You are using an outdated browser.
Please upgrade your browser
and improve your visit to our site.

The Rise of Private Spies

What happens when online investigators and detectives-for-hire take on intelligence work?

A green, white, and black illustration of a spy, eyes covered with a hat

As WikiLeaks was riding to global fame a decade ago by publishing archives of leaked American military and diplomatic files, its founder, Julian Assange, liked to call his organization an “intelligence agency of the people.” The slogan conjured an ideal of gathering and disseminating information solely to improve public understanding of the world and to enable democracy to better function, without the presumed machinations of a nation-state spy agency. But by 2016, WikiLeaks had famously been co-opted by Russia’s GRU. Through a front entity, the Russian intelligence agency provided WikiLeaks with Democratic Party emails, stolen as part of a covert hack-and-dump operation intended to manipulate the U.S. presidential election. Assange then stoked the conspiracy theory—apparently concocted by another Russian intelligence agency—that the emails had instead been leaked by a Democratic Party staffer, Seth Rich, who had been murdered in July that year. In fact, as the Mueller report showed, WikiLeaks had corresponded with and received an encrypted file from the actual source of the hacked emails after Rich’s death.

We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News
by Eliot Higgins
Bloomsbury Publishing, 272 pp., $28.00

I kept thinking about the big questions raised by the complex tragedy of WikiLeaks’ idealistic rise and later debasement—what label to attach to its various activities as it changed over time, and how difficult it proved for it to stay out of entanglement with nation-state spy games—as I read two new books about other intelligence-style activities being performed outside of government.

Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies
by Barry Meier
Harper, 336 pp., $28.99

We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News, by Eliot Higgins, tells the story of the online collective of activist-investigators he founded in 2014. The group has achieved growing fame and respect for generating breakthrough insights and piercing fogs of disinformation, very often put forward by Moscow. Bellingcat’s achievements include helping to prove that Russian-backed insurgents downed a civilian airliner over Ukraine in 2014, despite the Russian government’s public denials, and figuring out the true identities of the Russian assassins who poisoned former Russian military officer Sergei Skripal and his daughter in Salisbury, England, in 2018. More recently—and not in the book—the group developed reports implicating Russian intelligence in other poisonings, notably of the Russian opposition politician Alexei Navalny.

Celebrating Bellingcat’s work as a series of triumphs for the truth in a world replete with disinformation, Higgins portrays his network’s efforts as a “hive mind of amateur sleuths on Twitter, all converging around the next big question, whether geolocating a fresh photo or parsing the validity of a social-media video.” As citizen journalists, he also writes, “We tended to be detail-oriented obsessives, many of whom had spent our formative years at computers, enthralled by the power of the internet. We were not missionaries out to fix the world, but we had enough of a moral compass to repudiate the other routes to an outsized impact online, such as trolling and hacking. Most of us grew up assuming we would remain peripheral to the issues of the day, that the powers that be could just ignore small people like us. Suddenly, this was not so. It was intoxicating.”

Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies is a decidedly less optimistic book. In it, the investigative journalist Barry Meier scrutinizes well-paid skullduggery and shenanigans by several private investigation firms. (The author and I were simultaneously employed by The New York Times before he left the paper in 2017; however, we were based in different cities and never worked together.) Among Meier’s case studies are two instances of sending undercover operatives to con people into providing information on behalf of dubious clients: Black Cube, which assisted the disgraced film producer and sex criminal Harvey Weinstein in his attempts to discredit his accusers and disrupt investigative journalists on his trail, and K2 Intelligence, which infiltrated and monitored some public health activists working to ban asbestos (and turned out to have a Kazakh asbestos interest as a client). But Meier focuses most on a saga that is quite different, but weird and momentous in its own way: the production of the “Steele dossier,” the notorious compilation of rumors about Donald J. Trump’s purported links to Russia.

