THE SUNDAY TIMES MAGAZINE (UK)
January 24, 2021 Sunday 1:01 AM GMT
Interview by Matthew Campbell
<https://advance-lexis-com.ezproxy.cul.columbia.edu/document/?pdmfid=1516831&crid=050c3310-a20d-4ac6-8f13-073dc82c12ac&pddocfullpath=%2Fshared%2Fdocument%2Fnews%2Furn%3AcontentItem%3A61V7-WF91-JBNF-W52M-00000-00&pdcontentcomponentid=382503&pdteaserkey=sr0&pditab=allpods&ecomp=5bq2k&earg=sr0&prid=07f21161-028d-4160-b1c4-a70e79aaa506#>
Highlight: EliotHigginsled a team of online sleuths who proved the
would-be assassins of Sergei Skripal were Russian agents. Matthew
Campbell meets the shy Star Trek fan who outfoxed Putin
EliotHigginsdoes not mind coronavirus lockdowns. He has never much
enjoyed going out, producing all his best work, his world-beating scoops
about Syrian or Russian skulduggery, from a sofa at home in the East
Midlands.
“When I was younger I had this really terrible anxiety. It cast a shadow
over my life,” he tells me. “When I went outside I always felt everyone
was kind of looking at me, judging me. I hated interacting with people.”
Things have improved since then, although he says he’s “still not
somebody who likes going down the pub”.
Celebrity as one of the world’s most influential internet sleuths has
boosted his confidence. Investigative triumphs, including the
identification of the Russian spies who tried to kill the defector
Sergei Skripal in Salisbury, have turned his Bellingcat investigative
news website into a giant of the new media landscape.
This is my first (virtual) meeting with Higgins, 41, a pioneer of “open
source” reporting, in which data freely available on the internet is
used to build a story. For all his talk of anxiety, and as someone who
has repeatedly embarrassed the Kremlin, he seems perfectly relaxed. And
I am surprised by the bushy black beard; he has always been clean-shaven
in photos. It adds to a professorial aura as he peers at me over Zoom
from his home in Leicester, where he lives with his Turkish wife and two
young children. Besides identifying the Salisbury attackers, who smeared
the lethal nerve agent novichok on Skripal’s door knob, Bellingcat last
month published the names and photographs of several Russian agents
believed to have poisoned Alexei Navalny, Russia’s leading opposition
activist, last year. In another coup Higgins identified the Russian
truck that fired a missile that brought down a Malaysian civilian
airliner over Ukraine in 2014, killing 298 people; Russia has always
denied being responsible and likes to dismiss Higgins and Bellingcat as
an arm of western intelligence.
Russian television has doorstepped his mother in Leicester and suspected
Russian hackers have tried to break into his computers. So how worried
is he about his personal safety?
It may go against his instincts as an introvert, but he now believes a
high profile is his best defence. “If I stubbed my toe, people would
assume Russia was behind it,” he says. In any case, “if someone is going
to rub something on your door handle, there’s not much you can do about it.”
As a painfully shy youth he was an obsessive gamer who could spend hours
immersed in
World of Warcraft
. His father was a Royal Air Force engineer who worked on various UK
bases. Higgins dropped out of a media studies course to do a variety of
administrative jobs. He found housing for refugees and processed
payments for a lingerie firm. “So you’ll read on Russia Today that I was
an underwear salesman — they’ve turned it into some weird narrative
about me.”
He tried for a conventional journalism career, but was rejected by the
BBC and ITN — much as they may regret it now. By then he had started
blogging under the name Brown Moses, a pseudonym from a Frank Zappa
song. With an interest in military matters — perhaps thanks to the
paternal influence — he began examining conflicts in the Middle East,
studying thousands of videos posted by citizens caught up in conflict.
This coincided with a dramatic expansion of social media and access to
tools such as Google Earth. Suddenly it was possible to see what was
happening in a faraway war zone without having to go anywhere near it.
“You’ve got this mass of information from satellite imagery, videos and
photos that is being shared,” he explains. “The skill is piecing it all
together and understanding what it shows you.”.
His family thought his “weird hobby” was a dead end. “Then when I was,
like, ‘I’m going to start doing this as a job,’ they were slightly
horrified.” And then came a big breakthrough when he identified weapons
from Croatia in a video posted by a jihadist group in Syria. The story
he wrote on his blog was picked up by
The New York Times
on its front page. He went on to document the Syrian regime’s use of
chemical weapons, and in 2014 launched Bellingcat. The name came from a
cat and mouse fable in which the mice decide to put a bell on the cat’s
neck as an early warning system to avoid being eaten. The shy
science-fiction enthusiast — he likes
Star Trek
— who was once dismissed as “just some blogger” by some, now has his own
media operation and staff. “We’re a real organisation now and I’m the
executive director,” he says proudly.
