How We Produce Intelligence on Russia & CIS
Every [0x]INT engagement follows a structured intelligence methodology — from intake to deliverable. This methodology hub documents how we work: the six-phase analytical process we apply, the sources we access, how we validate findings, and the operational security standards we maintain throughout. It also links the evergreen methodology explainers that the rest of this hub is built around.
OFAC 50-Percent Rule OFAC General Licenses CASP under MiCA STS Transfers Flags of Convenience AIS Gap Analysis
Six phases. Every engagement.
From secure intake to final deliverable — each phase is documented, quality-checked, and conducted in operational isolation.
Secure Intake & Scoping
You describe the target and objective. An analyst reviews the request within 4 hours, identifies which jurisdictions, registries, and source types are relevant, and delivers a scoped proposal with timeline and deliverable structure.
Open Source Collection
Systematic collection from publicly available sources: corporate registries, court databases, sanctions lists, financial disclosures, media archives, and social platforms. All collection is automated where possible, analyst-curated where necessary.
Closed Source & Deep Web
Access to restricted registries, commercial intelligence databases, breach aggregators, dark web forums, and Telegram intelligence channels. This is where the critical findings surface — the data that standard compliance platforms don't index.
Cross-Referencing & Validation
Every finding is validated against at least two independent sources. Ownership chains are documented with EGRUL extract references. Sanctions matches are verified against primary list PDFs. We do not include unverified intelligence in final reports.
Analysis & Risk Assessment
Raw data is synthesized into analytical judgments. Ownership graphs are constructed. Sanctions proximity is calculated. Risk is classified as Low, Medium, High, or Critical. The analyst writes an executive summary designed for decision-makers — not a data dump.
Deliverable & Follow-Up
The final report is quality-reviewed by a second analyst, formatted to client specifications, and delivered via the agreed secure channel. Post-delivery, you can request clarifications, follow-up checks, or transition to ongoing monitoring.
Where the intelligence comes from
We access sources that standard compliance platforms don't. Here is the source matrix for a typical Russia/CIS engagement.
Russian Registries
Full corporate ownership data, historical changes, director appointments, registered capital, and activity codes.
Court & Enforcement
Litigation history, arbitration rulings, enforcement proceedings, debt collection records, and bankruptcy filings.
Asset Registries
Real estate ownership, land plots, vehicle registrations, and intellectual property rights tied to entities and directors.
Designation Lists
Multi-list screening against all major sanctions regimes. Extended to all entities and individuals in the ownership chain — not just the primary target.
Cyber & Dark Web
Breached credential databases, dark web forum monitoring, stealer log analysis, and infrastructure reconnaissance.
Customs & Logistics
Import/export records, HS code analysis, shipping intelligence, and trade route pattern identification for sanctions evasion detection.
How we protect your engagement
Every investigation is conducted in operational isolation. We maintain strict OPSEC standards to protect both your identity and the integrity of the intelligence.
Isolated Environments
Each engagement is conducted in an isolated analytical environment. No cross-contamination between client projects. Research infrastructure is compartmentalized.
Encrypted Communications
All client communications are end-to-end encrypted. We support Email (PGP available), Session, and Threema. No data transits unencrypted channels at any stage.
No Client Data on Servers
Intake forms use client-side mailto: composition. Briefings are not stored on web servers. Client data exists only in encrypted analyst workstations during the engagement.
Source Protection
We never disclose access methods, internal tooling, or source relationships. Reports cite the registry or database — not the access vector used to retrieve it.
Data Retention Policy
Working files are purged 30 days after deliverable acceptance unless ongoing monitoring is contracted. No client engagement data is retained beyond the agreed period.
Jurisdictional Awareness
All work is conducted within the legal framework of the client's jurisdiction. We advise on data protection constraints and compliance implications before engagement.
What makes an [0x]INT report different
Structured, Not Narrative
Reports follow a consistent structure: executive summary → findings → ownership graph → risk assessment → appendix. Designed for compliance committees, not casual readers.
Source-Cited at Every Layer
Every ownership link, sanctions match, and financial data point cites the specific registry, list version, or database it was retrieved from. No unsourced claims.
Risk-Rated Findings
Findings are classified as Low, Medium, High, or Critical. Each risk rating includes a justification and recommended action — not just a color code.
Visual Ownership Graphs
Full corporate structure visualizations showing the ownership chain from operating entity to ultimate beneficial owner, with percentage stakes and snapshot dates at each layer.
Multi-Language Support
Reports are delivered in English, German, or French. Source analysis is always conducted in the native language of the registry — Russian, Ukrainian, or Kazakh.
Dual-Analyst Review
Every report undergoes peer review by a second analyst before delivery. Factual accuracy, source citations, and analytical judgments are independently verified.
Analytical standards we enforce
Every [0x]INT report guarantees:
- Dual-source validation for all factual claims
- Primary source citations (registry extracts, list versions, court case numbers)
- Clear separation of verified fact vs. analytical assessment
- Confidence rating on UBO identification (High / Medium / Low)
- Sanctions proximity measured in ownership hops, not assumptions
- Executive summary written for non-specialist decision-makers
- Structured appendix with raw source documents where permissible
- Delivery within agreed timeline — or proactive rebriefing if scope expands
Describe the target. We'll scope the engagement, assign an analyst, and deliver a structured proposal within 4 hours.
Initial consultation is free and confidential · Secure channels available
The reference layer
This methodology hub collects short, evergreen plain-English explainers of the core legal and OSINT concepts that our intelligence methodology applies in every engagement. Each explainer is a standalone reference, cited inline from each flagship investigation, so the methodology hub doubles as both a process overview and a working glossary for compliance and investigative teams.