Like Higgins, Meier recognizes that performing intelligence work outside government can carry a thrill. But he is scornful of the modern-day private investigations business, which he characterizes as a “scattershot mix of people, drawn to the work by money, the opportunity for travel and adventure, and the heady rush of power that comes from spying on the lives of others.” Retired government spies, ex-law enforcement officials, and onetime journalists make up the industry, along with assorted “misfits, oddballs, also-rans, wannabes, and the occasional sociopath,” he writes. While he concedes that such agencies can take on legitimate assignments, like finding witnesses for lawsuits and performing background checks, he asserts that the industry has an ugly open secret: “the big money is made not by exposing the truth but by papering it over or concealing it.” The people “who are in constant need of the services of private operatives and who pay top dollar” are unlikely to be the good guys. Given how easily nongovernmental intelligence work can go awry, is Bellingcat a rare exception?

The subtitle of the British edition of We Are Bellingcat is An Intelligence Agency for the People. When early promotional materials for the book were unveiled, the close overlap with the old WikiLeaks slogan proved awkward. Facing accusations of conceptual theft, Higgins said it was a coincidence, and that it was his publisher who had come up with the tagline, while noting that versions of the phrase had appeared in print before Assange adopted it. In any case, he also argued, the phrase was a more fitting description of Bellingcat: While WikiLeaks focused on collecting leaked or hacked documents, Bellingcat specializes in sifting for clues within information that is already publicly available, and then verifying and analyzing them—just as a real intelligence agency often performs a lot of processing work to transform raw data into intelligence reports that can be useful to policymakers.

A British college dropout and former office worker, Higgins began to find his niche blogging about the Syrian civil war under the pseudonym Brown Moses. From his keyboard and far from the war zone, he developed a hobbyist’s expertise in different kinds of missiles and guns. Studying social-media videos and photographs from the battlefield, he posted insights about what was happening—like evidence that the Russian-backed Assad government, despite its denials, was responsible for using barrel bombs that maimed and killed many civilians, and that the rebels had received a shipment of anti-tank weapons from the former Yugoslavia. Higgins’s blog posts began attracting the attention of mainstream journalists covering the war, and he also began to link up with other online obsessives.

From that initially ad hoc work, Higgins came to recognize the broader implications of life in the internet era for investigations: Valuable information is hiding in plain sight online, waiting to be recognized for its significance and transformed into evidence. In particular, ordinary participants in and witnesses to important and highly disputed events, like war crimes, often post videos and photographs on social-media platforms in real time about what they are seeing. Investigators often must move quickly to identify and preserve these materials, lest they be deleted when the frightening enormity of the event becomes clear. They can then subject them to painstaking analysis—such as using maps, satellite imagery, background landmarks, shadows, and other clues to figure out when and where a photo was taken. Through these methods, scattered and seemingly random material can be harnessed into an evidentiary trail proving who did what, and who is lying about it.

In 2013, for example, the United States government accused the Assad regime of carrying out a horrific chemical weapons attack that killed many hundreds of civilians in Ghouta, a rebel-held suburb of Damascus. But its public report provided scant supporting evidence for that attribution, leaving a void for online conspiracy theorists to claim that rebels were instead behind the attack. Higgins helped insert facts into the public debate. Among other things, he scrutinized social-media photos of one of the unexploded rockets in the attack, noting that its warhead was equipped to carry liquid and studying details in the background and the angle it had hit the ground. “Bit by bit, I matched everything with satellite imagery from Google Maps,” he writes.

We had the location. And using shadows in the photo, I determined the angle of the rocket, thereby estimating the direction from which it had come. With that, I went to Wikimapia, which allows users to annotate maps by inserting names and types of structures. I traced back the likely trajectory of the rocket to determine who held the area where it had come from. I found a Syrian military installation, largely encircled by rebel-held territory.

On July 14, 2014, Higgins founded Bellingcat as an online clearinghouse for several like-minded internet sleuths. (The name, suggested by a friend, is a reference to a fable about a group of mice who decide to put a bell on a cat so they can hear it coming.) Just three days later came the event that would be the group’s first major crusade: Russian-backed separatist militants in eastern Ukraine mistakenly shot down a civilian airliner, Malaysian Airlines Flight 17, killing all 298 people aboard. Rather than owning up to its responsibility and that of the insurgents whom it had recklessly armed, Russia sought to cloud what had happened with denials, distortions, and distractions—including putting out a video that had been doctored to falsely suggest that the missile that shot down the plane had been fired from territory held by the Ukrainian government.