About one third of funding, he says, comes from the workshops Bellingcat
organises around the world to encourage more open source reporting as an
antidote to dictatorships. The rest is from private foundations such as
the National Endowment for Democracy, a nonprofit organisation set up in
America in the 1980s. Higgins insists he does not take money from any
government.
“It’s quite annoying because people say Bellingcat is funded directly by
the US State Department, and we’ve turned down loads of money from them
because we don’t want to take direct funding — like, literally millions
and millions.”
Many remain sceptical, though, about Bellingcat and its successes.
Besides the Russians, “there’s a big group of people who’ve decided
we’re obviously working for the CIA or GCHQ or whichever abbreviation
you prefer,” he says.
For its supporters, though, Bellingcat is beating western intelligence
services at their own game. “I’ve occasionally met people who know
people who do this [intelligence] stuff,” he adds. “Back in 2013 and
2014, when I was first doing this before Bellingcat, they’d say that I
was their dirty little secret: they’d steal all the work I was doing and
put it in their own reports.”
Bellingcat’s success in Russia has been facilitated, Higgins admits, by
rampant corruption, the “rot at the core of Russian society”, as he puts
it. It might seem paradoxical in a country with a reputation for state
control, but Russia is one of few countries where home addresses, car
registrations and passport records can be acquired, for a modest fee,
over the internet.
“Any information that is gathered by the government is basically
available for sale to anyone who knows how to find it,” he says. “It’s
not even the dark web. On any old internet forum you can find someone
who says, ‘Give me $100 and I’ll get you the passport details of this
person.’ ”
This helped Bellingcat to unmask the Salisbury poisoners — the two outed
agents have since been reassigned. “They’ve been sent to Siberia,”
Higgins laughs. Not that Putin seemed to care much about being found out
— some analysts believe, on the contrary, that he wanted the world to
know his country was behind the poisoning.
The Russian leader has learnt that he can get away with such malevolent
behaviour, Higgins argues, because of our lack of retaliation in the
West: “We don’t really do anything except expel some diplomats and do
some really targeted sanctions that no one really cares about. Until
Russia feels they’re paying a price that they’re unwilling to pay,
they’re going to keep doing this stuff.”
Experts believe the Kremlin has been infuriated by Bellingcat’s ability
to identify state security agents suspected of poisonings: Higgins says
there are signs of a crackdown on internet information-peddlers. In the
end, though, Bellingcat may matter little to Putin. Polls show the vast
majority of Russians do not believe Putin was involved in Navalny’s
poisoning — and those who do may well approve.
What is Higgins working on now? We are talking just before the storming
of Congress in Washington and Bellingcat is already on the case. He and
his team are investigating the growing influence on politics of QAnon, a
far-right conspiracy theory whose adherents — including many of the
Washington rioters — believe in a deep-state plot led by a paedophile
and Satanist cult involving the Democrats.
Higgins believes this bizarre movement and its unfounded claims
proliferating over the internet are like a “brain parasite”. For one who
has spent much of his life on the internet — and built his career on it
—he makes a compelling sermoniser: “The internet is fantastic for making
you find stuff that reinforces your beliefs,” he says, but it also
“drives you as crazy as you can be”.
How we exposed the Salisbury poisoners
By Bellingcat founder EliotHiggins
In early 2018 British government ministers hurried into an underground
conference room in central London for a Cobra crisis-response meeting. A
chemical weapons attack had taken place on British soil; it looked like
an assassination attempt. On March 4 that year Sergei Skripal, a former
Russian intelligence officer who had defected to Britain, and his
daughter were found slumped on a bench in Salisbury, both on the verge
of death. They had been poisoned with the nerve agent novichok. Though
the Skripals survived, Dawn Sturgess, an innocent victim accidentally
poisoned by the novichok, later died.
Moscow denied responsibility, yet the Kremlin had been implicated in
revenge poisonings before. Though British detectives gathered and
watched 11,000 hours of local CCTV footage, pored over credit-card
payments and studied mobile-phone usage in the area, they struggled to
identify the attackers.
At Bellingcat we watched, awaiting a point of entry. Scattered around
the globe, our online collective began hunting for clues on the internet
— in social media postings, in leaked databases, in free satellite maps.
This is what has become known as “open source” reporting —
paradoxically, in this age of online disinformation, facts are easier to
come by than ever. We have no agenda but we do have a credo: evidence
exists and falsehoods exist, and people still care about the difference.
