Foreign & Domestic Information Warfare

By Christina Georgacopoulos | August 2020

A political cartoon that shows two people sitting back to back on computers, one screen says Re Elect Trump and the other screen says Biden 2020, one of the people seated says " Im starting to get worried about election meddling"

U.S. Adversaries are using similar yet more refined methods they used in 2016 to confuse voters and amplify fake news

Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce

Hackers "Cozy Bear" and "APT29" are behind a long-term breach of the United States' Treasury and Commerce departments. These hackers were instrumental in the State Department hack and White House email server hack in 2015. These hackers also infiltrated the DNC email servers in 2015 and 2016, along with the military spy agency GRU. The National Security Council was called to an emergency meeting on December 14th, 2020 to address the infiltration.

Twitter and Facebook reported the first public evidence of foreign interference in the 2020 election that shows the Kremlin-backed group, the Internet Research Agency, is trying again to manipulate the American public with conspiracy theories and fake news websites.

Its goal is to push voters away from the Democratic presidential candidate, Joe Biden and to help President Trump.

The IRA played a major role in spreading disinformation on social media in 2016 using Russian bots and troll farms. But this time the IRA hired Americans to write for a fake news website, Peace Data. It also used faked personas with computer-generated images to create what appeared to be a legitimate news organization.

American intelligence officials say the St. Petersburg-based IRA is playing a less visible role in Russia’s disinformation operations this time around and that its activities on social media are seemingly designed to be detected. The officials say it is a sign of “information laundering,” or the use of allies and operatives that place fake news articles on fringe news sites.

Information laundering allows the Russian government plausible deniability in disinformation campaigns by using proxies who obscure their origin and intent.

According to an American who wrote for Peace Data, the IRA advertised on an online job board, and hardly edited the pieces he wrote, which earned $75 each.

The posts on Peace Data were significantly more far-left than the progressive agenda of Biden and his running mate, Sen. Kamala Harris. The topics ranged from racial issues to the environment, and several pieces presented Biden as a radical.

The IRA appeared to be in the early stages of building an audience for the fake website, Facebook said.. At the time Facebook discovered the operation, the group had created 13 fake accounts and two pages dedicated to promoting Peace Data, which had 14,000 followers..

The National Security Agency and the F.B.I. identified the operation first and tipped off Facebook, which contacted nearly 200 users and worked with Twitter to suspend associated accounts. Twitter says that the accounts were “low-quality and engaging in spamming activity,” which did not attract wide attention.

The basis of the operation echoes the strategy the IRA used in 2016: create fake accounts to artificially amplify fake news stories and conspiracy theories

A screenshot of a Facebook post made by the fake news website, Peacedata, which is run by Russian operative. The title of the fake news story reads "UK Government Creates a Myth of a Migrant Crisis to Distract From its Failures, with a picture showing a protestor who is carrying a flag that says "Refugees Not Welcome" An example of a post by the fake news site, Peacedata.net.

Information Laundering refers to the spread of disinformation from uncredible or fake news sources, through second-party intermediaries like social media, to its final destination in credible news stories.

Key Terms:

Shell Account: a bot or troll account created for the sole purpose of posting disinformation anonymously
Information smurfing: the use of multiple accounts to place the same or similar information in a way that makes it difficult to attribute and debunk
Cascading Citations: the repetition of disinformation by a large number of sources in order to distance the information from its original source
Intermediaries: the use of seemingly unaffiliated websites or social media accounts to amplify and lend credibility to disinformation

Once disinformation becomes incorporated into mainstream debate or indistinguishable from credible information, the process of information laundering is complete.

Fake News & Foreign Threats

U.S. Officials Warn of Coordinated Disinformation Campaigns

A series of Twitter hacks on U.S. candidate websites, and warnings from top U.S. officials, have cast doubt on whether social media and tech companies can protect users from coordinated disinformation campaigns and hackers -- similar but more refined, information weaponry that foreign adversaries used in 2016.

The director of the National Counterintelligence and Security Center (NCSC), William Evanina, confirmed that foreign entities are actively seeking to compromise private communications of “U.S. political campaigns, candidates and other political targets,” and that the NCSC is keeping tabs on foreign and domestic threats to U.S. election infrastructure.

Evanina said in a press release, however, that “the diversity of election systems among the various (U.S.) states, multiple checks and redundancies in those systems, and post-election auditing make it extraordinarily difficult for foreign adversaries to broadly disrupt or change vote tallies without detection.”

President Trump has pushed a theory that expanding vote-by-mail will lead to widespread voter fraud, which he used as a basis to advance -- and quickly withdraw -- a proposal for postponing the presidential election.

