Russia’s Hybrid Warfare, Here to Stay

Seems like everyday, Russia is in our house, in fact it is true. The hybrid warfare crafted by the Kremlin is here to stay so exactly when does the Trump White House deal with this constant threat? What threat you ask?

Adam Meyers is from the cyber-security firm CrowdStrike. As the Vice President of Intelligence, Adam heads a team that identifies the perpetrators of cyber-crimes, both in the private and public sectors. CrowdStrike helped to identify the hackers behind the Democratic National Committee’s email leaks last year, and more recently the mastermind behind the Kelihos Botnet.

*** Notice, there was no intrusion into Marie Le Pen’s campaign operations. Why? Putin endorses LePen and has provided campaign funds to her.

According to Trend Micro researchers, the campaign of French presidential candidate Emmanuel Macron has been hit by the same Russian hackers who targeted Democratic campaign officials in the U.S. before last year’s presidential election, the New York Times reports.

On March 15, the researchers say, they saw the Pawn Storm group (a.k.a. Fancy Bear, APT28 or the Sofacy Group) begin targeting Macron’s campaign with phishing attacks seeking campaign officials’ login information.

“The phishing pages we are talking about are very personalized Web pages to look like the real address,” Mounir Mahjoubi, Macron’s digital director, told the Times. “They were pixel perfect. It’s exactly the same page. That means there was talent behind it and time went into it — talent, money, experience, time and will.”

Still, Mahjoubi said none of the attacks was successful.

He described the phishing attacks as the invisible side of a Russian campaign against Macron, with the visible side being fake news published on Russian news sites like Sputnik and RT. More here.

***

Panel to Senate: Cyber Operations Influence Political Processes Worldwide

Russia used “useful idiots” to meddle in the U.S. presidential election and “fellow travelers” opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used “agent provocateurs” to topple Spain’s government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.

That, in capsule form, is how cyber is changing how the public views elections, Clint Watts, of the Foreign Policy Research Institute, said at the Senate Armed Services cybersecurity subcommittee hearing.

So far in the case of the United States warding off this kind of activity, “far more is said than done.” He added it is a “human challenge, not technical ones” that needs to be addressed.

In the American and European elections, he said at the panel’s first public hearing since being formed the Russians created content, sent it out as if were “nuclear-powered and “pushed [it] in unison from many locations,” including “gray outlets” that appear to be legitimate sources of news. They also did all of this over long periods of time.

The goal in the American election was to plant doubt in the integrity of the voting, he said. He added there was no indication that actual votes were tampered with.

Later in answer to a question, Watts said the Russians “are picking parties and supporting them” in the United States and financially in Europe.

In cyber, not all is as it appears and its speed is instantaneous.

Rand Waltzman, senior information scientist at the RAND Corporation, described how an American special forces raid that successfully rescued a hostage and killed a number of terrorists in Iraq was turned into a terrorist propaganda victory. “Those guys film everything,” he said describing how they recorded the incident by placing the bodies on prayer rugs so it appeared that soldiers killed innocent civilians. The video was posted before the special forces soldiers returned to their base. “How did they manage to this so fast?” Their mobile phones.

This changed the story of what happened 180 degrees and put the United States in the position of having to refute the video rather than telling a story of rescue.

He said this kind of quick reaction by adversaries — misinformation, fake news — requires new thinking on cyber security. Instead of the traditional “denial of service” by causing a crash, they are applying “cognitive denial of service” — misinformation and propaganda — to achieve their ends.

“We’re hamstrung” by bureaucracy and directives in addressing the new “hyperkinetic world,” Michael Lumpkin, former acting under secretary of defense for policy, said. The United States’ government efforts in public diplomacy, public affairs and information operations have not been synchronized so that it becomes a credible source of information. It also needs to take the necessary steps “to make sure our information is accurate” before releasing it. “That has not always been the case.”