Joining the dots
Six months after the Skripal attack the police at last provided what we
needed. Images showed two Russian men arriving at Gatwick airport a
couple of days before the poisoning, travelling together by train from
London to Salisbury on consecutive days and lurking near the defector’s
home. The authorities needed help identifying these two, so they
published images of the suspects, who had travelled under the names
“Alexander Petrov”and “Ruslan Boshirov”. Scotland Yard hoped someone
might recognise them. The Kremlin certainly did.
The following day, September 13, 2018, the two suspects materialised in
an interview on the Kremlin’s international news channel, RT. The two
men proclaimed themselves innocent, merely two friends who had taken a
last-minute holiday to Britain to admire a provincial cathedral.
“Petrov” glared as if furious about appearing in public. “Boshirov”
winced, a sheen of sweat on his face. They were not assassins, they
protested, just fitness entrepreneurs.
We got to work. At first, we uploaded pictures of “Alexander Petrov” and
“Ruslan Boshirov” onto search engines, seeking reverse image matches [a
search using an uploaded image rather than a search term]. Nothing came
back. We searched through Skype handles, seeking variants of their
supposed names. Nothing. We scanned Russian news reports for clues and
dredged Twitter for insights.
Unable to track the suspects through standard open-source methods, we
went deeper, digging into a stash of leaked databases. Over the past 20
years hundreds of these have ended up on Russian “torrent” sites — the
kind of webpages that illegally share copyrighted movies via a multitude
of users, thereby preventing the authorities from shutting down any
single source. The leaked Russian databases included passport data,
residential address data, car ownership data, often on a city-by-city
basis. Some included Russian flight manifests.
By the time of the Skripal investigation, Bellingcat had downloaded
about a thousand of these databases. But rarely are they up to date, and
we lacked check-in details for March 2018, when “Petrov” and “Boshirov”
had travelled from Moscow to London.
On the Russian internet on-demand queries are possible too — a black
market where personal information is for sale. Going down that route
pushed the boundaries of the Bellingcat method. We always prefer open
sources; usually that is all we need. Previously we had crowdsourced the
purchase of satellite imagery in our investigations into Mhl, the
airliner shot down over Ukraine in 2014: we bought material from an
established vendor and posted the results online for all to see. Yet the
source of this flight manifest would not be an established retailer.
We have had internal debates about such dilemmas before, and they help
demarcate the ethical edges of the Bellingcat method. All our
investigations, we believe, must be founded on open-source information.
But in carefully judged situations we will build upon that base.
In the case of the passenger manifest for the Moscow-London flight, we
found somebody online with access to the Russian airlines’ booking-data
system and paid about £180 for the file. The flight manifest added two
crucial data points: the suspects’ purported birthdates and passport
numbers. Suspiciously the latter were only three digits apart. From here
we needed to cross-reference the data against identification documents
that the Russian state holds on every citizen. As part of a previous
case we had come across someone else online who boasted of accessing
such dossiers through a personal connection at a government agency. In
our Slack chats we joked that the online braggart’s “personal
connection” was probably his grandmother working in a dismal ministry
office, rifling through filing cabinets after hours. From this we came
to nickname our source “the Babushka”, Russian for “Granny”. Yet the
Babushka was not helping for free. We would need to pay about £90 per
identification dossier.
The name Boshirov is so odd in Russian that it would have drawn instant
suspicion if we had requested that identification file; but the other
suspect’s purported name, Alexander Petrov, was common. From the
Aeroflot passenger list we also had the claimed birthdate of Alexander
Petrov. So we asked the Babushka if the government system contained
files on anyone with this combination of name and birthdate.
Four matches came back. To see the dossiers themselves meant paying yet
again. We hesitated. But the Kremlin disinformation machine provoked us
— namely, that RT interview of the two supposed sports-nutrition
salesmen, claiming they had visited Salisbury Cathedral to admire its spire.
Christo Grozev, who had worked in Russia in the Nineties and later
become a key figure in Bellingcat, was in a business meeting, furtively
checking his phone, when the four dossiers arrived. He clicked on the
first one and scrolled down to the ID photo. No, this was not our
Petrov. He clicked the second dossier. Down he scrolled. He thumbed in
the words “Found him” onto our Slack chat and uploaded the ID photo.
Unmistakable: this was him.
“There are two odd things on his file,” Christo messaged us, uploading
an official stamp found in the Petrov dossier: Do not provide any
information. Also, the page of biographical data was blank, except for a
handwritten note stating, “There is a letter. SS” — an abbreviation for
sovershenno sekretno
, Russian for “top secret”.
