Small Wars Journal

The Internet Research Agency: Spreading Disinformation

Fri, 10/30/2020 - 10:27am

The Internet Research Agency: Spreading Disinformation

 

Christian Bills

 

            The United States is the target of countless threats from around the world. In the age of ecommerce, instant communication, and the expansion of the internet cyber threats have become some of the most terrifying adversaries. Enemies of the United States have all weaponized this ever-growing form of communication and information source and have been quick to understand that for every road closed more are presented. The internet allows these threats to combat the United States on a level playing field as they can create programs to hack into government websites, liquidate financial accounts, steal sensitive or classified information, or spread disinformation on either official or social media platforms. One group in particular has been highly successful in this new war being waged and they are known as the Internet Research Agency (IRA). This Russian based internet troll farm has been able to inflict damage on the United States in multiple ways using the spread of disinformation to affect political elections, infiltrate social media platforms, and to collect information on U.S. citizens.

            “Former Director of National Intelligence James Clapper stated in 2015 that Russia was one of the top cyber threats that the United States faced today. Director Clapper’s declaration regarding Russia as a cyber-threat reflects their increased abilities and increased disdain towards the United States.” (Shuya, 2018, p. 3) This is highlighted in a Daily Mail post from the United Kingdom lifting the mask off the Russian backed internet agents. “Vladimir Putin has an army of professional trolls running thousands of fake Twitter and Facebook accounts to flood social media with pro-Russia propaganda.  Hundreds of workers are paid £500 [$613] a month to work exhausting 12-hour shifts bombarding the internet with comments placing Putin in a more favorable light. The trolls work under strict conditions which see them banned from talking and even forging friendships with one another” (Matthew, 2015) Of the thousands of internet troll farms littered throughout Russian the Internet Research Agency has been identified by several United States and European Union Justice and Security officials as a top cyber threat.

The Internet Research Agency:

            The Internet Research Agency is controlled by a man named Yevgeniy Viktorovich Prigozhin, better known as “Putin’s Chef,” due to his personal relationship with Putin. According to Defense One “The Internet Research Agency is a Russian troll farm in St. Petersburg—in essence a Kremlin-backed enterprise staffed with hundreds of people whose main job is to sow disinformation on the internet.” (Calamur, 2018) Prigozhin did not begin his career as an internet troll farm profiteer but rather as a champion level skier who had his prospective athletic career cut short when he was arrested in 1981 and “sentenced to 12 years in prison for robbery, fraud and involving minors in prostitution. He served nine years.” (2017) His entrance into the culinary world began in 1990 when we opened a fast food restaurant, followed by a chain, in Saint Petersburg and Moscow. This quickly attracted the attention of Putin and other high-level Kremlin dignitaries. “Putin also made Prigozhin very wealthy, awarding his catering company – Concord Catering (named in the Mueller indictment) – contracts for school lunches and military meals. Prigozhin reportedly has ties to the oil industry too and has referred to himself as an adviser to the presidential administration.” (2017) Prigozhin’s transition from fast food chain owner to troll farmer oligarch is murky however, it can be assumed that Putin, ever the operative and manipulator, believed his talents could be used to damage the United States. Surrounded by secrecy and protected by Federation resources the last known home of the IRA resided in an “office building at 55 Savushkina Street…. It sits in St. Petersburg’s northwestern Primorsky District, a quiet neighborhood of ugly Soviet apartment buildings and equally ugly new office complexes. Among the latter is 55 Savushkina; from the front, its perfect gray symmetry, framed by the rectangular pillars that flank its entrance, suggests the grim impenetrability of a medieval fortress. Behind the glass doors, a pair of metal turnstiles stand guard at the top of a short flight of stairs in the lobby.” (Chen, 2015) 

