Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response

Anatomy of a Russian Information Warfare Campaign

Cost of Troll Farm: $15 Million. Impact: Priceless
Anatomy of a Russian Information Warfare Campaign
55 Savushkina Street in St. Petersberg, Russia, said to be the former headquarters of the Internet Research Agency. (Photo: Google)

Want to meddle with a democracy? Just use its social media outlets against it to amplify already existing social divisions.

See Also: Modernizing Malware Security with Cloud Sandboxing in the Public Sector

That's the quick take on the indictment unsealed Friday by Special Counsel Robert Mueller that accuses Russians of running an "active measures" campaign. Using an industrialized troll factory - a St. Petersburg-based company called the Internet Research Agency - that was funded by a Russian billionaire, the Russians attempted to promote some U.S. political candidates, including Donald Trump, while undermining others, including Hillary Clinton, according to the indictment (see US Indicts 13 Russians for Election Interference).

The effort was advanced, mixing technological and psychological acumen with espionage tradecraft. "To hide the Russian origins of their activities, the departments allegedly purchased space on computer servers located here in the United States in order to set up a virtual private network," Deputy Attorney General Rod Rosenstein said at a Friday press conference. "The defendants allegedly used that infrastructure to establish hundreds of accounts on social media networks, such as Facebook, Instagram and Twitter, making it appear that those accounts were controlled by persons located in the United States."

The operation also allegedly engaged in identity theft to hide its activities. "They used stolen or fictitious American identities, fraudulent bank accounts and false identification documents," Rosenstein said. "The defendants posed as politically and socially active Americans, advocating for and against particular candidates. They established social media pages and groups to communicate with unwitting Americans. They also purchased political advertisements on social media networks."

Alleged Russian Troll Factory

U.S. Deputy Attorney General Rod Rosenstein on Feb. 16 announces the indictment of Russian individuals and organizations for 2016 election meddling.

Announcing the indictment on Friday, Rosenstein said: "The defendants allegedly conducted what they called 'information warfare against the United States,' with the stated goal of 'spread[ing] distrust towards the candidates and the political system in general.'"

The indictment alleges that the Internet Research Agency - together with two other organizations - employed hundreds of personnel. But the indictment focuses on the IRA's so-called "translator project," established in 2014 "to focus on the U.S. population." It says the group had recruited 80 full-time project team members by 2016, who referred to themselves as "specialists." Two of them were even dispatched to conduct reconnaissance on U.S. soil, according to the indictment.

The organization allegedly received $15 million in funding per year, bankrolled by Russian oligarch Yevgeny Prigozhin, who's known as "Putin's chef" because of his extensive business dealings with the Russian Defense Ministry, providing everything from munitions to food. The operations were reportedly based at 55 Savushkina Street in St. Petersberg, but later moved to Optikov Street, according to local press reports.

"I created all these pictures and posts, and the Americans believed that it was written by their people."

"From at least April 2016 through November 2016, defendants and their co-conspirators, while concealing their Russian identities and organization affiliation through false personas, began to produce, purchase and post advertisements on U.S. social media and other online sites expressly advocating for the election of then-candidate Trump or expressly opposing Clinton," Rosenstein said.

Defendants allegedly organized pro-Trump rallies, in part via Twitter accounts such as @March_for_Trump and a Facebook group with the name "Being Patriotic."

At one event, "defendants and their co-conspirators asked one U.S. person to build a cage on a flatbed truck and another U.S. person to wear a costume portraying Clinton in a prison uniform," the indictment reads.

Meanwhile, one advertisement allegedly purchased by the group read, "You know, a great number of black people support us saying that #HillaryClintonIsNotMyPresident," according to the indictment. "Trump is our only hope for a better future!" read another.

Source: Indictment

Long-Active Trolls

Before targeting the U.S. political ecosystem, the St. Petersburg-based Internet Research Agency, which had "industrialized the art of trolling," was targeting Ukraine, among other countries, Adrian Chen reported for the New York Times Magazine in 2015.

Russian trolls' U.S.-focused efforts predated the 2016 elections. On Sept. 11, 2014, 141 Twitter accounts - since blocked by the service - "falsely claimed a chemical plant in Louisiana had exploded" and "many went further, saying it was an attack by Islamic State," the Wall Street Journal reported this week.

One former employee at the Internet Research Agency, a teacher by training who worked there from November 2014 to February 2015, said it was like working for Big Brother.

"I arrived there, and I immediately felt like a character in the book '1984' by George Orwell - a place where you have to write that white is black and black is white," the Russian man, Marat Mindiyarov, 43, told the Washington Post. "The volumes were colossal - there were huge numbers of people, 300 to 400, and they were all writing absolute untruths. It was like being in Orwell's world."

It's unclear what impact the group's activities may have had on U.S. voters. But its employees believed that their "information warfare" efforts were hitting home.

"Some defendants, posing as U.S. persons and without revealing their Russian association, communicated with unwitting individuals associated with the Trump campaign."

One of the individuals named in the indictment, Irina Viktorovna Kaverzina, allegedly emailed a family member last September, after media outlets reported that U.S. authorities had begun to unravel the Internet Research Agency's activities, saying: "We had a slight crisis here at work: the FBI busted our activity (not a joke). So, I got preoccupied with covering tracks together with the colleagues."

Kaverzina allegedly added: "I created all these pictures and posts, and the Americans believed that it was written by their people."

White House Reacts

On Friday, Rosenstein said that there was "no allegation in this indictment that any American had any knowledge" of Russia's interference efforts or that those efforts "altered the outcome of the 2016 election."

According to the indictment, "Some defendants, posing as U.S. persons and without revealing their Russian association, communicated with unwitting individuals associated with the Trump Campaign."

"There's no allegation in the indictment of any effect on the outcome of the election," Rosenstein said.

On Tuesday, White House Press Secretary Sarah Sanders said that "it's very clear that Russia meddled in the election."

During a Feb. 20 press briefing, White House Press Secretary Sarah Sanders fields questions about how President Trump will respond to the Russian interference in U.S. matters.

Facing press questions about how President Donald Trump plans to respond, she claimed that Trump has already been "very tough" on Russia, via U.S. government military investments, energy exports to Eastern Europe, keeping Obama-era sanctions in place, helping to arm Ukrainians as well as closing three of Russia's diplomatic properties in the U.S. (see White House Says It's Been 'Very Tough' on Russia).

Trump: 'No Collusion'

The White House has also responded to the indictment by issuing a press release claiming that it showed "no collusion between the Trump campaign and Russia and that the outcome of the election was not changed or affected," (see 'Explosive' Report Details Alleged Russia-Trump Team Ties.)

President Donald Trump likewise took to Twitter to claim that the indictment proved that his campaign had not secretly conspired with Russians.

But legal experts at Lawfare note that Rosenstein stopped short of saying that no American had any knowledge of the Internet Research Agency's activities or the wider L'Affaire Russe. Rather, the deputy attorney general said that any such allegations, if they were to exist, are not in this particular indictment.

Still Emerging: Big Picture

Security researcher Scot Terban, known to many as "Dr. Kryptia," says that the Russian troll farm activities should not be seen as isolated endeavors, but rather part of a greater effort, the true scale of which has yet to be revealed.

"The Russian plan was larger than one might have thought, more effective than some still think and was but one component of a larger operation," Terban writes in a blog post. "That last bit is key."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.