War Criminals on VKontakte
New findings from Russia's Facebook
We have identified and archived social media profiles (media, posts, and profile metadata) for 700 Russian war criminals including 9/10 of the Bucha “Despicable 10”. Using similar methods, and in collaboration with Invader.info, we can now identify, with reasonable confidence, the unnamed military truck driver in this article by the New York Times about summary executions in Bucha by Russian soldiers. Numerous indicators converge on him being Private Оломский Богдан Юрьевич (Bogdan Olomsky).
Russian soldiers are revealing critical information through their VKontakte profiles which we at Open Measures are archiving on a massive scale. We have developed systems for sorting through the nearly 40 million users that we crawled from this “Russian Facebook.” The platform stores a wide range of highly detailed and personal information, making it invaluable for an authoritarian government or OSINT professionals seeking to unravel and document a range of ongoing crimes. We aim to support efforts such as the ongoing ICC probe and their investigation into Bucha specifically, as well as those by Ukraine’s Chief Prosecutor, Iryna Venediktova and the Bucha Prosecutors Office.
In this post, we will outline our data, our methods, and our critical initial findings. Using our methods and data, we hope to empower a wider range of researchers, war crimes litigators, and archivists to expose more of those responsible for these crimes.
Our matched profiles can all be found in the following locations in this Cryptpad or the file attached to this post (contact us if you have trouble with the Cryptpad).
To support us to help scale these free and open efforts click the link below:
OUTLINE
What is VK?
Prior Research
Summary of Open Measures Data
Identifying User Trends
Age Distribution
Users by Country
Finding Possible War Criminals on VK
Methods
Bucha and the “Despicable 10”
Facial Recognition and the Unknown Driver
Interesting Leads
Radio Svoboda
Community Groups as War Fronts
Using Open Measures’ Tools
Conclusion
What is VK?
VKontakte (ВКонтакте), is a social media platform founded by Pavel Durov in 2007. Durov’s history is complex, from a stand-off in St.Petersburg to self-imposed exile after his dismissal as VK CEO. His phone number even showed up in those potentially targeted by the Pegasus spyware leak. VK is often compared to Facebook because it was initially an invite-only, university-based platform. According to the company’s website, VK claims 97 million users per month. Wikipedia states VK had at least 500 million users as of August 2018. Other than Odnoklassniki, VK is one of the last social media networks not blocked in Russia. As reported by Wired, VK has experienced significant user growth from the ban on Facebook since Russia invaded Ukraine. Contrary to VK’s originally stated goal of promoting free-speech, the platform often cooperates with government censorship and arrest requests after they hired several government-friendly executives. An example of an arrest made for the content of posts said, “No war in Ukraine but a revolution in Russia!”.
Russia’s ongoing invasion and occupation of Ukraine has brought additional attention to VK. On March 20th, VK was hacked. Users were sent a series of messages about the invasion including information about civilian deaths, Russian military and economic losses, and threats of personal data and correspondence on VK being used by Interpol to arrest those supporting the invasion.
A pro-Russia Telegram group (https://t.me/itsyuni) posting screenshots of the messages that were received on VK. The caption reads: “The official VKontakte group was hacked and sent out a newsletter with this text. This is not funny at all.”
Prior Research
Shortly after Putin began the war, Open Measures launched a body of work opposing imperialist Kremlin revanchism outlined in our “Kremlin Hunting” blog post. The war has since been declared to be in violation of the Genocide Convention. This post also shared our list of Telegram channels of interest (now including VK groups as well), a call for investigations, and revealed our new media server for searching over archived media. Shortly after, we published a piece entitled “Cargo 200” outlining some aspects of the information war surrounding Ukraine and flourishing across fringe platforms such as Telegram. Shortly afterwards, we began crawling specific VK groups and pages as well to supplement these findings.
Russian soldiers and assets (such as “deniable forces” and “little green men”) have been notoriously lax about avoiding posting evidence of war crimes on VK. This data leakage often included critical intelligence leading in part to what some refer to as the “Bellingcat Bill” being pushed through by the Kremlin which criminalizes cell phone and social media usage by soldiers.
