Skip to main content
stories

‘It’s always a choice’ ‘Bellingcat’ lead investigator Christo Grozev explains how his team unmasked the Russian agents who tried to kill Alexey Navalny

Source: Meduza
Jack Taylor / Getty Images

On December 14, 2020, Russian opposition figure Alexey Navalny published a video on YouTube, titled “I Know Everyone Who Tried to Kill Me,” where he named the Federal Security Service agents he says are responsible for poisoning him in Tomsk on August 20. Navalny attributed the discovery to Christo Grozev, Bellingcat’s “chief and very cool investigator from Bulgaria,” who recently contacted him with the message: “You know, I think we’ve found the people who tried to kill you.” Navalny’s own Anti-Corruption Foundation then joined the investigation, retracing Grozev’s steps and verifying his findings. Meduza special correspondent Liliya Yapparova spoke to Grozev about how he managed to track down a “secret and completely separate” group inside the FSB, why he’s certain these men are responsible for the attempt on Navalny’s life, and what he expects next in this story.

Alexey Navalny had uninvited company for the past three years — at least eight federal agents followed him nearly everywhere, whenever he left Moscow, according to a new investigation by Bellingcat and its media partners. In an interview with Meduza, Bellingcat’s lead Russia investigator, Christo Grozev, described two basic theories to explain why Navalny was watched so closely before he was nearly poisoned to death: either the FSB team had orders to be ready to kill him when instructed, or the agents were trying to assassinate him all along. 

Readers can draw their own conclusions

Leading experts on chemical weapons told Bellingcat that “optimal dosage” with nerve agents is tricky business when “in the field,” and Navalny’s assailants had reason to act cautiously. There’s some evidence that Navalny was poisoned last year with the same substance that nearly killed him this August: Aboard a plane in 2019, he says he experienced the same acute discomfort that preceded his violent illness and coma. A few months earlier, moreover, his wife Yulia was also suddenly albeit briefly unwell. Both of these incidents, Grozev told Meduza, could very well have been the result of the FSB’s attempts to find the dose needed to kill Navalny as delicately as possible. 

The poison used against Navalny, which medical experts later narrowed down to a “Novichok-class” nerve agent, would have taken effect almost immediately, but Navalny suspects he was exposed through a suspiciously bad-tasting cocktail, the night before his symptoms began. If this is true, Grozev says the substance must have been “micro- or nano-encapsulated” — coated with something to delay the body’s absorption of the poison.

For all its apparent efforts involving Alexey Navalny, the FSB team of operatives and toxin specialists seems to have other assignments, as well, though the agents clearly focused on Navalny after 2017 (when he declared his intention to challenge Putin for Russia’s presidency). Grozev says the agents he identified often visit cities that don’t intersect with Navalny’s travels, with frequent stops in the North Caucasus, where militants and armed separatists remain a thorn in the authorities’ side. Grozev says the FSB team might be poisoning other oppositionists on these trips, as well, which he will explore in his next investigative report. 

Grozev says Bellingcat adopted a “conservative” editorial approach to the evidence it collected showing the FSB’s involvement in the attempt on Navalny’s life. Even the report’s headline — “FSB Team of Chemical Weapon Experts Implicated in Alexey Navalny Novichok Poisoning” — deliberately stops short of direct accusations. At the same time, Grozev says there is “no innocent explanation” for why a group of specialists trained in medicine and chemical weapons traveled under assumed identities and then used a secure network to communicate with Russia’s Novichok experts immediately before Navalny was poisoned and then with experts in mass spectrometry (who could explain how long a poison’s traces remain detectable), immediately afterward. “Any court would convict these people,” says Grozev. 

Bellingcat proved that these FSB agents followed Navalny in Tomsk on the day he was poisoned, just as these men had tailed him 37 times before. “We leave it to the reader to decide if they tried to kill him,” Grozev told Meduza.

