Stephen Coulthart: Lessons from Ukraine: How OSINT networks are changing war

Open source volunteer research networks

Open source research networks (OSVRNs) have been active well before the Ukraine–Russia war. The first OSVRNs emerged shortly after new internet technologies—such as the iPhone and Facebook—enabled users to create and share more digital content. OSVRNs are composed of individuals, sometimes operating independently and sometimes with institutional backing, who collaborate to apply their skills and expertise to extract the “so what” from publicly available information. These networks are defined by their use of open source information—data in any format (e.g., social media, videos, satellite imagery) that can be accessed by anyone without restriction, whether free or commercial, in a legal and ethically acceptable manner. However, there are gray areas: in many definitions, open sources also include hacked or “breach” data.

The skills required to exploit open source information—known as “tradecraft” in the intelligence profession—include source validation, operational security awareness, advanced search strategies, and report writing, among others. Individuals involved in OSVRN range from self-taught amateurs to full-time professionals. Well-known and long-standing OSVRN include Bellingcat, the Digital Forensics Research Lab, the Conflict Intelligence Team, and Forensic Architecture.

Lessons learned from OSVRN in the Ukraine-Russia war

Lesson #1: The ‘Half-Life of Secrets’ is Accelerating – and OSVRN are helping to lead the way.

In 2015, Peter Swire of the think tank New America wrote: “Modern computing means that leaks can occur at scale and be transmitted globally, while pervasive sensors and [actors] outside of government can detect many activities that were once secret.” He likened the rapid erosion of secrecy to radioactive decay, describing it as a “half-life of secrets.” In recent years, the growing availability of open source information has made it increasingly difficult for governments—or anyone, for that matter—to keep secrets. A frequently cited example came in 2018, when an Australian security studies student identified military bases using data from the Strava fitness app.

The war in Ukraine marks a new chapter in the decay of secret state activity, with OSVRNs leading the way. OSVRN can now analyze conflicts more effectively than just five years ago, due to the explosion of available data. When the conflict began in 2021, global data production stood at about 70 zettabytes; by 2025, that number had doubled to about 150 zettabytes (or 150 trillion gigabytes). About half of this data consists of context-rich videos.

These networks also benefit from an expanding range of data sources that help lift the fog of war. For instance, Russian mechanized units have used unencrypted radio communications, which civilian groups intercepted—and, in some cases, disrupted by transmitting their own messages. The proliferation of small, low-cost satellites—miniaturized versions of traditional ones—has further enhanced visibility of the battlespace. Anyone with a credit card and an internet connection can now purchase high-resolution satellite imagery. These trends are likely to accelerate, opening even more opportunities for OSVRN to pierce the fog of war.

Lesson #2: OSVRN are shifting from observers to more active participants in conflict.

A core function of OSRVN has been to investigate and document war crimes—most notably in Ukraine, through their reporting on the Bucha massacre. These networks also engage in counter-messaging campaigns aimed at challenging government propaganda.

The war in Ukraine has shown how these networks activities now directly affect the battlefield. Analysts outside government tracked Russian troop movements before the invasion, demonstrating the value of open sources for strategic warning. According to Ryan Fedasiuk of the Center for a New American Security, this was open source information’s greatest contribution in the months leading up to the war. OSVRN have also taken on humanitarian roles. Like efforts to evacuate Afghan civilians in 2021, OSVRN groups helped rescue trapped students in Ukraine’s early days of conflict, marking a shift toward a more operational use of open sources.

Finally, OSVRN are shaping the cyber battlefield. While hacktivist groups are not traditional OSVRN, many depend on open source information. The IT Army of Ukraine, for instance, disabled web cameras to deny Russian forces OSINT access, while Russian-aligned groups such as Gamaredon and Fancy Bear have used open sources to craft phishing campaigns and conduct surveillance.

Lesson #3: The value of open source information is creating new ethical challenges for OSVRNs –sharpening old ones.

The Ukraine–Russia conflict has brought to light a wide range of ethical tensions. Three key issues stand out. First, these networks become more relevant to the battlefield, their potential to cause harm increases. Civilian analysts, for instance, may inadvertently release information about noncombatants—as has occurred in cases where the families of Russian soldiers were exposed. Second, open source information and analytic reports can have dual-use implications. An OSVRN operating on one side of the conflict might disclose information that could be exploited by the other, creating ethical dilemmas about the appropriate level of transparency in wartime.

Finally, these network’s activities can put their own members at risk. Russia, for example, has launched cyberattacks against members of Bellingcat. Because these individuals operate outside of government structures, they lack the counterintelligence protections typically afforded to official personnel. This raises an open question: to what extent are OSVRN willing to expose their members to potential harm in pursuit of their mission?

LLM Disclosure: During the preparation of this work, the author used GPT-5 to improve the clarity of human-written text.