John Inglis, former deputy director of the National Security Agency, used his organization’s handling of metadata collection as an example. “You need to go first” to establish credibility and explain the value of what it is you are doing. “We went second. That made it more difficult to put it back in the bottle.”

Watts said one approach would be to have a rating non-profit, private agency, similar to Consumer Reports, vet every story on Twitter, Facebook and Google. He added Facebook and Google “are moving in that direction” to eliminate false news, but so far Twitter has not acted.

When asked how he rated RT, the Russian-sponsored media outlet, as a source of news, he said 70 percent was true, 20 percent was misleading and 10 percent false. Watts said he rated some American media outlets as falling in the same percentages of true, misleading and false.

A continuing difficulty in improving cyber security in and out of government is “how do you get people to share problems,” Waltzman said when they would prefer not to admit being hacked or even attacked. Lumpkin said more also needs to be done in training people how not to “provide access to adversaries unwittingly” and holding them accountable for security.

As for recruiting skilled cyber workers, “they’re motivated people out there” interested in the challenges they can find in government, rather than private sector, careers, Watts said. “Give them the space to be the tech savants they are.”

*** Need more? Do you ever watch C-Span and listen to testimony before Congressional committees? No? Too bad, but here is some help:

Russian cyber enabled influence operations demonstrate never-before-seen synchronization of Active Measures.  Content created by white outlets (RT and Sputnik News) promoting the release of compromising material will magically generate manipulated truths and falsehoods from conspiratorial websites promoting Russian foreign policy positions, Kremlin preferred candidates or attacking Russian opponents.  Hackers, hecklers and honeypots rapidly extend these information campaigns amongst foreign audiences. As a comparison, the full spectrum synchronization, scale, repetition and speed of Russia’s cyber-enabled information operations far outperform the Islamic State’s recently successful terrorism propaganda campaigns or any other electoral campaign seen to date.

Cyber-enabled Influence Thrives When Paired with Physical Actors and Their Actions – 

American obsession with social media has overlooked the real world actors assisting Russian influence operations in cyber space, specifically “Useful Idiots,” “Fellow Travelers,” and “Agent Provocateurs.”

“Useful Idiots” – Meddling in the U.S. and now European elections has been accentuated by Russian cultivation and exploitation of “Useful Idiots” – a Soviet era term referring to unwitting American politicians, political groups and government representatives who further amplify Russian influence amongst Western populaces by utilizing Russian kompromat and resulting themes.

“Fellow Travelers” – In some cases, Russia has curried the favor of “Fellow Travelers” – a Soviet term referring to individuals ideologically sympathetic to Russia’s anti-EU, anti-NATO and anti-immigration ideology. A cast of alternative right characters across Europe and America now openly push Russia’s agenda both on-the-ground and online accelerating the spread of Russia’s cyber-enabled influence operations.

“Agent Provocateurs” – Ever more dangerous may be Russia’s renewed placement and use of “Agent Provocateurs” – Russian agents or manipulated political supporters who commit or entice others to commit illegal, surreptitious acts to discredit opponent political groups and power falsehoods in cyber space. Shots fired in a Washington, D.C. pizza parlor by an American who fell victim to a fake news campaign called #PizzaGate demonstrate the potential for cyber-enabled influence to result in real world consequences. While this campaign cannot be directly linked to Russia, the Kremlin currently has the capability to foment, amplify, and through covert social media accounts, encourage Americans to undertake actions either knowingly or unknowingly as Agent Provocateurs.

Each of these actors assists Russia’s online efforts to divide Western electorates across political, social, and ethnic lines while maintaining a degree of “plausible deniability” with regards to Kremlin interventions. In general, Russian influence operations targeting closer to Moscow and further from Washington, D.C. will utilize greater quantities and more advanced levels of human operatives to power cyber-influence operations. Russia’s Crimean campaign and their links to an attempted coup in Montenegro demonstrate the blend of real world and cyber influence they can utilize to win over target audiences. The physical station or promotion of gray media outlets and overt Russian supporters in Eastern Europe were essential to their influence of the U.S. Presidential election and sustaining “plausible deniability.”