            The Internet Research Agency first gained international attention in 2007 with the Bronze Soldier incident. The decision by the Estonian government to move a Soviet war statue to a less prominent place in its capital city of Tallinn infuriated the Kremlin. In retribution the IRA hacked “Online services of Estonian banks, media outlets and government bodies were taken down by unprecedented levels of internet traffic. Massive waves of spam were sent by botnets and huge amounts of automated online requests swamped servers. The result for Estonians citizens was that cash machines and online banking services were sporadically out of action; government employees were unable to communicate with each other on email; and newspapers and broadcasters suddenly found they couldn't deliver the news.” (McGuinness, 2017)

In 2014 IRA again made headlines when multiple Russian conspirators were indicted for gathering intelligence about U.S. politics when they visited 10 states throughout the country. “Officials say as the operation progressed; the suspects also engaged in extensive online conversations with Americans who became unwitting tools of the Russian efforts. [However,] The indictment does not accuse the Russian government of involvement in the scheme, nor does it claim that it succeeded in swaying any votes. Deputy Attorney General Rod J. Rosenstein said the suspects allegedly conducted what they called ‘information warfare against the United States,’ with the stated goal of spread[ing] distrust towards the candidates and the political system in general.” (Eltagouri, 2018) This act solidified a new front on the information war between the United States and the Russian Federation as both states expelled large amounts of resources to combat the others' capabilities.

Political Meddling: 

Following the 2016 Presidential election the IRA was again in the news as the United States Justice Department indicted Prigozhin, the IRA, and more than 10 other Russian affiliates with tampering and attempting to alter the election outcome. In the indictment the Justice Department asserted that the Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts. Over time, these social media accounts became Defendants’ means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016.” (2018)

            In the time since the indictment it has been discovered that the IRA, and other Russian troll farms, have been operating not just to disrupt elections of the United States, but also attempting to destabilize the order of society by dispersing propaganda via fake internet media sources. Results of a Gallup Poll Conducted in 2019 indicate how dependent our society has become on the internet and social media for information. Please indicate how often you get your news from each of the following sources -- News on the computer or a smartphone using the internet?”

 

 

 

 

Every day

Several times a week

Occasionally

Never

No opinion

 

%

%

%

%

%

2019 May 15-30

49

15

18

18

*

2008 Dec 4-7

31

11

22

35

*

2006 Dec 11-14

22

11

24

43

*

2004 Dec 5-8

20

6

25

49

*

* Less than 0.5%; 2002-2008 WORDING: News on the internet; 1995-1999 WORDING: News on the computer using the internet or an online computer service

GALLUP

 

The regular daily use of the internet to find news offers the IRA a multitude of opportunities to collect information and to spread misinformation throughout high traffic internet sites. A study conducted by Rand Corporation found this to be effective as the IRA continued to disseminate false information to the American people under the protection of fake accounts. The study pronounced that “In October 2017, news broke that Russia had exploited Facebook as part of its information campaign. The Internet Research Agency created dozens of Facebook pages that sought to exploit and expand various social divisions within the United States that included race, religion, political affiliation, and class. These pages used Facebook advertising algorithms to target the ads to populations most vulnerable to the intended message.” (Helmus, Bodine-Baron, Radin, Magnuson, Mendelsohn, Marcellino, Bega, & Winkelman, 2018, p. 8) The study further identified how the IRA was successful in creating false advertisements that weaponized one of the most commonly used forms of social media in the world. One example includes the creation of the “Being Patriotic’ [group] sought to rally Americans against expansions of refugee settlements. It also sent out missives attempting to dupe audiences into believing that federal employees were, in effect, seizing land from private property owners. (Helmus, Bodine-Baron, Radin, Magnuson, Mendelsohn, Marcellino, Bega, & Winkelman, 2018, p. 9)

 

Mission and Execution:

Operationalizing the IRA to spread disinformation, meddle in elections, and fracture the public’s perception of the political security of the United States was a strategic decision made by the Kremlin. Taylor categorize this utilization of the IRA as a means of terrorism and political theory. Taylor argues that “The psychological, economic, strategic, and political consequences of violence associated with terrorism are often much more prominent than the attack itself. Short term effects of terrorism involve an immediate psychological effect on society, but are relatively benign compared to the long-term impact, which includes a widespread realization of vulnerability. Government and business depend on these critically vital systems, making them prize targets for individuals aimed at destroying normalcy. To compound the problem, these systems have been built by information elites that control them.” (Taylor, 2019, p. 72) The actions of the IRA are in agreement with this theory, especially in regard to the long-term vs short-term psychological impact and fostering a negative perception of political stability in the country. Despite the lack of physical violence associated with terrorism the focus of the IRA mirrors that of a terrorist group as they sought to invade critical infrastructure and to sow fear in the public eye. Their success cannot be denied as almost four years after the fact concerns and fears of further attacks still reside within the American political landscape. Taylor also contends that these concerns will remain as the IRA continues to operate against the United States. He states that “The modern and complex societies of today are built on information exchange, global processing, and reliance on computerization and telecommunication….Heretofore closed and secured systems became vulnerable to outside attack, relatively unsophisticated juvenile hackers could close down business enterprise with seeming ease, and the “experts” were mystified in ways to prevent such attacks.” (Taylor, 2019, p. 73) The IRA fully embodied this fear as a group of relatively unknown hackers from a foreign country negatively impacted the most important political event the world.

            Additional concerns have also been addressed by experts pertaining to the IRA. Most notably is their access to the unknowing masses. With the knowledge that nearly every American uses the internet daily, and that nearly half of all Americans use the internet as their main form of news collection provides the IRA with a tantalizing opportunity to continue their operations. Several of these include the continued violation of social media platforms, hacking federal websites, and collecting information on American persons. To combat these acts federal and international governments have set about conducting legal cases against the IRA. Of these, two categories have stood out amongst the others given the negative impact on political or private institutions.  This endeavor began following the 2007 Bronze Soldier attacks which resulted in the formation of a convention comprised of NATO and European Union members. “Nations that are party to the convention also agree to cooperate with investigations, to provide mutual assistance concerning cybercrimes, and to pursue the collection of evidence. The extradition of alleged cyber criminals is also agreed to by parties to the treaty. Disagreements between states that have ratified the treaty include direct negotiations, settlement in front of the European Committee on Crime Problems (CDPC), a tribunal for arbitration or adjudication in front of the International Court of Justice. The Convention on Cybercrime gave a framework for cooperation among member states for the prosecution of cyber criminals by removing safe havens for the cyber criminals.” (Ashmore, 2009, p. 25) Despite this the IRA remained relatively unaffected as the Russian government refused to sign the treaty and therefore was not obligated to participate in extradition demands or any other legal statues created with its signing.

            The most recent legal case against the IRA came in the form of the previously mentioned investigation conducted by the Select Committee on Intelligence United States Senate on the Russian Active Measures Campaigns and Interference in the 2016 U.S. Election. According to the investigation report the committee stated that the legal ramifications moving forward were to be severed. “We now have well-established relationships with law enforcement agencies active in this arena, including the Federal Bureau of Investigation Foreign Influence Task Force and the U.S. Department of Homeland Security's Election Security Task Force. Facebook has made similar representations to the Committee: After the election, when the public discussion of 'fake news' rapidly accelerated, we continued to investigate and learn more about the new threat of using fake accounts to amplify divisive material and deceptively influence civic discourse. We shared what we learned with government officials and others in the tech industry. Since then, we also have been coordinating with the FBI's Counterintelligence Division and the DOJ's National Security Division. We are also actively engaged with the Department of Homeland Security, the FBI's Foreign Influence Task Force, and Secretaries of State across the US on our efforts to detect and stop information operations, including those that target elections.” (2018, p. 72)

