TL;DR: Open Source Intelligence has revolutionized investigative journalism. Bellingcat used OSINT to prove Russia's involvement in downing MH17. Journalists verify videos from conflict zones, trace financial flows, and expose corruption using publicly available data. But the same tools used for investigation can be used against you. This guide covers the verification techniques used by professional investigators, the toolkits available, and how to protect yourself and your sources while conducting sensitive research.
Why OSINT Matters for Journalists
Open Source Intelligence, gathering and analyzing publicly available information, has become essential for modern journalism. When information is sparse, controlled, or censored, OSINT provides an independent path to truth.
What OSINT enables journalists to do:
- Verify videos and photos from conflict zones
- Trace financial flows and expose corruption
- Confirm or debunk claims made by governments and institutions
- Document war crimes and human rights abuses
- Track disinformation campaigns
- Identify anonymous sources of leaks and propaganda
- Reconstruct events from scattered digital evidence
Unlike traditional reporting that relies on official sources or interviews, OSINT creates a documented, verifiable record. The evidence can be shown, not just told.
Landmark OSINT Investigations
MH17 Downing (Bellingcat): Using satellite imagery, social media posts, and geolocation analysis, Bellingcat traced the missile launcher that shot down Malaysian Airlines Flight MH17 over Ukraine in 2014. They tracked its route through rebel-held territory and identified the Russian military unit responsible, years before official investigations reached the same conclusion.
Syrian Chemical Attacks (BBC, NYT, Bellingcat): Multiple investigations used OSINT to document the Syrian government's use of chemical weapons against civilians, analyzing weapons fragments, crater patterns, and medical symptoms visible in footage.
Cameroon Massacre (BBC Africa Eye): Investigators used geolocation, metadata analysis, and shadow analysis to verify the location and time of a 2020 video showing Cameroonian soldiers executing civilians, leading to criminal charges.
Core Verification Techniques
Geolocation
Confirming where an image or video was taken by matching visible features to satellite imagery and maps.
Process:
- Identify distinctive features: buildings, mountains, roads, signs
- Cross-reference with Google Earth, Bing Maps, or Yandex
- Match street-level details with Google Street View or Mapillary
- Verify compass orientation and perspective
- Document your methodology for transparency
Tools:
- Google Earth Pro, Free, high-resolution imagery with historical view
- Mapillary, Crowd-sourced street-level imagery
- PeakVisor, Identify mountains and topographic features
- SunCalc, Verify sun position and shadow direction
Chronolocation
Determining when an image or video was captured by analyzing shadows, lighting, and other time-sensitive elements.
Techniques:
- Shadow analysis: Calculate sun elevation from shadow length
- Weather verification: Cross-reference with historical weather data
- Event correlation: Match to known dated events (construction, protests, etc.)
- Metadata extraction: Check EXIF data for timestamps (if not stripped)
- Social media timestamps: When was content first shared?
Tools:
- Bellingcat Shadow Finder, Calculate possible locations from shadow angles
- Wolfram Alpha, Historical weather data queries
- ExifTool, Extract metadata from images and videos
Reverse Image Search
Finding where an image originated and tracking how it's been used.
Applications:
- Detect manipulated or recycled images
- Find the original source of a viral photo
- Identify if an image has been used in different contexts
- Locate higher-resolution versions
Tools:
| Tool | Strengths |
|---|---|
| Google Images | Largest index, good for common images |
| TinEye | Chronological results, modification detection |
| Yandex Images | Better for Eastern European/Russian content, facial recognition |
| Bing Visual Search | Alternative index, sometimes finds what Google misses |
Image Forensics
Detecting manipulation, editing, or fabrication in images.
What to look for:
- Metadata inconsistencies (edited after capture date)
- Pixel-level anomalies from cloning or splicing
- Lighting and shadow inconsistencies
- Compression artifacts around edited areas
- Perspective and proportion errors
Tools:
- FotoForensics, Error level analysis and metadata examination
- Forensically, Browser-based image forensics suite
- InVID, Video verification plugin for browsers
Essential OSINT Toolkits
Bellingcat's Online Investigation Toolkit
The most comprehensive free resource for OSINT investigators. Built collaboratively by Bellingcat staff, volunteers, and the open source research community.
Categories include:
- Geolocation tools
- Satellite imagery sources
- Social media analysis
- Aircraft and ship tracking
- Document and data analysis
- Archiving and preservation
Access: bellingcat.gitbook.io/toolkit
BBC Africa Eye Forensics Dashboard
A curated collection of verification tools used by BBC's investigative team in Africa, focused on practical workflows for breaking news verification.
Satellite Imagery Sources
| Source | Access | Best For |
|---|---|---|
| Sentinel Hub EO Browser | Free | EU satellite imagery, environmental monitoring |
| Planet Labs | Commercial (journalist access available) | Daily global imagery, rapid tasking |
| Maxar | Commercial | High-resolution imagery for verification |
| Google Earth Pro | Free | Historical imagery, general verification |
Tracking Tools
Aircraft:
- ADS-B Exchange, Unfiltered flight tracking (includes military)
- Flightradar24, Commercial flight tracking
Ships:
- MarineTraffic, Global vessel tracking
- Global Fishing Watch, Fishing vessel monitoring
- VesselFinder, Ship positions and routes
Protecting Yourself While Investigating
The same OSINT techniques you use to investigate others can be used against you. Journalists and activists researching sensitive topics face real risks from hostile governments, corporations, and individuals.
