Special Edition: Mueller Indictment

Mueller indicts Russia’s Internet Research Agency (IRA), 13 Russians and 3 other entities for meddling in 2016 presidential election: Special Counsel Mueller’s indictment on Friday recounted facts about Russia’s information operation that are familiar to researchers, it included important details confirming independent research and adding additional facts.

• “Mueller describes a sweeping, years-long, multimillion-dollar conspiracy by hundreds of Russians aimed at criticizing Hillary Clinton and supporting Senator Bernie Sanders and Trump,” Bloomberg summarizes, indicating the conspiracy started in 2014 “when the Russians began monitoring groups that use social media sites to influence U.S. politics and social issues, tracking the size of groups and how popular they were with their audiences,” with some IRA employees even traveling to the United States to gather intelligence on U.S. political and social issues. This supports the findings of Clint Watts, senior fellow at the Alliance for Securing Democracy, who charted the timeline of Russian interference dating back to 2014.

• As the IRA trolls worked to oppose all candidates except Sanders and Trump, the indictment also uncovered how “In or around August 2016, defendants and their co-conspirators used false U.S. personas to communicate with Trump campaign staff involved in local community outreach” in purple states where “Russians also helped organize some of the most recognizable anti-Hillary Clinton displays of the election cycle.”

• In order to hide their tracks, “IRA employees used free email accounts and online cryptocurrency exchanges, and concealed their Russian origin using virtual private networks and U.S. computer servers,” as well as “stolen and fake U.S. identities, fraudulent bank accounts and fake identification documents.”

• Intricate financial practices, including a series of shell companies and operations via PayPal, were employed to hide the source of funding for the activities of the IRA. The IRA’s spending was much larger than previously known, amounting to $1.2 million per month for its activities. Among those indicted are the Internet Research Agency and its backer Yevgeny Prigozhin, known as Putin’s Chef, whose company Concord Catering, was also indicted, as well as 12 employees of the IRA. (SCRIBD, Bloomberg, GMF, Politico, The Wall Street Journal)

Commentary on the Mueller indictment: In The Wall Street Journal, the IRA is described as “an institution with a deep understanding of Silicon Valley technology that allegedly manipulated tools designed to foster open discussion and turned them into weapons for causing discord.” The IRA’s “opinion-influencing unit, set up in 2014 to exploit social media, had at least 80 staff by 2016.” According to John Sipher, “You see a willingness to take risk that you hadn’t had before, because Putin was so hateful toward Hillary Clinton. They had a unity of effort, because they had one enemy: the United States.” Evan Osnos in The New Yorker calls the effort “a playbook for manipulating American democracy using a mix of classic espionage, private-sector social-media tools, and partisan ideology.” In The New York Times, Peter Baker writes that despite the fact that all intelligence chiefs agree that Russia poses a threat, “it is a war being fought on the American side without a commander in chief.” In The Atlantic, Ambassador Dan Fried urges President Trump to recognize that “the Russian assault on America’s democracy and other Western democracies is real,” and respond by “taking criminal action against Russian bad actors,” including sanctions against cyber hackers, the entire cyber sector, and to “go after Putin and his inner circle.” In a statement, Senator Ben Sasse (R-Neb.) supported Mueller’s findings; “Mueller just put Moscow on notice. This ought to be a wakeup call to Washington: Putin’s shadow war is aimed at undermining Americans’ trust in our institutions. We know Russia is coming back in 2018 and 2020 — we have to take this threat seriously.” (The Wall Street Journal, The New Yorker, The New York Times, The Atlantic, The Hill)

News and Commentary

Russian Interference debated at Munich Security Conference: The Munich Security Conference  was just getting underway as the Mueller indictment came down, causing many of the conference attendees to comment on Russia’s inference campaigns. National Security Advisory H.R. McMaster called “evidence of Russian interference in the 2016 presidential election … ‘incontrovertible’” (though President Trump quickly and falsely) tweeted “General McMaster forgot to say that the results of the 2016 election were not impacted or changed by the Russians …” Jens Stoltenberg, NATO chief, said “We’ve seen many reports and many examples of how Russia is meddling, interfering in democratic political processes in many countries, including in NATO-ally countries and we have to be able to respond to that in many different ways.” Russian Foreign Minister Lavrov stated “So as long as we don’t see facts, everything else is blabber.” Dan Coats, the director of national intelligence responded “I am amazed that … the Russians come, send someone every year to basically refute the facts.” Former Russian ambassador to the U.S. Sergei Kislyak said “We didn’t meddle in the American political life … Whatever allegations are being mounted against us are simply fantasies that are being used for political reasons inside the United States in the fight between different sides of the political divide.” (The Local, The Washington Post, CNBC)