            The trial facing the troll group is set to begin on 6 August of 2020. The list of charges included the use information warfare against the United States and meddling in the political affairs of the nation. “Prosecutors allege the accounts staged political rallies in the U.S. and posted content disparaging to former Democratic presidential candidate Hillary Clinton during what the government has assessed to be a broad attack from Russia against various elements of the U.S. electoral system and the Clinton campaign….The Justice Department unsealed an indictment in early 2018 charging counts of criminal conspiracy against Concord and the Internet Research Agency, as well as their alleged mastermind, Russian oligarch Yevgeny Prigozhin, a related company and several other individuals implicated in their operations. American lawyers representing Concord [& the IRA] pleaded not guilty to all counts on the company’s behalf in May 2018.” (Blake, 2019) The results of this case will surely set the precedent for any future largescale state operated cyber-warfare group. Regardless it can be assumed that the activities of the IRA will continue to be condoned by the Russian Federation government and their activity will continue to be monitored. One study conducted by the Cardiff University Crime & Security Research Institute concluded that regulation and legal ramifications will only have a minor impact on the actions of the IRA. “If the best predictor of likely future conduct is past behaviour, then this analysis has documented a sustained and wide-ranging interest in European political elections and democratic events on the part of social media accounts covertly run on behalf of the Kremlin. In the run up to the 2019 European Parliamentary elections, the analysis has presented evidence on the nature of the risks and threats presented to the integrity of the democratic process.” (Dawson & Innes, 2019, p. 17)

            Though there is legislation in place outlining the criminal statues of the actions conducted by the IRA it is not reasonable to believe that these alone will be successful in defending against further hacking attempts. Law enforcement agencies on the federal and state level are now being tasked with the challenge of undermining the efforts of troll groups and apprehending those domestic actors who are positioned within the United States. This massive game of cat and mouse has been met with numerous challenges that include a lack of adequate training, lack of efficient equipment, and lack of coordination between local law enforcement and other departments and agencies. These three areas are essential to the success in combating cybercrime groups, like the IRA or others.

            Response to the Cyber-Threat

In response to the growing level of cybercrime and the blatant violation of our national sovereignty federal agencies have sought to address these short comings. The strength of the IRA is in its numbers and ability to hide in plain sight through their bot accounts or stolen identities. To the untrained eye these fake accounts are nearly discernable from that of a real user or supposedly real internet news agency. Unfortunately, training for this type of police work is often not provided by local law enforcement and if there are those with the training, they are few and far between. To close this gap the United States Secret Service (USSS) has provided a measure to not only assist local law enforcement departments but the overall strategic mission of the USSS. “National Computer Forensics Institute, the pupils are hardened police officers, prosecutors and, occasionally, a judge. Instruction mimics what the agency teaches its own special agents. And tuition is not only free, but the Secret Service throws in travel, room, board and, for police officers, tens of thousands of dollars of technology to set up their own forensics’ labs back home…. A five-week course for police on the basics of computer evidence recovery is the most popular, and graduates of the course leave here with $28,000 worth of technology and the ability to search seized computers for evidence of a crime. A similar course on mobile devices is growing in popularity. And more advanced courses cover network intrusion.” (Fandos, 2017) This decision by the USSS to assist with the training and access to necessary equipment to the fight against cyber criminals like the IRA is a dramatic step forward for local law enforcement departments. The ability to identify cyber threats and having equipment to confirm and trace suspects turns the table in favor of law enforcement officials. For those who have received the training and equipment it has eliminated the dependence on larger state or federal departments to act on the threat.

