At a glance.
- Cozy Bear called out for influence operations.
- Intelligence and Security Committee of Parliament outlines Russian information operations.
- Twitter hacking and the potential for disinformation.
- Chinese hackers accused of participation in disinformation.
- The difficulty of countering or controlling misinformation.
Cozy Bear mentioned in dispatches.
Late last week Australian, British, Canadian, and American intelligence services joined in identifying Cozy Bear, a threat actor run by Russia's SVR foreign intelligence service, as the actor behind cyberespionage directed against COVID-19 research, and as responsible for a doxing attempt to influence last year's British general election. The Sydney Morning Herald reports that the specific influence operations used stolen documents pertaining to Anglo-American bilateral trade negotiations to help drive the Labour Party's retrospectively absurd contention that the Conservatives intended effectively to privatize the National Health Service and sell it to the Americans.
Russia's embassy in London, responding to "unfriendly statements by Foreign Secretary Dominic Raab," said that Russia didn't hack any biomedical research, didn't attempt to influence any "democratic elections," and that it reiterated its offer to jointly investigate and adjudicate cyber issues. The statement closed with this: "We have also taken note of the Foreign Secretary’s suggestion that the UK Government reserves the right to respond with appropriate measures in the future. In this regard, we would like to state once again that any unfriendly actions against Russia will not be left without a proper and adequate response."
Disinformation highlighted by the Intelligence and Security Committee of Parliament.
Foreign Secretary Raab's unfriendly statements were a foreshadowing of the even more unfriendly characterization of Russian cyber operations that appeared this week. The UK's Intelligence and Security Committee of Parliament rendered its long-anticipated report on Russian espionage and cyber operations at Westminster Tuesday morning. The redacted report concludes that Russia's aims are primarily negative ("paranoid," also "fundamentally nihilistic"), seeking to disrupt and damage rivals. Moscow's subsidiary positive ("substantive") goals include sustaining its prestige as a great power and preserving its rulers' privileged positions. The Committee outlines extensive Russian disinformation operations against the UK. These have pursued goals observed elsewhere, including the opportunistic exploitation of existing social fissures to erode trust in civil society and the institutions that serve it. C4ISR has a useful historical summary of recent Russian influence operations, which they give the classical headline "Divide et impera," "Divide and rule."
Russia is assessed, unsurprisingly, as "a highly capable cyber actor with a proven capability to carry out operations which can deliver a range of impacts across any sector." A striking feature of Russia's cyber capability is the close and "symbiotic" relationship its intelligence and security services enjoy with Russian organized crime. This relationship, which includes corrupt business operations, is seen as so close as to render the gangs, the contractors, and the state operators effectively indistinguishable. But the security and intelligence services are the ones calling the shots. The criminals are compromised, suborned, and controlled. They understand that they operate at the sufferance of the organs.
The report includes a range of recommendations, and does so against a background of noting that the United Kingdom has developed an effective offensive capability, suitable for deterrence and, should deterrence fail, retaliation.
The Committee appreciates that Russia is a “hard target” for intelligence collection. It also notes that both collection and active cyber offensive measures against Russia carry a distinct risk. “ In the case of Russia, the potential for escalation is particularly potent: the Russian regime is paranoid about Western intelligence activities and ‘is not able to treat objectively’ international condemnation of its actions.109 It views any such moves as Western efforts to encourage internal protest and regime change. The risk is compounded by limitations on UK engagement with the Russian government at official and political levels, making deciphering Russian leadership intent even more difficult.” And Moscow’s centralized decision-making, seen as distinctively shaped by President Putin’s personality and style of government, has given Russia a surprising agility in cyber conflict.
TASS quoted Russian officials to the effect that the Intelligence and Security Committee's report amounted to nothing less than a lot of anti-Russian nonsense, if for no other reason than that, as the Kremlin tells it, there are no Russian hackers. "There are no hackers working for the Russian government, so our government does not consider any actions by hackers, nor does it coordinate them,” Russia’s finance minister Anton Siluanov said. He added that Russia was developing its own COVID-19 vaccine, and therefore had no need to steal anyone else's, which in any case it didn’t do.
As the British Parliament met this week for the final time before departing on summer break, ABC News reports that MPs argued over whether Her Majesty's Government had done enough to counter the threat of Russian hacking outlined in the Intelligence and Security Committee's report. The findings themselves do not appear to be controversial. Rather, the furor was over whether the Government has been taking proper steps to protect the UK against the Russian threat.
Twitter hack now almost certainly ordinary crime, but many see it as showing a potential for disinformation.
"'yoo bro,' wrote a user named 'Kirk,' according to a screenshot of the conversation shared with The New York Times. 'i work at twitter / don’t show this to anyone / seriously.”'" (Sic, we add.) Some of that's almost certainly untrue, like the hacker's claim to work at Twitter, and governments have shown themselves capable of imitating dimwitted leetspeak, but in this case it now appears that the Twitter account takeover was a clever but poorly thought-through criminal caper. The Verdict has a useful rundown of early speculation. But a great deal of concern has been expressed about the potential of such Twitter hijacking to serve the purposes of disinformation and influence operations. It didn’t, in this case. But given the extent to which people get a lot of their news in the form of tweets, the prospects are sobering. They’re even more sobering when one considers how Twitter has come to be used for emergency notification.
Twitter has updated its account of last week’s account hijacking incident: “We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.” Tripwire thinks the Dutch elected official was Geert Wilders, who confirmed to Yahoo that he was indeed the one affected. He’s now regained control of his account.
Several observers pointed out that Twitter has been used for disinformation in the past. A false tweet about explosions at the White House issued in 2013 caused the Dow Jones Industrial Average to briefly drop by 128 points, Sinclair reminded its audience. WIRED sees it as more evidence of the great and often poorly supervised power that admins wield over systems. (We note in passing that Edward Snowden himself was an admin.) Motherboard goes full-Strangelove with concerns that hijacked Twitter accounts could start a nuclear war. Those concerns are overblown, if only because they underestimate both the rationality of governments and the intricate systems governments have in place for nuclear command-and-control, but they're worth thinking about. (Those nuclear command-and-control safeguards might be looked to with profit, by the way, in designing safeguards for some of the activities sys-admins routinely perform.)
Twitter’s own security certainly took a black eye. Perhaps the incident will serve as a learning experience for social media generally, but there have been op-eds (like this one in the Financial Express) calling for a regulatory solution to a problem that seems rooted in human credulity. Hijacked accounts resulted in a Bitcoin scam, this time, but next time, well, what?
Contracting out influence operations.
The US Attorney for the Eastern District of Washington has secured an indictment against two Chinese nationals, Li Xiaoyu and Dong Jiazh, on eleven counts of hacking computer networks to obtain intellectual property. The case is interesting for the way in which the Justice Department has mentioned their activities in connection with disinformation. Disinformation isn't, of course, one of the criminal charges, but Justice wants people to know that it's noticed that disinformation is going on.
They are said to have cast a wide net, working against targets in eleven countries and at least twelve economic sectors. Each man faces one count of conspiracy to commit computer fraud, (maximum sentence of five years in prison), one count of conspiracy to commit theft of trade secrets (a maximum sentence of ten years in prison), one count of conspiracy to commit wire fraud (20 years’ max), one count of unauthorized access of a computer (a maximum sentence of five years), and seven counts of aggravated identity theft (a mandatory two non-consecutive years for each count). The investigation of the pair began when an intrusion into Department of Energy networks in Hanford, Washington, was detected, and it moved on from there. Since both men are in China and unlikely to ever fall into American law enforcement hands, the indictment's imposition of costs falls into the category of naming and shaming.
