Ukrainian volunteers are using open source intelligence to track Russian forces, uncover war crimes, and wage a digital war that stretches far beyond the battlefield.

“Thanks to all the hackers, OSINT collectives, and nerds like me, even if you’ve never touched a digital device, never had a phone, never used a computer – you’re still part of this database. There is no privacy in Russia, not anymore. We can find any single piece of information on anyone,” says one Ukrainian software developer. He requested anonymity because of the sensitive nature of his disclosures. 

As Russia’s full-scale invasion of Ukraine rolls on for a fourth year, open source intelligence (OSINT) has become a crucial tool for military personnel, journalists, computer programmers, and data analysts – helping Ukraine enhance its war efforts while uncovering Russian war crimes and disinformation campaigns. What started as a volunteer movement quickly became vital to the war efforts.

Around for years but increasingly used in the last few decades, OSINT refers to the systematic gathering of publicly available information from databases (now predominantly online). Even non-experts can anonymously obtain information about individuals or organizations and conduct their own detective work. Founded in 2014, Bellingcat – an independent investigative collective of researchers, investigators, and citizen journalists – has popularized this approach, gaining renown for its investigations into the downing of flight MH17 over eastern Ukraine.

“It might not sound war-related at first, but you wouldn’t believe how much the Ukrainian military uses these databases,” the software developer said. He began volunteering after the Ukrainian Ministry of Digital Transformation called for IT specialists. Joining the so-called IT Army of Ukraine allowed him to contribute safely from abroad. 

“At first, I wanted to go to Ukraine, even though I knew I would be conscripted and probably die. I just couldn’t live a normal life,” he said. “But I collected myself and started thinking – how can I help?” 

He and a group of other Ukrainian IT volunteers initially used OSINT to track Russian forces and to conduct distributed denial of service (DDoS) cyberattacks – the overloading of a target server or network with a massive influx of internet traffic. Their work ranged from tracking Russian troop movements through street cameras to eavesdropping on Russian radio communications and shutting down important Russian government websites. 

He began to do this on a more professional level as the war progressed. Instead of conducting cyberattacks himself, he worked to make the process more efficient for other hackers. He helped build software that allows multiple people to join coordinated cyberattacks with a predetermined target, often a Russian government or military website. 

“There was a crazy amount of hacks happening – all kinds of websites in Russia were being attacked. And suddenly, we had a huge influx of personal data on Russians,” he said. “Groups on Telegram were dropping hundreds and hundreds of [pieces of] new data from hacked websites.” 

Uncovering War Crimes 

Several OSINT collectives operate in Ukraine, most of them using Telegram channels as a source of data and a base for sharing their findings. With the large number of data leaks, the work of OSINT specialists has become invaluable for analyzing and organizing the information. 

OSINT volunteers either help the Ukrainian military directly or work together in volunteer collectives, creating searchable databases containing personal information on any Russian citizen. The anonymous software developer and other hackers work closely with Ukraine’s military and intelligence, tasked daily with tracing Russian occupying personnel, often through something as simple as a phone number or facial image. 

Military intelligence uses OSINT volunteers to investigate persons of interest in Russia – often for serious war crimes. 

The work comes with serious moral dilemmas, as volunteers know that the information they gather can lead to the Ukrainian military directly targeting individuals whose personal details they uncovered. The psychological burden is often worsened by exposure to disturbing content. 

“The Ukrainian military usually never tells you its objective, but you kind of understand it from the context,” the anonymous hacker said. “I’ve seen horribly graphic stuff, videos of Russian war criminals torturing and killing Ukrainian prisoners of war – especially when the Ukrainian army wants you to figure out where it happened and who was behind it …

“In these three years, I’ve seen at least a couple thousand people die, in all different ways. It takes its toll on you, and you get desensitized,” he said. “But I don’t feel like I have any choice. You either help protect what you love or you’re going to regret it for the rest of your life.” 

Russia’s Retaliation 

With three years of this digitized war already past, Russia has begun to act on Ukraine’s use of OSINT tools and data to trace its citizens. As of this year, the authorities have started cracking down on public access sites and Telegram bots, upon which the Ukrainians had relied heavily. For example, at the beginning of March, a bot called Eye of God that scraped Telegram for personal data was suspended under a new Russian law on the illegal use, transfer, and storage of personal data, according to Russian media outlet Mediazona. Once used by over 27 million people, including security services and investigative journalists, it was the first Telegram bot to cease operations because of the new legislation.

The Kremlin has also launched its own cyberattacks on organizations that publish sensitive Russian data. That happened to VSquare.org, a Central European investigative media outlet, which specializes in tracking Russian malign influence and disinformation. VSquare had gained access to leaked documents from Vladimir Putin’s administration, revealing evidence of rigged elections and propaganda campaigns.

Anastasiia Morozova, a Ukrainian journalist and OSINT specialist at VSquare, recalled an attack after publication of a series of articles in the Kremlin Leaks project, a joint investigation across several European newsrooms. 

“The documents revealed information that came to us from people pretty close to Putin. We made a series of stories, and we published them over a month. After this, there was an attack on our website’s infrastructure,” Morozova said. 

The team at VSquare warded off the Russian cyberattack and has continued to uncover Russian influence and disinformation, working closely with OSINT specialists. 

“The discoveries of OSINT are quite influential if you play by the rules of the Western world, leading to further sanctions and public discussions – but Russia has been inventing more and more complicated ways to avoid the repercussions,” Morozova said. 

Even so, for Ukrainians who have fled the war, working with OSINT provides a rare opportunity to help their country from afar. With little to no progress on a negotiated ceasefire and the ever-shifting situation on the front lines, this kind of hybrid warfare may be Ukraine’s most useful advantage in a war that does not appear to be ending anytime soon.  

Isabella Fattore was an editorial intern at Transitions this summer. She is pursuing a bachelor’s degree in journalism and media studies at Anglo-American University in Prague.