Russia: An Expert in Active Measures, Including Cyber Meddling – Security Boulevard

Security News ThreatsCybercrime Uncategorized

Russia, neatly tucked away in the rather large northeast corner of Europe and Asia with its 11 time zones, is the bastion of a most colorful political history. Since time immemorial there has always been underlying efforts to adjust perception, foment discord and inflame animus among targeted groups both foreign and domestic so that the entity in power could stay in power. These efforts are called Active Measures (активные мероприятия).

Thus when we see in late-2017 a concerted effort by the Russian active measure teams to keep pouring kerosene on the flames of domestic and foreign politics, it feels familiar. The recent data trove, or the “hit list” acquired by AP from Secureworks (not yet made public), demonstrates how the Russian active measures efforts we have seen over the past 24 months are not limited to just the United States and the U.S. elections.

The U.S. mainstream media (MSM) would have you believe the Russian leadership spends every waking hour trying to figure out how to undermine the United States. Russia absolutely invests a yeoman’s portion of its time on the United States, but the leaders spend the majority of their time addressing how to keep themselves in their seats.

Their primary interests are those engaged in internal dissent and opposition—the individuals who speak out about the Russian adventurism into the Ukraine, the taking of the Crimea, the low-intensity activities and sabre-rattling in Moldova and the Balkans and the cozying up to Iran. These voices are being silenced with regularity—some permanently. Welcome to the hardball world of realpolitik, Russian style.

Backstory on Russian Active Measures

The use of active measures or political warfare is not new and can find its roots in the early 1900s as the Bolshevik Revolution was evolving and came to be. Throughout the Soviet era, the intelligence apparatus of the USSR focused on both domestic and foreign targets of interest. The purges of Stalin and subsequent use of disinformation to achieve political goals put thousands into the labor camps or their graves. The end of World War II saw a divided Europe.

Moving forward to 1985, we see Service A (Active Measures) of the First Chief Directorate (FCD – Foreign Intelligence) of the then-KGB was manned by a cadre of about 80 officers in Yasenevo (FCD headquarters in Moscow suburbs) and another 40 assigned to the Novosti Press Agency (in Pushkin square in Moscow), as detailed in “KGB: The Inside Story” by Christopher Andrew and Oleg Gorievsky (page 628). This team of 120 officers, led by L. F. Sotskov, the first deputy head of Service A, were concentrating on three key themes:

  • Material calculated to discredit all aspects of American policy;
  • A campaign to promote conflict between the United States and its NATO allies;
  • Support for western peace movements.

An article which appeared in the Indian newspaper, The Statesman. This image appears in the book “KGB: The Inside Story,” is is a true representation of the publicly available newspaper.

The authors continue to describe the active measures conducted in the late 1980s as including “producing about 10 to 15 forgeries of U.S. official documents a year.” Some were simply used by the Russians with foreign dignitaries so as to influence the leader, while others found their way into the press. One of the more famous was the successful placement of a forged letter from then U.S. Ambassador to the United Nations Jeanne Kirkpatrick about the secret U.S.-South African relationship, which was placed in the New Delhi newspaper, The Statesman, and then picked up by wire services.

Sound familiar? Feel familiar?

Return Russian Active Measures 2013-2017

Russia’s national pastime is chess (шахматы), and the country playing a 3D version of this with its active measures campaigns while the MSM and elected officials in the United States and elsewhere remain in a two-dimensional world. I have no doubt the intelligence and federal law enforcement communities are aware and are on top of the activities, and are not revealing to the general public all they know for many reasons, including protection of sources and methods. Instead, in the United States, the congressional oversight committees get briefings, and we the public get the leaks from those secret briefings.

Following his recent testimony before Congress, Cliff Watts of the Foreign Policy Research Institute created a very useful graphic describing the multilevel engagement taking place between the Russian active measures machine and those who are being targeted or touched by their efforts.

What Watts described fit the narrative of 1985 and 2017. And the current methodologies can trace their roots to 2013, when the Russian troll farm, affectionately known as “Trolls of Olgino” as their offices are located in the St. Petersburg suburb of Olgino, opened for business as the Internet Research Agency (IRA). The IRA was owned by a holding company headed by Evgeny Prigozhin (euphemistically known as Putin’s personal chef because of his catering contracts with Putin, the gourmand). In 2017, IRA underwent a makeover and morphed to an entity known as Galvset. Prgozhin, who is believed to own multiple city blocks in St. Petersburg, including the building where Galvset is located.

Prigozhin’s ties to the Kremlin are not a secret. He is so well-known to the U.S. government for his close ties to the Kremlin and supporting their foreign adventurism that his name is included in the list of the December 2016 sanctions list.

While the troll farm’s name changed, its mission and personnel remained the same. Galvset is led by retired police officer, Mikhail Bystrov. Bystrov runs a tight ship, operating a 24/7 shop, with approximately 400 persons. The employees work in 20-person teams creating, drafting, posting and engaging on social networks on behalf of their client, Putin, and his intelligence service(s). These Galvset employees are believed to earn the ruble equivalent of US$750/month.

In 2015, Radio Free Europe discussed the activities of then-IRA, which were revealed by former employees. The piece detailed the significant social network usage. An example of the type of stories the entity would evolve, was framing the narrative around the murder of opposition figure, Boris Nemstov, believed to have been silenced by the Kremlin.

Contemporaneously with the exposé on IRA by Radio Free Europe, the U.S. government was quietly providing warnings and guidance to the political parties: The Russian Federation’s active measures and cyber activities included a focus on the U.S. election and the candidates and their party’s infrastructure were being targeted. These warnings landed in the Republican National Committee (RNC) and Democratic National Committee (DNC) in early 2015.

Later, in the the spring of  2015, we would learn Secretary Clinton’s server was insecure during her tenure as Secretary of State.

The message being delivered in 2015 by U.S. law enforcement and intelligence community: The Russians were coming.

Russian Meddling

In October 2016, Section 501 of the Intelligence Authorization act for Fiscal Year 2017 addressed the need for the president to “establish an interagency committee to counter active measures by the Russian Federation that constitute Russian actions to exert covert influence over peoples and governments.” Note the verbiage: Not just the U.S. people or government.

We now know the Russians were pushing, pulling and working both sides of the issues to inflame. And they were doing a damn fine job of it, too: Here we are a year after the U.S. general election and the two primary political parties in the United States remain at each other’s throats.

Using the power of 20/20 hindsight, we see the October 2017 revelations of the broad-based targeting of individuals with spear-phishing attempts in the 2015-2016 time frame meshes nicely with the activities of the Russian Federation to silence dissent and meddle in the United States. The connection is real.

At the end of 2016, however, we saw the Russian government security services, specifically the FSB (internal security service), go into what can be described as a self-cleansing of its own cybersecurity team. We saw the arrest of multiple FSB officers on charges of espionage. These officers are believed to have been instrumental in the activities described by the recent Secureworks revelations and whose cyber activities were targeted at the same targets the IRA troll farm was shaping public opinion about. Why were they arrested, according to the Russian press? For sharing this information with the United States.

While the hand may not have been firmly in the glove because of internal friction amid allegations of espionage being levied onto the FSB cyber cadre, Russia’s activity continued without missing a beat.

Russian Active Measure Key Performance Indicators

Every organization measures itself by key performance indicators (KPIs) and the Russians are no different. As we enter the final quarter of 2017, we can measure the active measure KPIs and get an idea regarding Russian effectiveness—or, put more directly, its success.

The Russian active measures team is no doubt taking high-fives for its successes against these KPIs.

KPI 1 – Shape the U.S. election discourse and feed divisiveness into the United States. Has MSM or Congress discussed any other topic since November 2016? The Hamilton 68 project charts the efforts of the Russian social network trolls and it is unending. The removal of accounts in the thousands by Twitter and Facebook are demonstrative of the level of success the Russians are achieving. The folks at LinkedIn appear to think their social network is immune, but that is not the case (see below). While the Galvset troll farm has been identified, rest assured there are others that need to be ferreted out.

KPI 2 – Framing the dialogue via ads and fictitious personas. The millions of dollars spent on internet ads via Facebook, Google and other social networks speak for themselves. The use of fake personas delivering divisive messages, which were subsequently picked up by MSM (Jenna Abrams, for example) are examples of their success. The Section A colleagues of 1985 are no doubt smiling as their one-to-one matrix has morphed to a one-to-many matrix due to the asymmetrical nature of social networks and the concept of reach.

KPI 3 – Divide the United States and NATO. It looked as though NATO was going to implode and explode, until the light went on and the discussions were taken offline and out of the public eye. Until then, the EU and U.S. public were being played like a ping pong ball by the Russian efforts. Once the Russian noise was cornered, the NATO alliance put their house in order, as evidenced by the 2017 EU Cyber Wargames.

KPI 4 – Silence opposition both foreign and domestic. The body count of dead or imprisoned dissidents alone is indicative of the hardball nature and seriousness of the Russian apparatus to silence these voices. Kseniya Kirillova, a Russian journalist who focuses on analyzing Russian society and political processes in modern Russia, noted in her June 2017 piece, “Russia Trolls Attack Americans,” she details how the Russian troll machine took it upon itself to discredit a highly decorated CIA officer who is also a well-known critic of the Russian Federation and others with strong opinions and followings. Of particular note is how it manipulated the customer support staff at LinkedIn through a barrage of complaints. The troll machine’s efforts were successful, as the individuals caught in their cross-hairs were banned from the social network, thus silencing their voice.

Russian Active Measures of Tomorrow

Tomorrow we will see more of what we are experiencing today.  The Russian troll farms will continue to operate on steroids, overwhelming the ability of security researchers operating in singular fashion. No government is immune; the tactics of 1985 remain viable in 2017, using new techniques that allow messages, adjusted messages and false narratives to be shared a million times. We will be challenged to sort the truth from the lies, thereby proving Winston’s Churchill’s adage, “A lie gets halfway around the world before the truth has a chance to get its pants on.”

Watch out for those whose pants are aflame.