At the same moment that Yves Bigot received the call in the restaurant on April 8, messages had been posted on the channel’s Twitter and Facebook pages. They said the hackers were from a group calling themselves the “Cyber Caliphate”—masked jihadists appeared to be making threats against France. French investigators contacted counterparts from Britain’s GCHQ to help. As they looked into the attack, they got a surprise. The Cyber Caliphate was what is known in intelligence as a “false flag.” The network had actually been attacked by a group of Russian hackers from the GRU’s APT 28. What the GRU had done to TV5 was not espionage—its premeditated aim was destruction. This was something new.
All of Russia’s intelligence agencies knew what the small group in the Kremlin wanted to hear and understood it was in their interests to provide it rather than challenge it. The SVR offered to explain the world. But—not least because of the 2010 embarrassment—it was falling out of favor. Its rivals, meanwhile—the GRU and the FSB—offered to change the world. The GRU was deeply involved in Ukraine and also Syria, and if Russia was going to fight information warfare, then that meant that the GRU would muscle its way to the front of the pack. It had the ability to blend the real and the digital, carrying out cyber operations and traditional media campaigns in support of semi-covert military activity, and now it was clear it would even carry out destructive cyber attacks.
In London, the Joint Intelligence Committee, composed of senior intelligence and national security officials, struggled at their meeting to understand why TV5Monde had been targeted by the GRU (the CIA was reluctant at first to believe it was even possible). The conclusion was that it was likely an attempt to test cyber weapons under a vague cloak of deniability. “The best-case scenario was that the hackers were out of control; the worst case was that they were under the control of the state,” one spy chief thought. The concern was that a British general election was due just weeks after TV5 was taken down. What if British TV channels were taken off air on election night as the results were coming in? What would that do to trust in the democratic process? Broadcasters were urgently contacted to warn them of the risk and told to draw up contingency plans.
GCHQ divides up the world and its targets with NSA. The British agency had the lead on watching the GRU. The spy agency used its global signals intelligence capability—the ability to intercept traffic flowing through data pipes—to watch GRU activity. It effectively spied on a group of burglars and vandals as they went around different neighborhoods causing trouble. It often saw “indicators of compromise” of data being stolen and then sent back via a circuitous route to Moscow. In April 2016, GCHQ informed their American allies that they saw the Russians breaking and entering one of their properties. Nearly half a century earlier, it had been real-life burglars; now it was Russian cyber thieves who had broken into the Democratic National Committee. But as the United States entered an election year, it was not the only way that Russian spies—including a new type of illegals—were at work as a new conflict gathered pace.
26
The New Illegals
THE WHITE PICKUP truck driving around West Palm Beach, Florida, in August 2016 had a couple of American flags attached to the rear but also something you saw less often. On the back was a steel cage. Inside were some cheap plastic chairs and seated on them were two people. One was a pretty poor imitation of Bill Clinton, not nearly jowly or portly enough. Sitting next to him was a woman in a second-rate Hillary Clinton mask, in a T-shirt with what was supposed to be prison numbers on it. “I’m NOT with crooked Hillary,” read the sign on the back. The man who had built the truck had done so after a few phone calls from someone who did not speak great English but offered to pay for the work. What the man building the cage did not know—and like many others organizing rallies across America—was that he was being manipulated by a new breed of Russian illegals.
These new illegals were everywhere in America and nowhere. They were deep in communities but impossible to see. They were cajoling and criticizing, coordinating and controlling, and yet always out of reach. They were the new ghosts who, for too long, the authorities did not even know existed. And it was in the election of 2016 that they first made their presence felt.
RUSSIA SPYING ON American politics was not new. Back in the 1970s, the KGB had recruited a Democratic Party activist who reported on Jimmy Carter’s campaign and foreign policy plans. The Ghost Stories illegals were tasked with collecting intelligence on politics and the 2008 election. And Russian intelligence in the run-up to the 2016 election carried out intelligence collection against campaigns, think tanks, and lobbying groups. But this was all classic espionage of the type seen for decades—understanding who was up and who was down and what policies they might pursue in power that would affect Russian interests. This time it was going to be different. As well as espionage, there would be subversion. This should not have been a surprise to those who had watched Russia closely since the end of the Cold War. Putin and other former KGB officers around him blamed that defeat on subversion by the West and believed political interference by Western intelligence had never stopped since. Now they were going to respond. And there were new weapons in their armory.
