Securing Democracy Dispatch

Please join the Alliance for Securing Democracy (ASD) for a discussion with U.S. Senator Amy Klobuchar (D-MN), former Secretary of Homeland Security Michael Chertoff, and former acting director of the CIA Michael Morell on Tuesday, June 26 from 8:30 a.m. to 10:30 a.m. in the Capitol Visitor Center (Room SVC 208-209) to launch ASD’s Policy Blueprint for Countering Authoritarian Interference in Democracies. This comprehensive, bipartisan report makes recommendations for government and the various pillars of democratic society – civil society organizations, the private sector, including the tech companies, and media organizations – to defend democracy from foreign interference.

House Intelligence Committee Democrats release Twitter ads and accounts tied to Russia: Democrats on the House Intelligence Committee released thousands of Twitter ads posted by RT during the 2016 U.S. election campaign, as well as an additional 1,100 Twitter accounts connected to the Internet Research Agency (IRA). The number of publicly known “Russian troll-farm-operated accounts” is now upwards of 3,800 with more than 8 million tweets and retweets (even Twitter CEO Jack Dorsey shared at least 17 tweets from a Russian troll between late 2016 and mid-2017). The ads expose Russia’s efforts to sow discord in the run-up to the election as Russian-linked accounts questioned the mainstream media, sought to suppress voter turnout, and promoted RT’s narratives about the election, global events, and local U.S. news. ASD analysts have found that “a major pillar of the Kremlin’s social media influence campaigns revolves around the impersonation of local news sources,” such as @ChicagoDailyNew, a media outlet that actually closed down in 1978. IRA employees likely imitated the Twitter accounts of these real media outlets in targeted communities across the U.S. – often focusing on the same population centers targeted by the IRA’s Facebook ads. Some of the ads reveal that Russian trolls remained active on Twitter well into 2018, posting politically divisive messages as recently as last month in an attempt “to rile up the American electorate with tweets on everything from Roseanne Barr’s firing to Donald Trump Jr.’s divorce.” Congressman Adam Schiff (D-CA) said that by releasing the Twitter data “we hope that researchers will continue their important work exposing any additional Russian operators who used similar tactics and themes, and provide the American people with additional information to protect our elections and political debate in the future.” Twitter announced plans to buy Smyte, a company that provides technology to defend against fraud and abuse, as CNN revealed that “journalists helped propel” Russian troll accounts by including their tweets in dozens of stories published by major media outlets. (Bloomberg, House.gov, The Wall Street Journal, The Washington Examiner, Twitter, Tech Crunch, CNN)

U.S. lawmakers express concern over lack of preparedness for upcoming midterm elections: Politico reported that Republican and Democratic lawmakers are concerned about U.S. readiness to counter Russian interference in the upcoming midterm elections. Senate Intelligence Chairman Richard Burr (R-NC) explained: “We’re getting so many mixed signals, depending on what the agency is,” that “it compels us to bring everybody together in the same room and try to figure out whether or not there’s some stovepipe issues.” Lawmakers from both parties also expressed frustration that DHS and the intelligence community have not learned from their mistakes in 2016. Senator Burr said that while the DHS is “doing a lot” on election security, “from a standpoint of Russian meddling, the jury is out whether we’re detecting Russian activities and, if so, to what degree and what they’re targeted towards.” Former Assistant Secretary of State Victoria Nuland told the Senate Intelligence Committee at a hearing on Russian interference that during 2017 and 2018, Russia had “great success turbocharging their efforts to divide the U.S. on race, on issues of gun control, on any of the seams that stretch us … I think they will accelerate that.” At the hearing, Secretaries of State from Minnesota, Missouri, and Vermont – all states that have instituted paper ballots – told Senators that having verifiable paper trails has proven to be a useful tactic in securing elections, but that states need additional federal support for upgrading voting equipment and cybersecurity defenses. CSIS released a report entitled “Successfully Countering Russian Electoral Interference,” which examines how France “successfully withstood the disinformation and interference” during the 2017 French presidential elections, and studies what lessons can be learned from the experience. (Politico, Senate.gov, Statescoop, CSIS)

Lawmakers call for action against China’s increasing influence in the United States: The White House Office of Trade and Manufacturing Policy (OTMP) released a report on China’s Made in China 2025 plan that outlines how the policies “threaten the economic and national security of the United States.” The report warns that China is “… seeking to acquire the intellectual property and technologies of the world and to capture the emerging high-technology industries that will drive future economic growth.” Dozens of lawmakers echoed this sentiment in a letter to Education Secretary Betsy DeVos, in which they called for an investigation into possible attempts by Chinese technology giant Huawei to steal research and technology from U.S. universities. The letter states that Huawei’s partnerships with more than 50 U.S. universities “threatens national security.” Senator Marco Rubio (R-FL) explained: “China is using Huawei to position themselves to steal American research through so-called ‘research partnerships’ with American universities to exploit the openness of our system of higher education.” Defense and intelligence officials told members of the House Armed Services Committee that Chinese efforts to acquire U.S. intellectual property and technology are pervasive, as witnesses called for a “whole of government approach” to address the issue. In a letter to Google, a bipartisan group of lawmakers urged the company to end its partnership with Huawei. The Wall Street Journal reported that the Trump administration plans to ban Chinese companies from investing in U.S. technology firms, and block additional technology exports to Beijing.(Whitehouse.gov, Politico, Edscoop, Roll Call, Senate.gov, The Wall Street Journal)