Following the data

Grozev stumbled onto the FSB operatives when he expanded his research into the use of Novichok by military intelligence agents in Russia, building on a Bellingcat investigation that identified the “Signal Scientific Center” as the heart of the Kremlin’s clandestine chemical weapons program. “We realized that [agents] called precisely these scientists [for consultations] at peak moments, just before Novichok poisonings,” says Grozev.

After Alexey Navalny was nearly assassinated, Bellingcat studied the scientists’ telephone records, looking for calls with anyone identified as an FSB agent in the app “GetContact,” where users pool their personal contact lists to create and access a database that matches numbers to the names they’ve been assigned on different phones. Grozev and his colleagues went looking for phone numbers linked to names like “Stanislav FSB” and “Vladimir FSB.”

When Bellingcat conducts this kind of work, says Grozev, it identifies about 70 percent of the telephone numbers that apparently belong to federal agents through GetContact or some other leaked database available on Russia’s black market. For more subtle evidence, the researchers turn to leaked archives like “Larix” for credit records, employment histories, past convictions, and flight itineraries. Many FSB agents complete long tours of service in Russia’s Border Guard, explains Grozev, which can offer further corroboration when tracking down operatives.

To investigate Navalny’s case, Grozev returned to the telephone records Bellingcat obtained in its work on Russia’s chemical weapons lab, the Signal Scientific Center. According to these documents, the facility’s director, Arthur Zhirov, had a history of calls with someone identified by GetContact as “Alexey Podlipki FSB” — apparently a reference to a small village outside Moscow, where the Federal Security Service has no official presence. These communications spiked on July 6, 2020 — a date that held no significance, as far as Navalny and the public record were concerned. 

Wondering if he’d missed something, Grozev contacted Navalny in mid-November and asked if anything had happened on this day. It turns out that Navalny’s wife Yulia became suddenly ill on July 6 while vacationing in Kaliningrad. Navalny didn’t publicize the incident when it happened because he didn’t understand it himself. “This was the first moment when I realized that it seemed we’d found something,” Grozev told Meduza.

The cellular records Bellingcat acquired on Russia’s black market make it possible to geolocate specific calls and data transfers by triangulating the different tower connections used in these communications. Grozev told Meduza that Bellingcat typically maps this out manually, after using MySQL (an open-source relational database management system) to remove records of calls and data usage that occurred on weekends, holidays, or late at night. The result, he says, is a fairly reliable picture of where these men spent their work hours.

The telephone records show that the suspected agents frequented two locations: an FSB research institute on Varga Street in Moscow believed to work with chemical weapons and an area near Podlipki. Using Wikimapia, Bellingcat discovered that this second location leads to another secret FSB facility, solving the mystery of “Alexey Podlipki FSB.” According to Wikimapia users, the KGB once used the Podlipki grounds to develop missile technologies. Today, Grozev says, the laboratory serves as an unofficial extension campus for the FSB’s Varga Street facility, which manufactured the poisons used against Soviet dissidents, according to former KGB General Oleg Kalugin, who now lives in the United States. 

Bellingcat bases much of its conclusions on surges in calls between experts at Signal and the suspected FSB agents who tailed Navalny across Russia. Grozev acknowledges that the calls could have been about anything (there were lots of telephone conversations on Defender of the Fatherland Day in February, for example, presumably about the holiday), but the timing and the sequence of communications before and after the attacks against Navalny strongly suggest, he says, that these discussions concerned Novichok.

After using phone records to single out a handful of suspected FSB agents, Bellingcat guessed that the operatives who followed Navalny around the country likely traveled under assumed identities using false, albeit only somewhat modified names and birthdates (a lazy but typical practice in Russia’s intelligence community). Grozev says his team began its work with airline records by “blindly and randomly” purchasing black-market passenger manifests for flights booked by Navalny and his staff. When Bellingcat realized that the federal agents traveled in groups, almost always a day before or after Navalny, Grozev bought more flight records and repeated his search for the FSB agents’ aliases. As a pattern emerged, his work gained precision.

