Source: Compiled from various sources, with my own additions.
Notes: Many of these can be drilled down even more specifically, depending on the domain.
Intended use: GDPR, General Data Protection Regulation
First name
Last name
Maiden name
Other names used
Username
Personal email address
Work email address
Website
Face photographs
Other identifying photographs
Photo location data
Video footage
Password
Security question & answer
Third-party login
Cookies
Date of birth
City of birth
Birth certificate
Age
Weight
Height
Gender
Eye color
Hair color
Work address
Current home address
Length of current residence
Previous addresses
Home phone
Cell phone
Work phone
Marital status
Spouse name
Parents' names
Children's names
Siblings' names
Friends names
Contacts list
Pets & animals
Number of people in household
Occupation
Current employer
Employment history
Performance evaluations
Reference interviews
HR issues & disciplinary actions
IP address
ISP
Device ID / MAC address
Browser
Operating system
Language preference
Social media accounts
Social media posts & history
Cloud storage files
Current location (physical)
Location history (physical)
Shopping & purchase history (on the site)
Shopping & purchase history (elsewhere online)
Shopping & purchase history (offline)
Daily life activities
Event attendance
Donations to organizations
Media preferences
Likes & ratings
Topics of interest
Activity on the site
Search history on the site
Search history (elsewhere)
Browsing history (elsewhere online)
Phone call records
Text message history
Messages on the site
Chat history (elsewhere online)
Email records
Postal activity
Current income
Income history
Bank account
Credit card number
Debit card number
PIN number
Credit report
Loan records
Other financial statements
Homeowner status
Home value
Investment records
Property records
Life insurance records
Health insurance records
Medical card number
Car insurance records
Passport information
Social security / social insurance number
Driver's license / state ID
Vehicle registration records
Professional license records
Recreational license records
Voter registration records
Political party affiliation
Fingerprints
Handwriting
Signature
Writing sample (electronic)
Schools attended
Education history
Arrest records
Bankruptcies
Liens
Judgements
Criminal offenses & convictions
Pardons
Tax returns
Racial & ethnic origin
Nationality
Political affiliations & opinions
Religion & philosophical beliefs
Trade union membership
Sexual orientation
Sexual partners
Medical records
Family health history
Prescriptions
Physical or mental disability
Veteran status
Genetic information
Biometric identifiers
Retina scan
Voice signature
Facial geometry
Ethical journalism strives to ensure the free exchange of information that is accurate, fair and thorough.
And later:
– Identify sources clearly. The public is entitled to as much information as possible to judge the reliability and motivations of sources.
– Consider sources’ motives before promising anonymity. Reserve anonymity for sources who may face danger, retribution or other harm, and have information that cannot be obtained elsewhere. Explain why anonymity was granted.
– Diligently seek subjects of news coverage to allow them to respond to criticism or allegations of wrongdoing.
– Avoid undercover or other surreptitious methods of gathering information unless traditional, open methods will not yield information vital to the public.
At CNN, integrity and accuracy are of the utmost importance to the brand, and systems are in place to maintain them. For example, stories are thoroughly reviewed by producers and particularly sensitive stories are reviewed further by a team of senior editors, standards and practices specialists, and lawyers before they are broadcast.
If you’ve participated at all in comments online over the past year, the certainty is near 100% that you’ve seen other people or have been called yourself, a “troll,” “shill,” or maybe even a <gasp> “Russian.”
Accusations like these are rampant online, as is the paranoia which fosters them, thanks in no small part to a cloud of sensationalist media coverage and our seemingly intrinsic need to find bad guys lurking around every corner…
Disrupting democracy
Showtime’s most recent season of Homeland — season 6, episode 9 (2017) — portrays a shadowy quasi-governmental, private tech startup called the Office of Policy Coordination. Located six floors underground in a nondescript office building outside Washington, DC, the company is found to be responsible for secretly running a massive army of phony sock-puppet accounts across social media, posing as ordinary people in order to advance a nefarious political agenda.
Airing originally in March of this year, the subplot is obviously inspired by events which transpired in cyberspace around the 2016 U.S. presidential election (along with Brexit, and possibly others), where malicious state-sponsored actors allegedly attempted to disrupt the democratic process.
We know the real world analogue of Homeland’s fictional Office of Policy Coordination to be the now infamous Internet Research Agency, or as they’re sometimes called in the media, the ‘Trolls from Olgino.’
