// For Journalists · Pro-Bono

OSINT for journalists investigating Russia & CIS

We do paid OSINT work for compliance teams. We also do free OSINT work for accredited journalists investigating sanctions evasion, oligarch wealth, war crimes, and shadow-fleet operations. This page is the toolkit and the open door.

TL;DR

  • What we offer: free analyst time, free toolkit, free methodology review — for accredited investigative journalists working on Russia / CIS / sanctions.
  • How to contact: Threema J78VRH26, Session ID (see secure contact channels), or PGP-encrypted email to [email protected].
  • Scope: Russia / CIS only; sanctions, UBO, shadow fleet, corporate-structure work only; one defined question per request; no fishing expeditions; no work on private individuals outside named OFAC / EU designations.
  • Turnaround: 48 hours to accept or decline; 5–10 working days for typical pulls; faster on breaking-publication deadlines if we can.

What you can use free, right now

No accreditation required. No form to fill in. Cite us or don't — either way is fine. The brief is yours.

Flagship investigations

Methodology explainers

Datasets & tools

What we offer pro-bono to accredited journalists

Decided case by case. We are a small team. We say yes when the story is in scope, the question is defined, and the work is something a paid client would otherwise be quoting on. We say no when the request looks more like a sourcing fishing trip than an investigation.

  • Russian corporate ownership reconstruction. EGRUL and EGRIP pulls, historical-change tracing, leaked-database cross-reference where the leak is already in the public domain via an established consortium (ICIJ, OCCRP, Distributed Denial of Secrets, etc.).
  • UBO tracing through Cyprus / UAE / BVI structures. Four-jurisdiction chains are typical. We document each layer with the registry extract, the snapshot date, and the percentage stake. You get a graph, not a hunch.
  • Sanctions cross-list matching at scale. Take a list of entities or names from your investigation; we run it against OFAC SDN/SSI, EU consolidated, UK OFSI, UN, Swiss SECO, Australian DFAT, and Canadian SEMA. You get the hits, the misses, and the near-misses with confidence flags.
  • Maritime OSINT. Vessel tracking, AIS gap reconstruction, port-state inspection record pulls, flag-of-convenience history, ship-to-ship transfer pattern analysis. Useful for shadow-fleet, dual-use-cargo, and grain-corridor stories.
  • Telegram and dark-web monitoring on specific targets. Defined scope only. We will monitor named channels, named handles, or named entities. We will not run open-ended surveillance, and we will not produce a profile on a private individual just because they look interesting.
  • Methodology peer review on pre-publication drafts. Send us the draft (or the relevant section), and we will mark up the OSINT-methodology claims: where the chain of inference is strong, where it leaks, where a primary source would close a gap a hostile lawyer will otherwise open. We do not edit your prose. We do not co-author. We do not get a byline.

What we do not offer

The line is drawn here for the same reason any analyst worth working with draws it. Both because of the law, and because the work has to keep being trustworthy after the story ships.

  • Generic background checks on private individuals who are not public figures and not named in a sanctions or court filing.
  • Anything that crosses the Probiv line: paid pulls from corrupt-insider sources inside Russian state databases, coercion, social-engineering of registry officials, purchased police or tax records.
  • Anything outside the Russia / CIS / sanctions focus. We are not the right partner for a UK domestic-corruption story or a US healthcare-fraud story. Ask OCCRP, ProPublica, or Bellingcat first.
  • Help with disinformation, narrative-laundering, or information-operations campaigns of any side — Russian, Ukrainian, European, American, or otherwise.
  • Anything that requires us to disclose a client, a source-access vector, or an analyst.

How accreditation works

The bar is not high, but the bar exists. We need a reason to believe the person on the other side of Threema is who they say they are, working on what they say they are working on.

You qualify if any one of the following is true:

  • Staff member or contributor at an outlet whose union or trade body is the NUJ (UK), IFJ (international), NPC (US), ASNE / News Leaders Association (US), EFJ (Europe), DJV (Germany), SNJ (France), or any RSF-recognised member organisation.
  • Staff or contracted journalist at an outlet with an active ICIJ, OCCRP, EIC, IJ4EU, GIJN, or Bellingcat partnership.
  • Freelancer with a public byline portfolio of three or more investigative pieces in the last 24 months, plus one editor reference we can verify (a one-line email from the commissioning editor is enough).

We do not require you to publish under your real name. We do require an editor or a chief-of-staff to vouch on a secure channel before we open a working file.

Submission template

Send the five items below in your first message. We can do almost anything with a well-scoped request and almost nothing with a vague one.