Grozev says the phone records obtained by Bellingcat indicate that Navalny’s FSB surveillance team stayed abreast of his travel plans by communicating frequently with the agency’s officers stationed at airports, who have direct access to Russia’s ticket-reservation databases.

When looking for federal agents involved in a supposed assassination operation, Bellingcat adjusts its search algorithms to filter out travelers on flight manifests who don’t fit the FSB’s pattern. Grozev says he calibrated his search parameters to exclude people traveling with apparent family members (other passengers with the same surname) and anyone who booked their tickets well in advance. A rich travel history also reduces the odds that someone is using an FSB alias because the agency generally doesn’t bother to invent deep records, says Grozev. This is especially true, he adds, with special units like the team that pursued Navalny, where looping in the additional colleagues needed to counterfeit long personal pasts can compromise an operation’s secrecy and risk leaks.

Working with black-market intel

When Grozev started investigating Navalny’s poisoning, all he had was an archive of telephone calls to and from Arthur Zhirov, the head of the Signal Scientific Center. By the time he was ready to publish his work, he’d obtained the call records for another 10–15 accounts. Due to restrictions on how Bellingcat can spend its limited funding, Grozev says he had to buy these records using his own money. “It cost a lot,” he told Meduza. “I won’t say the exact price because my wife would kill me — with Novichok.”

According to Meduza’s own calculations, an investigation like Bellingcat’s report on Navalny’s alleged FSB assailants could have cost as much as 1 million rubles ($13,630). A source in Russia’s data-leak market told Meduza that a single geolocation request costs 25,000 rubles ($340), while the call history for one phone number can be as much as 80,000 rubles ($1,090). Flight passenger manifests, meanwhile, run about 10,000 rubles ($135) apiece.

Grozev says Bellingcat has to conserve its resources, pursuing only the most important investigations. Sometimes, the organization even has to abandon certain leads because its funding doesn’t permit all avenues of information gathering. “And we refuse to work with the foundations that would give us money for such work,” he adds. 

When tracking Navalny’s poisoners, Bellingcat researchers had to watch out for “poisoned” data. For example, Grozev says one source sold him a flight manifest listing 177 passengers, while another archive acquired elsewhere showed 179 passengers. The two extra names, it turns out, “were the most interesting.” To avoid being led astray by tampered records, Grozev says Bellingcat acquires databases from different dealers without revealing the information it seeks. “For 10 phone records, we buy from 10 different dealers,” he explains. Researchers can never rely on individual dealers for very long. “After several investigations, [Russian] counterintelligence realizes which sources to use to start feeding us ‘tainted’ data,” Grozev told Meduza.

When investigating intelligence officers, Grozev says Bellingcat tries to avoid using data leaked by rival agencies. These dealers often stand out by deviating from the usual time it takes to fulfill an order. “If it’s suddenly too short or too long, something’s off,” he says. After Bellingcat releases a major report, many sources often cut ties with its researchers. Following the investigation into Navalny’s poisoning, for example, the organization lost access to several dealers. “Even though they’ve said they don’t want to talk to us anymore, we’re going to make sure they’re okay,” Grozev says.

This kind of outreach is as far as Grozev likes to go when it comes to working with human sources, who are fundamentally less reliable than hard data, he says. He recently abandoned this approach for a single story and paid the price. When Navalny was still hospitalized in Berlin, Grozev wrote an article released jointly with Der Spiegel that he based on information from a source at the Charite Clinic, claiming that the Russian opposition figure had come out of his coma. But it turned out that Navalny regained consciousness only a day and a half after the story was published. “It went against my own convictions,” Grozev told Meduza. “I’ll never make that compromise again.”