“Nothing stirs the online investigative community like fabrications from the powerful,” Higgins writes. “Moreover, contradictory narratives about an event are useful, providing something concrete to either verify or debunk.” Various other players were also working to get at the truth—among them, investigators with the Ukrainian and Dutch governments and journalists. (The majority of the slain passengers were Dutch citizens, on their way from Amsterdam to Kuala Lumpur.) But the nascent Bellingcat collective found it could add to the public debate by rapidly sifting clues. Bloggers went to work, among them Iggy Ostanin, a 25-year-old Russian-born student living in the Netherlands, who mined sources like social media posts by bystanders and Russian soldiers. Drawing on this work, Bellingcat pieced together the missile launcher’s path on the flatbed truck from Russian territory to the insurgents—and its return journey with one less missile. His report for Bellingcat was, Higgins writes, the group’s “breakout moment,” and the first major salvo in a grinding effort against propagandists and denialists on the topic.

We Are Bellingcat is essentially a compendium of such investigations, and most of its chapters read like more polished versions of the reports the organization previously published online. These case studies are characterized by showing the group’s deductive homework—walking the reader through the identification and verification of each tile in a gradually appearing mosaic of proof. Sometimes exhaustive discussion of minutiae is necessary to bolster the credibility of the conclusions asserted—rebuttals to the inevitable question: How can you amateurs, just sitting at computers thousands of miles away, know that? As a result, the book can be dense at times. But at its best, it reads like that moment at the end of Sherlock Holmes stories, when the detective explains to his sidekick, Dr. Watson, how he deduced the solution to a mystery from overlooked and seemingly minor clues.

There’s nothing new about private investigators and operatives; as early as the nineteenth century, mill and mine owners paid the Pinkerton National Detective Agency to infiltrate and disrupt labor union movements. But Meier makes the case for taking a close look now at what he calls the “private spy” industry, arguing that operatives-for-hire in the twenty-first century are no longer “content to lurk in the shadows” and have “become more emboldened than ever before.”

The techniques private investigators use, as recounted in Spooked, include some old-school tradecraft, like disguising a surveillance van with a fake business logo and a phone number that a colleague is prepared to answer as if that business exists. They can also include more creepily personal forms of “pretexting,” or pretending “to be someone they are not—a cop, a bank officer, an employer, a distant relative—in order to con a stranger into giving them confidential information.” Of particular interest is their ability to harness the exploding volume of electronic information that is available about people. Meier writes:

Hacking and cyber-spying was growing more common among hired spies because experts who had learned their skill while working for government intelligence agencies or the military were now selling them to private customers. In addition, once-costly electronic surveillance tools developed for use by intelligence agencies or the police had become cheaper and widely available.… To monitor their targets, some operatives-for-hire also piggybacked on a system used by bounty hunters to find fugitives. Several of the major cellphone carriers sold real-time data about the location of a customer’s cellphone to licensed bounty hunters to help them locate their quarry.

Meier’s book compiles and synthesizes several stories about recent private intelligence misadventures. While a fair amount is aggregation—readers of Ronan Farrow’s groundbreaking reporting on Black Cube’s work for Harvey Weinstein, for example, may find portions of that part of the book to be familiar territory—Meier’s research and original interviews flesh out the stories and characters involved. Through his eyes, they are often unsavory people.

The best part of his book, upstaging the other sagas, covers the Steele dossier; in Meier’s telling, no story illustrates quite so clearly “the oversized impact that private spies were suddenly having on politics, business, and our personal lives.” During the 2016 campaign, Democrats financed opposition research into Trump’s links to Russia. They hired Fusion GPS, an investigative firm cofounded by a former Wall Street Journal reporter about whom Meier writes with palpable scorn. Fusion partly subcontracted to another firm, Orbis Business Intelligence, which was run by Christopher Steele, a former British intelligence official. And Steele, in turn, worked with Igor Danchenko, a researcher who specialized in gathering business-related information involving Russia.

