The US Senate's last formal look back at 2016. Disinformation in the Near Abroad. Hacktivism or state-run fronts?

By the CyberWire staff

At a glance.

US Senate Select Committee on Intelligence releases the final volume of its report on Russian interference in the 2016 election.
Russian disinformation in the Near Abroad retains a focus on Ukraine.
Challenges of attribution in information operations.

Senate Intelligence Committee's final report on Russian influence operations during the 2016 US election.

The US Senate Select Committee on Intelligence has released the final volume of its report on Russian interference with the 2016 election. "The Committee found that the Russian government engaged in an aggressive, multifaceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election." It found that President Putin directed the campaign and set its goals (generally disruptive, but specifically anti-Clinton), that despite troubling behavior by sometime Trump consigliere Paul Manafort there was no evidence of collusion between the Trump campaign and Russian intelligence services, and that the FBI made loose and careless use of the retrospectively implausible Steele dossier. The report's focus is counterintelligence, and not, as its authors point out, criminal investigation of the sort taken up by the earlier Mueller report.

Particularly interesting conclusions include the following:

On President Putin's involvement: "Russian President Vladimir Putin ordered the Russian effort to hack computer networks and accounts affiliated with the Democratic Party and leak information damaging to Hillary Clinton and her campaign for president. Moscow's intent was to harm the Clinton Campaign, tarnish an expected Clinton presidential administration, help the Trump Campaign after Trump became the presumptive Republican nominee, and undermine the U.S. democratic process."
On division of labor within Fancy Bear: One GRU section was charged with gaining access to the targets, another with staging and amplifying them where they could work their influence.
On WikiLeaks: "WikiLeaks actively sought, and played, a key role in the Russian influence campaign and very likely knew it was assisting a Russian intelligence influence effort. At the time of the first WikiLeaks releases, the U.S. Government had not yet declared WikiLeaks a hostile organization and many treated it as a journalistic entity." DCLeaks, established as a conduit for the leaks, lacked the desired reach and credibility; the GRU shifted to WikiLeaks, which many were at the time still willing to treat as a legitimate journalistic operation. The general presumption that WikiLeaks was more-or-less aligned with progressive politics would have been gravy, giving the DNC leaks a misleading character of an admission against interest.
On Paul Manafort: "The Committee found that Manafort's presence on the Campaign and proximity to Trump created opportunities for Russian intelligence services to exert influence over, and acquire confidential information on, the Trump Campaign. Taken as a whole, Manafort's high-level access and willingness to share information with individuals closely affiliated with the Russian intelligence services, particularly Kilimnik and associates of Oleg Deripaska, represented a grave counterintelligence threat."
On Roger Stone: "Trump and senior Campaign officials sought to obtain advance information about WikiLeaks's planned releases through Roger Stone.... The Committee could not reliably determine the extent.of authentic, non-public knowledge about WikiLeaks that Stone obtained and shared with the Campaign." Other Trump campaign operators were mentioned in dispatches, but we will for present purposes let Messrs. Manafort and Stone stand for all of them.
On the FBI: "The Committee found that certain FBI procedures and actions in response to the Russian threat to the 2016 elections were flawed, in particular its interactions with the DNC about the hacking operation and its treatment of the set of memos referred to as the Steele Dossier.... FBI gave Steele's allegations unjustified credence, based on an incomplete understanding of Steele's past reporting record. FBI used the Dossier in a FISA application and renewals and advocated for it to be included in the ICA before taking the necessary steps to validate assumptions about Steele's credibility. Further, FBI did not effectively adjust its approach to Steele's reporting once one of Steele's subsources provided information that raised serious concerns about the source descriptions in the Steele Dossier. The Committee further found that Steele's reporting lacked rigor and transparency about the quality of the sourcing." In general, the Bureau handled the DNC with a punctilious attention to its own regulations, but was markedly more free-wheeling in its use of the Steele Dossier. The committee did not find evidence that the Russians successfully assembled kompromat against then-candidate Trump.
On the market for political influence services: It's there, it's large, and it's international. "Over the course of this investigation, the Committee identified an international marketplace for digital services to shape popular sentiment and electoral outcomes. These services-many of which are based overseas-use an array of personal information to build targeted messaging profiles. During elections, campaigns can use these profiles to direct select political advertisements and narrative content toward specific audiences calculated to be most susceptible to the messaging. This practice of "micro-targeting" is in tum designed to influence the thoughts and judgments of voters. The use of messaging to sway voter sentiment is not a new development. However, it is now enabled by advanced data analytics and algorithmic targeting, the globally expansive reach of social media, and user-generated data and personal information that is often unwittingly provided or illicitly obtained." As the conclusion states, this is not a new development. We suggest its immediate ancestor might be found in the direct-mail techniques that came to maturity in the late 1970s and 1980s.