It’s important to note that America is not immune to infiltration either, physically or virtually.  In addition to the Cold War history of Soviet agents recruiting Americans for Active Measures purposes, the recently released dossier gathered by ex MI6 agent Chris Steele alleges on page 8 that Russia used “Russian émigré & associated offensive cyber operatives in U.S.” during their recent campaign to influence the U.S. election. While still unverified, if true, the employment of such agents of influence in the U.S. would provide further plausible deniability and provocation capability for Russian cyber-enabled influence operations.

2) How can the U.S. government counter cyber-enabled influence operations?

When it comes to America countering cyber-enabled influence operations, when all is said and done, far more is said than done. When the U.S. has done something to date, at best, it has been ineffective. At worst, it has been counterproductive. Despite spending hundreds of millions of dollars since 9/11, U.S. influence operations have made little or no progress in countering al Qaeda, its spawn the Islamic State or any connected jihadist threat group radicalizing and recruiting via social media.

Policymakers and strategists should take note of this failure before rapidly plunging into an information battle with state sponsored cyber-enabled influence operations coupled with widespread hacking operations – a far more complex threat than any previous terrorist actor we’ve encountered.  Thus far, U.S. cyber influence has been excessively focused on bureaucracy and expensive technology tools – social media monitoring systems that have failed to detect the Arab Spring, the rise of ISIS, the Islamic State’s taking of Mosul, and most recently Russia’s influence of the U.S. election.  America will only succeed in countering Russian influence by turning its current approaches upside down, clearly determining what it seeks to achieve with its counter influence strategy and then harnessing top talent empowered rather than shackled by technology – a methodology prioritizing Task, Talent, Teamwork and Technology in that order.

Task – Witnessing the frightening possibility of Russian interference in the recent U.S. Presidential election, American policy makers have immediately called to counter Russian cyber influence.  But the U.S. should take pause in rushing into such efforts. The U.S. and Europe lack a firm understanding of what is currently taking place.  The U.S. should begin by clearly mapping out the purpose and scope of Russian cyber influence methods.  Second, American politicians, political organizations and government officials must reaffirm their commitment to fact over fiction by regaining the trust of their constituents through accurate communications. They must also end their use of Russian kompromat stolen from American citizens’ private communications as ammunition in political contests. Third, the U.S. must clearly articulate its policies with regards to the European Union, NATO, and immigration, which, at present, sometimes seems to mirror rather than counters that of the Kremlin. Only after these three actions have been completed, can the U.S. government undertake efforts to meet the challenge of Russian information warfare through its agencies as I detailed during my previous testimony.

Talent –Russia’s dominance in cyber-enabled influence operations arises not from their employment of sophisticated technology, but through the employment of top talent. Actual humans, not artificial intelligence, achieved Russia’s recent success in information warfare. Rather than developing cyber operatives internally, Russia leverages an asymmetric advantage by which they coopt, compromise or coerce components of Russia’s cyber criminal underground.  Russia deliberately brings select individuals into their ranks, such as those GRU [Russia’s foreign intelligence agency] leaders and proxies designated in the 29 December 2016 U.S. sanctions. Others in Russia with access to sophisticated malware, hacking techniques or botnets are compelled to act on behalf of the Kremlin.

The U.S. has top talent for cyber influence but will be unlikely and unable to leverage it against its adversaries.  The U.S. focuses on technologists failing to blend them with needed information campaign tacticians and threat analysts.  Even further, U.S. agency attempts to recruit cyber and influence operation personnel excessively focus on security clearances and rudimentary training thus screening out many top picks.  Those few that can pass these screening criteria are placed in restrictive information environments deep inside government buildings and limited to a narrow set of tools.  The end result is a lesser-qualified cyber-influence cadre with limited capability relying on outside contractors to read, collate and parse open source information from the Internet on their behalf.  The majority of the top talent needed for cyber-enabled influence resides in the private sector, has no need for a security clearance, has likely used a controlled substance during their lifetime and can probably work from home easier and more successfully than they could from a government building.