Given the confusing, conflicting, and convoluted information out there about this alleged Russian interference, I took it upon myself to do the only logical thing any normal person would do: make a Carrie Mathison-style “crazy wall” inside my shed next to my chicken coop to try and sort it all out.
Okay, sure, it’s not quite as crazy as Carrie’s bipolar-driven Abu Nazir wall, but it’s my first time exteriorizing my own inner crazy wall. So cut me some slack. I had to start somewhere. And I can definitely say: the process was not only extremely useful in developing my understanding, but also oddly very therapeutic.
Persona Management Software Systems
In the subsequent Homeland episode (s06e10), Carrie’s friend and accomplice Max (Maury Sterling) states: “I’ve heard rumors of social media boiler rooms like this in Russia and in China, but not here. And definitely not on this scale.”
I don’t want to tv-splain too much because I know this is just drama, but based on my research into the subject — using all open source, publicly available information, which I’ve documented with a near religious zeal over the past three weeks — Max’s statement overlooks some important facts which are likely to be known by those working IRL in the security and intelligence fields.
Namely, that in 2010, the U.S. Air Force posted a solicitation to build what amounts to exactly the type of sock-puppet app portrayed in Homeland. Or as they called it on the Federal Business Opportunities website, Persona Management Software (fbo.gov, reproduced on Archive.org, June 2010).
It is, essentially, a social media and propaganda battle-station. From the solicitation:
“Software will allow 10 personas per user, replete with background , history, supporting details, and cyber presences that are technically, culturally and geographacilly consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user’s situational awareness by displaying real-time local information.”
Through a combination of VPNs, untraceable IPs, and traffic routed through regional proxies, such a service would enable mass identity-spoofing, using persistent personas, each of which has a detailed personal and social media character history for complete verisimilitude.
Though another company was ultimately awarded the contract (Ntrepid), there was a very relevant document leak by Anonymous from a security contractor called HB Gary Federal in 2011, in which that company’s own vision for such a persona management system was fleshed out in detail.
“For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use.” …
“These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.”
Character levels
The proposal goes on to describe various “character levels” within their system, based on utility and level of content development:
Level 0: Quick use, no background persona required.
Level 1: Slightly more fleshed out, with multiple accounts across different services correlated to one another, with privacy set to high on accounts so as not to disclose too much information publicly.
Level 2: More detailed persistent persona with background; fleshed out with blend of automated and human-generated content history.
Level 3: Most detailed, developed and realistic; capable of having human-to-human (online) interactions, with multiple correlated social accounts and a realistic personal, and professional background if needed.
We can assume with a high degree of certainty, that if such advanced persona management software systems have been under development since at least 2010, that they have very probably advanced somewhat in the seven years which have passed since. To say the least…
Are they at the level of what’s depicted in Homeland’s “Sock Puppets” episode?
Hard to say —without penetrating the secret offices alleged to be using them!
Government manipulation of social media
Whether or not our television fantasies here hew close to actual reality — and Americans have been or are currently intentionally manipulated by secret factions in the United States (e.g., the “Deep State”) — a recent report by Freedom House, a US government-sponsored NGO, announced evidence that governments of some 30 countries currently use astro-turfing techniques to manipulate opinion on social media.
For the most part, the operations of these covert cyber troops are said to have a domestic-focus, with the notable exceptions of Russian interference in the 2016 United States presidential election, Brexit, also likely the French and German presidential campaigns, and more recently around the Spanish independence push in Catalonia.
But the story with regards to Russia goes deeper than that…
Much, much deeper.
Reports from inside the troll farm
Over the past several years, operational details from inside the Internet Research Agency have been provided by a series of leaks from former employees, infiltrations by journalists, and break-ins by hacktivists.
Most recently:
Ex-IRA employee Alan Baskaev described to The Daily Beast in October 2017, an outrageous work environment, in which (among other things) the organization allegedly produced a fake Hillary Clinton sex tape intended to go viral.
Russian media site RBC.ru published in October 2017 a Russian-language expose of the IRA, which has become something of a canonical source in online discussions of the topic (I used Google Chrome auto-translate extension to read it). Some useful context on RBC: their offices were raided by the Russian government in 2016 after publishing documents from the Panama Papers, connecting Putin’s son-in-law to offshore assets, and ending in the sacking of their then editor-in-chief, and mass resignation of significant portion of their journalistic staff. RBC was owned until June 2017 by billionaire Mikhail Prokhorav — owner of the Brooklyn Nets basketball team, and failed 2012 presidential election opponent to Putin.
