Open Source Intelligence (OSINT) is broadly defined as intelligence produced from
publicly available information (Williams & Blum, 2018). With the global rise of the internet,
technology, and social media, the process of collecting, exploiting, and disseminating Open
Source Intelligence of value can be complicated. When you consider the mass amount of data
added to the internet on a daily basis (in 2021, 2.5 quintillion bytes every day), this is hardly
surprising (Bulao, 2022). In a balance of information input to availability, the relatively low cost
of access and low bar of entry for OSINT allow for its use at any scale by anyone, internationally
or personally. On a national level, OSINT is a treasure trove of information covered in a great
deal of distractions. Information must be sifted through with compounding computer power, data
science techniques, and new filtering methodologies such as machine learning, computer
algorithms, and automated reasoning (Williams & Blum, 2018). For most individuals, OSINT
can be as simple as utilizing queries in search engines or social media to find targeted
information and as difficult as collecting and comparing satellite imagery, filtering through open
radio channels, cross-referencing data points across multiple media outlets to identify targeted
information, and analyzing press releases to compare to information gathered online (ComSkills,
2022). Although OSINT has been used in previous conflicts, such as in Syria and Afghanistan,
the conflict in Ukraine has “supercharged” OSINT. The quantity of online data available
alongside new social media platforms and technologies have pushed OSINT into the forefront of
modern collection methods (Smith-Boyle, 2022). In Ukraine, “conflicts are documented on
TikTok… atrocities are streamed on Facebook… [and] dead bodies [are] captured in satellite
images” (Smith-Boyle, 2022). In order to combat the influence and capabilities of an invading
country with a vastly superior military force, Ukraine has been able to utilize OSINT in order to
undermine Russian clandestine and deception efforts and to gather valuable intelligence on
Russian activities with low military cost.
On the 24th of February, Russia initiated a large-scale invasion of Ukraine “likely aimed
at full regime change and [Ukraine’s] occupation” (Institute for the Study of War, 2022). Due to
“propaganda about the strength of his armed forces and people’s willingness to fight for [the]
country” President Vladimir Putin expected a swift decisive victory over Ukraine (Epstein &
Davis, 2022). Putin’s strategy was reportedly centered on “seizing Kyiv within the first two days
of the campaign”(Epstein & Davis, 2022). To compare military forces, it is estimated that
Ukraine spends around five billion annually on its military budget and has around 255,000 active
personnel; Russia spends around sixty-two billion and has around 1,154,000 active personnel
(ArmedForces.eu, 2022). Despite bombs being set off moments after his address, Putin refused
to declare the invasion as a war (Epstein & Davis, 2022). The Russian president alongside
Russian officials directly claimed that the objective of the operations was to “de-nazify” and
“demilitarize” Ukraine, repeatedly claiming that Russia’s offensive was a “‘limited operation’
necessary to defend against false Russian claims of an imminent Ukrainian offensive against
Donbas”(Institute for the Study of War, 2022). These false claims were the first of many
operations to justify Russia’s unprovoked invasion of Ukraine and many subsequent war crimes
designed to demoralize Ukrainian citizens.
Despite the power behind Russia’s disinformation campaign, OSINT has allowed
Ukraine to prove that Russia's false-flag operations were Russian propaganda. Satellite images
conveyed Russian escalation visibly. However, before the war had even started, Russia initiated
public-support efforts to prepare for the invasion of Ukraine with a great deal of propaganda.
