Secret Agents Implicated In The Poisoning Of Opposition Leader Alexey Navalny Identified Thanks To Russia's Black Market In Everybody's Personal Data

from the poor-data-protection-is-bad-for-Vlad dept

Back in August, the Russian opposition leader Alexei Navalny was poisoned on a flight to Moscow. Despite initial doubts — and the usual denials by the Russian government that Vladimir Putin was involved — everyone assumed it had been carried out by the country’s FSB, successor to the KGB. Remarkable work by the open source intelligence site Bellingcat, which Techdirt first wrote about in 2014, has now established beyond reasonable doubt that FSB agents were involved:

A joint investigation between Bellingcat and The Insider, in cooperation with Der Spiegel and CNN, has discovered voluminous telecom and travel data that implicates Russia’s Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny. Moreover, the August 2020 poisoning in the Siberian city of Tomsk appears to have happened after years of surveillance, which began in 2017 shortly after Navalny first announced his intention to run for president of Russia.

That’s hardly a surprise. Perhaps more interesting for Techdirt readers is the story of how Bellingcat pieced together the evidence implicating Russian agents. The starting point was finding passengers who booked similar flights to those that Navalny took as he moved around Russia, usually earlier ones to ensure they arrived in time but without making their shadowing too obvious. Once Bellingcat had found some names that kept cropping up too often to be a coincidence, the researchers were able to draw on a unique feature of the Russian online world:

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. Often, these data merchants providing data to resellers or direct to customers are caught and face criminal charges. For other batches of records, there are automated services either within websites or through bots on the Telegram messaging service that entirely circumvent the necessity of a human conduit to provide sensitive personal data.

The process of using these leaked resources to establish the other agents involved in the surveillance and poisoning of Navalny, and their real identities, since they naturally used false names when booking planes and cars, is discussed in fascinating detail on the Bellingcat site. But the larger point here is that strong privacy protections are good not just for citizens, but for governments too. As the Bellingcat researchers put it:

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia’s security service officers.

As well as providing Navalny with confirmation that the Russian government at the highest levels was probably behind his near-fatal poisoning, this latest Bellingcat analysis also achieves something else that is hugely important. It has given privacy advocates a really powerful argument for why governments — even the most retrogressive and oppressive — should be passing laws to protect the personal data of every citizen effectively. Because if they don’t, clever people like Bellingcat will be able to draw on the black market resources that inevitably spring up, to reveal lots of things those in power really don’t want exposed.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Secret Agents Implicated In The Poisoning Of Opposition Leader Alexey Navalny Identified Thanks To Russia's Black Market In Everybody's Personal Data”

Subscribe: RSS Leave a comment

This comment has been flagged by the community. Click here to show it.

Bubbling Methane Crater says:

Oh, geez. It's the Grand Unified Rooski Plot again.

This is absolute baloney.

1) Navalny is clearly a Western intelligence funded troublemaker. He’s not effective, either. Rooskis keep him around for LAUGHS.

2) As I pointed out WAY back in your linked piece, "Bellingcat" is just another Western intelligence op. NO ONE pays attention to Navalny or Bellingcat except loony leftists.


4) And of course the crazy Rooskis use it to make absolutely clear whodunnit!

Now, when the Rooskis handily narrow it down to UNIQUE, WHY is it necessary to buttress this STORY? HMM?

And what interest is it to Techdirt? You think your vanished credibility helps this? Sheesh.

Anonymous Coward says:

It has given privacy advocates a really powerful argument for why governments — even the most retrogressive and oppressive — should be passing laws to protect the personal data of every citizen effectively.

Yes, but the other half of this is that they need to ensure much of this data never gets created. It may seem that the phone company needs to know where each subscriber is, in order to route calls and data, but people including Paul Syverson and David Chaum had effectively proven otherwise by the mid-1990s. The ZKS Freedom Network was apparently 20 years before its time.

The non-existence of data is a much stronger protection than laws regulating data transfers. We could in principle bring back anonymous or mostly-anonymous travel too.

Anonymous Coward says:

Setting aside the fact that leaked data offers indeed interesting insights into things, like the leaked geolocation data of the US secret service published a while ago with the detail of the US President whereabouts, it is very disappointing to read that TD is lending credibility to Bellingcat, for a number of reasons.
1) the entire OPCW story confirms that Bellingcat leaked mails, pretending that they were actual, and were subsequently called out as false. Bellingcat has therefore a history of pushing a specific narrative, as proven by The Grayzone, the previous director of OPCW, internal OPCW sources etc.
2) Fact checking is really dead easy. Go to Navalny official site, translate it in English, and read one of his own articles where he accuses Russian judges, prosecutors etc of having villas in Europe. Publishing photos, telephone numbers, their childrens names and pictures, wives cars, plate numbers, private addresses, mobile numbers and so on for the public to see. One of many examples here:
Then honestly tell me if you know of someone reporting this kind of allegations with personal details in Europe, US, Latin America and is not either a) dead (executed by the mob, like the carbombed journo in Malta a while ago) or b) under 24/7 armed escort or c) completely ignored. There are many ways to fight corruption – but public shaming of supposed corrupted officials, with all the kind of detail that Navalny is writing, for the internet tribunal to judge and possibly punish, is just not on my list. This is pure propaganda.
3) even if FSB was following Navalny, which they were probably doing, this does not prove they poisoned him. This is just proof that Navalny is closely followed by security services in Russia (what a surprise, eh…).
4) the integrity of the data used for the analysis (which usually Bellingcat does not make available) is at least questionable due to their previous publishing of an OPCW mail pretending it was an actual sent mail while in fact it was only a draft. Once a liar, always a possible liar. The bar for proving their thesis should now be much higher than before, because they have been caught red-handed.
And I could continue, but I leave it here.

Anonymous Coward says:

Re: Re:

and just to give full disclosure

  • I did participate to a Navalny rally, and I consider him at best the russian equivalent to AOC. Unfit to lead a complex country – his speeches are full only of populist "one size fits all" simplistic solutions that in the end create more harm than good
  • the real person is very different from the advertised one
    In the end, Navalny is part of the problem in Russia. My personal guess is that the establishment keeps him as a catalyst of discontent. Like Democrats do with Bernie or AOC, useful in some way to keep selling the status quo, but always kept at safe distance from real power, while shouting from the sides some appealing but terminally unrealistic "reform" against the rich, the corrupt, the finance, globalization, the oil industry and so on. And then, when the new cabinet is formed, they are completely ignored, just like Navalny. The only difference is that nominally Navalny is from a different party and not from United Russia. Meh.
Anonymous Coward says:

Re: Re: Re:

and dont forget to report on another story… a conversation of two people presented as "evidence" on youtube…
If this is the new journalistic standard, no wonder that China is accused of engineering bio-enhanced soldiers and Iran of making nukes. At least when the CIA faked WMDs pictures to justify Iraq invasion they did a little more effort than youtube recordings… they used actual satellite pictures as fake evidence. Now you can push for sanctions with an audio editor. Next – declaration of war via Instagram probably.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...