1. Outlet, your role, and a verifying editor contact.
2. Target counterparty — the entity (with INN / OGRN / registration number if known), vessel (with IMO), or individual (with country of operation and any OFAC / EU listing reference).
3. The single specific question you are trying to answer. One sentence. ("Who actually controls X?" / "Did vessel Y do an STS in the Laconian Gulf between dates A and B?" / "Is the entity in field 3 of EU OJ L 2025/XXX the same legal person as the Russian-registered Z?")
4. Publication timeline — provisional ship date, hard deadline if any, embargo status.
5. Pre-publication legal-review status — which jurisdiction, which firm or in-house team, what they have already flagged.

Methodology and source standards we follow

Everything we hand over is built to survive a hostile pre-publication letter. Primary-source citations on every factual claim. Chain-of-custody documentation on each registry extract, with timestamp and source URL. Dual-source validation on UBO attributions. Sanctions matches verified against the primary list PDF, not against a secondary aggregator. We work within FCPA, the UK Bribery Act 2010, and EU AML 6 / the 6AMLD framework. We do not pay sources for state-database access. We do not use Probiv-style services. We do not use leaked personal data unless it is already in the public domain through an established journalistic consortium release. The full process is documented in our OSINT investigation methodology; the same standards apply to pro-bono engagements as to paid ones.

How to reach us

Use a channel you would use to talk to a source. The same infrastructure we use for paid client work.

  • Threema: J78VRH26 — preferred for first contact. Swiss-hosted, no phone number required.
  • Session: open the Session ID modal on our secure contact page. No identifiers of any kind; useful if you do not want a network-level record of who you talked to.
  • PGP-encrypted email: [email protected]. Our key fingerprint and the WKD-discoverable public key are available on request via the same address (send an unencrypted "request key" message first).

We do not accept first contact via standard SMS, WhatsApp, Telegram cloud chats, LinkedIn, X DMs, or any messenger without end-to-end encryption by default. If you must reach us on a non-secure channel, send only "Please reach me back on Threema at <your handle>" — nothing more.

Three case studies

Anonymised and composited — outlet names, individual sources, and specific dates have been changed or omitted to protect editorial relationships. The shape of the work is accurate.

Case A — Four-jurisdiction beneficial-owner reconstruction

A major European newspaper was preparing a piece on a Russian-linked operating company holding a stake in a Western infrastructure asset. The visible owner was a Cypriot holdco. Their question: who actually ends up with the dividends?

We worked the chain back through the Cypriot registry, into a BVI nominee structure, across to a UAE free-zone entity, and finally into an EGRUL filing in Russia. Each layer was documented with the registry extract, the snapshot date, and the shareholding percentage. We then ran the 50-percent rule across the chain to flag where indirect OFAC and EU designation would land. The paper got a four-page UBO annex with primary sources for every link, plus a one-page summary their pre-publication legal team could lift directly into the risk-of-libel section. Story shipped; no factual correction issued.

Case B — Cross-referencing 14 vessels against Equasis flag history

An OCCRP-affiliated investigative team was working on the aftermath of an OFAC press release that named a cluster of tankers tied to Russian crude movement. They had the IMOs. They needed the structural pattern: flag history, manager changes, and the cadence of re-flagging around designation events.

We pulled each IMO against Equasis, the Paris MoU inspection record, and our internal shadow-fleet dataset. The output was a 14-row matrix showing flag-of-convenience hopping, manager-company turnover, and the gap between OFAC designation and the corresponding flag change. The team used the matrix as the structural spine of a follow-up story explaining how the shadow-fleet operating pattern keeps moving even after the sanctions list catches up.

Case C — UAE real-estate exposure on a sanctioned Russian oligarch

A Ukrainian-language investigative outlet was tracing real-estate exposure in the UAE belonging to a Russian individual already designated on the EU consolidated list. They had the name and the EU OJ reference; they needed the structure tying it to specific properties.

The UAE side of the work used free-zone registry pulls, leaked property-registry data already published through a recognised journalistic consortium, and corporate-secretary records from the UAE mainland. We built the ownership ladder from the named individual through two intermediate entities into the holding company on title, with snapshot dates at each layer. The outlet published in Ukrainian; the methodology section was peer-reviewed by us before publication to make sure the chain-of-inference stood up to the response their lawyers were anticipating. It did.

One last thing

We are not a press office, an NGO, or a foundation. We are an OSINT shop that thinks Russia / CIS investigative journalism is one of the few public-interest goods that still functions, and we would rather have your work in the world than not. If your story is in scope, the toolkit is yours and the analyst time is yours. If it is not, we will tell you within 48 hours and, where we can, point you at someone better placed.

No invoice attached. No citation required. No upsell follows.