Russian state television set information conditions to justify, “a full-scale invasion and
occupation of Ukraine to the Russian people” by denying Ukrainian sovereignty and circulating
“repeated fabricated claims of Ukrainian aggression” (Institute for the Study of War, 2022). To
make these narratives more believable, Russia initiated clandestine operations to stage several
false-flag events. These operations included the public dissemination of videos that allegedly
displayed Ukrainian forces attempting to “blow up a chlorine facility at a sewage treatment
factor” and, in one suspicious video, a gruesome scene of charred bodies and sliced open human
skulls connected (by Russia) to Ukraine. With the assistance of several explosive weapons and
forensic experts, Bellingcat, an OSINT organization, was able to virtually disprove Ukrainian
involvement in the latter example (Waters, 2022). By reviewing the damage caused by the
“Ukrainian IED attack” via GoogleMaps and videos and images available online (such as on
Izvestia, DNR People’s Militia official Telegram channel, RT, Twitter, and Gazeta.RU), experts
were able to cast doubt on the legitimacy of Russian reports. Under critical review, the incident
seemed “manufactured” as the damage was too clean and uniform to align with an IED blast.
Lines on the road when the car stopped were straight (which would be too orderly to align with
the “unexpected bomb” narrative) and the bodies inside the vehicle were oddly aged, had
irregular burns, and appeared to have clean fractures that could not be explained by an IED blast
(Waters, 2022). By undermining Russian political and military deception efforts and supplying
evidence of Russian war crimes, OSINT has helped prevent Russian media from seizing media
control of the narrative. These false narratives further undermine previous Russian claims about
Ukraine. For example, on the eighteenth of February, LDR and DNR authorities published a
video declaring an emergency evacuation of separatist-held areas following a “Ukrainian
escalation” (GlobalData, 2022). This video painted LDR and DNR as passive victims and Ukraine
as the aggressor that was targeting, or at least endangering, civilians. OSINT
investigations into the metadata of the videos revealed that the video was filmed on the sixteenth
of February despite a DNR official stating “today, on eighteen of February” in the video. That
dissonance suggests that the “evacuation was pre-planned, and therefore so was the escalation in
fighting which precipitated it” (GlobalData, 2022). Retroactively, this incident displays Russia’s
persistent attempts to choreograph false flag incidents in order to develop a narrative for an
international audience that treats Ukraine as the aggressor and Russia as a peacekeeper. Although
it was not utterly convincing even at the time of its release, this video did grant enough “political
chaff to prevent an immediate international response”, which was meant to provide space for the
invasion and, as has now been proven to be false, the time to seize Kyiv and remove the
Zelensky government (GlobalData, 2022). Next to the persistence of Russian propaganda efforts,
the reliable ability of OSINT to disprove these claims has tangibly helped Ukraine display its
victimization. In terms of real-world impact, “the revelations produced by OSINT have served to
appall Western society at large, and have generated immense political pressure for Western
governments to both punish Russia and arm Ukraine” (GlobalData, 2022). Demonstrably, more
countries have begun to show quick support for Ukraine with arms and financial aid in
correlation to the Ukrainian government’s ability to prove that the invasion was unjust
(Smith-Boyle, 2022).
It is important to note that OSINT has helped openly display Russian war-crimes. In early
April, Ukrainians living in the town of Bucha began to post horrific videos of mass murder after
Russian soldiers retreated (Amos, 2022). Moscow, and more specifically Foreign Minister
Lavrov, publicly denied war crimes allegations, claiming that the scene had been staged using
Russian casualties or Cadavers after Russian forces retreated (GlobalData, 2022; Smith-Boyle,2022).
By utilizing open satellite imagery from MAXAR that displayed the bodies in the streets
nearly two weeks before the Russian retreat, this theory was disproved (GlobalData, 2022).
Although never verified, several members of the public attempted to identify Russian soldiers
who executed civilians on the street with the use of photographs and facial recognition apps such
as findclone.ru (Amos, 2022). By connecting the faces of Russian soldiers pictured in social
media posts to names, OSINT may be able to provide further evidence in future war crime trials
(Smith-Boyle, 2022). There are also several instances of Russian cluster bombs hitting civilian
residences, schools, and hospitals. OSINT has helped geolocate these strikes by cross referencing
multiple posts (image and video) on Twitter with satellite imagery. Although cluster munitions
are difficult to control due to their inherently wide effect and dud-rate, open source evidence
from Ukraine appears to suggest that, “the cluster munitions highlighted are not being carefully
targeted”(Bellingcat Investigation Team, 2022). For example, the Human Rights Watch have
independently investigated and verified the use of cluster munitions that landed just outside a
Ukrainian hospital, calling for Russian forces to “stop using cluster munitions and end unlawful
attacks with weapons that indiscriminately kill and maim”(Bellingcat Investigation Team, 2022).