VK has been a notorious home to a wide range of bad actors due to low moderation and perceptions of tolerance towards right wing extremism. For example, international white supremacist networks, up to and including the KKK themselves, have sought refuge on VK from platforms like Facebook. Additionally, OSINT practitioners have been able to verify numerous war crimes on VK. Due to lax privacy laws, a wide range of investigation practices have emerged surrounding Russian operations from using facial recognition software to buying phone data on the Russian dark web. Notably, Rinaldo Nazzaro, head of white terror network, “The Base” while living in Russia, was partially exposed via photos on his wife’s VK account. Additionally, VK has become a battleground of the war itself from debates to actual orchestration. A recent exposé by Reuters connected numerous Bucha war criminals to online posts. VK is a treasure trove of OSINT leads and breakthroughs on a wide range of investigations of bad actors.
Summary of Open Measures Data
Open Measures’ data collection methods for VK combined both automated and manually curated lists. Originally, we began ingesting every VK group mentioned in our Telegram data. We then solicited our community for requests via our public sheet. This eventually led to pulling user profiles and in select cases, all of their posts. Our user profiles list is massive, clocking in at 112,833,873 users in total. However, we only pulled the posts of users who we suspected to be military members involved in war crimes in Ukraine or those surrounding them. In total, Open Measures currently has 91,259,864 posts from 3,756,385 unique “authors,” and are crawling around 14,500 groups.
We utilized a range of resources to determine an individual’s involvement in the invasion of Ukraine. We primarily focused on the list of Russian soldiers known to have been deployed in and around Bucha from the 64th Separate Motorized Rifle Brigade of the 35th Combined Arms Army provided by the Main Intelligence Directorate of the Ministry of Defense of Ukraine but expanded our user list with a variety of methods. This unit was chosen as a result of the infamy of their war crimes in Bucha for which they were later given honors by Putin. Additionally, we pulled from and collaborated with Invader.info, a project created by a Ukrainian born data scientist who developed novel methods for analyzing and crawling the data. We supplemented these all with OSINT techniques we will outline in this report. In total, Open Measures has three types of VK data: Groups, User Profiles, and Posts. Only Posts are made public via the app and API at this time but they do contain information about the users and groups. Individuals requiring more access can contact us and will be reviewed on a case-by-case basis.
Identifying User Trends
Age Distribution
Graph with number of users per age group. The peak is at 22 years old and the average age is 31 years old.
Officially, VK says they have over 90% of the Russian internet audience. In an attempt to find the total number of users on VK, we used age and gender information because those are fields that must be specified when signing up for a VK account.
Though it must be specified upon signup, birth year is not a required field to be displayed on a user’s profile. Of over 500 million accounts, only 395 million opted to share their birth year. But by querying age range information through VK’s API, we discovered a number close to VK’s reported number – a total of 510 million users.
Gender must also be specified with the choices of “male” or “female”. Given there are about 218 million female accounts and 281 million male accounts, that gives 499 million as another possible total number of accounts.
Users by Country
Top 10 countries with the most VK users.
Unsurprisingly, as a Russian-founded platform, as of June 2022 over 232 million users listed that they were from Russia in their user profile as well as 49 million listing their location as Ukraine. VK was banned in Ukraine in 2017 to decrease Russian influence and move towards the west. However heavy usage continued despite multiple reported exoduses of Ukrainian users. After the second exodus of users, the ideology of remaining VK users in Ukraine shifted towards pro-Russian and anti-Ukrainian rhetoric. Some countries like the United States and Brazil are in the top 10 because they have large populations. To measure the usage of VK for smaller countries, we also adjusted for population to find the number of accounts per person. In this way, some countries like Brazil were pushed farther down the list.
Top 10 countries with the most VK accounts per person.
Some countries that were initially high on the list fell to the bottom – for example, the United States has the 5th most VK users, but has only 0.02 accounts per person when adjusted for population. The countries with the highest rate of accounts per person are all in Eastern Europe and Central Asia.
Map centered on Europe and Asia with the number of VK accounts per person.
Finding Possible War Criminals on VK
Methods
Though Open Measures now has its own data and tools you can use, VK also has robust search features to find people, posts, communities, music, videos, classifieds, store products, and clips. For searching people, the options include region (country and city), school, college or university, age, gender, relationship status, personal views (religion, life priorities, important qualities in others, smoking and alcohol), company and position, military service, and birthdate. Some user searches are restricted. Performing a search for military service does not yield any results, but it is still visible on user profiles and searchable in our User Profile data (or in the user profiles of our public post data on the API). Obviously, name, birth date, and military service were of most utility to our investigation.
The military service and birthdate fields for the user search.
We could then match users based on aspects such as name, birthdate, military position, and home city. This could be done manually which provided maximally accurate results but would require much more volunteer effort to scale, or via automated code queries with complex rules for gauging the likelihood of a match.
For manual searching for a soldier on VK, we generally utilized the following procedure:
Search by name + date of birth (DOB) MM/DD, then open all profile links and rule out the profiles listing incorrect birth years.
DOB year is not required for a VK profile, so if you first search by MM/DD/YYYY, you might be missing valid profiles.
Younger kids might also make accounts before they are old enough (14 is minimum age), so the birth year is off by 1-2 years but it’s the correct MM/DD. Kids are more lax with security, so you have a better chance of finding phone numbers and other personally identifying information on those profiles.
But for more common names, searching through every MM/DD profile is very time-consuming, so searching for name + DOB MM/DD/YYYY might be more productive.
Use passport city for additional narrowing-down and verifying correctness of findings. If the profile matches the birth year, this is less important, but if you only have MM/DD it’s a good way to check findings.
Though it’s not directly searchable on VK, military service listed in the account profile is another good indication that you’ve found a good profile.
However, given the abundance of user profiles we scraped, we could also just search over the “occupation.name” field for users claiming to be in units of interest. For example looking into regiments accused of war crimes; 18 users self-reported being in the infamous 64th brigade with the military number 51460, 10 users from the 76th Guards Air Assault Division (unit 07264), and 8 users reported military in the 234th Airborne Assault Regiments (unit 74268) who were previously awarded for occupation of Crimea and were exposed for their crimes in Bucha by the New York Times. All of these accounts are archived and documented and the methods can be replicated on other units in the Russian offensive.
Another interesting method is just searching the unit number (ie в/ч 51460 for the 64th) in VK. You will often find public groups with members posting recently. Additionally, you can search in “videos” and find some that are very recent and worth downloading.
As part of this effort, Open Measures was proud to collaborate with the incredible Invader.info project which tracks the scraped social media profiles, network contacts, and images of Russian soldiers occupying Ukraine. The project’s methods and goals are outlined in detail here.
Bucha and the “Despicable 10”
Using the described methods, Open Measures connected individuals involved in the invasion to their VK profiles. Confirmations of birth date, name, position in the military, home city, etc. provides further evidence that could be used in war crimes trials, especially when held in conjunction with images showing faces in both locations. We potentially connected 700 VK profiles to members of the infamous 64th Separate Motorized Rifle Brigade of the 35th Combined Arms Army responsible for war crimes in Bucha, dovetailing nicely with other related efforts to identify and archive such as this from Inform Napalm. Then, working with our partners we assess with reasonable confidence that we have identified 9/10 of the “Despicable 10” from the attacks on civilians in Bucha. We identified, through name and birthday, matches with other information where possible. These IDs can be found in the Despicable 10 tab of our matches spreadsheet.
We have 2,057 unique public posts from all of the Despicable 10 accounts combined. The most publicly active of them was Сергей Пескарев with around 1,600 posts followed by Григорий Нарышкин, Алик Раднаев, and the Sergeant, Никита Акимов (Nikita Akimov). Nikita’s posting behavior shows little of interest except that he has a Twitch and Skype account and used to post a lot of kawaii anime pictures. He last accessed the VK accounts we tracked on April 28, 2022 and his corresponding Telegram account informs us that he was “last seen a long time ago.”
Using the images of the 10, we have further verified the accounts. For example, Nikita Akimov’s face is similar across the two profiles we identified and the photo provided by the Defence of Ukraine and you can note the distinctive curve of the nose in the photos:
Photos of Sergeant Nikita Akimov, a Russian soldier implicated in Bucha war crimes
Of the Despicable 10, the majority list their cities as being in the far south-east corner of Russia closest to China, with none coming from anywhere near Ukraine. Most of the Despicable 10 accounts show old last seen dates ending up to the moment the invasion occurred. This would make sense considering they are not supposed to bring devices. However, 4 of the accounts show last seen dates that are current (as of June 10, 2022) meaning that they, or someone with access to their accounts, are continuing to access VK’s platform during the war and as such may have access to their phones. If any of them brought phones to Ukraine and allowed them to access networks, they would have become tracking beacons mapping out their every movement to the Ukrainian government. These are the four recently active accounts:
Interestingly, Corporal Semen’s page changes his profile picture between May and June, from one showing his face to one obscuring it. If this was a subtle admission of guilt, he would’ve been better to also delete the older pictures of his face as well. In one profile he listed his political views as “monarchist”. Additionally, his listed phone number in the VK login goes directly to a 2FA prompt to the same number suggesting that some account is using that number for login. Further research suggests that the number has not been connected to a network in a while so it is uncertain who, if anyone, is controlling it and how.
Pictures where war criminal Corporal Semen changes VK photos to one obscuring his face and one in military garb.
While we hope to continue to support efforts to archive and identify war criminals, we rely on the broad expertise of those who read our work. These leads are just the beginning of what is possible from this data.
Facial Recognition and the Unknown Driver
Utilizing facial recognition is one of many different ways to leverage this preserved data. For example: Trials run with facial recognition tools against the image of the as-of-yet unidentified photo of a Russian military truck-driver featured in an investigative New York Times article which exposed a mass execution in Bucha on March 4, 2022, suggests a match to Private Оломский Богдан Юрьевич (Bogdan Olomsky) of the 64th Separate Motorized Rifle Brigade of the 35th Combined Arms Army (OAVVO). If these findings are accurate, the information suggests the 64th regiment, in addition to the 104th and 234th Airborne Assault Regiments as previously reported by the New York Times, were present on 144 Yablunska Street in Bucha between March 3rd and 5th.
Automated methods found five profile matches for Bogdan (1, 2, 3, 4, 5). All of these profiles share the same name, city, and have similar face photos at different ages. Four of the five profiles list the same birthdate in addition to sharing the same name, city and similar face photos. Then, upon running facial recognition experiments against the unknown war criminals in the New York Times article, positive results returned for all 5 accounts which also all appeared to be him having 5 accounts based on the profiles content.
One of Bogdan Olomsky’s VK accounts even lists the military unit (51460) he allegedly served with between 2016 and 2019 which is the 64th Separate Guards Motor Rifle Brigade, who murdered hundreds of civilians in Bucha. In one of his profiles, he lists “kindness and honesty” as the most important things he values in people and even appears to have gotten a “one love” tattoo on his wrist.
Bogdan lists his military unit, number 51460, on his active VK account. Screenshot: 12 June 2022 00:06 PST.
Findclone.ru is the standard for paid VK face searches but you can also use open libraries as done by invader.info. Open libraries may provide false positives, and as such must be supplemented with additional refinements such as birthday, city, and military unit listed in profiles (if it’s there), and manual facial features matching.
When images of unnamed soldiers from the New York Times articles were run, 5 positive matches to Bogdan were found in our database of Russian military user profiles which further corroborated existing findings. Numerous facial features match across the images including the uniquely round and protruding outer edge of the ears, the shape of the nose, lips, and eyes, complexion, and the length of the face.
One obstacle to facial recognition is systems that rely on high quality unobscured images that are harder to find in often grainy war footage. However, this example shows what is still possible even given these constraints.
Facial recognition experiments indicate an identification of a yet unnamed war criminal. Pictured: Bogdan Olomsky (L) April 3, 2022; unidentified Russian soldier in Bucha via New York Times CCTV photo (M) March 4, 2022; Bogdan Olomsky (R) March 13, 2022.
Interesting Leads
Here are a few other leads and methods for searching worth pursuing from our data.
Radio Svoboda
One of Accounts we found often posting was “Донбасс.Реалии” which translates to Donbass Realities and is a project of Radio Svoboda / Radio Liberty. Radio Svoboda is itself a branch of the US Agency for Global Media which was born out of the Broadcasting Board of Governors (BBG). Though claiming independence, there have been numerous scandals regarding this agency's past and ongoing relationships with the CIA and information warfare more broadly. Regardless of its true degree of independence, its active involvement in the Donbass information landscape on VK is as obvious as it is interesting.
