News and Commentary

Russian GRU officers attempted to hack organization investigating the Skripal poisoning: On October 4, the Netherlands announced that it expelled four Russian military intelligence directorate (GRU) officers in April for attempting to carry out a cyber-attack on the Organization for the Prohibition of Chemical Weapons, the chemical weapons watchdog overseeing the investigation related to the Skripal poisoning. Aided by British intelligence officials, Dutch intelligence apprehended the Russian spies with incriminating evidence, including specialist hacking equipment. In a coordinated response, the United States indicted seven officers of the GRU, including those linked to the failed operation in The Hague, for “International Hacking and Related Influence and Disinformation Operations.” The indictment revealed the GRU’s involvement in a series of other cyber-attacks, including the hacking of the World Anti-Doping Agency, Kiev subway system, and Democratic National Committee in 2016. According to British ambassador to the Netherlands Peter Wilson, “With its aggressive cyber campaigns, we see the GRU trying to clean up Russia’s own mess – be it the doping uncovered by Wada [the World Anti-Doping Agency] or the nerve agent identified by the OPCW.” ASD’s Laura Rosenberger commented on how the indictment “underscores the numerous dimensions to Russian cyber-attacks and info ops – it’s not just elections.” Deemed a “public shaming” by The Washington Post, the denouncements are an effort to expose the Russian government’s ongoing foreign interference efforts. (Reuters, Twitter, The Guardian, Department of Justice, The Washington Post

U.S. officials escalate warnings of Chinese election meddling: In a speech at the Hudson Institute, Vice President Mike Pence doubled down on President Trump’s September 26 remarks at the UN in which he accused China of seeking to interfere in the upcoming U.S. midterm elections, stating, “Beijing has mobilized covert actors, front groups, and propaganda outlets to shift Americans’ perception of Chinese policies.” However, the comments were rebutted by Secretary of Homeland Security Kirstjen Nielsen when she stated just days earlier that there is “currently no indication that a foreign adversary intends to disrupt our election infrastructure.” “In the case of China,” she clarified, “it’s part of a more holistic approach to influence the American public in favor of China.” ASD Director Laura Rosenberger explained in May that, “The CCP [Chinese Communist Party] plays a longer game. It works hard to find common interests and cultivate relationships of dependency with mainstream partners, which can be leveraged opportunistically.” According to Axios’ Joe Uchill, “Pence mentioned that tariffs were targeted at industries in influential states and that China placed a clearly identified advertisement in the Des Moines Register arguing that a trade war is not in the U.S.’ best interest. Neither of these appear to be about the election; both appear to be about trade policy.” In response to the accusations of meddling, Chinese Foreign Minister Wang Yi stated, “We do not and will not interfere in any countries’ domestic affairs.” (The Hill, Defense One, Axios, ASAN Forum, Foreign Policy)

Disinformation networks still active on Twitter, as the platform released update on election integrity: The Knight Foundation published a report on influence campaigns on Twitter both during and after the 2016 election campaign which found that “more than 80 percent of the disinformation accounts in [their] election maps are still active as this report goes to press. These accounts continue to publish more than a million tweets in a typical day.” On October 1, Twitter published updates to its election integrity work. It specifically addressed changes to its existing rules to better reflect how fake accounts are identified and what types of inauthentic activity violate Twitter’s guidelines, and to expand the criteria for taking action on accounts which may be responsible for a hack. The changes also included an update on progress on detecting and removing delinquent content, and highlighted upgrades “to allow people to select a strictly reverse-chronological experience, without recommended content and recaps.” However, according to cybersecurity journalist Emma Woollacott, the new measures are just a “Band-Aid.” She asserted that, “It’s simply impossible to police these sites entirely, in near enough real-time to have a major effect.” (Twitter Blog, Forbes, Knight Foundation)

