For six years Russian agents spread 2,500 false or biased content in seven languages and through 300 different platforms. Dubbed “Secondary Infektion”, this huge campaign has been dissected and analyzed in a report recently released by social media monitoring company Graphika.
The report offers for the first time a systematic look at the actions of these hackers, who have been involved in the main political conflicts in the West, from the Russian invasion of Crimea in 2014 to Brexit in 2016, to name just a few, using methods different from those of the Internet Research Agency, or IRA) or hackers of the intelligence agency of the Russian armed forces (GRU), already known actors linked to the Kremlin.
The The first indications of these activities were registered in January 2014, although they have probably started earlier, and at the beginning of 2020 some initiatives of this type could still be observed. From what has been observed, it is not a single campaign but multiple efforts coordinated by a central entity.
Ukraine has consistently been the preferred target of these disinformation campaigns, according to Graphika, followed by United States, Poland, Germany and the United Kingdom.
And, unlike the actions of the IRA, the dissemination of false or biased information was mostly done through “burners”, social media accounts or forums created to be used only once and then abandoned, and not so much through fictitious accounts with well-developed personalities and identities, or what is known in slang as a “troll”. It also doesn’t come close to the more conventional GRU activities, focused on document leakage and cyber attacks.
What were the messages most commonly promoted by these disinformation campaigns?
Than Ukraine is a failed state or that generates mistrust, that The United States and NATO are aggressive and interventionistthat Europeans are divided and weakened, that Turkey is an aggressive and destabilizing force, among many others.
Also that Muslims are aggressive invaders in the context of great contemporary migrations, that he Russian government is the victim of a smear campaign by the West and that the World Anti-Doping Agency (WADA) is Russophobic.
Other campaigns targeted dirtying and discrediting the main critics of the Vladimir Putin government, according to what was collected by Graphika, and among these the opposition leader Alexei Navalny and the investigative journalism portal Bellingcat they are among the main targets. Enemies of the Kremlin “Seconday Infektion” have been tried to show themselves as morally corrupt, alcoholic or psychologically unstable.
More recently, an operation has been detected to drive the idea that the United States would have created the new Sars-COV-2 coronavirus in a laboratory in Kazakhstan, one more among many stories about the origin of the virus that has given rise to the current pandemic. .
How do these agents operate? Although social networks were widely used, including Facebook, Twitter, Quora, Medium, Reddit and YouTube, Forums and blogs got their attention more. In total, 300 platforms were used.
In these areas of cyberspace the pattern found by Graphika, a company based in New York, United States, is the publication of exaggerated or false stories on politically divisive topics. These posts are made by accounts created for that purpose and then discarded.
But the most characteristic element of “Secondary Infektion” is the recurring use of forged official documents or accounts on social networks of public figures.
For example, Graphika Refers to a fake tweet attributed to US Senator Marco Rubio in which the Republican accuses the United Kingdom of spying on the then-presidential candidate Donald Trump and of trying to influence the US elections (a criticism that would be made later on to Russia). Rubio never said such a thing.
On another occasion it was falsified and distributed on networks an apocryphal document from the United States Senate Foreign Affairs Committee in which the US government of Barack Obama was asked to support the exiled Turkish cleric Fethullah Gulen, a point of conflict with Ankara.
A third counterfeiting operation, documented by the Atlantic Council digital forensic laboratory (DFRLab), included the creation of an apocryphal letter signed by the Spanish parliamentarian Rafael Merino López in which he explains how the intelligence agencies of Spain had discovered a plan by “anti-Brexit radicals” to assassinate Boris Johnson, by then strong in 2018 supporter of the exit of the United Kingdom from the EU and future prime minister. Nothing that happened in reality, but the false letter went viral.
Other elements that highlight this disinformation effort is concentration on the production of content instead of generating commitment or participation, the so-called “engagement”, with these. The agents involved in “Secondary Infektion” seem more interested in dumping fake content than the number of times they are shared by users. The use of “burners”, unable to generate their own audience or link with users, seems to be part of this trend.
In this way, at least 2,500 different contents were detected, published in seven languages (English, Russian, German, Spanish, Ukrainian, French and Swedish), a number that is estimated to be just a fraction of the actual number used by the campaign.
How has Graphika come to attribute the Secondary Infektion attacks to Russia?
As is the norm for disinformation campaigns faced by any country in the world, attribution of responsibility is difficult and you can never have complete certainty, Since operations are decentralized, footprints are covered and governments keep their clandestine activities in cyberspace a secret.
However, there are numerous indications of Russian responsibility cited by Graphika, a company that has worked with Stanford and Johns Hopkins universities in the United States and Oxford in the United Kingdom, in addition to the NGOs Human Rights Watch and Amnesty International. , the DARPA agency and the Intelligence Committee of the United States Senate.
Firstly, Facebook and Reddit conducted their own investigations into these campaigns that occurred in 2019 on both platforms, concluding that Russia was behind.
Also, The first campaigns launched with this pattern and methodology were made in the Russian language. and they were always aimed at the Russian opposition to the Putin government.
Later, with the growth and sophistication of the campaign, the content and messages sought always followed closely. Russia’s national and geopolitical interests: attack Ukraine after the Russian invasion of Crimea in 2014; attack Turkey after the incident of the shooting down of a Russian fighter in Syria in 2015; attack the countries of the European Union and the United States, old rivals, in their electoral processes; or attack the World Anti-Doping Agency after the disqualification in 2018 of the Russian athletic team for substance use.
For the researchers who signed the report (Ben Nimmo, Camille Francois, C. Shawn Eib, Lea Ronzaud, Rodrigo Ferreira, Chris Hernon and Tim Kostelancik) the Russian responsibility is notorious, although they are still far from knowing which agency within the country is He has commissioned this initiative, unlike in the past with the IRA and GRU campaigns, with which he shared objectives and targets, but not finally his methods.