THE SHADOWY RUSSIAN Wagner paramilitary group has been responsible for atrocities around the world. After first surfacing during Russia’s 2014 annexation of Crimea, Wagner mercenaries have been spotted across Central Africa, Syria, and Libya. Since March, according to British intelligence, Wagner forces have been operating in Ukraine, directly alongside Russia’s official military forces.
One part of the Wagner group was attacked in the city of Popasna, Ukraine, earlier this month. On August 8, a pro-Russian journalist in the area shared photos on the Telegram messaging app that allegedly showed the local Wagner headquarters. In doing so, they exposed the location of the group. One photo, which has since been deleted, included a sign revealing the base’s address. Ukrainian forces put the data to work.
A few days after the photos were posted online, Ukraine’s military turned the base to rubble, claiming they hit it using American-made rocket systems. A Ukrainian government official said that it “seems” the Wagner-operated location was found using the photos shared on Telegram. The strike appears to be one of the latest incidents in Russia’s full-scale invasion of Ukraine where open source intelligence—knowledge gained from publicly available information—has been used to target military attacks or inform tactical operations.
Analysts and online sleuths, such as journalists at the investigative news outlet Bellingcat, have developed and professionalized open source investigation techniques for years. Open source intelligence, also known as OSINT, involves the use of public data—such as social media posts, flight tracking data, and satellite images, among other sources—to let anyone investigate events worldwide, from potential war crimes to human rights violations.
Piecing together small details from multiple sources of information can allow investigators to understand a clearer picture of events on the ground. For instance, comparing features in a photograph, such as a row of trees, and matching them to satellite images can reveal a real-world location. OSINT investigations have previously uncovered Russia’s involvement in the downing of flight MH17; tracked down soldiers in Cameroon who allegedly killed children; and tackled human rights violations around the world.
Many of these investigations often take place online, far from events and often months or years after the events that have taken place. Throughout Russia’s invasion of Ukraine, OSINT has played a big role and changed many of the rules of conventional war. Satellite images have shown Russian troop buildups around Ukraine’s borders, identified Russian army commanders, and tracked those alleged to have killed Ukrainian prisoners of war.
When it comes to militaries launching attacks using open source intelligence (including in the Wagner incident), it is unlikely that they will do so solely based on data gleaned from social media. While Ukrainian officials have said the photos of the Wagner base were useful, it is not clear whether they combined this with existing information before they launched their attack. Ukraine’s Ministry of Defence did not respond to questions about how it is using open source intelligence. However, it did recently share a photo online claiming that a Russian tourist posed for holiday photos in front of Russian air defense systems.
“Militaries like to have fidelity if they’re going to do a kinetic strike or target something—they have to justify their targeting,” says Maggie Smith, an assistant professor at the Army Cyber Institute at West Point, adding that her views do not represent those of the US military. Smith says OSINT can “show you where activity may be so that you can point more exquisite intelligence assets to focus on that area and get better visibility, better granularity, learn more about it.”
The Wagner attack is not the only instance of military action based (at least in part) on information published online. In June, the Centre for Information Resilience (CIR), a nonprofit organization that counters influence operations, published a report saying a pro-Russian OSINT group used footage from a Ukrainian news channel to locate a munitions factory in Kyiv. The building was then hit by Russian missiles, and three civilians were killed. People in Ukraine have also faced criticism for sharing social media footage of their locations.
Anything that is posted online can be used by military forces for their planning or operations. “As a commander on the ground, you have to be aware that so much data is being produced about every single one of your soldiers at any given time,” Smith says. “The signals that are emitted from cell phones or any of anybody’s web presence, anything like that, can send signals to your adversary about your location, potential training cycles, all those types of things. Any sort of photo that is posted by anybody in your ranks can probably be used to help identify where you’re located, what assets you may have.” (In the past, public data from fitness app Strava exposed military bases, as well as the names and heart rates of soldiers on them.)
Giangiuseppe Pili, an open source intelligence research fellow at the Royal United Services Institute for Defence and Security Studies, says that OSINT has been used by militaries and intelligence for years, but there has recently been an acceleration in what is possible. “The big change is the data fusion capability of open source intelligence now—so to combine different sources into one product that really brings a picture of the reality in a realistic sense,” Pili says. The speed of analyzing open source data has also increased, Pili says.
In addition to ensuring that data is accurate before it is acted on, McDonald says that there may be privacy questions of militaries using open source data that they scrape from social media. “We don’t really have a good understanding of what the limits should be or whether there should be any limits,” McDonald says, adding that if citizens send in information they have taken, this could make them military targets, further blurring the line between civilian and combatant.
While OSINT is being used on the ground for military purposes, it’s also being used in Ukraine to clean up after battles have taken place. Andro Mathewson, a research officer at the HALO Trust, is using open source data in Ukraine to help clear landmines and understand what weapons are being used. This largely comes from social media posts. “Our analysis helps us to plan our operations, tailor our demining training, and know what to educate people about in our risk education outreach,” Mathewson says.
In April, HALO Trust relocated its headquarters to the Kyiv region to focus on “clearing the contamination from the occupation” in the area, Mathewson says. “During our open source data trawling, I spotted a cluster of tractor and combine harvester accidents caused by antitank mines in Makarov,” they say. “Things like videos of burning tractors or photographs of large craters, or destroyed vehicles missing wheels.” As a result of the social posts and the open source data, the group was able to deploy its teams to the area and start clearing the destruction.
[Read more: https://www.wired.com/story/wagner-group-osint-russia-ukraine/]