It was an afternoon in late July of 2014. Aric Toler, living in Charlotte at the time and working in the corporate security division at Bank of America, was at home, scrolling through his Twitter feed.
Toler was following, sporadically, the news coming out of eastern Ukraine concerning Malaysian Airlines Flight 17, which had crashed under suspicious circumstances near the Ukraine-Russia border a few days earlier.
An Iola native, Toler had graduated with a master’s degree from the University of Kansas’s Department of Slavic Languages & Literature the previous year and spoke fluent Russian, and so he took a more than usual interest in the region and had been watching the fighting between pro-Russian and Ukrainian forces at an interested but casual remove since the Russian annexation of Crimea earlier that year. But, this day, something new caught his eye.
A British blogger and citizen journalist named Eliot Higgins had tweeted a photo of an unidentified military vehicle taken somewhere in the Donbass region of eastern Ukraine. Since 2012, Higgins, known online as Brown Moses, maintained an influential open-source investigations blog, which was beginning to gain mainstream acclaim for the rigor and accuracy with which it analyzed the publicly available data pouring out of the conflicts in Syria and Libya — data, mostly, in the form of YouTube videos and Facebook posts and satellite images. In the fall of 2013, The New Yorker ran a profile on Higgins: “Rocket Man: How an unemployed blogger confirmed that Syria had used chemical weapons.” Around that time, Higgins dropped the Brown Moses tag and his work, which by then had moved beyond the fighting in the Middle East, was being frequently cited in the New York Times and Washington Post and in other major media outlets.
In early 2014, Higgins launched a Kickstarter campaign to fund the creation of an entirely new website that would bring together a network of dedicated open-source analysts. Higgins’s site went live that summer, three days before the MH17 disaster. He called it Bellingcat.
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; text-align: justify; font: 9.5px ‘Nimrod MT’} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; text-align: justify; text-indent: 10.5px; font: 9.5px ‘Nimrod MT’} p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; text-align: justify; text-indent: 10.5px; font: 9.5px ‘Nimrod MT’; min-height: 11.0px} span.s1 {font: 9.5px Century} span.s2 {font: 9.0px ‘Nimrod MT’} span.s3 {font-kerning: none}
The photo Higgins posted on that July day showed a Buk missile launcher traveling down a side street in what appeared to be a Ukrainian town. But Higgins was seeking more details about the photo from his followers. The large armored vehicle carried two ground-to-air missiles covered by an expanse of camouflage netting. A small armored truck followed close behind. Where had the missile launcher come from? Where was it heading? And, crucially, could this be the armament that brought down the civilian airliner?
Early reports put the missile launcher in the town of Snizhne. But Toler was suspicious. He looked again at the photo. He could make out, in the background, the name of a shop — СТРÐÐÐÐÐ or Stroydom — a local building supplies store. A quick Google search revealed that there isn’t a Stroydom in Snizhne. The nearest one is in Torez, about 15 minutes down the road. From here, Toler gathered the address of the store in Torez and matched the elements in the photo to the satellite image of the vehicle’s location. Toler then sent his findings to Higgins.
The information allowed Bellingcat to construct a more accurate picture of the route that carried the Buk missile launcher from Donetsk to a field outside Torez, not far from where the crinkled debris from flight MH17 fell to earth in the early afternoon of July 17. A photo captured later in the day, after the attack, showed the same launcher parked in rebel-held Luhansk. The netting was gone, the vehicle was one missile lighter, 298 people were dead, 80 of whom were children: the largest airline shootdown on record. That the airliner had been downed by a Buk surface-to-air missile was eventually confirmed by the Dutch government. But Bellingcat had gotten there first.
THE HISTORY of open-source intelligence spans at least a century. During the Second World War, the Office of Strategic Services – the forerunner of the CIA – established the Research and Analysis Branch, whose chief role was to gather foreign newspapers, press clippings, radio broadcasts — any article or photograph that, upon patient examination, might reveal some key bit of intelligence about the enemy. The BBC, around the same time, formed a similar monitoring department in Britain.
While open-source intelligence remained available to governmental and media organizations up through and beyond the Cold War, its use fell into something of a slumber, which persisted until just a few years ago.
Analysts point to Iran’s 2009 Green Revolution, where millions of mostly young Iranians took to the streets — and to the web — to protest their country’s hard-line regime. “For the first time,” wrote Bellingcat’s Cameron Colquhoun, “the internet was flooded with citizen information about a major political event, largely thanks to the combination of smartphones, internet connections and social media.” And so, a renaissance of open-source investigation was afoot, and, with it, a new explosion of citizen journalism.
Citizen-generated data assumes an even greater significance in settings — like Syria or Libya or Iran — where the state has banned journalists or in places where it is deemed too dangerous for the press to tread. The internet has made it possible to export, from the bowels of a catastrophe, photos and videos that would, in prior decades, have been suppressed by censors. Toler cited a statistic generated by Google last year: Today more hours of Syrian conflict footage exist than there are actual hours of conflict. YouTube, Facebook, Instagram, Twitter, Google Earth — these are the new tools for getting the word out. Patrick Radden Keefe, in his 2013 profile of Higgins, quotes a longtime intelligence official: “[During the Cold War], 80 percent of what we wanted to know was classified and 20 percent was open. [Now,] it’s often said that only 20 percent of what we want to know is classified, and 80 percent is open.”
THE BIGGEST challenge with open-source information, then, is separating the wheat from the chaff. It takes a certain sort. It wasn’t long before Higgins recognized in Toler — with the Iola grad’s Talmudic attention to detail and his patience for combing through stacks of boring data in search of the telling fact — a kindred intelligence.
Not long after the downing of MH17, Higgins invited Toler to lead an open-source training workshop in Ukraine. “And then another workshop,” remembered Toler. “And then another. Until I eventually quit my job at Bank of America…and he hired me to do this full time.” Pretty soon, Toler was made a part of Bellingcat’s core team, which includes about 20 members, a group that is now considered one of the most influential open-source investigative networks in the world.
ON THE DAY I spoke with Toler, he’d just returned from Boston and was preparing for a trip the next day to Armenia, where one of his first classes will involve teaching area journalists and activists how to find information about a person who has deleted their social media profile. “For example, if someone has posted a photo that’s really important to a story, but now you can’t find the person — I’ve prepared this whole presentation on how to track them down.” From Armenia, Toler will head to a conference in Chicago. A week later, he’ll be leading another workshop: this time in Tblisi.