Collaborating with Adrian Chen of the NY Times in his seminal June 2015 article, “The Agency,” environmental activist Lyudmila Savchuk took a job with the IRA, documented and leaked information to the public describing the organization’s internal structure and techniques. As in the USAF and HB Gary documents, we learn that agency employees used VPNs to mask their location while propagating through phony social media accounts propaganda talking points, keywords and targets provided by daily technical task sheets.
“…thousands of young men and women are learning how to be supporters of the ruling United Russia party, future politicians and senior government officials. […]
These young people are taught to open up accounts in all social networks, make as many friends as possible and thus spread information with maximum efficiency,” explained Vasily Yakemenko, founder of the Nashi youth group and head of the Federal Agency for Youth Affairs that runs the camp.”
Also from the 2013 Novaya Gazeta reporting, we learn that Soskovets’ own North-Western Service Agency was seeking employees to open up offices similar to the Internet Research Agency in Moscow and other cities. It is unknown how many other organizations like the IRA are in operation. Soskovets in that article discusses humans being used in place of bots, because they are much more difficult to detect than bots, which platforms are able to find and suspend easily.
Nashi leaks of 2012
Though not specifically linked to the IRA, the Nashi youth movement leaks of 2012 (which appeared just before Putin’s challenging but successful 2012 re-election for a controversial third term) provide supplemental evidence of quasi-governmental youth organizations orchestrating prototypical astro-turfing and media manipulation campaigns, as well as pro-government counter-protests. Exactly like the techniques which have been documented above by the IRA, both on and offline, but engaged at the time in embryonic form against Russian mass anti-election fraud protests of 2011–2013 and events in the Ukraine.
We see echoes in BBC reporting from March 2012 of the types of attacks which came to be common place years later during the U.S. presidential election:
“These bots succeeded in blocking the actual message feed with that hashtag,” he wrote.
The rate at which pro-government messages were posted, about 10 per second, suggests they were being done automatically rather than by individuals…”
Via the above sources, we can determine a few key facts which can be used to track and organize our data.
It has held at least two different addresses, both in St. Petersburg: starting sometime in 2013, at 131 Lakhtinsky Prospekt (Olgino district), and moving probably in 2014 to a larger office with more staff at 55 Savushkina.
Also referenced as sharing this address is an organization called FAN, or Federal News Agency (which Adrian Chen goes into more in his NYT 2015 piece), as well as People’s News, and potentially others which seem to cooperate to some extent in at least aggregating one another’s stories.
Outside of this, what we might call “facts” reported vary pretty widely. Though all seem to agree more or less on the overall structure and work carried out by the Agency, numbers of staff range anywhere from 50 up to 900 at different times, and according to different services.
Paid at wages well above area norms, participants worked as “internet operators,” fulfilling in 12 hour shifts content quotas which varied depending on the section they worked in: whether they were lower-level social media commentators, or more full-fledged bloggers, or worked on other kinds of content such as video.
Wired in September 2017 reported that the Internet Research Agency was supposedly officially disbanded in approximately 2015 (presumably due to bad press), and re-named Glavset, but operates still out of the same address.
Short list of personnel named in the media allegedly involved with the IRA:
Last but not least, as further proof the knowledge and technology to pull off these types of online campaigns is alive and well in Russia, we turn to the case of Moscow Information Technologies, an IT group which supports the Mayor of Moscow.
Anonymous International/Shaltai Boltai also in 2014 leaked some emails between media outlets and government-linked Moscow Information Technologies which worked with Mayor Sobyanin to manipulate public opinion about his administration. Among many other activities, Moscow Times reported in May 2017:
“Sobyanin’s administration heavily invests in swaying the agenda on Yandex.News, Russia’s biggest online news aggregator.
“MIT devised a scheme wherein Moscow’s neighborhood councils (most of them totally loyal to the mayor and to United Russia) set up dozens of similar news websites that are capable of firing off volleys of nearly identical news articles promoting the mayor’s initiatives. This onslaught fools Yandex’s algorithm into thinking that something important is happening. The news aggregator doesn’t differentiate between the sources, and thus assumes there’s a news event that deserves top billing in its ranking system, if hundreds of different outlets are reporting on a single event.”