But government officials are more concerned about Russian disinformation campaigns and possible vulnerabilities in the social media accounts belonging to important figures.

Former Vice President Joe Biden’s campaign team announced that it faced multiple security threats, but did not provide specifics for fear of providing adversaries useful intelligence. It said it was concerned that pro-Russian sources shared disinformation about Biden’s family with President Trump’s campaign and Republican allies in Congress.

The Trump campaign and Republicans have not dropped their fight against Biden. Recently, the U.S. Treasury Department announced sanctions on a member of the Ukranian parliament who was “directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in an attempt to undermine the upcoming 2020 U.S. presidential election.”

Andrii Derkach, a member of the Ukranian parliament, from at least late 2019 through mid-2020 cultivated “false and unsubstantiated narratives” concerning debunked allegations about corruption on the part of Biden during the time he was vice president.

According to the Treasury, Derkach spurred “corruption investigations in both Ukraine and the United States designed to culminate prior to election day. Derkach’s unsubstantiated narratives were pushed in Western media through coverage of press conferences and other news events, including interviews and statements.”

Derkach’s disinformation campaign centered around edited audiotapes of Biden that purported to reveal a conversation between the then vice president and the former Ukranian President Petro Poroshenko discussing conditions for a $1 billion loan on February 18, 2016. The audio was even retweeted by President Trump. The Treasury Department said Derkach had been operating as a covert Russian agent for the past decade, and that he “almost certainly targeted the U.S. voting populace, prominent U.S. persons, and members of the U.S. government, based on his reliance on U.S. platforms, English-language documents and videos, and pro-Russian lobbyists in the United States used to propagate his claims.”

House Democrats subpoenaed Secretary of State Mike Pompeo for documents pertaining to Hunter Biden, Biden’s son, that he turned over to Republicans on the Homeland Security and Governmental Affairs Committee during its investigation into Hunter Biden, Joe Biden’s son.

Democrats accuse Pompeo of using State Department resources to advance a “political smear campaign” against the Bidens. “It does a disservice to our election security efforts when Democrats use the threat of Russian disinformation as a weapon to cast doubt on investigations they don’t like," a Johnson spokesperson said.

U.S. officials are primarily concerned with Chinese, Russian and Iranian operatives, who continue to use influential measures in social and traditional media “to sway U.S. voters’ preferences and perspectives, to shift U.S. policies, to increase discord and to undermine confidence in our democratic process.”

The concerns were outlined by Evanina in a statement issued by the NCSC:

“China is expanding its influence efforts to shape the policy environment in the United States, pressures political figures it views as opposed to China’s interests, and counter criticism of China,” the NCSC said. “Beijing recognizes its efforts might affect the presidential race."
"Russia’s persistent objective is to weaken the United States and diminish our global role. Using a range of efforts, including internet bots and other proxies, Russia continues to spread disinformation in the U.S. that is designed to undermine confidence in our democratic process and denigrate what it sees as an anti-Russia 'establishment' in America."
"Iran seeks to undermine U.S. democratic institutions and divide the country in advance of the presidential election. Iran’s efforts center around online influence, such as spreading disinformation on social media and recirculating anti-U.S. content."

The Great Twitter Hack

A 17-year-old Florida teenager was charged as the “mastermind” of a massive Twitter hack that targeted the accounts of important people, including Bill Gates, Joe Biden, Barack Obama, Kanye West and Elon Musk. The embarrassing incident for Twitter called into question its ability to protect high-profile figures and political campaigns from foreign, and domestic, adversaries.

The hack was used to promote a bitcoin scam, which asked Twitter users to send bitcoin to a specific cryptocurrency wallet with the promise that the Twitter user would receive double their money back. Within minutes 320 transactions occurred, and $110,000 worth of bitcoin was deposited into the hacker’s account.

Coinbase, a cryptocurrency exchange, prevented nearly 1,000 bitcoin users from sending $220,000 worth of bitcoin to the hackers account once the scam was discovered. The “mastermind,” Graham Ivan Clark, faces 30 felony charges from the hack, including wire fraud, money laundering, identity theft, and unauthorized computer access, and is being charged as an adult.

The hackers targeted Twitter employees and administrative tools, which allowed them to change many account-level settings, including changing passwords and posting Tweets. By the time Twitter finally managed to stop the attack, the hackers had tweeted from 45 of the accounts they had broken into, gained access to the direct messages of 36 accounts, and downloaded full information from seven accounts.

While Clark was charged as a minor by state law enforcement officials, federal authorities were already tracking Clark’s online activity before the Twitter hack, according to legal documents. In April, the Secret Service seized over $700,000 worth of bitcoin from him, but it was unclear why.