How British computer geek Eliot Higgins uncovered war crimes, exposed poisoning plots, and found himself in Russia's crosshairs
Photos: Bellingcat, AP Images
Last Thursday, prominent Putin critic Alexei Navalny drank an innocent-looking cup of tea before boarding a flight to Moscow. The teacup held a tempest – in the form of a poison that left Navalny in a coma.
The story set off alarm bells for those familiar with another high-profile poisoning: that of Sergei Skripal and his daughter Yulia in 2018. Skripal, a Russian spy who defected to Britain, also landed in the hospital after his front door in the quiet English town of Salisbury was sprayed with Novichok, a deadly nerve agent, by Russian intelligence agents. Those who remember the unlikely detectives who tracked down his attackers have now set their eyes on a quiet suburban house in a small British city. Over the years, they’ve learned that chances are good the owner of that home — a man by the name of Eliot Higgins — will unravel government-sponsored crimes more efficiently than some of the world’s top spy agencies.
“Russian opposition figures can experience tragedy very suddenly,” Higgins tweeted dryly this week in response to the Navalny poisoning. He would know. With his hoodie, laptop and a certain quiet intensity, Eliot Higgins has the look of a computer geek — which is exactly what he is, content to spend weeks trawling through vast databases and obscure websites. But although a self-proclaimed nerd (“the geeks shall inherit the earth,” he likes to say), Higgins is no hacker or software engineer. In fact, the closest description of his field of operations is intelligence.
From his living room in Leicester, Higgins, a self-described “citizen journalist,” has uncovered Syrian war crimes; identified the separatists who shot down Malaysian airliner MH17 over Ukraine in 2014; and exposed assassins from the GRU, Russia’s military intelligence.
With no formal intelligence training, foreign language skills or visiting conflict zones — without even much of a formal budget — he relies on a simple laptop, close data analysis, and a lot of patience.
“People all over the world share vast amounts of photos and videos on social media, and that creates a footprint on the internet,” he explains. “Even when they try to remove it, traces remain, and by using open-source tools like Google Earth and methodologies like geolocating, we can locate where those pictures were taken and expose false claims.”
Measuring that digital footprint began as a hobby, but Higgins has turned it into a formidable new field of intelligence known as OSINT, or open-source intelligence, whose techniques security services around the world are now eager to learn. “I’d say they’re way ahead of us on many things,” the Spectator, a right-leaning British weekly, quoted a senior British security official as saying in a profile last year.
What began as a personal crusade to understand which civilians the Syrian regime were barrel-bombing, has been transformed into an investigative website called Bellingcat, a team of researchers and an army of open-source enthusiasts.
The site is named after an Aesop fable called the Mice in Council, about a group of mice who decide that the only way to stop a murderous cat is by hanging a bell around its neck to warn them of its approach — a job that all prove reluctant to carry out. It was built to expose nefarious activities wherever they happen. The Bellingcat team will track anything from Russian oligarch Yevgeny Prigozhin —known as “Putin’s chef,” whose firm was indicted in 2018 by a US jury for election interference — to those who beat up a journalist in the recent Portland protests.
Along the way, Bellingcat has become the address for anything that smells of Russian intelligence.
“Guys, could you check weapons used by that KGB Alfa unit against possible injury?” tweeted a Bellingcat follower last week about the death of a protester at the hands of government forces in Minsk, the capital of Putin’s client state, Belarus. “Evidently chest trauma seen at AP video. Was that direct hit by gas canister or shotgun, seen again at AP video?”
In the process, the mild-mannered Higgins has made enemies in high places. In an astonishing press conference tirade after the Salisbury incident, Russia’s UK ambassador accused the 41-year-old of being in the pay of British intelligence. Police now advise him on precautions against the very type of assassination that he’s exposed, but the unlikely intelligence pioneer is not deterred.
“I have cameras around my house,” he says quietly, though he acknowledges that even the best cameras can’t fight off Russian spies. “But I’m driven by a passion for justice, to fight disinformation and reveal the truth of far-away events. This is the way to make it happen.”