            Furthermore, the efforts of law enforcements have begun to produce realistic policies and strategies to identify and apprehend threats, which includes those agents within the IRA. According to the Police Chief Magazine one of the newest methods for identifying an IRA threat, or others, is to label that individual(s) as an advanced persistent threat (APT). This “refers to persons engaged in technically sophisticated, stealthy, continuous computer hacking efforts, frequently orchestrated by international organized crime or adversarial nation states.”  (Quinn, 2018) Once identified the new policies incorporate a joint operation between the local IT professional and the U.S. Department of Homeland Security’s National Cybersecurity Assessment and Technical Services Section. This process is completely free to the department which requests their assistance and does a full scope of investigation to include: “Cyber Hygiene: Vulnerability Scanning, Phishing Campaign Assessment (PCA), Risk and Vulnerability Assessment (RVA), and Validated Architecture Design Review (VADR).” (2019) Additionally, the DHS’s has continued targeting the IRA and other cybercrime groups with their “official role in countering Russian disinformation operations [beginning] in January 2018. The department took the lead for risk management relating to elections and other critical infrastructure. Specifically, according to DHS officials, the department is attempting to coordinate information-sharing and partnerships between state and local governments, private sector companies, and federal departments and agencies.” (Bodine-Baron, Helmus, Radin, & Treyger, 2018, p.14) This decision to place the led investigative process and apprehension responsibility in the hands of the domestic law enforcement departments and the DHS instead of the larger agencies such as the NSA and the CIA is to ensure that rights or liberties of American citizens are not violated.

 

           

Lessons Learned

The IRA was successful in its mission to collect information on Americans, spread disinformation on a massive platform, and damage the trust in political institutions in the United States. Moving forward it is almost certain this group, or another troll farm, will continue its mission of undermining the United States in the hopes of furthering the ideologies and the beliefs of its leader. This real threat will persist and due to the continued reliance on the internet will most likely only increase. However, as our law enforcement agencies continue to learn from past incidents our security apparatus will continue to improve. Examples of lessons learned can be found by reviewing the actions taken in response to the 2007 Tallin attack and the 2016 election breach. These two alone have revealed the large gaps which exist in our global cyber security defense. Yet the steps taken by international treaties, and individual federal agencies, as well as local law enforcement departments have established true hurdles for the offensive capabilities of the IRA. However, the best chance at undermining the actions of groups such as this is will largely depend on the vigilance of the individual. As it has been found with the spread of disinformation it is necessary to be informed on what is happening, using multiple outlets to include print, television, and radio as opposed to simply relying on what is produced on the internet. An informed public not only assists with reporting cybercrime to law enforcement but also eliminates what popular media has identified as “fake news,” and replaces it with the facts. However, this is unlikely as most of the country will continue to grow more dependent on internet resources and the burden will fall on law enforcement departments. This will demand a sustained growth in innovation, training, and creation of new policies to fight back against these agents of chaos. Additionally, this will require a significant increase in funding from both federal and state governments, otherwise these departments will become overwhelmed as actors like the IRA will continue to flourish and negatively affect the United States and the West.

*The content of this paper does not reflect or represent the official position of the United States Government, the Department of Defense, or the United States Air Force and was compiled on my own time for my educational studies.*

 

 

Work Cited

 

Ashmore, W. C. (2009, May). Impact of Alleged Russian Cyber Attacks. Retrieved April 22, 2020, from https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-027.pdf

 

Blake, A. (2019, October 12). Trial in Russian troll farm case set for April 2020. Retrieved April 23, 2020, from https://www.washingtontimes.com/news/2019/oct/12/trial-in-russian-troll-farm-case-set-for-april-202/

 

Calamur, K. (2018, February 17). What Is the Internet Research Agency? Retrieved 2020, from https://www.defenseone.com/threats/2018/02/what-internet-research-agency/146085/

 

Chen, A. (2015, June 2). The Agency. Retrieved March 24, 2020, from https://www.nytimes.com/2015/06/07/magazine/the-agency.html

Dawson, A., & Innes, M. (2019, May). THE INTERNET RESEARCH AGENCYIN EUROPE 2014-2016. Retrieved April 22, 2020, from https://static1.squarespace.com/static/57875c16197aea2902e3820e/t/5cd14804104c7bb3cafeaa06/1557219339758/TheInternetResearchAgencyInEurope2014-2016.pdf

 

