By Olha Hembik | 2025-10-31

WARSAW -- A single restroom sign gave away one of Russia's most secretive military units.

Ukrainian open-source intelligence (OSINT) analysts traced the elite Rubicon Center for Advanced Unmanned Technologies to Patriot Park, a military museum and theme park outside Moscow, thanks to a few unblurred seconds in a propaganda video by Russian television host Vladimir Solovyov.

The analysts specialize in gathering, analyzing and verifying publicly available information, often from social media and state media videos. Their digital sleuthing has led Ukrainian forces to legitimate military targets and individuals who might otherwise have remained hidden.

Radio Free Europe/Radio Liberty reported that the Rubicon base was identified through three videos posted online: an October 11, 2024, post on the Russian Defense Ministry's Telegram channel; Solovyov's February 2 television segment; and an August 1 anniversary video marking Rubicon's creation.

Each clip contained footage from the base grounds, but Solovyov's final video provided the breakthrough. Editors failed to blur a sign above a restroom entrance -- a distinctive illuminated panel that alternated between the Russian and English words for "Toilet."

That small oversight, combined with other visible details such as the column cladding and interior hardware, matched photos of structures at Patriot Park, allowing researchers to geolocate Rubicon's secret base with precision.

Specific searches

Volodymyr Teliuk, deputy director of InsightOps, stressed the need to cross-verify information from multiple sources.

He noted that this principle has remained largely unchanged since World War II, when intelligence services intercepted radio frequencies and eavesdropped on adversaries.

"Now, it's an elaborate, precise methodology that enables faster, more effective searches, intelligent analysis and accurate conclusions," Teliuk told Kontur.

"OSINT specialists use diverse sources, resources and databases to gather and confirm information as much as possible."

Ukrainian OSINT practitioners commonly employ search systems and metadata analysis from photos, alternative maps and specialized search tools, including Google dorks -- advanced search commands to uncover hidden online information, with custom code for targeted queries.

For basic business analytics or partner research, platforms like OpenDataBot and YouControl provide foundational data for deeper OSINT exploration.

OSINT breakthroughs

Open-source military intelligence gained prominence in Ukraine starting in 2014 but surged in 2022 amid Russia's full-scale invasion.

Teliuk said one of the most dramatic cases showing the rise of OSINT was the investigation into Malaysia Airlines Flight MH17, which Russia shot down over Ukraine on July 17, 2014, killing all 283 passengers and 15 crew members, including 80 children.

International investigators concluded that Russia was responsible and identified the perpetrators.

"The court considered conclusions and data gathered by activists and journalists," Teliuk said, noting that the path of the Buk missile system used in the attack was traced through Russia using open-source analysis.

Investigators examined metadata, satellite images, geotags and photos of Russian soldiers posing with the Buk launcher. Despite the evidence, Russia continues to deny involvement, mainly for domestic propaganda, Teliuk said.

Mykhailo, a soldier in Ukraine's 72nd Mechanized Brigade who previously worked in IT, now conducts OSINT "with whatever is available."

"It's a little like hunting -- you track the enemy based on a photo, determine the location, monitor enemy channels, and you can gather information that isn't obvious," Mykhailo told Kontur.

War correspondents sometimes expose Russian positions, he said, recalling a Donetsk base destroyed after a propagandist illuminated it for dramatic photos. Geotagged images from Russian troops or bloggers have also led to strikes, including one on a command center in Lysychansk.

For Danylo Podgorniy (a pseudonym), who has spent eight years with the InformNapalm community, the mission is identifying Russian service members and building a database of war criminals.

"You can find 70 to 80 percent of a person's information online, even without special tools," he told Kontur. Deleted profiles rarely erase all traces -- relatives, coworkers, or even a pet photo can reveal identities.

Teliuk said everyone leaves a digital fingerprint through documents, court rulings and residence permits.

"You just need to gather this information, analyze it and cross-reference it," he said.

OSINT specialists have since created an interactive database of Russian units involved in the 2022 invasion of Ukraine, expanding on the earlier Russian Aggression project from 2014 to 2021.