U.S. intelligence chiefs warn of Russian meddling in 2018: In testimony earlier in the week before the Senate Intelligence Committee, all three U.S. intelligence chiefs warned that Russia will again interfere in the 2018 midterms. Dan Coats, director of national intelligence, warned that “Foreign elections are critical inflection points that offer opportunities for Russia to advance its interests both overtly and covertly … The 2018 U.S. midterm elections are a potential target for Russian influence operations.” Coats also outlined Russia’s toolkit, cautioning citizen to beware of “propaganda, social media, false-flag personas, sympathetic spokespeople, and other means of influence to try to exacerbate social and political fissures in the United States.” When questioned about countermeasures, Central Intelligence Agency Director Mike Pompeo and Chris Wray, the director of the Federal Bureau of Investigation said “there were significant, specific efforts under way, but did not elaborate.” According to John Hultquist, director of intelligence analysis with the cyber security firm FireEye, “Government countermeasures likely include going public with concerns that Russian hackers will seek to influence the 2018 elections.” (U.S. Senate Intelligence Committee, The Wall Street Journal, Reuters, The Washington Post)

Russia’s disinformation campaigns targeting the mainstream media: Prior to Mueller’s indictment, NBC published a database  of “more than 200,000 tweets that Twitter has tied to “malicious activity” from Russia-linked accounts during the 2016 U.S. presidential election.” Ben Popken summarizes that “the matrix of Russian troll activity reveals the shape of a sophisticated, researched and targeted effort by a foreign adversary to subvert the conversations and opinions of Americans as they chose their next president.” Popken cites Laura Rosenberger, director of the Alliance for Securing Democracy, who states “Thinking about this in a binary of ‘did it cause someone to change their vote?’ is overly narrow … It’s about influence over time.” According to an analysis of 36,000 of the tweets sent by Jonathan Albright, research director at the Tow Center for Digital Journalism, these accounts “were far more likely to share stories produced by widely read sources of American news and political commentary.” Although sometimes factually accurate, these “Russian accounts carefully curated the overall flow to highlight themes and developments that bolstered Republican Donald Trump and undermined his Democratic rival Hillary Clinton.” Additionally, the volume of tweets showed a coordinated effort to promote specific events and an effort to influence the local news conversation in 30 metropolitan areas to “tout Trump’s gains in the polls” or to promote the “FBI investigation into Clinton’s use of a private email server.” (NBC News, The Washington Post)

Steps to secure our elections, but are they enough?: With Congress and the Federal government slow to act to address election cybersecurity, cities and states are being left on their own to secure voting infrastructure. New York City mayor Bill de Blasio  announced the city is investing “$500,000 this year to protect the city’s election system against hackers.” And North Carolina attorney general Josh Stein in a statement urged “U.S. Department of Homeland Security Secretary Kirstjen Nielsen to provide his office with information related to election security and possible tampering in North Carolina,” seeking to plug vulnerabilities in election infrastructure as the 2018 midterms approach. As Lily Hay Newman writes in Wired, “while some states have made an earnest effort to secure the vote, the overall landscape looks troubling — and in some cases, it’s too late to fix it this year.” Calling states’ preparation for this year’s midterms a “mixed bag,” she points to steps taken by Virginia, Colorado, Rhode Island, and Michigan to incorporate new paper ballot systems; while she calls out Delaware, Louisiana, Georgia, South Carolina, and New Jersey which have only digital voting, she notes that “Delaware has worked to replace its digital voting machines, but the change is only slated to arrive in time for the 2020 presidential election season.” According to Newman, “funding presents the main hurdle for buying new voting machines, as well as for risk-limiting audits and hiring professionals to improve election-related network security.” (The Wall Street Journal, North Carolina DOJ, Wired)

Proposed ban on Latvian bank for money laundering concerns: The U.S. Treasury Department proposed a ban on “Latvia’s third-biggest bank [ABLV Bank AS] from the American financial system” due to “alleged connections with North Korea and with criminals in Russia and other countries.” According to Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence, “ABLV has institutionalized money laundering as a pillar of the bank’s business practices.” According to OCCRP, “Washington rarely uses the sanction, which can make banks inoperable, but its likely application is seen as part of a broader campaign of pressure against North Korea and Russia.” (Bloomberg, The FCPA Blog, OCCRP)

The White House blames the NotPetya cyber-attack on Russia: The United States, United Kingdom, Australia, New Zealand, Canada, and Denmark this week attributed the NotPetya cyber-attack, the costliest in history, to Russia: “In June 2017, the Russian military launched the most destructive and costly cyber-attack in history [which] quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine, and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.” The attack, which was launched in Ukraine, quickly spread beyond the country and “paralyzed multinational giants including Merck, Maersk, Fedex, and many others,” causing hundreds of millions of dollars in cleanup costs and lost business. According to Reuters, a senior White House official said that the “U.S. government is ‘reviewing a range of options’” regarding countermeasures. (CFR, Wired, Reuters)

