At a glance.
- Report: Bonanza Media is a GRU front.
- US Cyber Command trolls its GRU opposition.
- Vaccine research, cyberespionage, and spin.
- Early lessons from the US elections.
Report: Bonanza Media outed as GRU front group.
Bellingcat reports that Bonanza Media, which bills itself as an independent investigative project dedicated to pursuing alternative explanations of the 2014 crash of Malaysian Airlines flight MH17, is in fact a Russian disinformation operation run by the GRU.
The actual, non-alternative explanation of the MH17 crash is that the Boeing 777 was shot down over Eastern Ukraine by a Russian anti-aircraft unit operating deniably in support of separatist forces fighting under the control of the Russian government. Dutch investigators, who had international responsibility for inquiring into the disaster, concluded that the airliner was shot down with a Buk missile fired by the 53rd Anti-Aircraft Missile Brigade of the Russian Federation. The flight had been enroute to Kuala Lumpur from Amsterdam with two-hundred-eighty-three passengers and fifteen crewmembers on board. There were no survivors. The Dutch-led Joint Investigation Team’s findings confirmed early Ukrainian assertions as well as reports by German and US intelligence services.
To return to Bonanza Media, the organization was founded, Bellingcat says, early in 2019 by an RT alumna. Yana Yerlashova, who had specialized in debunking coverage of the Dutch-led investigation. She received the assistance of a conspiracy-minded blogger in the Netherlands, one Max van der Werff, who had also become a frequent guest on various Russian media outlets.
Bonanza Media drew little attention until early 2020, when a criminal trial over the shootdown was opening at the Hague District Court. At that point Bonanza’s conspiracy theories began to receive amplification in Russian media and allied social media accounts, but had little traction elsewhere. Bellingcat says early 2020 coincided with the beginning of extensive telephone contacts between Bonanza Media and known GRU officers who appear to have become the outlet’s handlers. “[S]enior members of the GRU entered into direct and regular communication with the project leader. The GRU received advance copies of Bonanza’s publications, provided its employees illegal cross-border access into eastern Ukraine, furnished the project with confidential internal documents of the official Dutch-led MH17 Joint Investigation Team conducting the official criminal investigation into the deaths of 298 passengers and crew members that were hacked by GRU’s cyber warfare division, and likely instructed Bonanza Media to leak them.”
Most of Bonanza Media’s claims about MH17 have been of the suggestive rather than conclusive variety, such as the investigation is still open, the documents leave questions unanswered, there’s a lot of reasonable doubt, etc. The more positive lines of disinformation that circulated in the open Russian state-controlled media included claims that Ukrainian forces had shot the airliner down by mistake, that the crash never actually happened, and the debris field and bodies had been staged by Kiyv, or even that the shootdown represented a bungled Ukrainian attempt to assassinate Russian President Putin.
Oderint dum metuant? (But it's harder to fear if you're laughing.)
Let them hate, as long as they fear. That's been one approach to statecraft since before the Emperor Caligula cribbed it from Lucius Accius. But what happens if they start laughing? Sure, as St. Thomas More wrote, the proud spirit cannot endure to be mocked, but is there an operational dimension to turning Caligula's maxim on its head?
They appear to think so around Fort Meade. We've long enjoyed the cuddly names given to nation-state threat actors, the Russian ones in particular: Cozy Bear, Fancy Bear, etc. US Cyber Command appears to have begun using them with deliberate, trolling condescension. They illustrated their tweeted alert about a new implant dropper, ComRATv4, with a cartoon of a stumbling, goofy bear accidentally dropping his Halloween candy. CyberScoop quotes an unnamed official explaining what Cyber Command is up to: “Russia hates to be seen as cuddly or cozy so we want to tick them off.” This seems likely to touch certain strains of deep-rooted Russian cultural paranoia, especially the worry that the foreigners are really laughing at you. It's hard to be fearsome when people are grinning and calling you "Huggy Bear." (If you decide to use "Huggy Bear," well, Fort Meade, you're welcome.)
(The comments about fearing foreign laughter, by the way, aren't Russophobic. There are surely comparable American hot buttons, but not that one. America has been the class clown of the Western World since the Eighteenth Century, and has for the most part been happy in the role. Cf. Yankee Doodle. If you want to upset the Americans, laughing at them usually won't do the trick. Try suing them. That gets their attention.)
