When Selfies Are a Tool of Intelligence

As Russia has deployed troops and planes to Syria to reinforce the crumbling rule of President Bashar al-Assad, the run-up to its intervention has been documented in a near real-time basis — an almost unprecedented demonstration of the power of open source intelligence.

Moscow began its aerial campaign against Sunni rebels in Syria on Sept. 30. But more than a month earlier, evidence began surfacing online that pointed to Russia’s military buildup along Syria’s western coast.

On Aug. 22, a Turkish blog posted photographs of a Russian cargo ship that had transited the Bosphorus two days earlier. On its deck, covered by tarps, sat the unmistakable forms of Russian BTR-class armored troop carriers. A day later, a video surfaced containing what appeared to be audio fragments of Russian military commands. The video also included footage of an advanced Russian fighting vehicle, the BTR-82.

As Russia’s military buildup continued, the open source evidence of its involvement in Syria flooded the Internet. In late August and early September, Russian troops being deployed to Syria posted selfies on social media sites saying they were headed to Russia’s naval port in Tartus on the Mediterranean Sea. On Sept. 2, photos of alleged Russian jets and drones in the skies over Syria appeared on Twitter. During the first half of September, aviation enthusiasts started tracking Russian An-124 cargo flights — similar to the American C-5 Galaxy — to Syria. Moscow said the planes were delivering humanitarian aid, but at least one was photographed at a Russian military base being loaded with an attack helicopter.

By the middle of September, commercial satellite images showed Russian fighter jets deployed to Syria. In the days that followed, video footage and photographs posted online showed the jets flying in Syrian skies. On Sept. 30, bombs began falling from those jets.

Arguably, no one has done more to catalog and analyze the volumes of open source information than Ruslan Leviev, a 29-year-old Russian who founded what he calls the Conflict Intelligence Team. The group of six full-time analysts goes through the painstaking work of attempting to verify the digital detritus that the Russian army has left in its wake as it has deployed to Syria. Leviev has been posting compilations of photographs, maps, tweets, videos, and satellite images on his LiveJournal.

“We are not journalists. Are we combatants? It certainly seems so,” Leviev told Foreign Policy, noting that he and his team describe themselves as members of the Russian political opposition. “We perform conflict investigations. We work with soldiers to show them the real situation. We work with soldiers’ relatives to help them. We are fighting for our country and will do it until we win.”

Leviev says he has received death threats, both anonymous and named; he has also been summoned by a St. Petersburg prosecutor for examining the presence of Russian military intelligence units in eastern Ukraine. Leviev says the prosecutor wants an explanation for his work documenting the death of a military intelligence officer in Donbass, a contested region of eastern Ukraine.

Intelligence experts and observers of the Russian military say the only real precedent for the real-time documentation using open source tools of a foreign military adventure was Russia’s invasion of Ukraine and its annexation of Crimea. That work was in some ways easier. “Internet coverage is good; many locals use social networks and some events, such as the takeover of the parliament building, were even broadcast live,” Leviev said, adding that the ubiquitous presence of dashboard cameras in cars in Russia and Ukraine has provided voluminous video material. “There is nothing like that in Syria.” As the conflict in Ukraine has dragged on, open source efforts to document the war have logged the appearance of tanks, weapons systems, and troops.

The greater availability of open source intelligence has been enabled in part by enormous growth in the commercial satellite industry, which in 2013 saw revenues of $195 billion, according to one industry report. Firms such as DigitalGlobe and Airbus, giants in the field, provide their clients with satellite imagery that is not far from the vaunted capabilities of the U.S. government. The quality of images produced by American spy satellites is one of the government’s most closely held secrets, so it’s impossible to provide an exact comparison between the capabilities of private sector satellites and the government’s.

But one indication of the quality of private sector satellites is that the U.S. government is a frequent customer. The U.S. National Geospatial-Intelligence Agency has a contract with DigitalGlobe, and in April 2014, NATO used images captured by the company to publicly document the buildup of Russian troops near the Ukrainian border.

Stephen Wood, whose 14-year CIA career included work on satellite imagery analysis, is now CEO of All Source Analysis. His company analyzes satellite imagery, including pictures of Russian troop deployments in Syria. “I’ve been doing this stuff for 30 years, and, to me, there were a couple times in the last month when we were directly involved in doing this kind of work that I looked back and said, ‘I never thought we would be able to do this using open source information,’” Wood said.

Nonetheless, defense intelligence experts caution there are many ways in which open source intelligence continues to lag behind classified methods employed by the CIA, NSA, and the rest of the American intelligence community. And even as some members of Congress have complained about the quality of intelligence they’ve received on Russia, the White House has insisted it was not caught flat-footed by Moscow’s intervention.

“We knew that [Putin] was planning to provide the military assistance that Assad was needing because they were nervous about a potential imminent collapse of the regime,” President Barack Obama told CBS’s 60 Minutes in an Oct. 11 interview.

As evidence that Russia was moving men and materiel into Syria was amassing online in late August and early September, U.S. officials were taking action to counter Moscow — even if they failed to prevent the intervention. On Sept. 5, U.S. Secretary of State John Kerry warned Russian Foreign Minister Sergei Lavrov that an expansion of Moscow’s military presence in Syria may result in a “confrontation” with U.S. forces operating there. In following days, the United States asked countries in the region to close their airspace to Russian cargo flights.