U.S. lawmakers introduce bipartisan legislation to secure IT supply chain on national security grounds: U.S. Senators Claire McCaskill (D-MO) and James Lankford (R-OK) introduced the Federal Acquisition Supply Chain Security Act (FASCSA) designed to bridge “the information gap between the intelligence community, the Department of Defense, and the rest of the government on technology vulnerabilities and characteristics that could jeopardize our national security.” The bill comes in response to increased national security concerns over China-based telecommunications firm ZTE and Russia-based Kaspersky Labs, which lawmakers claim could be used to spy on specific users. According to the press release, “for years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies.” The bill calls for setting up a federal acquisition council that would include representatives of the intelligence community and Defense Department, and tasks agencies across the government with creating a strategy to address IT supply chain threats. Senator McCaskill pointed out that “cybersecurity is a 21st century problem we’re still trying to tackle with 20th century solutions,” and cautioned that “we can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government.” (Senate.gov)

Facebook and Google introduce new improvements as the FTC prepares to review tech platforms: Facebook announced an expansion of its fact-checking program, along with actions the company is taking to combat “fake news” on its social network. According to the announcement, updates include expanding the fact-checking program to new countries and to photos and videos; taking action against new kinds of repeat offenders; improving measurement and transparency by partnering with academics; and increasing the impact of fact-checking by identifying duplicates and using Schema.org’s Claim Review – an open-source framework used by technology companies and fact-checking organizations. The company told BuzzFeed News it has deployed machine learning that it claims can “identify and demote duplicates of articles that were rated false by fact checkers.” Google also announced new privacy and security features on Google Account that give users better access to their privacy controls and settings. Meanwhile, Axios reports that the Federal Trade Commission will examine questions surrounding powerful tech platforms like Google and Facebook as part of a review of consumer and competition policy issues later in 2018.(Facebook, Buzzfeed News, Google, Axios)

EU members announce plans to create coordinated cyber response force: Nine EU member states have committed to creating a rapid cyber response force to counter cyber-attacks. Estonia, Lithuania, Croatia, the Netherlands, and Romania are due to sign the agreement in Luxembourg today, with France, Spain, Poland and Finland officially joining by the end of 2018. Four other countries – Belgium, Greece, Slovenia, and Germany – will participate in the project as observers. Lithuanian Defense Minister Raimundas Karoblis explained: “The aim is to create EU rapid cyber response teams rotating on a semi-annual basis,” adding that he expects the EU to allocate funds for software and other equipment. Lithuania has been a leader on cyber-defense issues, improving its responses in recent years to “hostile cyber-activities” from Russia. The cyber force will be among the first joint projects launched under an EU defense pact, Permanent Structured Cooperation (PESCO), proposed by Lithuania in 2017. (RFE/RL, EEAS)

German intelligence agency accuses Russia of hacking energy firms and warns of increased cyber campaigns: According to the head of Germany’s domestic intelligence agency Hans-Georg Maassen, Russia is likely behind a widespread cyber-attack on German energy providers. The attack, called “Berserk Bear,” attempted to hack the computer networks of German energy and electricity providers but “managed to breach only the office networks of a few companies.” Kremlin spokesperson Dmitry Peskov dismissed the accusations, saying “we don’t know what he was talking about,” and Russian Foreign Ministry spokesperson Maria Zakharova called on Germany to provide evidence of their claims. Maassen also told the reporting network Redaktionsnetzwerk Deutschland that the “quantity and quality of cyber campaigns staged by foreign intelligence services has been on the rise.” He warned that the intelligence services of Russia, Iran, and China might be involved in the new wave of attacks against Germany, and suggested that governments and the private sector need to update their cybersecurity measures based on the heightened threat. Separately, CyberScoop reported that a wave of sophisticated spear phishing emails captured by Moscow-based Kaspersky Lab suggested that the same Russian-linked hacking group, dubbed “Sofacy,” “APT28,” or “Fancy Bear,” is now targeting biochemical research and U.S.-based financial organizations.(Reuters, Radio Farda, Cyberscoop)

The EU publishes 5th Money Laundering Directive: EU published the 5th Anti-Money Laundering Directive (AMLD5) in an effort to combat financial transparency across the continent. The AMLD5 includes improved transparency on beneficial ownership and trusts; increased powers for the Financial Intelligence Units; enhanced cooperation between financial supervisory authorities; and extension of anti-money laundering and counter terrorist financing rules to virtual currencies, tax related services, and works of art. EU member states have up to 18 months to implement these rules in their national legislation. Nate Sibley at the Hudson Institute’s Kleptocracy Initiative suggested that democracies can counter transnational kleptocracy by cutting off the “life-blood of authoritarian regimes and criminal organizations by tackling rampant money laundering in the global financial system” and taking steps to “firewall themselves from authoritarian influence campaigns.” Meanwhile, following an internal audit of thousands of offshore companies, the offshore firm involved in the Panama Papers leak, Mossack Fonseca, revealed that it did not know the identities of as many as three-fourths of its clients. (EUR-Lex, The Guardian)