Operational Security Basics
Compartmentalize your research:
- Use separate devices or virtual machines for sensitive investigations
- Create research-specific accounts unlinked to your real identity
- Use VPNs or Tor to mask your IP address when accessing sensitive sites
- Don't log into personal accounts while conducting research
Mask your digital footprint:
- Silo, Cloud-based browser isolation for research
- Tor Browser, Anonymous browsing (be aware of exit node risks)
- VPN services that don't log (research carefully)
- MySudo or similar for burner phone numbers
- 33mail or SimpleLogin for disposable email addresses
Avoid alerting targets:
- Don't view LinkedIn profiles logged in (they'll see you visited)
- Don't like, comment, or interact with target accounts
- Use third-party viewers when possible
- Archive pages to avoid repeated visits
Protecting Sources
Secure communication:
- Signal, End-to-end encrypted messaging
- SecureDrop, Anonymous document submission for newsrooms
- PGP-encrypted email for sensitive communications
- Consider metadata: who you communicate with is sometimes as sensitive as what you say
Source protection practices:
- Never reveal sources without explicit consent
- Don't store identifying information unnecessarily
- Be aware that your devices can be seized or hacked
- Consider legal protections (shield laws) in your jurisdiction
- Have a plan for if you're compelled to reveal sources
When You're the Target
Surveillance firms have pitched tools to governments for tracking journalists and activists. Colombia's military used VoyagerAnalytics to profile and intimidate journalists between 2018 and 2019.
Warning signs you're being targeted:
- Unusual login attempts on your accounts
- Phishing emails that seem unusually well-crafted
- New "friends" or followers who seem too interested
- Your articles being monitored or quoted by intelligence actors
If you're targeted:
- Contact digital security organizations like Access Now or EFF
- Document everything
- Assume your devices may be compromised
- Alert your organization and legal support
Ethical Standards & Best Practices
The Berkeley Protocol
The Berkeley Protocol on Digital Open Source Investigations provides guidance on gathering, analyzing, and preserving digital information in a professional, legal, and ethical manner for human rights investigations.
Key principles:
- Objectivity and accuracy in methodology
- Do no harm, consider impact on subjects and sources
- Security and data protection
- Legal and ethical compliance
- Transparency about methods and limitations
Verification Standards
- Triangulate sources: Never rely on a single source; verify from multiple angles
- Document your process: Show your work so others can verify
- Acknowledge uncertainty: State confidence levels and limitations
- Preserve evidence: Archive original sources before they disappear
- Consider context: What's the source's motivation? Could this be staged?
Evidence Preservation
Tools for archiving:
- Wayback Machine, Archive web pages
- Archive.today, Alternative archiving service
- Hunchly, Automatic capture during browsing sessions
- Screenshot with timestamps and metadata visible
- Download original files when possible
Why preservation matters: Social media posts get deleted. Websites change. Videos get removed. If you don't preserve evidence when you find it, it may be gone when you need it.
Learning Resources
Training Programs
- Bellingcat workshops: Regular training on OSINT techniques
- GIJN resources: Global Investigative Journalism Network training materials
- ICFJ programs: International Center for Journalists digital security training
- First Draft: Verification and misinformation training
Communities
- Bellingcat Discord: 20,000+ members discussing OSINT techniques
- OSINT Curious: Community for open source researchers
- Verification Junkie: Resources and community for verification
Regular Practice
Geolocation challenges:
- GeoGuessr, Game that builds geolocation skills
- Quiztime challenges on Twitter
- Bellingcat's verification challenges
Like any skill, OSINT improves with practice. Regular exercises build pattern recognition and familiarity with tools.
The Bottom Line
OSINT has democratized investigative journalism. The same satellite imagery, social media data, and public records that were once accessible only to intelligence agencies are now available to anyone with an internet connection and the knowledge to use them.
Journalists and activists can verify events in real time, document human rights abuses, and hold power accountable. Bellingcat's investigation of MH17 demonstrated that citizen investigators could reach conclusions that took official investigations years to confirm.
But the same tools cut both ways. While you investigate, you can be investigated. Your digital footprint, your sources, your methods, all are potentially visible to hostile actors with the same skills you're developing.
The answer isn't to avoid OSINT. It's to practice it responsibly: verify carefully, document thoroughly, protect sources absolutely, and secure your own operations. The Berkeley Protocol and Bellingcat's methodologies provide frameworks. The rest is practice, community, and vigilance.
References
- Bellingcat's Online Investigation Toolkit
- ICFJ, Fundamentals of Open-Source Intelligence for Journalists
- Bellingcat, Introducing the Collaborative Open Source Toolkit
- ISOJ, OSINT and SOCMINT Techniques Empower Investigative Reporting
- OSINT Industries, OSINT Journalism Guide
- UN OHCHR, Berkeley Protocol on Digital Open Source Investigations
- Forbidden Stories, When Your "Friends" Spy on You