Teamwork – Russia’s cyber-enabled influence operations excel because they seamlessly integrate cyber operations, influence efforts, intelligence operatives and diplomats into a cohesive strategy.  Russia doesn’t obsess over their bureaucracy and employs competing and even overlapping efforts at times to win their objectives.

Meanwhile, U.S. government counter influence efforts have fallen into the repeated trap of pursuing bureaucratic whole-of-government approaches. Whether it is terror groups or nation states, these approaches assign tangential tasks to competing bureaucratic entities focused on their primary mission more than countering cyber influence.  Whole-of-government approaches to countering cyber influence will assign no responsible entity with the authority and needed resources to tackle our country’s cyber adversaries.  Moving forward, a task force led by a single entity must be created to counter the rise of Russian cyber-enabled operations.

Technology – Over more than a decade, I’ve repeatedly observed the U.S. buying technology tools in the cyber- influence space for problems they don’t fully understand. These tech tool purchases have excessively focused on social media analytical packages producing an incomprehensible array of charts depicting connected dots with different colored lines. Many of these technology products represent nothing more than modern snake oil for the digital age.  They may work well for Internet marketing but routinely muddy the waters for understanding cyber influence and the bad actors hiding amongst social media storm.

Detecting cyber influence operations requires the identification of specific needles, amongst stacks of needles hidden in massive haystacks. These needles are cyber hackers and influencers seeking to hide their hand in the social media universe. Based on my experience, the most successful technology for identifying cyber and influence actors comes from talented analysts that first comprehensively identify threat actor intentions and techniques and then build automated applications specifically tailored to detect these actors.  The U.S. government should not buy technical tools nor seek to build expensive, enterprise-wide solutions for cyber-influence analytics that rapidly become outdated and obsolete.  Instead, top talent should be allowed to nimbly purchase or rent the latest and best tools on the market for whatever current or emerging social media platforms or hacker malware kits arise.

3. What can the public and private sector do to counter influence operations?

I’ve already outlined my recommendations for U.S. government actions to thwart Russia’s Active Measures online in my previous testimony on 30 March 2017. Social media companies and mainstream media outlets must restore the integrity of information by reaffirming the purity of their systems. In the roughly one month since I last testified however, the private sector has made significant advances in this regard. Facebook has led the way, continuing their efforts to reduce fake news distribution and removing up to 30,000 false accounts from its system just this past week. Google has added a fact checking function to their search engine for news stories and further refined its search algorithm to sideline false and misleading information. Wikipedia launched a crowd-funded effort to fight fake news this week.  The key remaining private sector participant is Twitter, as their platform remains an critical networking and dissemination vector for cyber-enabled influence operations.  Their participation in fighting fake news and nefarious cyber influence will be essential. I hope they will follow the efforts of other social media platforms as their identification and elimination of fake news spreading bots and false accounts may provide a critical block to Russian manipulation and influence of the upcoming French and German elections.

In conclusion, my colleagues and I identified, tracked and traced the rise of Russian influence operations on social media with home computers and some credit cards. While cyber-influence operations may appear highly technical in execution, they are very human in design and implementation.  Technology and money will not be the challenge for America in countering Russia’s online Active Measures; it will be humans and the bureaucracies America has created that prevent our country from employing its most talented cyber savants against the greatest enemies to our democracy. Full article here.

Posted in Citizens Duty, Cyber War, Department of Defense, Department of Homeland Security, DOJ, DC and inside the Beltway, FBI, Insurgency, Military, NSA Spying, Russia, The Denise Simon Experience, Trump Administration, Whistleblower.

Denise Simon