Hiding in Plain Sight
Playing cat and mouse with Russian intelligence isn’t something that a young Eliot Higgins, born in 1979, would have predicted for himself, but the love of computers was always there. “My dad was in the Royal Air Force, so we moved around to different parts of England,” he says. “My parents bought me my first computer when I was young, and I’ve always spent a lot of time on the internet. Today I have 115,000 followers on my personal Twitter account,” he adds, sounding surprised.
And well he might, because until 2012, the idea that someone could produce high-grade intelligence with nothing more than a laptop was fanciful.
“I was working back then in finance and accounts, so I was used to dealing with spreadsheets and details,” he explains. “But I was also interested in global politics. The Gulf War and the 2003 Iraq War bookended my teenage years, and that drew my interest to the region.”
His interest was piqued again by the 2011 uprising against Muammar Gaddafi in Libya, and the running battle as rebel forces pushed along the coastal road to Tripoli. “The Libyan rebels would claim that they’d captured a town and there would be video footage, and there was online debate about where the battles really were, but then I realized that by going on Google Earth and comparing what I saw in the background of those videos with satellite imagery, I could prove where it was filmed. That was my first experience of what I now know as geolocation.”
So when the Syrian Civil War started to heat up in 2012, Higgins had the beginnings of an amateur toolkit. “I started to look at the videos coming out of regime forces using barrel bombs on the rebels,” he says. “They looked like they were pushing bins out of helicopters, and I was the first to publish in English about them. I saw how their primitive design was changing and being refined.”
The material was hiding in plain sight, all over social media, but it took someone of Higgins’s perseverance to document it all. Monitoring hundreds of YouTube channels, he reported first on the regime’s use of cluster bombs as well as new shoulder-launched anti-aircraft missiles, and analyzed the Assad regime’s use of chemical weapons. Soon his data was picked up by large media outlets.
“The history of why we can do this is down to the smartphone revolution,” he explains. “The iPhone came out in 2007, and led to the creation of apps like Twitter, allowing people all over the world to photograph and write and share vast amounts of information which can be used to measure the real world.”
Cross-referencing those vast stores of data — which included social media posts, photos, publicly available databases and Google maps — into one coherent whole capable of standing up in a court of law has become Higgins’s trademark, but it’s a community-based effort. “Early on a small online community of people bitten by the open-source bug formed. We talked to each other, and in 2012 I started to publish a blog that attracted journalists, think-tanks and human rights groups.”
But until 2014, he says, they were still a group of hobbyists. It took a massive disaster for the group to attract serious attention — and credibility.
Belling the Cat
An aviation disaster over Eastern Europe gave Higgins his first big break. On July 17, 2014, a Malaysia Airlines plane numbered MH17 took off from Amsterdam to Kuala Lumpur, with many Dutch and Australian citizens on board. The flight took them across the war zone of Eastern Ukraine, with fatal results. An anti-aircraft missile downed the plane, killing all 283 people on board.
At first, rebel militia in the Donetsk breakaway region claimed that they’d brought down a Ukrainian Air Force plane. But when it became clear that the shattered wreck was that of a civilian airliner, the separatists changed their story and denied any involvement.
“When MH17 came down there was a vast amount of information and a lot of discussion on the web, with Russia and Ukraine telling different stories about what happened,” says Higgins. “Within a week we at Bellingcat formed our investigation team, and using the social media chatter from Russian accounts, we tracked the missile launcher responsible to its launch site, identified it as a Russian-made BUK system, found a photo of the launch and connected it to another video of the same launcher in convoy earlier to that site. We started to find valuable stuff, like phone calls from separatists who seemed to be talking about the launch. We used those calls to identify them.”
But it was only when they were interviewed for hours by Dutch and Australian police that the group realized they had something big in their hands. “We thought, if they’re taking it seriously, then we should as well.” The information that Higgins’s team provided was deemed of sufficient reliability to be used in the ongoing court case, in absentia, for the rebels.
