Cyberwarfare / Nation-state attacks
Russian Information Warfare Operations Continue Unabated; What Can Be Done?
Russian President Vladimir Putin has issued an unequivocal promise about extraditing 13 Russian nationals recently indicted by the U.S. Department of Justice on charges that they meddled in the 2016 U.S. elections: “Never.”
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
In a Feb. 16 press conference, U.S. Deputy Attorney General Rod Rosenstein announced that the ongoing investigation by special counsel Robert Mueller had delivered an indictment against 13 Russian nationals and three Russian companies, charging them with interfering with the U.S. political system as part of what the U.S. Department of Justice characterized as an “information warfare” campaign (see US Indicts 13 Russians for Election Interference).
Rosenstein was asked during the press conference about whether the U.S. had asked for the suspects to be extradited. “There have been no communications with the Russians about this, we’ll follow the ordinary process of seeking cooperation and extradition,” he said.
Putin, however, has now addressed the extradition question in an interview with NBC. “Never. Russia does not extradite its citizens to anyone,” Putin told reporter Megyn Kelly in an interview that first aired Sunday.
The Russian president also said his government was not going to respond to the charges filed by the Justice Department until it shares “some materials, specifics and data.” At that point, Putin said his government would be “prepared to look at them and talk about it.”
But Putin dismissed outright any suggestion that his government had anything to do with a St. Petersburg-based company called the Internet Research Agency that was named in the indictment as being an alleged industrialized troll factory that sought to sway U.S. public opinion via social media accounts. Russian oligarch Yevgeny Prigozhin, a close friend of Putin, allegedly bankrolled the IRA (see Anatomy of a Russian Information Warfare Campaign).
“I know that they do not represent the Russian state, the Russian authorities,” Putin said. “What they did specifically, I have no idea.”
Trolls Also Targeted Tumblr, Reddit
The federal indictment unsealed on Feb. 16 said that the defendants used U.S.-based computer servers to create a virtual private network that made them appear to be U.S.-based. “The defendants allegedly used that infrastructure to establish hundreds of accounts on social media networks such as Facebook, Instagram and Twitter, making it appear that the accounts were controlled by persons within the United States,” it reads.
Last week, Daily Beast reported that the Kremlin-backed troll farm also ran influence campaigns that targeted Reddit and Tumblr.
“Content from IRA-backed websites like BlackMattersUs.com received hundreds – and sometimes thousands [of] upvotes on subreddits like r/The_Donald and r/HillaryForPrison in the run-up to the 2016 election,” Daily Beast reported. “Trolls purporting to represent the troll farm promised an Ask Me Anything session in October, but the Q-and-A never occurred.”
Multiple U.S.-based social networks have said they’re attempting to combat these activities. “We’re committed to creating platforms consumers can trust, and any abuse of our services is deeply concerning to us,” Tumblr’s parent company, OAuth, said in a statement. “Like others in the technology industry, we’re continuously investigating and referring criminal and state-sponsored activity on our platforms to appropriate law enforcement authorities.”
‘Little Price to Pay’
Last month, Director of National Intelligence Dan Coats testified before the Senate Intelligence Committee that “the 2018 U.S. midterm elections are a potential target for Russian influence operations” and said U.S. intelligence agencies had seen no reduction in Russia’s efforts since the 2016 elections (see Russia Will Meddle in US Midterm Elections, Spy Chief Warns).
Last week, however, Adm. Michael S. Rogers, director of the NSA and chief of U.S. Cyber Command, told the Senate Armed Services Committee that President Donald Trump has not authorized him to counter Russia’s efforts at the source via network operations (see Russian Meddling: Trump Hasn’t Ordered Direct NSA Response).
“My concern is, I believe that President Putin has clearly come to the conclusion there’s little price to pay here and that therefore, I can continue this activity,” Rogers testified. “Clearly, what we’ve done hasn’t been enough.”
Best Response: Unclear
But taking the gloves off Cyber Command and the NSA is not necessarily the best course of action, says cybersecurity expert Jake Williams, a former member of the agency’s hacking group.
“Influence operations in cyberspace are a form of asymmetric warfare,” Williams, now head of cybersecurity consultancy Rendition Infosec, says in a “countering Russian cyber influence operations” blog post.
Economics favor the attacker. “As we have learned from Facebook’s identification of advertising buys by Russian organizations, the cost to launch an influence operation is low,” Williams writes. “Unfortunately, the cost to counter an influence operation is very high. There are very limited options to counter a cyber influence operation and they all have serious problems.”
Williams says that so far, there appear to be six potential ways to counter Russia’s influence operations. But all of them have an Achilles heel:
- Counter operations: U.S.-launched counter information warfare operations could attempt to “negate undue influence from foreign actors” but will be immediately dismissed as U.S. government propaganda, he says.
- Hack back: Buying advertising on Facebook remains inexpensive, and the U.S. could be fooled via false-flag operations into attacking the wrong group.
- Sanctions: It’s not clear these work.
- Ceasefire attempts: Influence operations could also be used to try and reach a ceasefire. But Williams says this risks inflaming political tensions and accurately attributing all efforts could be impossible, meaning this course of action “is likely to cause more problems than it could ever solve.”
- Social media platform restrictions: Forcing the platforms used for influence to limit their susceptibility to such operations would likely equate to censorship, and may not even be effective.
- Indictments: Williams says he’s against using criminal charges against individuals who perform government missions. “Charging people individually will come back to hurt the U.S. when other nations begin charging our cyber operators for their actions,” he says.
Williams says his analysis carries a further caveat: He’s not an attorney, and it’s not clear to what extent any of the above, imperfect options might even be legal.
For now at least, the answer to how the U.S. might best counter Russian influence campaigns seems to remain “unknown.”