On March 1, Chechnya’s leader Ramzan Kadyrov posted a short video on Telegram, in which a cheery bearded soldier stood before a line of tanks clanking down a road under an overcast sky. In an accompanying post, Kadyrov assured Ukrainians that the Russian army doesn’t hurt civilians and that Vladimir Putin wants their country to determine its own fate.

In France, the CEO of a law enforcement and military training company called Tactical Systems took a screenshot of the soldier’s face and got to work. Within about an hour, using face recognition services available to anyone online, he identified that the soldier was likely Hussein Mezhidov, a Chechen commander close to Kadyrov involved in Russia’s assault on Ukraine, and found his Instagram account.

“Just having access to a computer and internet you can basically be like an intelligence agency from a film,” says the CEO, who asked to be identified as YC to avoid potential repercussions for his sleuthing. Tactical Systems’ client list includes the French armed forces and it offers training in open source intelligence gathering.

Russia’s assault on Ukraine, a conflict between two internet-savvy nations in a place with good cellular coverage, offers rich pickings for open source intelligence, or OSINT. Compiling and cross referencing public sources such as social media can reveal information such as the location or losses of military units. The abundant online photos that are the legacy of years of social networking and a handful of services that provide easy access to face recognition algorithms allow some startling feats of armchair analysis.

Not long ago, a commander or prisoner of war pictured in a news report might be recognizable only to military and intelligence analysts or their own colleagues, friends, and family. Today a stranger on the other side of the globe can use a screenshot of a person’s face to track down their name and family photos—or those of a lookalike.

WIRED used a free trial of a Russian service called FindClone to trace a photo of a man who a Ukrainian government advisor claimed to be a captured Russian soldier. It took less than five minutes to find a matching social media profile. The profile, on Russian social network VKontakte, included the teenager’s birthdate and photos of his family. It listed his place of work as “polite people/war.” The Russian phrase “polite people” is used to refer to soldiers from Russia active in Ukraine during the 2014 annexation of Crimea. Ukrainian open source intelligence group InformNapalm independently made the same connection in an earlier post claiming to identify two of the claimed captives, and confirmed in a message to WIRED that it relied in part on face recognition.

That power to identify people from afar could bring new accountability to armed conflict but also open new avenues for digital attack. Identifying—or misidentifying—people in videos or photos claimed to be from the front lines could expose them or their families to online harassment or worse. Face algorithms can be wrong and errors are more common on photos without a clear view of a person’s face, as is common for wartime images. Ukraine has a volunteer “IT Army” of computer experts hacking Russian targets on the country’s behalf.

If distant volunteers can identify combatants using face recognition, government agencies can do the same or much more. “I’m sure there are Russian analysts tracking Twitter and TikTok with access to similar if not more powerful technology who are not sharing what or who they find so openly,” says Ryan Fedasiuk, an adjunct fellow at the Center for a New American Security.