In Kharkiv (North East Ukraine), there is evidence of cluster bombs hitting a residential area
next to a children’s hospital. In the city of Okhtyrka (West of Kharkiv), an artillery strike around
a kindergarten led to several casualties including, according to one report, children (Bellingcat
Investigation Team, 2022). In early March OSINT verified that the Russian Air Force used
unguided “dumb bombs” against civilian targets (GlobalData, 2022). Following “an airstrike
which killed 47 civilians in Chernihiv, video footage identified an unexploded unguided
FAB-500 M62 bomb being removed [by Russians] from an air strike location. Three days later
the [Russian Air Force] released a video showing a Su-34 loaded with eight FAB-500bombs”
(GlobalData, 2022). On March twelfth, a former Marine tweeted evidence of Russia’s
use of autonomous loitering munitions in an urban setting (Lobo Institute, 2022). Although it is
no secret to many that Russia has targeted and brutalized Ukrainian citizens, evidence of these
weapons and methods being used against civilian targets is politically damning (GlobalData,
2022). OSINT has been able to reveal that the Russian military has been attacking and targeting
civilians, increasing the amount of international support for Ukraine (Smith-Boyle, 2022).
OSINT has also assisted Ukrainian Forces by providing information on where and how
the Russian military is operating via intercepted Russian military communications. Although
signal collection is often left to the SIGINT discipline, Russian use of, “basic, off-the-shelf,
unencrypted radio” has allowed for anyone with a radio to tap into significant Russian military
information in real time (Myre, 2022). Unencrypted cell phones have also allowed Ukrainians to
eavesdrop on Russian communications (Smith-Boyle, 2022). On an operational and tactical
level, this information can be incredibly beneficial for locating and predicting Russian military
movements. In some cases, individuals have attempted to speak to Russian soldiers directly in
order to know more about “particular units and troops and where they are”(Ringer et al., 2022).
As the New York Times has proven, Radio intercepts can also be used collectively with a map to
correlate locations of Russian troops and to figure out “what [is] going on on the ground”
(Ringer et al., 2022). Similarly, open signals and the websites that track them (such as
Flightradar24, FlightAware, and crowdsourced sources (such as ADS-B Exchange)) can be used
to track aircraft in flight (Aldhous and Miller, 2022). Although this collection is limited by
policies on these websites to not track those who request to be ignored and by an aircraft’s ability
to turn off its transponders, these websites have previously helped track some aircrafts. On a
social level, radio and audio intercepts can be tremendously powerful and can provide a piece of
truth among the vast amount of Russian disinformation. Although unverified, Ukrainian military
Intelligence put out audio on social media, “saying that as two Russian military members were
speaking, one called for Ukrainian prisoners of war to be killed… ‘Keep the most senior among
them, and let the rest go forever. Let them go forever, damn it, so that no one will ever see them
again, including relatives’"(Myre, 2022). This message, alongside potential future messages like
it, rallies Ukrainian troops to action and promotes public support for Ukraine.
