Monday, October 3, 2016

Russia and the Information War

This post will discuss Russia's use of black/white propaganda.
CyberBerkut
I have been researching the group that edited documents to try and make the popular anti-corruption blogger Alexei Navalny, look like a Soros/CIA puppet. The name of the group is CyberBerkut and it emerged around the annexation of Crimea in March, 2014. It purports to be a pro-Russian Ukrainian hacking group, that supports the Russian separatists in Eastern Ukraine.
However, it can be stated with high confidence that this group is actually a disinformation front for Russian intelligence. Basically, this isn't the first time CyberBerkut pretended to hack a video/document/audio but in reality, forged some stuff and then pretended to "hack" it from enemies of the Kremlin.
One of the earliest examples of disinformation by CyberBerkut was this video which it claimed it "hacked" from the laptop of one of John McCain's aides when he visited Ukraine as a show of U.S. support (McCain is demonized in Russian media for being a hardliner towards Russia). They claimed the video shows some actors pretending to be Jihadi John and James Foley, his execution being filmed in front of a green screen! But the good folks over at MetaBunk did a frame-by-frame comparison of the real execution video and the so-called "leaked" filming of the set. They found that the actor had different movements compared to the real JJ, along with several other visual mismatches. Here's the full debunking:
This "secret" video was prominently featured on sites like InfoWars and Global Research.
Now, who would have the time, money, resources, and will power (complete with actors, clothing, cameras, props, etc.,) to put so much effort into creating a fake video to spread the conspiracy theory that America is staging ISIS' videos and is controlling it? Only a state like Russia, of course.
The second example of disinformation by CyberBerkut is a video showing neo-Nazi pro-Ukrainian fighters burning the Dutch flag. Russian propaganda likes to portray Ukraine as a failed state with Nazi/fascist hordes "genociding" ethnic Russian and that the U.S. supports this, much in the way it claims the U.S. supports ISIS in Syria. Anyway, the significance of this video, in which the fighters burned a Dutch flag, is that it was released around the same time a referendum was going to take place in the Netherlands, regarding Ukraine being allowed to sign the EU Association Agreement. This video was thoroughly debunked by the goods folks over at Bellingcat. It proved the video itself was fake and that Russian trolls began a concerted campaign to spread the video on the web. Interestingly, Bellingcat's website was hacked and defaced by CyberBerkut. I wonder why? They've also been implicated in DDoS attacks on NATO, Ukrainian, and German government websites.
Another example is when CyberBerkut pretended to hack documents from Ukraine's SBU. One document was a confidential letter from Vasili Gritsak (SBU's First Deputy Chairman and the head of its Anti-Terrorism Center) to Hennadiy Kuznetsov (SBU Colonel, then head of Special Operations Center A, a unit responsible for special anti-terrorist operations), appearing to show Gritsak directing Kuznetsov to carry out "false flag" attacks in Eastern Ukraine to blame on pro-Russian separatists. The objective of forging these documents and then pretending to hack them from Ukraine's SBU was to make it look like pro-Russian separatists were being unfairly blamed for civilian deaths.
Interestingly, Russia disinformation is obsessed with making anything that puts Russia in a bad light a "false flag." Russian trolls have been caught posting conspiracy theories of MH17 being a CIA/NATO/Ukrainian false flag or that they were aiming for Putin's plane but accidentally hit MH17. A laughable theory, but one that many in Russia accept.
Here are some more examples of blatantly clear Russian disinformation:
Russian troll factory spreading disinformation about murdered opposition activist Boris Nemtsov's death being a CIA false flag to destabilize Russia:
When opposition leader Boris Nemtsov was shot dead within sight of the Kremlin in March, suspicion immediately fell on those with links to Russian president Vladimir Putin.
Ms Savchuk said the orders at the Troll Factory were handed down quickly.
"They were just told: 'Nemtsov is killed. Everyone should urgently concentrate on this job. We shall write this and that'," she said.
The above tactic of calling everything a "false flag, such as MH17, is a good example of what Russia is trying to achieve: confusion and paralysis in the minds of Westerners so they question anything critical of Russia. Critics of Russia are smeared as being "anti-Russia", "Russophobic", "neocons", "warmongers", etc. Elliot Higgins and former U.S. ambassador to Russia, Michael McFaul, have been demonized in the Russian media and Russian trolls online.
The unofficial Russian branch of Anonymous (Shaltai Boltai) hacked the "Internet Research Agency" - a well known Russian troll farm - and leaked everything - emails, names, contact information, salaries, lists of troll accounts, assignments, you name it.
Torrent link of dump:
EDIT: Just realized the torrent link is dead and that there are actually three parts to the archive. Here are working MEGA mirrors for the 3 files:
Please make sure you scan them with an anti-virus, as it's possible Russian intelligence embedded spyware within the archives and re-upped them online to spy on the few people in the world who have an interest in these things. Sounds paranoid, but better to stay safe.