Vaccine research hacking and associated disinformation.
Late last Friday Microsoft said it had detected further activity by nation-state threat actors against companies involved in COVID-19 vaccine research. Strontium, Zinc, and Cerium were the groups named by Redmond. (Microsoft favors elemental names for threat actors. Others call Strontium “Fancy Bear,” familiar as a unit of Russia’s GRU, and Zinc is well-known as the “Lazarus Group,” the premier North Korean cyberespionage outfit. Cerium is also attributed to North Korea.) Redmond’s statement is at least as much a denunciation as it is a report.
Moscow was quick to deny any collection against foreign vaccine research, saying, SecurityWeek reports, that its own efforts were going very well, thank you very much. Russia's deputy foreign minister put the accusations down to Russophobia, and made the familiar show-us-the-evidence-so-we-can-investigate-together, which has accompanied every public denunciation of Russian misbehavior as long as anyone can remember.
An essay in Foreign Policy sees Russia's COVID-19 vaccine effort as at least as much an influence operation as it is a biomedical research program. The "spin doctors" are running the show, the essay argues, and if you say "наш лучше," "ours is better," long enough, people might come to believe it, more or less. In any case it's easier to believe that Sputnik will prove an effective vaccine than it is that a British product will turn you into an ape, and as we saw last week, even that implausibility has been pushed by the spin doctors.
Looking back at the 2020 US elections.
POLITICO reports that the US Intelligence Community is preparing a report on foreign attempts to interfere in the 2020 US elections. An unclassified version is expected to be publicly available in early January. Preliminary evaluations, according to NPR, suggest that foreign election interference was as a Recorded Future executive put it, a Y2K event, that is, a widely feared event that never really materialized.
That seems to have been the case with foreign attacks on the 2020 US election. Widely feared, much prepared against, and in the end not enjoying much success. In 2020 the US had two things going for it: an engaged CISA actively working with the states and the private sector, and a Cyber Command willing and able to engage forward. There's also the possibility that the amount of domestically produced friction was enough to render any foreign effort practically an act of supererogation. It's too early to know, the Washington Post points out, but the reason for the relative no-show of foreign intelligence services will probably turn out to be some mix of all of these.
Facebook and Twitter appear (virtually) before the US Senate.
Twitter’s CEO Dorsey and Facebook’s CEO Zuckerberg described their platforms’ approach to election-season disinformation before a Senate panel yesterday. The Wall Street Journal says both gave their companies good marks, but they also signaled their openness to further regulation. The hearings are considering the future of Section 230 of the Communications Decency Act, a law which many legislators of both parties believe the Internet in general and social media platforms in particular have outgrown.
Section 230 presently gives social media the protections of both publishers and public squares: exemption of liability for what’s said on them combined with the ability to moderate the content they permit. Those sets of protections have long been in tension. They may be reaching the point of contradiction.
More election retrospectives.
The testimony of Messrs. Dorsey and Zuckerberg have prompted much public resolution about the need to fight not just disinformation, but misinformation, simple error, and hurtful content generally. Disinformation may be the easiest one to control: among the more positive developments along those lines was the practice of unmasking "coordinated inauthenticity" that Facebook began, and that other platforms followed. The platforms may not be able to tell, definitively, whether what you say is true, but they have a decent shot at determining whether you are who you say you are.
But distinguishing truth from falsehood? That's a much tougher problem. There is no epistemological engine that will tell us the difference. Nothing that's happened recently suggests that there are any better approaches than something like a classically liberal marketplace of ideas. CISA's rumor control page was a good, non-coercive effort in that direction, and industry has moved along similar lines with such tools as the NewsGuard functionality Trend Micro has recently adopted.
Others desire a more aggressive approach. Former US President Obama, for example, explained to the BBC that while a Biden Administration would be a good start, a great deal of work remained to be done. "I think at some point it's going to require a combination of regulation and standards within industries to get us back to the point where we at least recognise a common set of facts before we start arguing about what we should do about those facts." What an acceptable combination of regulation and standards might look like is difficult to say.