Finally, it is important to note that OSINT has provided Ukrainian forces with valuable
military information and helped identify where and how the Russian military is operating via
satellite and social media tracking of Russian troops. Without great financial or asset costs,
Ukraine has been able to collect information on clandestine Russian operations and military
movements. This method of intelligence collection and analysis can be a more efficient use of
resources for Ukraine, which is competing with an invading force much larger and wealthier than
itself. As a very interesting example of OSINT critical information collection, public analysts
began to watch the traffic layer of Google Maps for the main road from Belgorod, Russian to
Ukraine’s Kharkiv after finding TikTok videos posted by Russian civilians that appeared to show
hardware, including Buk surface-to-air missile launchers. On this road analysts saw a “traffic
jam” appear in a location known to have, from commercial satellite imagery, a “buildup of
armored personnel carriers, mobile missile launchers, and other military vehicles”(Aldhous and
Miller, 2022). This traffic jam was later understood to be an indication that Russian armor was
now “on the road, blocking progress for the few civilians traveling at night and whose
smartphones were sending location data to Google’s servers”(Aldhous and Miller, 2022). With
very few resources, a public researcher was able to identify the start of the invasion via
commercial and public geopolitical information. This is not only beneficial to Ukraine from a cost
angle, but also to Ukraine’s fight to undermine Russian propaganda. Public access to
satellites and imagery from across the globe allow for the public and foreigners to find the truth
without reliance on government statements. Russia’s lie that it was withdrawing troops near the
Ukrainian border could be seen by anyone who put in the effort to verify that information. This
meant that Putin lost significant credibility as, “his government’s statements were [clearly]
inconsistent with the objective reality”(Aldhous and Miller, 2022). Individual people with
cellphones have become their own sensors, publicly disseminating information in real time. At
the beginning of the war, comments on TikTok in Russia helped reveal future troop movements
as women commented that their boyfriends or husbands were going to be gone for a “six to nine
months” for “exercises [in Belarus]”(Aldhous and Miller, 2022). Over time, social media
continues to be swamped with images and videos showing the “movement of Russian armor,
verbal confrontations between Ukrainian citizens and Russian soldiers, and the impact of missile
strikes on residential areas, government buildings, and other infrastructure”(Aldhous and Miller,
2022). On a long term basis, OSINT can also be used to look at strategic losses and gains from
the war. Websites such as Oryx, a digital watchdog, maintain a comprehensive list of destroyed
and captured military vehicles (Lobo Institute, 2022). By tracking the movements and losses of
both countries, Ukraine can have some strategic oversight into Russian losses and future options.
Ultimately, at a low cost to Ukrainian assets, Ukraine has effectively utilized OSINT
capabilities in order to undermine Russian clandestine and deception efforts and to gather
valuable intelligence on Russian activities. Many of the war crimes committed by Russia are
well documented and easy to find online with evidence provided. According to Pew Research
Center after Russia invaded Ukraine, “10% or less of those polled express a favorable opinion of
Russia. Positive views of Russian President Vladimir Putin are in single digits in more than half
of the nations polled”(Greenwood, 2022). Similarly, in another international survey, “there [was]
strong and widespread support for the view that peace requires Russia to withdraw from
Ukrainian territory it has occupied”(Open Society Foundation, 2022). As of November, Ukraine
has reclaimed “more than half the territory Russia has taken this year”(New York Times, 2022).
Although certainly in part to many other factors, OSINT has assisted Ukraine in undermining
Russian propaganda and clandestine operations and helped Ukrainians keep track of Russian
movements throughout the war without any significant cost. OSINT has not only countered
Russia’s asymmetric military advantage; it has flipped it. As more and more individuals become
“sensors” tracking movement with their cell phones and providing information that can be used
in warfare, OSINT has shown itself to be a useful and capable analytical tool for even those
without great cyber expertise. Although we have yet to see how valuable OSINT will be for
peer-level countries, for Ukraine OSINT has repeatedly helped fight back against Russian
military operations and narratives.