Fake news rings
Macedonia
The tactics described by ex-employees of the Internet Research Agency, combined with other leaks relating to Nashi, and those above by Moscow Information Technologies seem to paint a technical picture which just so happens to mesh handily with fake news endeavors around the world, particularly those famously run out of Macedonia.
Russian coordination?
The Guardian in July 2017 suggested Robert Mueller was looking into possible ties between these types of fake news sites, to Russian and far-right websites in the United States leading up to the election. Quoting from that article:
“Mattes, a former Senate investigator, did some digging into the sudden phenomenon of eastern European Sanders enthusiasts. He found a spike in activity on the anonymous browsing tool Tor in Macedonia that coincided with the launch of the fake news campaign, which he believes could represent Russian handlers contacting potential east European hosts to help them set up automated websites.”
“He has also found a high degree of apparent coordination in the dissemination of fake news between official Russian propaganda outlets and “alt-right” sites in the US.
“They synchronise so quickly it looks as if they know when a particularly story was going to come out,” he added. “And they all parrot the Kremlin narrative.”
“When I traveled to Macedonia last summer, Borce Pejcev, a computer programmer who has set up dozens of fake-news sites — for around 100 euros each — said it wasn’t quite that simple. Macedonians don’t invent fake news stories, he told me. “No one here knows anything about American politics. They copy and paste from American sites, maybe try to come up with more dramatic headline.” Fox News, TruePundit.com, DailyCaller.com, InfoWars and Breitbart, he said, were among the Macedonians’ most common source material (“Breit-bart was best”).”
Another NY Times article from September 2017 explains how Breitbart’s Stephen Bannon latched onto false news and rumor-mongering out of Twin Falls Idaho, the so-called Fawnbrook incident:
“The Twin Falls story aligned perfectly with the ideology that Stephen Bannon, then the head of Breitbart News, had been developing for years, about the havoc brought on by unchecked immigration and Islamism, all of it backed by big-business interests and establishment politicians. Bannon latched onto the Fawnbrook case and used his influence to expand its reach.”
“Other conservative content farms, including WorldNetDaily, maintained ties to the Trump election effort. Campaign finance records show that Great America PAC, a Trump-backing Super PAC, paid WND, known as the largest purveyor of Obama birth certificate conspiracy theories, for “online voter contact.”
At the end of the day, whether all of the above are somehow coordinated, or if it’s just a coincidence is a moot point since the end effect is largely the same.
“Senator Mark Warner, the top-ranking Democrat on the Senate Intelligence Committee, said Tuesday that the “million-dollar question” about the Facebook ads centered on how the Russians knew whom to target.”
Speculations are of course rife regarding the nature and connections between the Trump campaign, which was obviously served by disinformation and trolling campaigns, and agents of the Russian government. Did the Russians know which voters in which states to concentrate their efforts on? And if so, how exactly did they get this data?
Cambridge Analytica
Though the link is for now tenuous, one avenue of official investigation has gone after the potential role of big data company, Cambridge Analytica, which first worked on Ted Cruz’s campaign, later on Trump’s, and which may or may not have worked on Brexit. Incidentally, Breitbart’s Bannon was at one time VP of Cambridge Analytica, and held between a $1 and $5M stake in the company.
(See also: Correct the Record, Hillary PAC which used astro-turfing techniques)
Internet monitoring in Russia
Of course, the Russians may not have needed any outside help when it comes to monitoring internet activity. Since 2011, the Russian government has cracked-down hard on internet freedoms. For starters, all ISPs in Russia are required by the government to run a system called SORM (Wikipedia) which the Federal Security Service can use to access web traffic:
“It allow[s] the agency to unilaterally monitor users’ communications metadata and content, including phone calls, email traffic and web browsing activity. […] In 2014, the system was expanded to include social media platforms…”
Though it is mysteriously unavailable at the time of this writing, we also have an interesting solicitation by the Russian government from 2014 for monitoring software partly entitled (auto-translation), “automatic selection of media information, studying the information field, monitoring blogs and social media.”
“Information materials will be preliminarily processed, they will be grouped on specific topics: the president, the administration of the president’s administration, the prime minister, opposition protests, governors, negative events in the country, incidents, criticism of the authorities.”