The Alliance for Securing Democracy’s Brittany Beaulieu and German Marshall Fund’s Steven Keil published a new policy paper which examines Russia’s attempts to subvert the international liberal order in an effort “for regime survival and regional dominance.” It focuses on Russian influence operations in 2016 and 2017, as well as on case studies in Sweden, Latvia, and Bosnia-Herzegovina where it looks into Russian attempts to influence various issues that will be relevant in upcoming elections. The paper finds that Russia’s influence campaign is tailored to exploit specific issues in each of these countries, and looks into countries’ attempts to prevent Russian influence.

ASD’s Bradley Hanlon and Alexander Roberds explain in a new blog post on Russian malign influence in the Bulgaria: “The potential expansion of the TurkStream project and the revival of the Belene nuclear power plant represent both an end and a means for the Kremlin. While the resurgence of these projects is the result of a long-standing effort to consolidate control over Bulgaria’s energy market, successful implementation would also facilitate the continuity and growth of Moscow’s influence over Sofia.” They propose that, “effectively countering Russian interference in Bulgaria will require a holistic and nuanced response that accounts for the range of vulnerabilities and tools at play in the country.”

ASD’s Grant Bennett and Bradley Hanlon analyze IRA’s Twitter accounts released by the House Intelligence Committee, and emphasize: “Although Western-based analysts and commentators often focus on the Internet Research Agency’s campaigns to undermine democracies abroad, it is necessary to remember that the IRA’s main function was always the manipulation of Russia’s domestic information space.” They suggest that, “if Western democracies hope to defend themselves from authoritarian threats via the Internet, they should begin by studying the mechanisms by which the Kremlin deceives its citizens at home.”

ASD’s Brittany Beaulieu and Sergio Valente warn in a new blog post that while Congress made significant improvements to military cybersecurity in the 2019 National Defense Authorization Act (NDAA) passed on June 18, “[the bill] lacks significant improvements to cybersecurity for critical infrastructure that is continuously targeted by foreign state actors — and could be a target of the November midterms.”

ASD’s non-resident fellow Clint Watts joined host Matt Stephenson for the InSecurity Podcast to discuss social media manipulation, where he explained: “The goal of influence is to create a behavior change in your targeted audience, to take the virtual world and to make a change in the physical world,” and added, “social media has torn us apart because there are manipulators nudging people toward these behavior changes.”

ASD’s non-resident fellow Heidi Tworek joined The Global Exchange Podcast with the Canadian Global Affairs Institute to discuss fake news and information warfare. She explained that, “different groups are using the internet to try to drive wedges and internal divisions,” and Russia is “a country that wants to be seen as a great power that is using …information warfare to change foreign politics and trade.”

Hamilton 68 dashboard: Chatter on the Hamilton 68 dashboard focused heavily on domestic issues this week. Although topics such as Syria and Russia continued to appear in the top topics and hashtags for much of the week, a larger portion of posts and shared content focused on immigration and the Department of Justice Inspector General’s report. Accounts tracked by the dashboard tweeted about multiple angles and narratives regarding these events, though almost all of the chatter was heavily supportive of President Trump and heavily critical of the Obama administration’s policies toward immigration. Despite the dominant domestic focus, chatter on the dashboard also included several international subjects, including accusations of U.S. bombing in Syria, defense of Russia’s hosting of the World Cup, and allegations of Ukrainian government responsibility for civilian deaths in Donbass. These subjects are regular Kremlin talking points. However, the failure of these issues to successfully remain on the dashboard indicates that pro-Kremlin accounts struggled to mobilize susceptible users into propagating their content in light of a busy U.S. news week.

“As part of our continuing investigation into Russian interference in the 2016 election, today the House Intelligence Committee Minority is making additional data from Twitter public. One of the primary ways that we as Americans can begin to inoculate ourselves against a future attack on our electoral processes is to see first-hand the tools that malign actors use to attempt to destabilize and divide us.”

-Rep. Adam Schiff (D-CA), June 18, 2018

Mainstream U.S. media outlets unwittingly contributed to the growth and expanded reach of Russian troll-factory Twitter accounts. CNN reported this week that several popular U.S. media sources regularly cited tweets from accounts linked to the Internet Research Agency, the Russian troll-farm indicted by Special Counsel Mueller for its interference in the 2016 U.S. presidential election. One particular account, @wokeluisa, impersonated a young African-American woman from New York. According to CNN, outlets such as USA Today, Time, Wired, Huffington Post, BET, and BBC all quoted @wokeluisa in articles discussing divisive social, cultural, and political issues, including the #MeToo movement, the NFL national anthem protests, and the presidency of Donald Trump. By publishing tweets from @wokeluisa’s and other Internet Research Agency accounts, the U.S. media inadvertently supported the Kremlin’s disinformation campaign in the United States, granting Russian trolls a major platform and substantial publicity.

The views expressed in GMF publications and commentary are the views of the author alone.