Navalny’s poisoning and Russia’s Clandestine Chemical Weapons Programme

Country/area: Bulgaria

Organisation: Bellingcat, The Insider

Organisation size: Small

Publication date: 23 Oct 2020

Credit: Christo Grozev, Aric Toler, Pieter van Huis, Yordan Tsalov, Roman Dobrokhotov

Project description:

By using open source information and the Russian black data market we were able to uncover the FSB team that poisoned Russian opposition leader Alexey Navalny, the structure of the operation all the way to the top, and the clandestine chemical weapons programme of the Russian government. For this purpose we analysed large amounts of data – phone records, traveling information, et al., and revealed – perhaps in an unprecedented manner, certainly more widely then ever – the capability and the dangers of free flowing data, as well as the ways this information is used and sold by corrupted officials.

Impact reached:

The story has been on the forefront of the world news and has major ramifications for Russia. 

The project led to several calls for further investigations and sanctions. Our team has been called to testify in the British Parliament, The Council of Europe, and of the leading members of the US Congress has expressed a wish to summon us after the pandemic. The European Parliament has issued a motion where our investigation is explicitly mentioned as the cause for further action against Putin’s regime. The latter has also commented on the story calling it a “legalisation” of “foreign intelligence” – on one hand proving its veracity, on the other unwillingly complementing our data gathering efforts to be at the level of an intelligence service. 


Techniques/technologies used:

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. Often, these data merchants providing data to resellers or direct to customers are caught and face criminal charges. For other batches of records, there are automated services either within websites or through bots on the Telegram messaging service that entirely circumvent the necessity of a human conduit to provide sensitive personal data. 

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia’s security service officers. A few hundred euros could — and does — provide you with months of phone call data for an FSB or GRU officer, allowing investigators to trace the intelligence services’ operations, identify the colleagues of research targets, and follow the physical tracks of spies across Russia and abroad.

What was the hardest part of this project?

Tugging on one thread will unravel an entire tapestry of cross-referenced data, eventually revealing how Navalny’s or Skripal’s poisoning was planned and carried out by a team of chemical weapon experts and secret service operatives. Much of this data is available due to the negligence of the Russian government — it’s hard to imagine an entire city’s vehicle registration database with passport numbers, addresses, license plate numbers, and other data to be leaked online annually for anyone to find in Germany or Canada — as well as the sloppiness of the security services themselves. 

That being said, those investigation put the journalists, as well as the main characters of our story – in this case Navalny – at great risk. The Russian security services may be sloppy, but they are nevertheless brutal in their vengefulness. 

What can others learn from this project?

To underscore our credibility, Bellingcat employs a show-your-work approach, publishing exhaustive reports that walk readers through exactly where our investigators got their data — including leaked records of private information — and how we analyzed it.

In many Western countries, the idea that you could shell out a couple of dollars in cryptocurrency to an automated messaging application and obtain someone’s passport number, cellphone metadata and vehicle registration seems astonishing, however not unprecedented as the phonehacking scandal with News of the World alluded to. 

Journalists in Russia, however, have increasingly turned to the data market as a reporting tool, but the data they obtain doesn’t always tell a clear-cut story. The unreliability of such data is one reason Bellingcat does rigorous cross-checking, preferably connecting to a source we’ve obtained earlier than we started the investigation, before anyone has had the idea to poison the data. In the case of the Navalny plot, Bellingcat analysts turned to previously verified offline databases to back up their new findings.

Those methods of research, hypothesis, finding proof, cross-checking, analysing is extremely useful for every investigative journalist and most certainly holds the keys to the future of the profession.  

Project links: