On March 1st Chechnya’s leader Ramzan Kadyrov posted a short video to Telegram in which a cheerful, bearded soldier rattled on a road in front of a row of tanks under an overcast sky. In an accompanying post, Kadyrov assured Ukrainians that the Russian military is not hurting civilians and that Vladimir Putin wants their country to determine its own destiny.
In France, the CEO of a law enforcement and military training company called Tactical Systems took a screenshot of the soldier’s face and got to work. In about an hour, using facial recognition services available to everyone online, he identified that the soldier was probably Hussein Mezhidov, a Chechen commander close to Kadyrov who was involved in the Russian attack on Ukraine, and found his Instagram account.
“If you only have access to a computer and the Internet, you could be like an intelligence agency out of a movie,” said the CEO, who asked to be identified as YC to avoid any potential impact on his detective work. Tactical Systems’ client list includes the French Armed Forces and offers training in open source intelligence gathering.
Russia’s attack on Ukraine, a conflict between two internet-conscious nations in a place with good mobile coverage, offers a rich choice for open source intelligence, or OSINT. Compiling and cross-referencing public sources such as social media can reveal information such as the location or losses of military units. The abundant online photos that are the legacy of years of social networking and a handful of services that provide easy access to facial recognition algorithms enable some surprising feats of armchair analysis.
Not long ago, a commander or prisoner of war depicted in a news story may have been recognizable only to military and intelligence analysts or their own colleagues, friends and family. Today, a stranger on the other side of the world can use a screenshot of someone’s face to track down their name and family photos, or that of a lookalike.
WIRED used a free trial of a Russian service called FindClone to trace a photo of a man who, according to a Ukrainian government adviser, was an imprisoned Russian soldier. It took less than five minutes to find a suitable social media profile. The profile, on the Russian social network VKontakte, contained the teenager’s date of birth and photos of his family. It listed his workplace as ‘polite people/war’. The Russian phrase “polite people” is used to refer to soldiers from Russia who were active in Ukraine during the annexation of Crimea in 2014. Ukrainian open source intelligence group InformNapalm independently made the same connection in an earlier post, claiming two of the claimed inmates, and confirmed in a message to WIRED that it relied in part on facial recognition.
That power to identify people from a distance could lead to new responsibility for armed conflict, but also new avenues for digital attacks. Identifying or misidentifying people in videos or photos that claim to be from the front lines can expose them or their families to online harassment or worse. Face algorithms can be wrong and errors are more common in photos without a clear view of a person’s face, as is common with wartime images. Ukraine has a voluntary ‘IT army’ of computer experts who hack Russian targets on behalf of the country.
If volunteers can remotely identify fighters with facial recognition, government agencies can do the same or much more. “I’m sure there are Russian analysts who follow Twitter and TikTok with access to similar, if not more powerful, technology, who don’t share what or who they think is so openly,” said Ryan Fedasiuk, a deputy fellow at the Center for a New American Security .