THE LAKHTA CENTER is an eighty-seven-story skyscraper in St. Petersburg, due to be headquarters for the energy giant Gazprom. Project Lakhta, though, was run out of a far more anonymous, squat, modern building in the city. Project Lakhta was the cover name for the Kremlin’s overarching operation to influence politics. The squat building in St. Petersburg was home to what became its most famous vehicle for the project—the Internet Research Agency (IRA). There are other organizations with similar innocuous-sounding names, but the IRA is the one that has gained most attention, thanks to a detailed US indictment. It was registered in July 2013 (although some believe it was active earlier). The annual budget would run to roughly a million dollars a month and hundreds of staff were engaged in its work. Its aim was not just to understand what people thought but to change how they acted using modern social media. It grew out of the new Putin regime, scarred by the 2011 protests and determined to manage public opinion. The way to do that was pushing your message out and battling those who were against you. This could be done covertly by using the internet’s anonymity to pose as someone who you were not. In its early days, it was seen as simply a “troll factory”—but it would prove to be much more. It was actually something more akin to a factory manufacturing identities and mass-producing new illegals—the cyber variety.
Project Lakhta’s initial target was close to home. The Kremlin saw itself as engaged in political warfare in which the West was trying to stir up protest within Russia and its neighborhood. Project Lakhta’s job was to combat this. The Kremlin believed that if you control the information space, then you have won half the war. A rash of Twitter accounts first emerged in Russian supporting the government narrative. But these new tools were then turned abroad, particularly from 2014—the year of the Ukraine crisis. English-language accounts appeared as the Kremlin sought to build support at home, undermine Ukraine’s unity, and reduce the chance of the West responding to Russian actions. Those inside the IRA considered the expanding “foreign desks” to be more sophisticated than the domestic. Western intelligence officials say the IRA’s strongest language capabilities are in Russian and then English. The playbook Russia had road-tested over Ukraine—a mix of propaganda and cyber hacking—would be extended to the Baltics and Poland, on through the rest of Europe and all the way to the United States.
In April 2014, the IRA created a department that went by various names—one was the “translator project.” This would focus specifically on the US population and worked on social media platforms like YouTube, Facebook, Instagram, and Twitter. It would eventually have more than eighty employees assigned to it. The month after it was formed, the new team was discussing how to interfere with the 2016 election—still two and a half years away. This was a patient, long-term effort, not a last-minute rush job. Internally it acknow
ledged it was involved in “information warfare against the United States of America” using fictitious US personas on social media platforms—Russia’s new illegals.
To divide America, you needed to understand it. And there was only so much you could do from afar. So one of the first priorities was to carry out field research. Four staff members applied for visas in 2014. In the end only two traveled, arriving on June 4 and staying for twenty-two days, claiming they were friends who had met at a party. But it is alleged they were on an intelligence-gathering operation. This might not have been spying in the way most understood it, but they still took some precautions, including having “evacuation scenarios” if they were found out. It was quite the road trip, including stops in Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, and New York. On their return the pair exchanged intelligence reports on the trip. Another Russian went to Atlanta for four days in November. Among those who traveled was the specialist who oversaw the project’s data analysis group—a sign that this involved a different skill set from the spies of the past.
This was the evolution of the work that the old illegals had once carried out. The old illegals had the mission of spotting individuals of influence and of understanding where and how power flowed in Washington, New York, and Silicon Valley. But now the target was not the powerful but the common people. If you want to manipulate someone you need to understand them. These new spies were going to “Middle America” to understand what made ordinary people tick—what made them angry, how they talked, how they communicated. This was what you needed to understand, not how power flowed among the elite but how the people felt about the powerful. New tools had made it possible to conduct influence operations on the mass of the population remotely, but there was still the need for a new type of human intelligence obtained on the ground in order to target your work.
This was an updating of an old KGB concept—what are called “active measures.” Active measures, or influence operations, were a core part of KGB doctrine throughout the Cold War. The CIA estimated the USSR spent $4 billion a year on active measures in the 1980s, which included trying to influence people through fake stories. The aim was to weaken Moscow’s enemies by increasing distrust of the United States or undermining faith in the NATO alliance. The KGB tried to stir up conspiracy theories on John F. Kennedy’s assassination and smeared politicians and officials it did not like. It had also tried to influence politics, supporting social movements that might be sympathetic to its aims. In 1983, KGB agents in America were ordered “to acquire contacts on the staff of all possible presidential candidates and in both party headquarters . . . [and] to popularize the slogan ‘Reagan Means War!’” Many of the influence operations were abject failures but others—like claims that the US military was responsible for the AIDS virus—spread insidiously. After being first planted in Indian newspapers, it spread over years through sympathetic media in other countries. A new online world of social media offered the chance to do this at scale and at speed.
FOR DECADES RUSSIA feared its dependence on Western technology made it vulnerable. But now it realized it could exploit the vulnerabilities that a connected world created for its Western adversaries. Social media networks—which tech companies promised would help democratize information and empower ordinary people to speak their voice—turn out to be excellent at distributing propaganda, misinformation, and fake news. It was another way in which the West would be complicit in aiding Russian influence. The essence of social media—its speed, its anonymity, its openness, its love of controversy—made it ideal for Russian influence operations. Its decentralized nature allows hidden actors to reach large audiences quickly. Its algorithms can be gamed by those who understand it. Its frictionless anonymity was perfect for the type of identity transfer that spies used to engage in but were finding harder to do in the world of biometrics and databases. The new online world was perfect for a Putin judo slam.