Grozev admits that he struggles with the ethical implications of working with stolen personal data. In Navalny’s case, he argues that these tactics are ultimately in the prevailing public interest because they were required to expose not just a group of attempted murderers but also a secret government unit devoted to hunting down the Kremlin’s political enemies using dangerous chemical weapons. “I believe that we [at Bellingcat] occupy a niche between journalism and the law enforcement agencies that aren’t doing their jobs either because, as in the West, they can’t or they don’t want to, or because, as in Russia, political pressure makes it impossible,” Grozev told Meduza, comparing his brand of investigative reporting to the ambulances we allow to speed through city streets.

Before exposing individuals’ personal data, Grozev says he needs to be completely sure that he hasn’t made a mistake in his research. Bellingcat’s report on Navalny’s poisoners, for example, singles out eight suspected FSB operatives, but Grozev says his team was able to identify 15 agents in total. In the end, he says he decided to reveal the names of only the individuals for whose actions he could conjure no innocent explanation.

Grozev says he and his wife disagree philosophically about the disclosure of government officials’ personal information. “She believes it’s not worth releasing the private information of people who are just doing their jobs — the people the state told, ‘Go do this.’ I’ll never agree with that. It’s a choice. It’s always a choice. Even in the Soviet Union, it was a choice,” Grozev told Meduza.

A comedy of errors

Though Bellingcat’s investigation into the FSB’s operation against Navalny reads like a spy thriller, one of the most shocking things about the story is closer to comedy: the agents aided researchers repeatedly by making basic mistakes, like bringing a personal cell phone on a secret mission. But these errors don’t surprise Christo Grozev. “Imagine it,” he says. “You’re there and you need to call a colleague but you don’t have his number in the burner phone set up specially for the trip to Tomsk. So you turn on your main cell phone to look up the number you need, disabling the mobile connection, the second the screen lights up.” Even that, however, would have been enough to register a tower connection, leaving a digital trail for anyone who knew where to look.

Grozev says the phone records show IP-channel data indicating that the agents also used an online messenger (ironically, the American-owned WhatsApp) and more secure lines for some conversations. “Apparently, they went with unsecured lines only for non-confidential calls, thinking it was probably enough to protect whatever they discussed,” he says. In a sense, they were right: Bellingcat can only guess about the content in these communications. 

Russia’s intelligence community is presumably tempted to erase its agents’ information from the databases Bellingcat uses, but Grozev says this isn’t as simple as it sounds. “Purging doesn’t always solve the problem because sometimes the absence of something is evidence itself. When you remove something, you’re leaving new evidence,” he explains, adding that Russia’s military intelligence started restoring its agents’ “RossPassport” data after realizing that blank records raise altogether new suspicions. 

For all its failings, Russian counterintelligence theoretically has the power “to destroy Bellingcat forever,” Grozev admits. All the Kremlin needs to do is unearth some evidence of the organization’s supposed ties to Western spy agencies — the secret collaboration to which Bellingcat’s critics constantly allude. If this partnership existed, Russia’s hackers should have little trouble proving it.

In fact, Grozev says he has a “low opinion” of the West’s intelligence agencies. If they knew what Bellingcat regularly discovers, he says, the CIAs of the world would leak the information to more established news outlets, like The New York Times. More importantly, he adds, Western intelligence agencies would inform their own governments, leading to better-educated sanctions that target Russia’s modern-day chemical weapons program, instead of its Soviet remnants. 

This comedy of errors isn’t entirely a tale of bad ideas. Grozev acknowledges that the FSB has concocted some brilliant schemes to thwart sleuths like him, but the agency’s poor execution held success at bay. For example, Grozev says the FSB once introduced an algorithm that fed Bellingcat researchers “RossPassport” photos of other people who physically resembled federal agents, concealing the operatives’ real portraits. “Essentially,” he explains, “they devised a way to poison the entire system with fake pictures. It was a good idea!” Unfortunately for the FSB, its computer whizzes forgot to add a gender filter. When Bellingcat’s searches started returning photos of women, the team knew something was up. “A good idea, but bad execution,” says Grozev.

Interview by Liliya Yapparova, edited by Valery Igumenov and Tatiana Lysova

Summary by Kevin Rothrock