Elections in Bosnia and Latvia further rise of nationalism and populism in Europe: The Serb-nationalist leader of the Republika Srpska entity of Bosnia and Herzegovina, Milorad Dodik, won the Serbian seat of Bosnia-Herzegovina’s inter-ethnic, three-person presidency. Dodik has dominated Republika Srpska politics since 2006 and has received support from Moscow for his nationalist policies at the expense of Bosnia’s Euroatlantic integration. He has advocated for a referendum on the entity’s secession from Bosnia. Election monitors in Bosnia alleged that ethnic leaders used divisive rhetoric, echoing narratives from the state’s brutal war in the 1990s. Bosnian election officials conceded that incidents of divisive rhetoric were reported, but stated they did not jeopardize the election outcome. In Latvia, the left-leaning, anti-establishment Harmony party won 19.8 percent of the vote to become the largest party in parliament. Harmony previously had a cooperation agreement with United Russia and faces backlash for its friendliness with Moscow. The populist KPV party came in second, and the anti-corruption New Conservative party came in third. As the election unfolded, Latvian social network Draugiem.lv suffered a social media attack that displayed photos of the Kremlin, Putin, the Russian flag, and a Russian soldier and played the Russian national anthem, along with a message about a potential “Russian world.” Latvian IT Security Incident Institution CERT reported that the intrusion did not lead to any data leaks, and that election results were not affected. (EUObserver, AP News, BBC, The Washington Post, The New York Times, DFR Lab, Baltic Times)

U.S. and European officials push for anti-money laundering efforts: The Wall Street Journal reported on October 3 that U.S. Senators Van Hollen (D-MD) and Sheldon Whitehouse (D-RI) have requested help from the Government Accountability Office (GAO) in probing real estate money-laundering risks. Real estate transactions currently have fewer protections than lending institutions, and there is no mandatory reporting requirements on funds, title insurance, or escrow agents. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has also started imposing some requirements on high-end, all-cash deals and has cracked down on company purchases of luxury properties. In Europe, other real estate hotspots for money laundering such as the U.K., France, and Malta have recently attempted to crack down on money laundering, and Latvia is advocating for the European Banking Authority to be given the power to levy fines on money launderers and lenient banking institutions. The European Central Bank is also calling for cooperation on anti-money laundering. Current EU rules against money laundering are defined broadly, which results in different levels of enforcement and flexibility in deciding whether to expose banks that are not compliant. (Wall Street Journal, The Guardian, EU Observer, Financial Times, Reuters)

Senate passes cybersecurity legislation: On October 3, the Senate passed the Cybersecurity and Infrastructure Security Act, which will restructure the Department of Homeland Security’s (DHS) current cybersecurity unit – the National Protection and Programs Directorate (NPPD) – into an agency within DHS entitled the Cybersecurity and Infrastructure Agency (CISA). The move will solidify DHS’s role as the primary federal agency for civilian cybersecurity. The current head of NPPD, DHS Under Secretary Christopher Krebs, will oversee CISA. Following the bill’s passage, Krebs tweeted, “This will go a long way in our ability to defend the nation against #cyber threats.” Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-WI) added, “I am glad the Senate passed the CISA bill to help the agency recruit talent and focus its efforts on protecting the homeland from cyber-attacks.” The bill is expected to be signed into law by the president before the end of the year. (Congress.gov, The Hill, Politico)

Our Take

ASD’s Joshua Kirschenbaum joined the Kleptocracy Initiative’s Charles Davidson, Peterson Institute’s Nicolas Veron, Ambassador of the Republic of Latvia Andris Teikmanis, and Head of Latvia’s Financial Intelligence Unit Ilza Znotiņa to discuss Latvia’s lessons on countering Russian money laundering.

Hamilton 68 dashboard

Accounts tracked by the Hamilton 68 Dashboard focused heavily on U.S. domestic issues this week, most notably seizing on divisions surrounding the Supreme Court nomination of Brett Kavanaugh. Kavanaugh has remained a top trending topic on the dashboard, and Kremlin-oriented accounts continue to share numerous hashtags and articles attempting to decry and discredit Kavanaugh’s accusers and critics.

Quote of the Week

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries … Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

-British Foreign Secretary Jeremy Hunt, October 3, 2018

 

Worst of the Week

Exposés of Russian hacking efforts in the Netherlands last week revealed sloppy tradecraft from the officers of Russia’s military intelligence directorate (GRU) – the same organization that carried out the poisoning of Sergei Skripal and his daughter Yulia. The officers were caught with specialized hacking equipment, sequentially numbered diplomatic passports, and were also found to be carrying a taxi receipt from a ride directly from the GRU’s headquarters to the airport. Additionally, open-source investigative outlet Bellingcat revealed that one of the officers owned a vehicle that was registered to the address of the GRU’s cyber warfare unit. By searching for other vehicles also registered to the same address, Bellingcat identified 305 individuals who also operated cars registered to the GRU unit, a revelation which “may constitute one of the largest mass breaches of personal data of an intelligence service in recent history.”

The views expressed in GMF publications and commentary are the views of the author alone.