“This shouts spy,” Christo explained. “This person’s existence begins in
2009. This is a fake identity . . . I think we have the story.”
According to the dossier, this man in his late thirties, “Alexander
Yevgeniyevich Petrov”, had appeared in official files only in 2009. The
office that issued his ID was not just another dusty bureaucratic
outpost, but the special Moscow office that grants papers to Kremlin
insiders and agents.
Putin had said of the suspects: “They are civilians, of course . . . I
can assure you that there is nothing special, nothing criminal there.”
He had lied, and we could prove it.
Cutting through Kremlin lies
In Washington it was morning and our newest staff employee, the editor
Natalia Antonova, was sleepily reading Twitter. Everyone, she
discovered, was abuzz about the suspects’ interview on RT. Natalia had
known Russian military officers like these. Though raised mostly in the
US, she had been born in Kiev with a grandfather who was a Soviet
general. Natalia could see that “Petrov” and “Boshirov” did not want to
be on TV. When the RT interviewer suggested an innocent explanation for
their trip — perhaps they were just a gay couple on vacation? — “Petrov”
and “Boshirov” seemed barely able to contain their indignation. Natalia
had to pause the video, she was laughing so hard. Little motivates an
open-source investigator as much as blatant lies. In this case they
spoke of the trip to Salisbury as long planned. Yet the Aeroflot
passenger manifest showed they had booked their tickets and checked in
online at 10pm the night before their flight.
Our first published piece on the Skripal suspects caused news
organisations around the world to cover our work, stirring renewed
concern about Moscow’s lawless actions abroad. We expected the Russian
media to gloss over it, but we were wrong. Both pro-Kremlin and
anti-Kremlin media jumped on the case. This was blowing up faster than
we had expected.
One Russian news outlet — not a state-controlled one — acquired the
dossier of the other suspect, “Ruslan Timurovich Boshirov.” It also had
the “Do not provide any information” stamp and the “Top secret”
annotation. And it had a series of digits that looked like a phone
number. Russian reporters called it and the Russian Defence Ministry
answered.
The Insider, a courageous investigative website based in Russia,
acquired border-crossing data for “Petrov” and “Boshirov”, showing their
travels in various countries in Europe from 2016 to September 2018.
These were not sports-nutrition salesmen, and Petrov and Boshirov were
not their real names. Our hypothesis was that they were GRU officers,
carrying out clandestine acts in western Europe. So we reached out to
former Russian military officers to ask where future GRU agents might
have been trained 15 to 20 years earlier, when “Boshirov” and “Petrov”
would probably have started their careers.
During that period the Far Eastern Military Command Academy had an
excellent reputation for training overseas covert operatives. On social
media we found incomplete yearbook photos and reunion galleries from the
time, but no certain matches. A 2018 article on the history of the
academy mentioned seven graduates who had gone on to receive the
prestigious Hero of the Russian Federation award.
We also found a photo of graduates deployed on snowy ground in Chechnya.
In the top row there was one man who looked a little like “Boshirov”.
The resemblance was not enough to go on, but it inspired us to try
adding “Chechnya” into online searches, along with “Hero of the Russian
Federation”. This landed us on the website of a state-run civil-defence
force, which mentioned a colonel by the name of Anatoliy Chepiga.
We ran his name through Google as well as Russian search engines, but
found nothing. No social-media profiles. No images. The Hero of the
Russian Federation is the country’s highest state award, personally
decreed by the president. Most are presented in public. The man’s online
invisibility was suspicious.
We went through our leaked databases and found two references to
Anatoliy Chepiga including contact information listed as “в/ч 20662” — a
Russian abbreviation for Military Unit 20662, the elite Spetsnaz unit of
GRU’s 14th Brigade. A listing from 2012 showed Anatoliy Vladimirovich
Chepiga, born April 5, 1979, residing in Moscow. What we needed was an
image of Chepiga. No matter how we searched, no picture of the man
appeared in open sources. We had not wanted to ask Babushka for a
dossier in the unusual name Boshirov because it would have set off alarm
bells, but as yet the public associated nothing with the name Chepiga.
So we took the chance; we bought his dossier. And we had him: his photo,
dated around 2003. “Boshirov” was Colonel Anatoliy Chepiga.