For major powers such as the United States and Russia, the explosion of open source information has made it far more difficult to keep covert actions secret. When troops bearing no national insignias turned up in Ukraine, open source analyses of their gear and uniform quickly gave them away as Russian troopers. Steve Slick, the director of the Intelligence Studies Project at the University of Texas at Austin and a 28-year CIA veteran, pointed out, “The collection and dissemination of tail numbers of aircraft allegedly involved in U.S. government terrorist renditions generated unforeseen scrutiny and complicated our government’s efforts to detect and disrupt terror plotting.”

Those attempts to prevent additional terrorist attacks in the years following Sept. 11, 2001, have left American intelligence agencies grappling with how to penetrate remote and dangerous regions, such as the tribal areas of Pakistan and the deserts of Somalia, where the CIA has struggled to develop human sources. Made up typically of ideologically committed members, Islamist terrorist groups are notoriously hard targets for human intelligence, raising the possibility that open source tools might aid intelligence agencies.

“The information benefits from increased open source reporting — in particular from otherwise inaccessible or ‘denied’ areas — will outweigh the costs to the security of our own operational activities,” Slick said.

The explosion of open source information on Russian moves in Syria speaks to the changes the American intelligence community is being forced to reckon with, to both consider information posted on social media and a greater public awareness about geopolitical developments.

In 2001, Matthew McInnis was starting a career as a defense intelligence analyst, assigned to the U.S. Joint Chiefs of Staff and responsible for providing warnings on military activity in East and South Asia. It was a job that involved closely tracking the movements of military forces belonging to China, North Korea, India, and Pakistan — including when the latter two countries nearly went to war in 2002. That work relied mostly on satellite images to discern the ambitions of rapidly moving armed forces.

“These units are moving in this direction. They’re mobilizing this unit in this province. Are they gearing up to invade a neighboring country? Or is it just a readiness drill? How do you discern that difference?” said McInnis, currently a resident fellow at the American Enterprise Institute.

Now, such work must reckon with far more sources, forcing the intelligence community to consider how to validate reports posted on social media. “How do you discern from soldiers being stupid and putting selfies of themselves on Facebook where troops may be moving?” McInnis asked.

The U.S. intelligence community is now moving to better integrate open source information into its work. CIA Director John Brennan has said improving his agency’s ability to harvest insights from such data is a central aspect of his attempt to overhaul America’s premier spy organization.

“Everywhere we go, everything we do, we leave some digital dust, and it really is difficult to operate clandestinely, much less covertly, when you’re leaving digital dust in your wake,” Brennan said in April. “Some things now are coming out in social media that our adversaries aren’t aware of, and it’s exposing them.”

But according to Slick, who served as an intelligence advisor to former President George W. Bush, the U.S. intelligence community’s use of open source information in the digital domain remains in a “period of experimentation.”

“Through some combination of technology and tradecraft, every intelligence analyst will in the future need real-time access to open source information and the most useful facts and insights from this lucrative source,” Slick said. “The art will lie in evaluating this information and integrating it with clandestinely acquired and other non-public information to reach sound analytic judgments.”

Brian Hale, a spokesperson for the Office of the Director of National Intelligence, said the U.S. intelligence community has for years “taken steps to leverage open source collection platforms, social media, and emerging technologies to ensure that our products are providing policymakers with the most detailed, timely, and accurate assessments possible.”

Slick cautioned that open source intelligence “will rarely be able to answer the question of why a given decision was taken or reveal the future plans and intentions of a foreign leader.”

Consider, for example, that other great case study of open source intelligence: the Russian intervention in Ukraine. When Malaysia Airlines Flight 17 was shot down over eastern Ukraine last year, it was material posted on social media by a separatist commander that provided one of the best early indications that Russian proxy forces there were involved in the plane’s shooting down. In subsequent days, images, videos, and tweets documenting the presence of a Buk missile system, the kind Dutch investigators say was used to down the Boeing jet, accumulated online. Taken together, this evidence makes a compelling case that Russian-backed forces were involved in the shooting down; taken individually, each piece of evidence is maddeningly difficult to confirm.

It is in combination with the traditional tools of espionage that open source methods become extraordinarily powerful, especially as a public relations tool. As the evidence stacked up online that pro-Russian separatists had shot down MH17, Ukrainian security services released recordings of intercepted phone calls in which separatist commanders discussed the downing and the movements of a Buk missile system. The interception of phone calls represents a classic example of the kind of signals intelligence spy agencies take pride in.

In March, Brennan unveiled a major reform plan for the agency, which replaced regional divisions within the CIA in favor of so-called “mission centers” and created a directorate for digital innovation as a way to focus the agency’s work on large publicly available data sets. That directorate, for example, has absorbed the CIA’s Open Source Center, which had been created to monitor things like Twitter for intelligence insights. The new directorate has broad responsibility not just for IT infrastructure but also for digital tradecraft, which would include making sure neither a Russian intelligence agent nor a Moscow blogger is able to discern the identity of a covert agent because of the mere ubiquity of social media.

But transitioning toward a greater reliance on open source information represents a profound cultural challenge for U.S. spies. “I don’t know how the community is going to get over this because in some way you are implying a devaluation of the classic intelligence-gathering capabilities of American three-letter agencies,” McInnis said.

Photo credit: GeoNorth | PLEIADES/CNES | Distribution Airbus DS/Spot Image