The FBI said the two “worked with the Guangdong State Security Department (GSSD) of the Ministry of State Security (MSS) while also targeting victims worldwide for personal profit.” Chinese nationals have been indicted by the US before in connection with espionage, but those were officers of the People's Liberation Army, whereas Messrs. Li and Dong are said to be criminals working under contract. The indictment is therefore interesting in that it appears to represent the first case in which Chinese hackers have been indicted for both state-directed espionage and ordinary self-interested cybercrime. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John C. Demers said in the Department of Justice press release that announced the charges.
Observers see a difference in national styles between Russian and Chinese employment of cybercriminals. The Washington Post spoke with experts who tended to see the Russians as winking at cybercrime as long as the gangs keep their hands off the wrong targets (that is, domestic and well-connected targets), and as long as they’re willing to do the official security and intelligence organs favors when asked. The Chinese treat the criminals more like contractors, and are content to let them profit on the side. In this case, while they allegedly stole trade secrets, spied on dissidents abroad, and assisted with influence operations, they also had a nice sideline raiding Bitcoin wallets.
The Justice Department thanked its international partners and the work the FBI’s Legal Attaches did to coordinate the investigation with them. There was some international applause for the indictment, Yahoo notes, with Australian agencies (including the Australian Signals Directorate) in particular welcoming efforts to hold bad actors to account. Australian authorities have tended to share US concerns about the extent of Chinese influence operations.
The Wall Street Journal says the US State Department also ordered China's Houston consulate closed for its connection to espionage and influence operations. Why the Houston consulate in particular was singled out the State Department hasn’t said. “The United States will not tolerate the PRC’s violations of our sovereignty and intimidation of our people, just as we have not tolerated the PRC’s unfair trade practices, theft of American jobs and other egregious behavior,” was the extent of the clarification State Department spokeswoman Morgan Ortagus offered.
The Chinese Foreign Ministry reacted in a foreseeably negative fashion. “This is a political provocation unilaterally launched by the U.S.,” spokesman Wang Wenbin said yesterday. “China urges the U.S. to immediately rescind its erroneous decision, otherwise China will undertake legitimate and necessary responses.” The Houston consulate burned its papers last night, Click2Houston reports.
The difficulty of controlling misinformation.
We've seen that QAnon, an American source of much far-fetched conspiracy theory, has found not only domestic audiences, but has also received a hearing in Canada, and, surprisingly, in Iran. This week Twitter decided to move against the group. NBC News says the social platform banned some 7,000 QAnon accounts for violating Twitter's rules against platform manipulation, spam, or ban evasion. Twitter has also decided to stop recommending accounts related to QAnon, and to limit the circulation of QAnon material in search results and trend reports. Those measures are thought likely to affect some 150,000 accounts. The New York Times reports that Facebook is preparing similar restrictions.
Arguing with misinformation, especially when it's held by committed partisans, is surely difficult. Anyone who's had the experience of discussing the views of convinced flat-earthers, anti-vaxers, UFOlogists, Freudians, ghost-hunters, and so on can attest to that. They've heard the counterarguments before, they're prepared for them, and you probably haven't devoted the tiniest fraction of thought to debunking their views until you're already in the midst of the argument. As Bertrand Russell once remarked after watching a flat-earther address a hostile gathering, they'll play skittles with you.
This is probably the reason some are calling for the "de-funding of social media" (an obvious homage to the "de-fund the police slogan"). Don't rely on fact-checking, for example. Not only does it not work, but it even leads people to encounter misinformation they would have otherwise missed. "Until we fundamentally reimagine our information ecosystem and our respective roles within it, we’ll keep repeating the same patterns over and over—not as a bug of the system, not as a feature of the system, but as the system itself," argues a piece in WIRED. The prescription offered isn't entirely clear, but it's on its strongest ground when it calls for thinking about ways of changing the "attention economy," or the way in which people get rewarded for clicks, and also for a call to stop routinely engaging misinformation (Lord Russell would have understood). But there also seems to be an implicit urge to move toward a kind of information command economy that would retreat from rational discourse entirely. That's attractive to authoritarian theorizing, from, say, central New York to Pyongyang, but perhaps we might want to think that one through.