Democratic reaction has emphasized the counterintelligence problems Paul Manafort and others represented, and the Trump campaign's interest in what was expected to emerge from WikiLeaks. Additional comments from some of the Democratic members concluded, "the Russian intelligence services' assault on the integrity of the 2016 U.S. electoral process and Trump and his associates' participation in and enabling of this Russian activity, represents one of the single most grave counterintelligence threats to American national security in the modem era." For their part, Republican reactions pointed out a lack of evidence that the Trump campaign colluded with Russia, and noted the problems with the FBI's conduct of its investigation. Republican members' additional comments said, "All Americans should be deeply troubled that the FBI was willing to accept and use Steele's information without verifying its sourcing or methodology. Volume 5 is an important contribution to the historical record from which historians will someday draw. As is evident to those who read all five volumes of the Committee's report, the Russian government inappropriately meddled in our 2016 general election in many ways but then-Candidate Trump was not complicit. After more than three years of investigation by this Committee, we can now say with no doubt, there was no collusion." (Emphasis in the original.)

What are some other takeaways? As FCW observes, the report's look at the FBI in particular suggests ways in which the Bureau, and presumably other Federal agencies, might usefully improve the investigation of cyber incidents. And it's difficult to read the report without being struck by how much of the interaction among intelligence officers, agents, and targets seems the work of opportunists and fantasists. Let the Russian proposal to have President Putin show up at the National Prayer Breakfast stand for the rest. These are tactical and not principled operations.

Disinformation in the Near Abroad.

Unrest in Belarus and continuing Russian ambition to re-engorge the near abroad have been on display over the past week.

Ukraine’s National Cyber Coordination Centre warns that Gamaredon Group (also known as Primitive Bear, a Russian threat group run by the GRU and presenting itself as a Ukrainian separatist organization) is newly active with phishing. The attackers are using malicious attachments that pose as official government documents, often spoofing the Security Service of Ukraine. The effort appears to be battlespace preparation for a campaign against Ukrainian infrastructure believed to be timed for Monday, August 24th, which is Ukraine’s independence day.

The Centre’s press service stated, “Specialists of the NCCC within the National Security and Defense Council of Ukraine have identified a trend towards the modernization of cyberattack software in order to increase the effectiveness of overcoming protection means and concealment of their activities in compromised systems. The analysis of malicious programs revealed signs of preparation for a large coordinated attack on government agencies and critical infrastructure, aimed at destabilizing the situation in Ukraine before the Independence Day and during preparations for the next local elections.”

Ukraine’s SBU security service also says that accounts of its involvement with Russian Wagner Group paramilitaries allegedly active in Belarus are Russian disinformation. Ukraine’s SZR foreign intelligence service yesterday said the Wagner Group is operating in Belarus under Russian control. The imposture in both cases would be the pretense that Primitive Bear and the Wagner Group are either, in the former case, a homegrown Ukrainian group or, in the latter, a private militia contracted for deniable violence by Kiev. See SentinelOne's useful February report for background on the Gamaredon Group.

Challenges of attribution.