Danchenko traveled to Russia and canvassed for gossip—or, more grandly, “raw intelligence.” He picked up uncorroborated chatter about possible collusion between Russia and the Trump campaign and relayed it verbally to Steele. After writing this up in a series of reports, Steele gave parts of or claims from this “dossier” not only to his client, but also to the FBI and then to reporters. The FBI included some claims from it in an October 2016 application to wiretap a former Trump campaign aide. And BuzzFeed published the dossier in January 2017, causing a different claim from it, which the FBI had not included in its wiretap request materials—a rumor about a purported blackmail sex tape—to lodge in popular culture. But some of the claims proved to be mistaken, and many others remained thin and murky. In a mirrors-within-mirrors twist, it has since emerged that the FBI received equally uncorroborated reports that Russian intelligence might even have infiltrated Danchenko’s network to sow misinformation—once again showing how hard it can be for nongovernment investigators to avoid entanglement with nation-state spy agencies, or at least the suspicion of it.

Whether you admire Trump or scorn him, this private intelligence product did harm. For Trump supporters, the dossier’s claims were an unfair smear, and the FBI’s use of unverified political opposition research in wiretap applications was outrageous. Yet Trump critics have cause for complaint, too, because the dossier’s flaws helped the Trump camp misleadingly discredit the actual investigation into Russian interference in the 2016 U.S. election and into the nature of myriad interactions between associates of the Trump campaign and Russia. The dossier played no role in the FBI’s decision to open the counterintelligence inquiry; the tainted wiretaps were a minor part of that effort; and the Mueller report did not use information put forward in the dossier. But Trump and his allies relentlessly sought to conflate the two efforts in the public mind.

Danchenko shows up late in Spooked, giving the impression that Meier had already written most of his manuscript when the researcher’s identity became public in the summer of 2020. Although Russian-born, Danchenko did not live in Russia and was not a veteran Russian intelligence official with deep ties to its spy services, as a reader of Steele’s dossier might assume, given the nature of the claims. Instead, he turned out to be a relatively young researcher based in the United States. To Meier, this pedestrian origin of the dossier brought into focus what he sees as a certain flimflam about the entire operatives-for-hire industry.

“Private spies prosper because they operate behind a façade, one that masks the quality of the ‘intelligence’ they sell to clients from scrutiny,” he writes. “That secrecy is the key to the Wizard of Oz nature of the corporate investigations industry. As long as their work never becomes public, operatives can claim to customers that they are selling them ‘strategic intelligence’ when what they are often doing is selling smoke. It becomes plain after the smoke clears that private spies don’t just play their targets. Their customers can get played, too.”

The way that Danchenko’s identity became public is worth pausing over, because it resonates with several aspects of the Bellingcat saga as well. A loose collective of pro-Trump online sleuths had set out to identify Steele’s primary source, sharing insights and theories with one another. But they were unable to figure out who Danchenko was. Then, the user of a brand-new, pseudonymous Twitter account with the handle @Hmmm57474203, who had not previously participated in the collective’s discussions, stepped forward and unveiled Danchenko’s name. He linked to a blog post that claimed to have figured it out from a chain of clues in a heavily censored version of the FBI’s interview report with Danchenko, which the Trump Justice Department had released. The clues included such obscure things as the apparent number of letters in the researcher’s blacked-out name.

When I co-wrote an article about the unmasking for The New York Times, this raised my eyebrows. It made me think of a sneaky law enforcement technique I knew about from writing about surveillance issues: “parallel construction,” which investigators use when they have found some important piece of evidence through a classified or perhaps illegal intelligence capability they do not want to reveal in a courtroom. To mask the true source, they reverse-engineer an alternative path to the same destination for citation in court papers: It’s easy to rediscover the needle when you already know where in the haystack to look. Meier seems to have had a similar thought about the blog post, writing that its author “might have been an investigative genius. Then again, people inside the U.S. government who wanted to out Danchenko might have given him help.”

Meier leaves that thought hanging there. But that summer, I corresponded some on Twitter with ­@Hmmm57474203, who engaged a bit, although he declined to identify himself. An established member of the pro-Trump internet sleuth community eventually interviewed him and posted the audio online. If that person was something other than what he represented himself to be—a clever, politically motivated amateur—he did a good job faking it.

Bellingcat has faced its own suspicions and aspersions, put forward both by Russian state media and by commentators who tend to be fierce critics of hawkish American and NATO military operations. When not mocking Bellingcat’s researchers as dilettantes, its critics like to insinuate that Bellingcat must be a front for Western intelligence agencies seeking to undermine Russia.