Curiously, their website is blocked in Russia - you can't access it in there.
The membership of CyberBerkut is anonymous, but reportedly includes former officers in the Crimean Berkut. That unit was part of Ukraine's Interior Ministry until Crimea's March 2014 annexation, upon which the Crimean Berkut was incorporated into Russia's Interior Ministry. CyberBerkut's "Ukrainian identity" is vigorously asserted, however, as it postures as an internal opposition group.
Cyberattacks and Leaks Though Front Groups
Snowden also blamed the recent NSA cyberweapons leaks on Russia. Snowden's tweets in full (bolded for emphasis by me):
The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.
2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.
3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.
4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.
5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.
11) Particularly if any of those operations targeted elections.
12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So...
The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.
Only a state has the power to leak NSA's weapons left on a server. I agree with Snowden's assessment that it was Russia. His reasoning is that this is a warning to America. Before the FBI publicly announces those behind the DNC leak, Russia is warning the U.S. that they can prove the U.S. hacking into computers too.
What surprises me most is how naive the West has become. We're being bombarded with leaks on an almost weekly basis now. Most people have probably focused on the DNC leaks, but did you know that a group calling itself "DCLeaks" leaked the internal documents of liberal George Soros' Open Society Foundation AND the private emails of the NATO general? Here's a look at their Twitter account (tell me if you notice their emphasis on a certain country):
Hacked NATO general defends plotting to push Obama to escalate tensions with Russia
Breedlove’s war: Emails show ex-NATO general plotting US conflict with Russia
Dangerous Propaganda: Network Close To NATO Military Leader Fueled Ukraine Conflict
Emails show Obama saw US involvement in Russia talks as a 'threat'
'Gen. plotted against Obama on Russia'
Check George Soros's OSF plans to counter Russian policy and traditional values
All they post are tweets relevant to Russia.
Also, Russia hates NATO and Soros, which are the only topics the leaks from DCLeaks talk about.
What's most interesting is that the Russians lost access to their hacked NSA computer June 2013 directly because of the actions of Snowden. Snowden claims that after he outed the secrets of the NSA, the NSA was forced to change the computers it uses for offensive operations, thus booting out the Russians too.
We now have proof of four leaks in mere weeks, all done by Russia, to influence Americans' opinions on the 2016 election (pro-Trump), to hate NATO, to publicly embarrass the NSA and warn the FBI of the consequences of announcing Russia was behind the DNC leaks, and disinformation about Soros to lure Trump supporters. This is unprecedented in Western history - Cold War active measures are back. They are using fake personas - "Guccifer2.0", "DCLeaks", and now "The Shadow Brokers" - the NSA weapons leakers - to destabilize the U.S.
Assange doesn't care about the truth. He only cares at getting back at Clinton. He's been handed no less than 4 separate leaks in the past few weeks (DNC emails, Soros foundation's intranet documents, NATO general's emails, and NSA cyber weapons). He's a whistleblower with a talented background in programming/hacking just like Snowden. He should be feeling suspicious about the large number of leaks regarding the U.S. But he hasn't publicly mentioned it - he knows it's Russia, but won't admit it. As an interesting aside, Guccifer2.0 claimed on Twitter that he gave Assange the DNC emails. If so, why is Assange spreading conspiracy theories about the dead DNC staffer, Seth Rich? Strange indeed.
Russian Propaganda in the West: Websites and Astroturfers
Russia is relying on naive Westerners to hate NATO and Soros. In other words, useful idiots. These people tend to be Conservative, Christian,, and conspiracy theorists to boot. They tend to be anti-establishment. Basically, much of the Republican base. Putin is popular among Republicans since he is viewed as a strongman and Conservative types are attracted to that. Furthermore, the Conservative media has portrayed Putin as a saviour of Christianity and in comparison to Obama, who they view as a secret Muslim Socialist/Communist from Kenya, he is respected much more by those on the Right. Russian Active Measure takes this into account. As an example, a well known anonymous hoaxer named "Sorcha Faal" - who claims to have access to the GRU/SVR/FSB - has since 2005 posted various hoax articles all favourable to Russia and pandering to the Right. Such examples include his/her article on "Putin declaring Black Lives Matter (BLM) a terrorist organization," something obviously false and never even confirmed. And yet, those who planted this story knew Republicans hate BLM since they are anti-cop and by extension, anti-authority, anathema to patriotic Rightists. Other examples include frequent commentary on Soros trying to reduce the birth rate and promote inter-ethnic marriage, and of course, the refugee crisis in Europe. The latter crisis is more applicable to Europe and Russian Active Measures has taken that into account. Countless viral news sites have popped up since 2014, all focused on the refugee crisis with anti-migrant commentary written by anonymous authors. These websites are extremely pro-Russian, anti-NATO, and frequently post anti-EU articles, along with conspiracy theories. These websites have popped up all over Europe in various languages. Here is a partial list of them, with analysis by a keen Russian disinformation-watcher, who analyzed the funding, founders, WHOIS, and social media links of these websites:
eadaily.com Analysis - Russian
southfront.org Analysis - Website analyzing Syrian and Ukrainian conflicts with a pro-Russian and anti-NATO/U.S. bent.
xxivek.net Analysis - Russian
geworld.ge Analysis - Greek
aeronet.cz Analysis - Czech Republic
strategic-culture.org Analysis - Created by Strategic Culture Foundation based in Moscow and aligned with the Centre for Research on Globalization in Canada, and with the Communist Party of China's 4th Media operation.
