At a glance.
- US investigates a leak of sensitive documents related to the war in Ukraine.
- Annexation presented as a fait accompli.
- KillNet counts some coup against NATO (but not as much as it claims).
- Russian dissent and Russian censorship.
- Pro tip: don't tweet at spiritual midnight.
US investigates a leak of sensitive documents related to the war in Ukraine.
The New York Times reports that US authorities are investigating an apparent leak of sensitive information concerning plans for US support of Ukraine. The files have been circulated in Twitter and Telegram by Russian accounts. A significant fraction of the information seems genuine (although some at least of that could be inferred from publicly known open sources), and genuine enough to prompt an investigation. Other data, notably casualty estimates, appear to have been falsified in the Russian interest (with Russian casualties understated, and Ukrainian casualties exaggerated) and these seem to represent an admixture of disinformation, which may be the principal point of their publication. Ukraine characterized them as "Russian disinformation," the Telegraph reports. US News describes the Russian reaction, which is to publicly denounce the leaks as US disinformation designed to peddle a false story of Ukrainian unreadiness, designed to lull Russian forces into a false sense of security. And, citing analysts at Mandiant, SC reports reasons for thinking that the leaked files, whatever their source, have been altered in the Russian interest. Altered or not, the Pentagon is treating them as apparently genuine, officials tell the Washington Post.
And for the most part the leaks appear to be authentic. The US Departments of Defense and Justice are both investigating, but neither Department is so far providing much in the way of information on the investigations. The material appeared to considerable éclat last week in Russian social media channels, although at least some it may have been in low-key circulation in fringe sites for some weeks: the Wall Street Journal reports that it "began among a small group of posters on a messaging channel that trafficked in memes, jokes and racist talk."
The Washington Post has investigated the Discord Papers, as they're now being called, by going to the obvious place: the Discord group where the intelligence documents were first posted. The leaks came through a small, invitation-only clubhouse (“Thug Shaker Central") established on Discord in 2020. Its members were apparently looking for fellowship and diversion during the pandemic, and found it among a collection of military wannabes who shared a willingness to engage in casual, low-grade racist humor and fantasies about conspiracies.
The leader of the clubhouse, a young man with the derivative handle "OG," is described as a "young, charismatic gun enthusiast who shared highly classified documents with a group of far-flung acquaintances searching for companionship amid the isolation of the pandemic." OG told his followers, who seem to have been disproportionately teenage boys, that he worked on a "military base" that he declined to identify, and that he spent his days working with classified material in a secure facility. The two youths with whom the Post spoke (one of whom they interviewed with the permission of his mother, which indicates how young the members of the group are) say they know OG's real name, the state in which he works, and that he's in his early-to-mid twenties.
NBC News reports that the incident is prompting the US Government to review the way it monitors social media for security threats. The intelligence community is now grappling with how it can scrub platforms like Discord in search of relevant material to avoid a similar leak in the future, said [a] congressional official." How that might be accomplished is under study; the solution isn't obvious.
Annexation presented as a fait accompli.
Russia's attempts to normalize the occupation and annexation of Ukrainian territory continue. "On 5 April 2023, Russian President Vladimir Putin chaired a full session of Russia’s Security Council, the first such event since October 2022," the UK's MoD reported Sunday. "The main report was presented by Interior Minister Vladimir Kolokoltsev, and discussed reconstruction, law enforcement and public order in the illegally-annexed areas of Ukraine. The choice of Kolokoltsev as the main speaker is likely an attempt by the Kremlin to portray the situation in those territories as being normalised. In reality, much of the area remains an active combat zone, subject to partisan attacks, and with extremely limited access to basic services for many citizens."
KillNet counts some coup against NATO (but not as much as it claims).
The Russian cyber auxiliary KillNet claimed it had conducted a massive attack on NATO infrastructure this past weekend. It claimed responsibility for alleged DDoS attacks on various organizations in the energy grid on its Telegram page today. Along with the DDoS attack it also published a list of usernames and passwords for two Nato commands on its website. KillNet wrote “The personnel are using super secret passwords: the incredibly complex - 123456, and the more complex 12345678.” If the passwords are legitimate it shows that at least two people didn’t take their Cyber Awareness training seriously enough. As if that wasn’t enough, a KillNet member also posted an image of an unnamed news source explaining that KillNet had signed 150 unnamed Nato personnel up for various dating websites in Ukraine and Moldova. (The image looks bogus, so interpret it simply as a claim by KillNet.) The affected "NATO infrastructure" appears to be NATO School Oberammergau, an instructional facility in southern Germany, and not any operational or high-level administrative organization. The CyberWire wrote to NATO asking for comment, and a NATO official responded as follows:
“Cyberspace is contested at all times, and we face malicious cyber activity on a daily basis. NATO takes this very seriously. We remain vigilant and continue to adapt to evolving threats. NATO and Allies are strengthening our ability to detect, prevent and respond to such activities.
“We are currently experiencing Denial of Service attempts against a number of NATO websites, and our experts are responding. NATO’s classified networks are not affected and there is no impact on NATO operations.”
Thus claims that KillNet had disabled some 60% of NATO’s “electronic infrastructure” seem vastly overstated. NATO School Oberammergau, the most commonly mentioned victim of DDoS, is not, we note, an operational command.
Russian dissent and Russian censorship.
The Atlantic Council offers some context for reports of Russian public opinion about the war. It's difficult to gauge. "A ruthless clampdown has made it increasingly difficult and dangerous for dissenting voices to be heard. Nevertheless, opposition figures continue to question the true levels of public backing for the invasion, while insisting that large numbers of Russians are either opposed or indifferent. The real situation within Russian society is certainly far more complex than the Kremlin would like us to believe, but today’s suffocating atmosphere means there is little reason to expect an increase in visible anti-war activity any time soon." The piece assesses support for President Putin and his war as broad, but more tepid than Moscow represents it. There is a prominent minority of ultra-nationalists, represented most obviously by the milbloggers. Within the armed forces, themselves, however, morale is seen as shaky.
Internet censorship within Russia has been extensive, which serves both to control news and to inhibit coordination among dissenters. A new VPN service, Amnezia VPN, is apparently proving more difficult for the authorities to block. WIRED reports that the service enables users to establish their own servers, obviating any need for traffic to pass through centralized servers, which is the common practice among most VPN providers.
Pro tip: don't tweet at spiritual midnight.
Elon Musk, Chief Executive of Twitter (among other things) was interviewed by the BBC this week. He talked about the pain and stress involved with his acquisition of, and subsequent responsibility for running, Twitter. "It's not been boring. It's been quite a rollercoaster," Musk said. His tweets have from time-to-time attracted more notoriety than he might have wished. He poked some fun at himself, saying in reference to tweets he's made, "Have I shot myself in the foot with tweets multiple times? Yes." Shooting from the hip sometimes results in shooting oneself in the foot. He noted that tweeting around 3:00 AM may not be the best idea.