Turning up for shifts like postmodern factory workers at their office in St. Petersburg were IRA staff referred to as “specialists.” Their job was to create social media identities that made it look like they were Americans. They were the online version of the storytellers of Department 2 of Directorate S. But if Department 2 were artisans, creating careful forgeries that could withstand expert scrutiny, the new “specialists” were playing cheap and dirty. Anonymity on the internet made their life much easier. As the old joke goes, on the internet no one knows you are a dog. No one knows you are a Russian, either.
The specialists were divided into day-shift and night-shift teams linked to US time zones. The aim was not to inform but to divide. They were given extensive and precise guidance on how to do this. “Our goal wasn’t to turn the Americans toward Russia,” one worker later told a Russian news outlet. “Our task was to set Americans against their own government: to provoke unrest and discontent.”
Young men and women—often using attractive pictures and posing as American—started posting about American politics, particularly expressing comments critical of the administration. Twitter was where it began but the first fake American Facebook accounts were created as early as the summer of 2014, and YouTube and Instagram would also be part of the campaign. They used Virtual Private Networks to hide the fact they were really in Russia—the digital version of a false mailing address or identification. When an account was shut down by Facebook for being suspicious, they would email administrators back and cite free speech and the US Constitution, claiming they were real Americans. After someone spoke to the news media about the IRA’s existence in 2015, security was tightened. Staff were told to maintain secrecy but also that they should be proud of their work: “Because every country has their own kind of organization that defends their national interests and distributes civil unrest,” managers told them. “This is information war, and it’s official.”
The fake profiles began to multiply. They were designed to address divisive issues and the growing polarization of American politics offered fertile ground for such an approach. The Russians did not create the divisions in American society, but they could play on them. The team created a page on immigration called “Secured Borders”; one on Black Lives Matter called “Blacktivist”; one on religion called “United Muslims of America”; and another called “Army of Jesus.” By 2016, the size of some of these groups had grown to hundreds of thousands of online followers. On Twitter, fake accounts included “Tennessee GOP,” which claimed to be controlled by the state party. It attracted more than 100,000 online followers. Automated accounts—so-called bots—would then amplify the messages from the fake American accounts. US media outlets sometimes quoted these Russian-controlled accounts, believing they reflected the views of real Americans.
In St. Petersburg, the “specialists” would receive regular feedback to ensure they looked as American as possible. In the early days it was recommended staff watch House of Cards to understand how American politics worked, but by the latter stages they had evolved significantly in their subtlety and were providing tutorials on the American tax system so that the posts would hit the right note. Their advantage was that they were flexible, always experimenting, seeing what might work, and discarding things that did not. Activity would spike at the time of political events like candidate debates in the primary or general election.
US intelligence believes influence campaigns were approved at the highest levels of the Russian government—particularly those campaigns that were politically sensitive. This operation was not run by the SVR, GRU, FSB, or any other intelligence agency, though. It was, according to a US indictment, allegedly funded by Concord, a company owned by businessman Evgeny Prigozhin. He was often known as “Putin’s chef” and his company had contracts with the government to feed schoolchildren and the military. He and the company have strongly denied the allegations against them. This was another sign of how Russian activity had changed—the Kremlin was now working through a wider range of proxies than just its spies.
As early as 2014, there had been scraps of intelligence that Russia was looking at how social media could influence elections. That year the Obama administration reportedly received an intelligence report suggesting that the Kremlin was building a massive machinery of disinformation that could be used to interfere in politics, according to a later report. “You have no idea how extensive these networks are in Europe . . . and in the US, Russia has penetrated media organizations, lobbying firms, political parties, governments and militaries in all of these places,” a Russian source is reported to have said. But no one quite understood the risks at that point. This was despite the fact that some of what Russia was capable of was being witnessed in front of people’s eyes in Ukraine, but also, to a lesser extent, the Baltics. The Russians were starting to try out their new weapon in hybrid and information warfare in its near abroad. “We did not think they would have the balls to see it in the US or UK,” acknowledges one senior counterintelligence official from the time. Former FBI officials from the time acknowledge they were slow to recognize the evolution of Russian tradecraft and especially the shift to use technology and social media. It is only in hindsight, they say, that you can see the trajectory. It was only in October 2016 that the FBI’s counterintelligence division asked a contractor to look for signs of Russian influence on Twitter. There also seemed to be a reluctance to go back to Russia in the upper echelons of the Obama administration after the failure of the “reset.” The assumption was that Moscow was an irritant and no more. Certainly not a strategic threat. As before, the Western gaze wandered while that of Moscow remained steady. Meeting only limited resistance, the Russians kept pushing.
Russians Among Us Page 33