A Salisbury hit team: the proof
When we published our report, it caused the biggest stir of any
Bellingcat article to date, with headlines around the world marvelling
that a bunch of citizen investigators had somehow outed a Russian “hit
team”. Online, conspiracy theorists and state propaganda machines raged
against us. Putin’s spokesman Dmitry Peskov insisted there was “no data”
that anyone called Anatoliy Chepiga had ever received the Hero of the
Russian Federation award. He also denied that “Boshirov” and Chepiga
looked identical. But five separate news outlets tracked down people who
had known Chepiga — they confirmed that the Boshirov who appeared in the
RT interview was indeed Anatoliy Chepiga.
Putin issued a foul-tempered denial, not sounding terribly innocent when
he called Skripal “a scumbag” and “a traitor to the motherland”. Later
the Russian foreign minister, Sergey Lavrov, added his disapproval.
“Bellingcat is closely connected with the intelligence services, which
use it to channel information to influence public opinion,” he said.
We carried on, focusing on finding the true name of the remaining
Skripal suspect, “Alexander Petrov”. We pored over social-media photos
and videos of graduates of the Far Eastern Military School, in case he
had attended it like the other suspect. No luck. So we checked group
photos of the Spetsnaz unit that Chepiga once belonged to. Again, nothing.
In the Petrov dossier there was a reference to a previous identity
document, issued in St Petersburg in 1999. We searched dozens of leaked
databases, but found no sign of the supposed document number, so
concluded that this was a faked corroboration. But why was St Petersburg
mentioned? When we had previously identified a GRU officer involved in a
Montenegro coup plot, we found that his undercover persona had retained
his true first name, birthdate and birthplace, changing only his
surname. Perhaps the same was true for “Petrov”, whose first name and
patronymic were given as Alexander Yevgeniyevich and whose cover
birthdate was July 13, 1979.
We took those details and punched them into leaked databases from St
Petersburg. The only two matches — from 2003 and 2006 — indicated
someone with the last name Mishkin and included a phone number that was
out of service. We searched again for that phone number and eight people
came up, suggesting a shared apartment. We checked the address. It was
across the street from the Military Medical Academy.
The Petrov identity dossier was registered in Moscow, so we sought
traces of this new name, Alexander Yevgenyevich Mishkin, in the Russian
capital as well. An open-source phone database turned up a mobile
number. We fed this number, with his name, into the leaked Moscow
databases and found a match to car insurance from 2013 for a Volvo XC90.
From an official Russian database of registration histories we learnt
that the car had been imported, registered first in St Petersburg in
2012, then transferred to the Khoroshevsky District of Moscow — the
district of the GRU headquarters. That was tantalising but not
conclusive. We found a website selling a more recent car insurance
database, dated 2014. This had a precise registration address for
Alexander Mishkin’s Volvo: Khoroshevskoye Shosse 76B, also known as GRU
headquarters.
On Russian social-media networks we contacted hundreds of graduates who
had attended the same medical academy in the early years of the century,
coinciding with the presumptive period of Mishkin’s study there. Most
did not respond. Many said they were not aware of anyone named Mishkin.
But one person, who insisted on anonymity, confirmed that Alexander
Mishkin had graduated from the academy, and that he was the man posing
as “Petrov” . The source said that Russian security services had been
contacting those from Mishkin’s class, telling them not to divulge his
identity.
With the Kremlin clamping down, we could not risk pressing Babushka for
more identity dossiers without endangering the person. But we did manage
to obtain a scan of Mishkin’s 2001 identity document from another
source. It had a photo of Mishkin, and it was the man from the RT interview.
The Insider investigative website took one last step. Just before
publication of our exposé on Mishkin, they dispatched a reporter to the
birthplace mentioned in the 2001 identity document: Loyga, a village in
northern Russia of about a thousand residents so remote it is reached
only by narrow-gauge railway. The reporter spoke to various locals
there, and all recognised “Petrov” from the RT interview as local boy
Mishkin. Several described him as a military doctor who had received the
Hero of Russia award a few years earlier. One person said that Mishkin’s
grandmother — an elderly former doctor revered in the village —
cherished a photo of Putin bestowing the award on Mishkin and shaking
his hand.
Extracted from We Are Bellingcat: An Intelligence Agency for the People
by EliotHiggins, to be published on February 4 (Bloomsbury £20)
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#5833): https://groups.io/g/marxmail/message/5833
Mute This Topic: https://groups.io/mt/80116262/21656
-=-=-
POSTING RULES & NOTES
#1 YOU MUST clip all extraneous text when replying to a message.
#2 This mail-list, like most, is publicly & permanently archived.
#3 Subscribe and post under an alias if #2 is a concern.
-=-=-
Group Owner: [email protected]
Unsubscribe: https://groups.io/g/marxmail/leave/8674936/1316126222/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