I see from reddit.com/r/The_Donald that you people already hate Soros (links often lead to Russian disinformation websites) and think NATO should turn into a protection racket, ignoring basic hegemonic theory and forward deployment strategy of the U.S. near Russia and China.
As an example, take a look at this conspiracy theory (and irrational) self post from /r/The_Donald:
And look at one of the more popular comments:
Political Control
One extremely far-right party in Hungary, called Jobbik, that is vehemently pro-Russian, was investigated by an independent Hungarian journalist, who wrote an article detailing the long-running recruitment of a Hungarian man, Béla Kovács, by Russia, after he married another KGB agent from Russia whom he met in Japan, when his father worked at the Hungarian embassy there. His new wife exposed him to the fact that he himself had been adopted and his real father was a KGB agent. Kovács then went to Russia and upon returning, had become pro-Russian and wealthy enough to fund a new Hungarian political party, called Jobbik, who he would later represent in the European Parliament. His father, who worked at the Hungarian embassy in Japan (a country thoroughly infiltrated by the Soviets due to its weak intelligence system) during the Cold War, was told by a stationed Hungarian intelligence officer that this woman his son had met was a long-running KGB agent that had previously married not only a Japanese nuclear scientist (presumably for access to nuclear technology) but also an Austrian underworld criminal (presumably for an Austrian passport to enable free travel through the EU's Schengen Zone). Most likely, she recruited Kovács to the KGB by telling him his father was a KGB agent and that he was adopted. The Jobbik party is extremely pro-Russian and borderline neo-Nazi. Russia has been accused of funding and developing it through Kovács. Both Kovács and his wife are under investigation.
Just goes to show how far back Russia has infiltrated European parties.
Read the fascinating investigation: A glorious match made in Russia
Russia is also using Alexander Dugin to cultivates ties with far-right parties in Europe:
British, French, Dutch, Spanish Hungarian, Slovakian, Serbian, and Czech far-right parties all connected to the Kremlin going back decades.
Here are some articles about Russia's usage of online trolls:
Domestic disinformation exists too:
An example of a fake Russian-created Twitter profile is this profile with 36K tweets in 6 months:https://twitter.com/FOXLADY9
Pro Pegida/ Pro Russia/ Anti Migrant Invasions/ Anti Islam/ I'm a Pinot Coloda Girl Love to Walk in the Rain/Enjoy a good Laugh/Clean Fun/Sassy/Outspoken
East Europe
Joined February 2016
Response by the West
This may sound cheesy, but the West doesn't do disinformation. Even during the Cold War, the side known for disinformation (Active Measures) was the Soviet block, not the West. Russia is an authoritarian country. It has no qualms paying thousands of people to spread pro-Kremlin propaganda online.
Europe has set up some sort of media monitoring centre, called "East StratCom Task Force", to counter Russian propaganda, that they created in March of 2015. It's one of the most pathetic and useless things I've even seen. All they do is make a weekly .pdf file of Russia's lies and conspiracy theories Russian trolls try to spread online. They thenupload said pdf file to some random corner of the web and call that their "response". Passive but not active.
The U.S. isn't doing anything to debunk the disinformation the Russian trolls are spreading. We need to create a counter-narrative to Russia's claims. Part of this means we have to be on the right side of the truth. Whether you agree or not, the people of Crimea voted to join Russia and earlier polls going back to the 90s indicate they've always supported this. Whenever Obama says "Crimea was annexed", his statements are translated/subtitled to Russian and put on YouTube for the Russians to be outraged at, because in their view, they're being punished for democracy. This benefits Putin and demonizes the West's arguments, so whenever we try and prove Putin is corrupt, the Russian populace assumes we're lying and smearing him. They've been mentally conditioned to ignore criticism of Putin. Putin's approval ratings are the highest in the world. Before the Crimea issue, they were hovering in the 60s, not much higher than where Obama is now. Afterwards, in February 2014, they skyrocketed to the 90s range. We in the West must accept that our rhetoric and message are too harsh for Russians. We should tone down the Crimea rhetoric and instead, focus on other things that irk Russia, like corruption in Putin's party, or pro-Russian rebels in E. Ukraine committing heinous crimes/torture.
For now, read some of this history regarding Soviet Active Measures (relevant to our current situation):
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)