Two low-grade instances of hacking in two conflict-prone regions, the Aegean and the Subcontinent, serve as reminders of the difficulties of attribution. Spontaneous hacktivism can be difficult to distinguish from government-run cyberattacks, but two current campaigns look for now more like patriotic hacktivism than espionage. The Greek Reporter says that government websites in Eastern Macedonia and Thrace have been defaced with “Blue Homeland” messaging that evidently came from Turkish operators. And Zee News trumpets the activities of the “Indian Cyber Troops” who’ve “hoisted the Indian tricolor” on some eighty Pakistani websites. Further complication arises from the possibility that such actions could also be false flags or provocations.

Cyber Attacks, Threats, and Vulnerabilities

()

NSDC reveals signs of Russian special services' large cyberattack on Ukraine's govt agencies before Independence Day (Interfax-Ukraine) The National Cyber Coordination Centre (NCCC) within the National Security and Defense Council of Ukraine (NSDC) has discovered the activation of the Gamaredon hacking group, which is monitored by the special services of the Russian Federation."

Facebook accused of 'actively promoting' Holocaust denial pages (The Telegraph) One Facebook group which contained Holocaust denial posts had more than 88,000 members

Ex-IDF Intelligence official: Russian cyber, disinformation trends converge with vaccine (The Jerusalem Post) Russian President Vladimir Putin is interested in depicting his country as winning the vaccine race.

The Beirut Explosion - Is It A Bird? Is It A Plane? Is It A Faked Video Of A Missile? (bellingcat) In the days after every catastrophe, it is inevitable that rumours and misinformation will be passed around on social networks and by word of mouth. This appears to be a universal human behaviour. The disaster in Beirut is no different. In the three days since the blast we have seen multiple examples of misleading or …

Chinese accounts blast Trump, with help from AI-generated pictures (CyberScoop) A network of accounts on multiple platforms has been criticizing Trump and broadcasting more positive images of Democratic presidential candidate Joe Biden, according to a report published Wednesday by Graphika, a New York-based research firm.

QAnon Destroys Lives. Now It’s Coming for Congress. (Foreign Policy) It’s hard—but possible—to save people from the conspiracy theory’s grip.

Facebook removes hundreds of QAnon groups, citing public safety risks (Reuters) Facebook Inc Facebook said on Wednesday it had removed nearly 800 QAnon conspiracy groups for posts celebrating violence, showing intent to use weapons, or attracting followers with patterns of violent behavior.

Backlash against 5G in Welsh town threatens to leave ambitions in flames (The Telegraph) Social media campaigns and warnings over long-term health risks are driving mistrust

Trump retweets Russian propaganda about Biden that US intel agencies say is intended to influence 2020 election (CNN) President Donald Trump on Sunday night retweeted Russian propaganda about former Vice President Joe Biden that the US intelligence community recently announced was part of Moscow's ongoing effort to "denigrate" the Democrat ahead of November's election.

Marketplace

TikTok shut down news app News Republic as political tension over Beijing heated up (The Telegraph) The Chinese-owned company acted after it faced questions about censoring articles that are critical of Beijing

Technologies, Techniques, and Standards

How To Avoid Fake News | Avast (Avast) Learn how to know that the news you’re consuming is accurate with these five tips for eliminating fake news from your life.

Fake News Is Wreaking Havoc on the Battlefield. Here's What the Military's Doing About It (Military.com) Each of the services has created new positions or units to deal with renewed information warfare threats.

Opinion | QAnon Was a Theory on a Message Board. Now It’s Headed to Congress. (New York Times) A supporter of the dangerous conspiracy theory won a primary runoff on Tuesday. The social media platforms have some soul-searching to do.

Design and Innovation

Twitter declares war on satire, suspending parody persona Titania McGrath & others. Did they hit too close to home? (RT International) Twitter has seemingly gone on a rampage against anti-“woke” satirists, locking the account of social justice warrior caricature Titania McGrath and suspending several others for reasons that remain unclear.