“Bellingcat’s methods are way too innovative for the great majority of lemmings in government,” a former CIA officer told the Spectator. “Today’s spooks (British terminology for spies) live in constant fear of enquiries over possible failures. MI5 (Britain’s domestic security services) would just hold them back, almost certainly if researchers strayed into illegality.”
So how does Higgins explain his organization’s state-grade professionalism?
“We only have open source so we have to stretch it as far as we can,” he replies. “We have 250,000 followers on Twitter to share ideas with, so manpower like this is not accessible to them.”
Higgins also has the funding he needs to pay a small staff; most of that funding is obtained by sharing his open-source investigation methods in small seminars.
Collecting open-source intelligence is not a new idea. British military history expert Max Hastings notes that ironically enough, the majority of spies during World War II endangered their lives for material that could have been assembled by a close reading of enemy newspapers. Higgins’s innovation has been to develop a system to do exactly that — using the tools of the digital age.
Whatever the historical comparison, the website’s professionalism has become an embarrassment for the Russians. In response, they’ve launched a smear campaign against Higgins, including the allegations that Bellingcat is no more than the information warfare department of MI6, the UK’s foreign intelligence system.
And pushback from the Russians, in the form of hacked emails in 2015, told them that they were now being taken seriously by Putin’s security services as well. They were belling the cat, and the cat didn’t like it at all.
Assassination in Salisbury
It was early July 2018 when passersby found two Russians, father and daughter Sergei and Yulia Skripal, slipping in and out of consciousness on a park bench in the southern English town of Salisbury.
It quickly became clear that this was no ordinary illness. Police were aware that Sergei Skripal, a former Russian intelligence officer who had turned double agent for Britain, was a potential Russian target. And the GRU, Putin’s military intelligence agency, had already conducted a number of hits on former spooks on British soil, notably the 2006 assassination of Alexander Litvinenko in London, by radioactive poisoning.
Higgins didn’t jump in right away when the Skripal case made headlines, even when British authorities published CCTV pictures of the two Russian agents they believed were responsible.
“It was when the two suspects gave an absurd interview with the pro-Russian channel RT saying that they’d visited Salisbury twice, just to see the town’s impressive cathedral spire, that we started looking into it,” he says wryly.
“A Russian-speaking colleague of mine, Christo Grozev, was able to access databases that are sold online in Russia, due to corruption. He was looking to see whether any of the details of the two spies, named Alexander Petrov or Ruslan Boshirov, were actually true.”
One database that Grozev accessed contained flight manifests, and by using the date of birth that appeared on these agents’ fake passports, he was able to match them with the real GRU agents. It turned out that the Russians had only changed the surnames of the agents on their fake passports, perhaps to enable them to remember their false identities more easily. “Ruslan Boshirov came up with no matches, but another name — Alexander Yevgenyevich Mishkin — shared a birthday and first and patronymic names with the fictional Petrov.”
Christo also compared the names and ages with the graduation records of a GRU intelligence-training school, and found that they matched. “There were even local newspaper records, with pictures,” finishes Higgins. “That gave us a positive identification on the agents.”
When Higgins went public with the identification, the coup threw Bellingcat into the center of a geopolitical storm. “At a press conference, the Russian ambassador denounced us as a front for the ‘British deep establishment’ four or five times; it was the best thing we’d ever seen on television,” Higgins says, laughing.
Higgins’s unlikely duel with Russian propaganda had another high point in 2017, when the country’s foreign ministry accused the US of aiding ISIS, citing as proof supposed drone images of US forces attacking. It was a serious moment when the US Administration’s credibility was on the line, because it was based on the narrative that President Trump was desperate to get American forces out of the Middle East, which a secret agreement with the terror group would have facilitated.