Our Take

Discussing Solutions at Munich: While discussions on the main stage at the Munich Security Conference highlighted the problem of Russia’s interference in democracies, the Alliance for Securing Democracy hosted a roundtable at the conference focused on concrete ways to build a transatlantic response. Former Estonian President Toomas Ilves, former Secretary of Homeland Security Michael Chertoff, and former Deputy National Security Advisor to Vice President Biden Julie Smith — all ASD Advisory Council members, led a candid discussion on “The Foreign Interference Challenge: Closing Democracies’ Vulnerability Gap” focused on sharing lessons learned in the protecting our democracies from foreign interference. (Twitter)

Focus on Election Cybersecurity: Alliance for Securing Democracy Advisory Council members Mike Rogers, former chairman of the Intelligence Committee, and Rick Ledgett former deputy director of the National Security Agency, write in The Washington Post on specific steps to take to protect the integrity of election systems, including: calling on the administration to issue a deterrent declaratory statement about foreign attempts to influence our election processes; urging Congress to pass legislation, such as the Secure Elections Act; pressing the U.S. government to create an inter-agency task force to address foreign interference; and “ensur[ing] that the U.S. government has the authorities needed to deter foreign actors engaged in malign influence campaigns and cyber operations against U.S. elections.” Michael Chertoff, former secretary of homeland security and Alliance for Securing Democracy Advisory Council member, also penned an op-ed with Grover Norquist, president of Americans for Tax Reform, calling on lawmakers to “act immediately if we are to protect the 2018 and 2020 elections” including by passing the Paper Act  and the Secure Elections Act which present a framework for securing our elections that should have bipartisan support. (The Washington Post, Lankford.senate.gov)

CSIS Report on “Countering Adversary Threats to Democratic Institutions”: Laura Rosenberger, director of the Alliance for Securing Democracy, joined a a panel of experts which found that “American democracy is under attack from Russia. This is a long-term campaign that did not begin or end with the 2016 election. Putin’s objective is to weaken us by sowing chaos and discord, and to undermine the appeal of democracy itself.” The panel calls for “a whole-of-nation strategy to counter foreign adversary attacks on these fundamental institutions of democracy … we need it now.” (CSIS)

Talking Cyber Threats to Democracy in Brussels: Laura Rosenberger, the director of the Alliance for Securing Democracy, joined Microsoft President Brad Smith, NATO Deputy Secretary General Rose Gottemoeller, and French Cyber Ambassador David Martinon for an event in Brussels on the challenges cyberthreats and information warfare pose to our democracy. (NATO)

Hamilton 68 dashboard

Hamilton 68 dashboard: In the wake of Wednesday’s tragic school shooting in Parkland, Florida, Russian-linked accounts followed a similar script to the mass shootings last year in Las Vegas and Texas. In the first hours after the attacks, accounts monitored on Hamilton 68 tweeted out links to breaking news stories and generic hashtags (#parkland, #shooter); by Thursday, however, the conversation on the network had shifted to the national debate over gun-control, with NRA appearing as a top topic on the dashboard along with the hashtag #gunreformnow. By Friday morning, conspiracy theories had entered the mix, as #falseflag and the now ubiquitous #Qanon appeared in the top ten. Why would Russian-linked accounts wade into a national conversation about a school shooting? As Erin Griffith wrote in Wired, “The goal, after all, isn’t to help one side or the other of the gun control debate win. It’s to amplify the loudest voices in that fight, deepening the divisions between us.” (Wired)

Quote of the Week

Frankly, the United States is under attack. Under attack by entities that are using cyber to penetrate virtually every major action that takes place in the United States … Persistent and disruptive cyber operations will continue against the US and our European allies using elections as opportunities to undermine democracy, sow discord and undermine our values.”

– Dan Coats, Director of National Intelligence, Worldwide Threats Hearing, Senate Intelligence Committee, February 13, 2018 

Worst of the Week

From Russia Feed comes a story ripped straight from the pages of the 1920’s short story “The Most Dangerous Game.” According to a former Ukrainian serviceman, “rich Westerners” are allegedly paying top dollar to go on human hunting expeditions in Donbass, seemingly enriching “the Nazi regime” in Kiev. Using sources that are, at best, questionable, the article paints a barbaric picture of both westerners and Ukrainians that harkens back to the almost cartoonish propaganda of World War I. But on Thursday, Russian-linked accounts monitored on Hamilton 68 heavily promoted the story, making it the second-most linked-to URL on Hamilton 68. (Russia Feed)

The views expressed in GMF publications and commentary are the views of the author alone.