The Dangers of Seeing the World Through Ubiquitous Video (Wired) Moving images bombard our brains and fog our thoughts—but every now and then they expand our minds.

Twitter labels RT & Sputnik but NOT BBC, NPR & VOA as it launches blitz on state media staff & govt officials (RT International) Twitter has declared war on certain state-affiliated media entities, announcing accounts belonging to senior staff will be labeled and their tweets won’t be amplified or recommended. The BBC and US state-funded media are exempt.

First they came for WikiLeaks: ’BlueLeaks’ activists pursued as ‘criminal hacker group’ by DHS despite not hacking (RT International) Distributed Denial of Secrets, the group that published the “BlueLeaks” trove of hacked police documents in June, is being persecuted as a “criminal hacker group” by the US Department of Homeland Security – just like WikiLeaks.

Bracing for election day, Facebook rolls out voting resources to US users (TechCrunch) Eager to avoid a repeat of its disastrous role as a super-spreader of misinformation during the 2016 election cycle, Facebook is getting its ducks in a row. Following an announcement earlier this summer, the company is now launching a voting information hub that will centralize election resources f…

Mark Zuckerberg Says Facebook Doesn’t Want To Be The “Arbiter Of Truth.” Its Fact-Checkers And Employees Say It Already Is. (BuzzFeed News) Facebook’s employees and fact-checking partners say they are left in the dark about how the company decides what content stays up and what comes down.

()

Academia

()

Legislation, Policy, and Regulation

(U) Report of the Select Committee on Intelligence, United States Senate, on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 5: Counterintelligence Threats and Vulnerabilities (Select Committee on Intelligence, United States Senate) The Committee found that the Russian government engaged in an aggressive, multifaceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election. Parts of this effort are outlined in the Committee's earlier volumes on election security, social media, the Obama Administration's response to the threat, and the January 2017 Intelligence Community Assessment (ICA).

The Cybersecurity 202: Democrats use Senate’s Russia report to make their closing argument against Trump (Washington Post) Democrats are pointing to the final volume of a bipartisan Senate investigation into Russia’s 2016 election interference to make their closing argument in this presidential race: that President Trump won’t stand up to Russian hacking if he’s reelected.

Putin Chef's Kisses of Death: Russia's Shadow Army's State-Run Structure Exposed (bellingcat) Yevgeny Prigozhin can be described as the Renaissance man of deniable Russian black ops. An ex convict who served time for robbery, fraud and forcing minors into prostitution, he began his legitimate business career in the 90s as a St. Petersburg restaurant owner and later as caterer for the Kremlin. Today, his official business is …

The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States, and U.S. Politics - Texas National Security Review (Texas National Security Review) Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the “simulation of scandal" — deliberate attempts to direct moral judgement against their target.

Hack-and-Leak Operations and U.S. Cyber Policy (War on the Rocks) Editor's Note: This is a companion article to an essay published in the Texas National Security Review, our sister publication. On Nov. 27, 2019,

China’s Soft-Power Grab (Foreign Policy) Beijing has quietly been seeding the U.N. and a host of other international organizations with its own nationals, racking up more influence even as Washington…

Litigation, Investigation, and Law Enforcement

Facebook Faces Hate-Speech Questioning by Indian Lawmakers After Journal Article (Wall Street Journal) Indian lawmakers are gearing up to question Facebook about extremist posts, after a Wall Street Journal article detailed what current and former company employees said was a pattern of favoritism toward the ruling party and Hindu hard-liners.

Six revelations in Senate intel report on 2016 Russian interference (NBC News) The bipartisan report provides new details on Trump’s conversations with Roger Stone and the activities of the president’s former campaign chairman Paul Manafort.

Local Officials in China Hid Coronavirus Dangers From Beijing, U.S. Agencies Find (New York Times) A new U.S. intelligence report says top officials in Beijing were in the dark in early January on the true dangers of the virus. That could affect U.S. policy on China.