References
Aldhous, P., & Miller, C. (2022, March 3). How open-source intelligence is helping clear the fog
of war in Ukraine. BuzzFeed News.
buzzfeednews.com/article/peteraldhous/osint-ukraine-war-satellite-images-plane-tracking
-social
Amos, D. (2022, June 12). Open source intelligence methods are being used to investigate war
crimes in Ukraine. NPR.
npr.org/2022/06/12/1104460678/open-source-intelligence-methods-are-being-used-to-inv
estigate-war-crimes-in-ukr
ArmedForces.eu. (2022). Ukraine vs Russia: Comparison Military Strength. ArmedForces. armedforces.eu/compare/country_Ukraine_vs_Russia
Bellingcat Investigation Team. (2022, March 2). Invasion of Ukraine: Tracking use of cluster
munitions in civilian areas. bellingcat.com/news/2022/02/27/ukraine-conflict-tracking-use-of-cluster-munitions-in-ci
vilian-areas/
Bulao, J. (2022, November 26). How much data is created every day in 2022? Techjury. techjury.net/blog/how-much-data-is-created-every-day/
ComSkills. (2022, May 4). OSINT TOOLKIT. ComSkills Ukraine. comskills-ukraine.co.uk/resources/osint-toolkit/
Epstein, J., & Davis, C. R. (2022, March 15). Putin thought Russia's military could capture Kyiv in 2 days, but it still hasn't in 20.
Business Insider. businessinsider.com/vladimir-putin-russian-forces-could-take-kyiv-ukraine-two-days-202
2-3
GlobalData. (2022, May 13). The role of OSINT in the War in Ukraine. Army Technology.
army-technology.com/comment/osint-war-in-ukraine/
Greenwood, S. (2022, June 22). International attitudes toward the U.S., NATO and Russia in a time of crisis. Pew Research Center's Global Attitudes Project. pewresearch.org/global/2022/06/22/international-attitudes-toward-the-u-s-nato-and-russia-in-a-time-of-crisis/
Lobo Institute. (2022, April 23). The Russian invasion highlights the impact of OSINT. Lobo
Institute. loboinstitute.org/the-russian-invasion-highlights-the-impact-of-osint/
Institute for the Study of War. (2022, February 24). Ukraine conflict update 7. Critical Threats.
criticalthreats.org/analysis/ukraine-conflict-update-7
Institute for the Study of War. (2022, February 23). Ukraine conflict update 6. Critical Threats.
criticalthreats.org/analysis/ukraine-conflict-update-6
Myre, G. (2022, April 26). How does Ukraine keep intercepting Russian military
communications? NPR. npr.org/2022/04/26/1094656395/how-does-ukraine-keep-intercepting-russian-military-co
mmunications
New York Times. (2022, November 15). Maps: Tracking the Russian invasion of Ukraine. The
New York Times. nytimes.com/interactive/2022/world/europe/ukraine-maps.html
Open Society Foundation. (2022, September 6). Poll: Climate and Ukraine Top Global
Concerns. opensocietyfoundations.org/newsroom/majorities-across-the-world-support-russian-withd
rawal-from-ukraine-and-greater-action-on-climate-change
Ringer, J., Chang, J., & Chakrabarti, M. (2022, April 11). How open source intelligence is
shaping the Russia-Ukraine War. On Point. wbur.org/onpoint/2022/04/11/how-open-source-intelligence-is-shaping-the-russia-ukraine
-war
Smith-Boyle, V. (2022, June 22). HOW OSINT has shaped the war in Ukraine. American Security Project. americansecurityproject.org/osint-in-ukraine/
Waters, N. (2022, February 28). 'exploiting cadavers 'and 'faked ieds': Experts debunk staged
pre-war 'provocation' in the Donbas. BellingCat.
bellingcat.com/news/2022/02/28/exploiting-cadavers-and-faked-ieds-experts-debunk-stag
ed-pre-war-provocation-in-the-donbas/
Williams, H. J., & Blum, I. (2018, May 17). Defining second generation open source intelligence
(OSINT) for the Defense Enterprise. RAND Corporation.
rand.org/pubs/research_reports/RR1964.html
