investigator, is known as geolocation, and became the basis of much of my initial work.

Because the satellite imagery and video was publicly available, I could demonstrate to those questioning the validity of the video not only the process I went through to locate it, but also the sources of evidence I was using. As I moved from arguing on internet forums to starting a blog in 2012, this transparency of both the process and the evidence became an integral part of my own writing, and what eventually became a common approach for the online open source community.

For some of the older generation of journalists, this form of radical transparency in both sourcing and methodology runs counter to the custom of keeping your methods and scoops to yourself. For me, it came from the understanding that I was no more credible than any other random internet commentator, so I could only demonstrate how I had come to my conclusions step by step, pointing to the evidence I was using, and sharing it as widely as possible.

Fast forward 10 years and the BBC and New York Times are winning top tier journalism awards for open source investigations, human rights NGOs are collecting open source material and the likes of the ICC are examining the use of open source evidence and analysis in their own work. It has become difficult to recall a time where now-established online open source investigation techniques were barely known and practised by just a handful of people.

That was the situation when I first started doing this, and it is only because of  transparency that trust and understanding has developed in online open source investigation over the years. That transparency not only involved publishing detailed investigations, with the methodologies and sources explained at length, but appearing at a wide range of conferences, talking to activists, journalists, policy-makers and others, giving detailed presentations and workshops about my work and how online open source investigation was done. Often, the reaction from the audience was as if I were performing magic tricks on stage; but after years of presenting the work online open source investigation went from magic to something more akin to science.

For those outside this years-old process, it might seem as though Bellingcat appeared from nowhere. However, it was born from my efforts to spread the use of online open source investigation as transparently as possible; a community grew around our work. Journalists, activists, researchers and policymakers who followed the conflict in Syria came to know and trust my work, thanks to this transparency. When Flight MH17 was shot down in July 2014, Bellingcat’s work on Ukraine and Russia also became widely known, not least when the official criminal investigation in 2016 confirmed many of our findings. With Russia’s bombing of Syria in 2015, those online and offline communities were brought together once more, further growing the online open source investigation community and returning me to the topic I had started blogging about in 2012.

As with so much of our work, it was not the dictates of editors (or intelligence agencies) that directed what to cover, but the natural evolution of the community based on the interests of its members. As I found with my own early work, the best results are produced when people are investigating topics that interest them. As Bellingcat has grown from a Kickstarted organisation of volunteers to a foundation in the Netherlands with 20 staff members, that ethos, allowing investigators to dig into whatever subject they find most interesting, is still at the heart of how we operate.

While the natural evolution of the open source investigation community has followed many of the activities of the Russian Federation, Bellingcat has covered a wide range of subjects. These include dozens of investigations into Saudi airstrikes in Yemen, hundreds of incidents of police violence against Black Lives Matters protesters and journalists covering protests in the US, the involvement of Frontex in illegal border pushbacks, the underground trade in wild animals in Dubai, the rise of QAnon, the US bombing of a mosque full of civilians in Syria and much, much more. Despite that, Russia and its supporters have continued to insist that Bellingcat is especially Ruso-focused,  frequently alleging that this shows it is tied to Western governments or the intelligence services.

This disinformation and paranoia is fueled by a perspective that sees the West and Russia in direct opposition to each other, where one side must be picked above another, and all those on the opposing side do not genuinely believe what they are saying, but have somehow been compromised. A useful mindset for those who prefer their opinions over evidence, but one that leads only to conspiratorial thinking and worldviews.

This conspiratorial thinking about Bellingcat went into overdrive with our work on the Skripal poisonings. While we generally only use online open source evidence in our investigations, the Skripal poisoning left us with an ethical and investigative quandary. Russia is an extremely corrupt state, and as a result, a black market for personal data has emerged online and offline. Back in 2009, the Financial Times found a literal market in Russia where CDs “with names such as “Ministry of Interior — Federal Road Safety Service”, “Tax Service” and “Federal Anti-Narcotics Service” were sold openly. Today, a simple Google search yields brokers on Russian forums selling data that includes travel and phone records.

Using this kind of data, our lead researcher (and volunteer) Christo Grozev began to piece together the true identities of the Skripal suspects, allowing us to reveal them as GRU officers, not sports nutrition salesmen on a trip to Salisbury to visit the “famous 123m spire”, as they had explained to Russia’s RT News.

For those who already had conspiratorial leanings, and a total ignorance of these data markets, Bellingcat’s revelations fed their paranoia. They claimed, like the Russian authorities, that we were somehow being passed information from the intelligence services, churning it out without any verification. These claims have persisted with our continued use of Russia’s black market in data, linking the team involved in the Skripal affair to an earlier poisoning of a Bulgarian arms dealer, later identifying chemistry labs where members of Russia’s Novichok programme were reassigned, and had been in contact with the same GRU unit responsible for the Skripal poisoning up until the assassination attempt took place.

Allegations of our involvement with the intelligence services are of course false, fueled by a lack of understanding of our work (despite detailing our process on our website and it being verified by independent Russian media).

These allegations, and their veracity, can be summed up by claims made by the Russian Ambassador to the UK, shortly after we published our first stories on the Skripal poisoning. During a lengthy press conference in October 2018 he repeatedly alleged that Bellingcat was “part of the British deep establishment” with financial links to the intelligence services. When asked what his evidence was, he replied “I cannot present you the evidence, this is, you know, some kind of information that we have we’re not using this, but we’re taking is, is a something that we in the back of our mind so that’s it. I can’t present you anything, but we have a feeling so I cannot present it to you.” Which cleared it up.

At Bellingcat, we ask for evidence, not feelings. In oppressive states like Russia, allegations of involvement with foreign intelligence services can lead to harassment, abuse, violence or imprisonment. But across the world there are rising challenges to press freedom and journalists’ safety, and as oppressive regimes use terror and violence to scare their opponents and get their way, our aim is to ensure that the whole world knows about it.