Higgins labels the attacks he has faced as coming from the Counterfactual Community—“a leaderless disinformation campaign, with claims leaping from conspiracy theorists to state propagandists to alternative-media outlets and back,” pushed by a mix of “anti-imperialists, the pro-Assad, the pro-Russian, the alt-right, the alt-left” who share “pathological suspicion of the West, especially the US government.” They presume, he writes, “given how much Bellingcat has discovered, that intelligence agencies must be feeding us stories. This only reveals ignorance about what is possible with online investigation. Verification stands on its own, not on the reputation of Bellingcat, or America, or Russia, or China. If anyone wants to know where we get our material, they can read our reports, click the links and judge for themselves.”

The problem with this rebuttal is that it does not address the possibility of parallel construction. Compounding matters, Bellingcat is increasingly moving away from its founding principle of using only “open source” information, by relying as well on clues in nonpublic data like flight manifests and cell phone records it has purchased on the black or gray market. Higgins acknowledges that collecting and using this kind of evidence—exactly the sort of restricted private data the NSA vacuums up for government spooks to analyze—pose a challenge to his ideal. “All our investigations, we believe, must be founded on open-source information. But in carefully judged situations we will build upon that base,” he writes, adding: “When we go beyond open sources, we are careful never to assume that such information—because secretive—is more likely to be true. On the contrary, we employ heightened skepticism about such material, demanding an extra layer of corroboration.”

It may be that there simply is no airtight assurance that can satisfy those who are inclined to wonder whether non-governmental analysts might occasionally get assistance from spies focused on the same adversary; social mistrust from one quarter or another will inevitably arise in this polarized era. Still, to date, I am not aware of credible evidence for the accusations of planted insights. Bellingcat’s enemies have pointed with insinuation to its acceptance of grant money from the National Endowment for Democracy, an independent nonprofit group that receives funding from the U.S. government. But their efforts have so far left little tarnish on Bellingcat’s image as an independent, transnational collective of researchers, investigators, and citizen journalists—essentially, white-hat freelance intelligence analysts trying to expose bad guys.

This makes for a sharp contrast to the gray- or black-hat private investigators Meier has scrutinized, and whose targets are often journalists, activists, and whistleblowers who are trying to expose bad guys. (The story of the flawed Steele dossier is a very different kind of mess, but Meier justifies his focus on it based on its massive political and cultural fallout.) It seems doubtful, however, that the people who founded or went to work for firms like Black Cube or K2 Intelligence saw themselves as seeking out ways to assist dubious actors. In any field, one can start off with ideals and perform work that is genuinely beneficial or at least respectable, only to find oneself making compromises toward expedient ends that gradually start to chip away at one’s moral foundation. And there seems to be something particularly high-risk about intelligence-style work, attracting both deep-pocketed interests with secrets to cover up and nation-state spy agencies looking for ways to engage in clandestine information warfare.

To be straightforward, if I were a CIA or MI6 operative and wanted, as part of my Spy vs. Spy games with Russian intelligence, to expose something about Moscow’s misdeeds without leaving any fingerprints, it would be an obvious temptation to take an insight that is capable of parallel construction and whisper it into the ear of one of Bellingcat’s contributors. Western intelligence agencies have been known to be shortsighted at times, and an official so inclined might not sufficiently care about the risk that the group’s enemies, whether sincerely or with cynicism and bad faith, would use any subsequent leak about that tip as ammunition in their efforts to damage its idealistic reputation as an intelligence agency just working on behalf of the public, as Higgins’s British subtitle put it.

So Bellingcat must remain vigilant and jealously guard its independence. The tragic arc of WikiLeaks is a warning that the lines between traditional journalists, private detectives, very-online activist-investigators, and nation-state intelligence operatives constantly threaten to blur. That inherent instability provides a backdrop to Meier’s fundamental point that people outside government performing intelligence-style work seem to be having a rising impact. Whether their intentions and actions are noble, or mercenary and corrupt, or somewhere in between—whether they are a Bellingcat or a Black Cube or one of the investigators involved in the Steele dossier—these entities are all operating outside the channels of oversight and accountability, however imperfect, that governments attempt to impose on groups like the CIA. And their influence on politics, business, and other aspects of our lives is escalating.