The award-winning Bellingcat team has been notable for probing a variety of high-level subjects – from Mexican drug lords, crimes against humanity to tracking the use of chemical weapons and conflicts worldwide. The Navalny session of the AIJC21, facilitated by Aric Toler, Director of Research & Training from Bellingcat, shared insights and tips on how they used technology to expose those behind the poisoning of Russian anti-corruption activist and journalist, Alexey Navalny. Currently prisoned in Russia, Navalny used social media platforms to challenge that country’s president and also expose corruption perpetuated by the well-connected elite.
Intriguing lessons and key takeaways from the session was that the investigations tracked past records of travels, phone calls and interactions based on logical reasoning to get clues on abnormalities such as falsified identities and missing data on supposedly to be available on public domain such as home address, tax record, passport data and connected attributes to the victim, tracking passengers on same travel destinations and related associates of possible links via phone call history and looking out for traces on suspects past criminal records relating to chemical weapons probes and so on.
In their investigation, Aric said they targeted data based on assumptions to identify passengers who booked the same flight as Navalny’s from Moscow to the city of Novosibirsk on the week he was poisoned. Then they had to find answers to probing questions such as who among the passengers showed any features of falsified Identity or missing passport data or had traveled to the city where Navalny was attacked and who they called.
Bellingcat identified the spies by leveraging on Russian databases, and also understanding which approach to use. The Bellingcat investigators used a range of open source tools to crack the Navalny poisoning investigation, which are useful for investigative journalists.
Reverse phone-search bots on Telegram or smart phone apps. These bots reveals the name a mobile number is saved under on a phone using apps like GetContact, TrueCaller and SmartSearch.
Reverse vehicle-search and phone bots: These include AvinfoBot, SmartSearch, EyesofGod, and QuickOsintBot, and provide additional data such as ownership data, car parking data, and traffic violation histories. These provide useful data when tracking down the movements of a person, enabling you to know any affiliations with a related subject on investigation. These tools enabled Bellingcat to discover that one suspect’s phone was connected to 42 parking sessions and also geo-located many of those sessions to a parking area just a few blocks from the FSB.
Telephone logs, billings, travel and ticketing histories: This information can be derived from a Russian database and its helpful to give a lead to activities connected to the subject by tracking histories and expenses incurred for flights, trains and other details relating to their movement. From these, Bellingcat was able to detect an intelligence agent using the false name “Frolov”, who had purchased a ticket to arrive in Novosibirsk hours before Navalny’s plane was due, and then later booked a flight back to Moscow from Navalny’s next destination, Tomsk, the day after Navalny was poisoned.
Passport data. It is expected for every Russian citizen to have a passport file that includes not only their current passport photo, address, and registration, but also previous data linked to previous passports and this can give useful clues on all flights taken and also those booked, but not taken. It helped the team to get clarity on pattern of how secret operations were done.
Reverse face search. These set of tools, include FindClone, Search4Faces, PimEyes, Yandex, and SmartSearchBot, are online face search engines that allow the user to identify pictures containing given faces.
Other platforms on phone apps search to decode identities include Viber, Telegram, WhatsApp, and Skype. These make it possible to get names of persons by typing a phone number into the search bar in Skype if the number is connected. WhatsApp also enable viewing of profile picture connected to a number, if the right picture is uploaded by the user.
Olusola Tutuola is the founder of Better Civic International Foundation/Betachecks in Nigeria
Featured Cartoon: Aric Toler from the Bellingcat investigative team shared tips of the tech tools used to unmask Alexey Navalny’s poisoners.