Eltagouri, M. (2018, February 17). The rise of Putins chef, the Russian oligarch accused of manipulating the U.S. election. Retrieved March 25, 2020, from https://www.washingtonpost.com/news/worldviews/wp/2018/02/16/the-rise-of-putins-chef-yevgeniy-prigozhin-the-russian-accused-of-manipulating-the-u-s-election/

 

Fandos, N. (2017, July 20). The Secret Service Calls for Backup on Its Other Job. Retrieved April 23, 2020, from https://www.nytimes.com/2017/07/20/us/politics/secret-service-alabama-school-cybercrime.html  

 

Helmus, T. C., Bodine-Baron, E., Radin, A., Magnuson, M., Mendelsohn, J., Marcellino, W., … Winkelman, Z. (2018). Russian Social Media Influence: Understanding Russian Propoganda in Eastern Europe. Retrieved March 26, 2020, from https://www.rand.org/content/dam/rand/pubs/research_reports/RR2200/RR2237/RAND_RR2237.pdf

 

McGuinness, D. (2017, April 27). How a cyber attack transformed Estonia. Retrieved April 22, 2020, from https://www.bbc.com/news/39655415

 

Quinn, C. (2018, December 12). https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/. Retrieved April 22, 2020, from https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/

 

Sam Matthew, “Revealed: How Russia’s ‘Troll Factory’ Runs Thousands of Fake Twitter and Facebook Accounts to Flood Social Media with Pro-Putin Propaganda,” The Daily Mail, March 28, 2015, available at: http://www.dailymail.co.uk/news/article-3015996/How-Russia-s-troll-factory-runs-thousands-fake-Twitter-Facebook-accounts-flood-social-media-pro-Putin-propaganda.html

Savage, P. (2017). (Rep.). American Security Project. Retrieved April 23, 2020, from www.jstor.org/stable/resrep06042

 

SHUYA, M. (2018). Russian Cyber Aggression and the New Cold War. Journal of Strategic Security, 11(1), 1-18. Retrieved March 27, 2020, from www.jstor.org/stable/26466903

 

Taylor, R. W., Fritsch, E. J., Liederbach, J., Saylor, M. R., & Tafoya, W. L. (2019). Cyber crime and cyber terrorism (Fourth). NY, NY: Pearson.

 

Yevgeniy Prigozhin. (2017). Retrieved March 25, 2020, from https://investigaterussia.org/players/yevgeniy-prigozhin

 

Internet Research Agency Indictment. (2018, February 16). Retrieved March 23, 2020, from https://www.justice.gov/file/1035477/download

 

Gallup. (2019, October 22). Media Use and Evaluation. Retrieved March 25, 2020, from https://news.gallup.com/poll/1663/media-use-evaluation.aspx

 

National Cybersecurity Assessments and Technical Services (NCATS). (2019). Retrieved April 22, 2020, from https://www.us-cert.gov/resources/ncats

 

(U)REPORT OF THE REPORT 116-XX SELECT COMMITTEE ON INTELLIGENCE UNITED STATES SENATE ON RUSSIAN ACTIVE MEASURES CAMPAIGNS AND INTERFERENCE IN THE 2016 U.S. ELECTION ' VOLUME 2: RUSSIA'S USE OF SOCIAL MEDIA WITH ADDITIONAL VIEWS . (2018). Retrieved April 23, 2020, from https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume2.pdf

 

           

 

About the Author(s)

Christian Bills is a Second Lieutenant in the United States Air Force. He has a Bachelors Degree in Political Science from Saint Joseph's University and is pursuing a Graduate Degree from Point Park in Intelligence and Global Security. Christian has been previously published for his research on Negative Peace and the Chechen conflict in the SJU Hayes History Journal (Russia Chenya "Why negative peace was the only option") was on the War on Drugs analyzing its continuation published on OpenAmericas.org (Why the War on Drugs Isn't Over). He has also attended Project Global Officer; a language and cultural program hosted by University of Tartu in Narva Estonia, a highly selective program only given to high achieving military cadets.