“The problem with those pictures,” says the Bellingcat founder, “is that we were able to show that one of them had been tweeted by an Indian journalist a few weeks before, and we’d proven at the time that it was a still from a computer game. That quickly turned the story from America supporting ISIS to Russia faking evidence using a computer game.”
These high-profile exposures have turned Bellingcat into a natural address for ongoing aviation and intelligence puzzles. When a Ukrainian airliner exploded over Tehran in January this year, killing all aboard, authorities initially denied responsibility. Bellingcat was quickly able to geolocate a video of a mid-air explosion posted on the internet as hitting a residential area of the capital near the airport.
“Ukrainian sources later told us that they thought the Iranians took responsibility due to the pressure that our findings had brought to bear,” says Higgins.
And the organization can claim credit for a tightening of field security among Russian security services: stung by Bellingcat’s repeated wins, the Russian armed forces have banned soldiers from using social media. But that doesn’t mean that they’re now impervious. “We believe that we are seeing the tip of the iceberg in what we do. When one door closes another opens. Even when you pull data from the internet, it leaves an imprint.”
Taking His Time
So, if open-source spies don’t go to an intelligence academy, what does it take to join the ranks?
Higgins gestures at his plain corner desk, featuring two standard-issue laptops. “One of them isn’t even mine,” he says. Other than a laptop, the tools of the open-source investigation trade can be learned in a seminar: comparing the tiny details on photos, learning how to use Google Earth to identify locations, combing through social media posts and databases with a practiced eye, seeking out inconsistencies between spontaneous records and official reports. “But what you really need is time and persistence. Huge investigations can take years. Along with another three or four people, I’m currently digging through a huge pile of phone records, sequencing calls to see who called who first. Because we are driven by interest, we will dig much longer and harder than other people.”
Higgins says that his core group of investigators is actually very small. “We have Russian speakers on staff, and although Arabic speakers are less easy to come by, we can reach out to our online community on a case by case basis to fill in whatever skill we require.”
And if patience sounds boring, it’s accompanied by a certain thrill of the chase. “There definitely is a feeling of a hunt about this, of battling against a false narrative. Sometimes investigations like this take a lot of time, but when you find a document proving your case, for example when we showed that the Syrian government was using chemical weapons, it gives a rush.”
As he put it to the Columbia Journalism Review, Higgins wants “the very idea of open-source information existing to put the fear of G-d into the sort of people who have something to hide, because they’ll know there’s a network of people primed to use it to expose what they’re trying to keep hidden.”
With the US election season well underway and Russian meddling a political football, Eliot Higgins rejects the idea that foreign propaganda could influence a US election to decide outcomes. “We’re investigating Russian influencing in 2020, but while it is an issue, it was Breitbart and Fox News that got President Trump elected. The Russians can only dream of having that level of influence.”
He’s more worried about the lack of deterrence that Britain seems to harbor against Russia in the real world. Just last week, NATO ships found a Russian naval force close to UK territorial waters, and Russian air force planes regularly probe the edges of British air space, Cold War-style. This open testing is matched in the shadow world, as in the brazen Skripal assassination attempt. “The authorities’ answer to Russian aggression on our soil has been pathetic. We need to prevent them using the British financial system, and levy sanctions. Expelling some diplomats doesn’t help,” he says.
It’s the end of our interview, conducted via a Zoom call, and I try to persuade Higgins to turn the camera on.
“I’d rather not,” he says with a laugh. “I look like Karl Marx, because I’ve not managed to have a haircut since the beginning of Britain’s lockdown.”
The Karl Marx resemblance, rather humorously, turns out to be fairly accurate when the call switches to video, and the author of the Communist Manifesto turns out to be a good reference-point for Eliot Higgins’ own work.
Having thrown open the gates of open-source intelligence to the masses, he’s imagining a global network of investigators ready to expose the secrets of shady actors around the world.
Until that global revolution happens, Eliot Higgins continues his quest for justice from his home office, one file at a time.
(Originally featured in Mishpacha, Issue 825)
Oops! We could not locate your form.