Community Groups as War Fronts
A very strange series of accounts are a set of pages which represent something like community groups but with a pro-Russian bias for occupied areas. They are across many platforms (VK, OK.ru, Telegram, Youtube, and Instagram). They follow a stylistic and functional pattern across accounts ie: My Krasnodon and My Luhansk.
As the war progressed, they became less about asking for favors and selling small goods and became more political, posting images and links to pro-Russian soldiers with heavy weapons and interviews with Russian puppet Bashar al-Assad. The pages now post “updates from the front,” similar content, and engage obliquely in war related efforts:
A translated post from a community group offering to pay someone to bring a package to pro-Russian forces with a user replying with the hand to face emoji.
These are just a few things we found interesting in our preliminary research but there is much more to be uncovered.
Using Open Measures’ tools
A sample of 50 posts from Open Measures’ VK data can be viewed via the Search tool. This query searches for the term “Украина” (Ukraine). We can utilize the Timeline tool to get a sense of the discussion of the same term showing a peak in posts on February 25.
Timeline of users posting about “Украина” on VK peaking in February.
Here is an overview of the links most shared in posts mentioning “Украина” to get a sense of where these VK users are getting their information on the conflict. Note here that .su (Soviet Union) is a common Russian country code top-level domain so the majority of links shared are Russian websites.
Bar graph showing most popular links shared with posts mentioning “Украина”.
Users can investigate more deeply the accounts most discussing Ukraine via our Activity tool to prioritize and isolate influencers.
Bar graph of accounts with the most posts mentioning “Украина”.
Here are a couple examples on how to use our API to get specific sub-sections of relevant data. The first step is always to get a sense of the data. Just search for a word (here “Украина”) with default settings (except choosing VK as the site). This allows you to analyze the field names in the VK response JSON blobs. From the response we can highlight two useful fields: “author” and “text”. Here’s an example:
Open Measures API JSON blob of VK data pointing out author and text fields
Here we will show how to get the posts from a specific user, focusing on the most senior person we linked from the “Despicable 10,” Nikita Akimov, however the same could be done to check for posts from any user of interest. It's worth noting that while we do not make our entire user profile collection public, the user profiles of accounts we pulled posts for will be available in these API responses. To begin, we select the most recently active account of the two we matched (facial comparison between two profiles matches). To get posts from a specific user then, on the interactive API docs page (or in your code) select VK, set “esquery” to “true”, raise the post limit, set appropriate “since (make since go back quite far in case they haven’t posted recently)” and “until” variables. Then in the term box write: “author : id560264474” where the author name is taken from the end of the user profile URL (in this case, https://vk.com/id560264474). The interactive API docs should look something like this (resulting API query link here):
Open Measures interactive API with arrows highlighting the term, site, and esquery fields.
Useful Despicable 10 filter for the content endpoint of the API: “author : id560264474 or author : id120178883 or author : vyacheslav_2192 or author : id694659052 or author : id296316943 or author : id195711313 or author : id468252032 or author : id104618347 or author : id481580855 or author : id296489212 or author : id190451889 or author : id158829161 or author : id237447990 or author : id169306798 or author : id148528657 or author : id393553172 or author : id568512814 or author : id294615173 or author : id366951774 or author : id441355754”
Aside from the obvious fields mentioned above, there is a wide range of interesting data in these fields from geo-coordinates to positions in the military to Skype handles to whether they use iPhone or Android etc. These examples give a sense of the range of possibilities for employing our data in creative ways to pursue your own leads related to the Russian invasion of Ukraine.
Conclusion
Our VK data represents a treasure trove of evidence and leads for a wide range of use cases such as looking at the types of people responsible for heinous acts and their views or providing further identifying information such as photos, phone numbers, and ranks linking war criminals to their acts and faces. Our data preserves all public meta-data so should be admissible in future ICC cases or those held in countries like Belgium that have laws allowing the prosecution of foreign nationals. Please reach out to us if you have ideas or leads about how to further utilize this information or just to share what you’ve found.
To support our free, public, and open-source efforts such as this check out our Open Collective page. The hosting costs alone of scaling this work is very expensive so it really does help. If you or someone you know is interested in translating this to Ukrainian please reach out. A huge and special thanks from Open Measures to our research friends and community that quietly and humbly supported this publication. It’s such an honor to work with you all.