Without having access the technical data which those platforms must have, we can speculate with a high degree of probability what signals and indicators Facebook, Twitter and Google must be able to use to identify potential malicious Russian accounts (with the disclaimer that each of these can be spoofed):
IP (geolocation) — made unreliable by VPNs, of course.
Currency used for transactions — can be faked as well.
Russian media outlet Vedomosti said in May 2014 that the techniques pioneered by the Russian government proved to be so successful at home after the mass protests that they exported them to the European and American markets.
Vladimir Putin has long maintained that the internet is a CIA ploy, as an excuse to enforce ever-tighter controls over the technology. He also claims color revolutions, mass protests against the Russian government (as well as the Arab Spring) were orchestrated by foreign actors.
I haven’t gone down the 🐇 🕳 of whether Putin’s claims are true, but the development of such tools around 2010–2011 in the United States for use against foreign targets is certainly an interesting correlation.
Based on my research, there is a stunning lack of original reporting available on these topics which are of potentially grave international importance.
News outlets — even major “reputable” ones — seem to just be reporting on one another’s reporting. It’s a hall of mirrors all the way down. And it’s not just on this topic: it’s the whole news ecosystem.
Fake news and so-called ‘meme warfare’ aren’t some accident of our post-modern mainstream media, but the obvious through-line of technologies whose goal is to amorally propagate information regardless of quality or veracity.
Fact-checking as a counter to misinformation, disinformation, propaganda and fake news is not a fool-proof process. It is made all the more difficult when there are very few, or only obscured sources available to the public. (See #6)
I’m not crazy about what Wikileaks has done politically, but as a tool for organizing leaked documents for further research by members of the public, it’s exactly what is needed.
Wikipedia articles are as good as the sources they cite.
Fact-TRACKING may ultimately prevail over fact-checking. That is, in a world of dwindling original sources, and an endless multitude of rip-offs and copies, perhaps there is an epidemiological approach that could be applied to tracking the origin and distribution of blocks of information (e.g., “facts,” factoids, sound-bites, or memes for that matter). Blockchain for news, anyone?
In conclusion:
The best conclusion I think we could draw from this investigation is one I’ll borrow from Kester Ratcliff’s article on open source intelligence for beginners:
“The internet will continue to be a confusing information-psychological warzone until the networked-ness of information is made visible so that people can easily and instantly see where stuff’s coming from and who/ what it’s associated with and what effects their interacting with it may have.”
Strictly speaking, this isn’t a “Russia issue” at all. Any malicious actor could weaponize these vectors. It’s an information issue. And it’s here to stay until we do something about the entire system, not just the symptoms
“Coming at the peak of the meeting rallies, the new team of Vyacheslav Volodin radically revised the attitude towards working with the network audience, placing a stake on systemic manipulation of public opinion through the tools of new media.
This work was recognized so effective that it was decided to send these weapons outside – to the American and European audiences.
According to sources close to the presidential administration, preliminary work began in the fall of 2013. The strategy was agreed upon by Volodin, after which they selected the performers and began to create the infrastructure.
Curators of the external direction are called those who were previously engaged in the domestic market. Work on the West is only just unfolding, but already now it is becoming noticeable.”
So their premise is that the technology infrastructure developed after internet crackdowns in Russia in 2011 was so successful they exported it. And this written in 2014, which seems all the more prescient.
“At the same time, the hired Russian structures themselves use subcontractors around the world. While it was possible to reliably establish their working contacts with groups in Germany, India and Thailand. Most likely we are talking about natives of Russia.
Now the system that is being built in America and Europe exists in a test mode. Mostly they are engaged in classical information-analytical work.
The so-called “Anonymous International” group has laid out some of the documentation, possibly related to the activity of one of the main “American” teams (download the folder at http://www.sendspace.com/file/q3jft3).
This is the new, external department of the “nest of trolls,” which was exposed in September 2013 in an investigation (“http://www.novayagazeta.ru/politics/59889.html) of Novaya Gazeta.””
(Note: The sendspace link above to Anonymous International/Shaltay Boltay leaks is not functional.)
“At the end of May, a group of hackers from the “Anonymous International” began publishing a series of documents received from the hacked electronic mailboxes of Olga Dzalba, a financier of the Internet Research Agency (AIE), a structure based in the suburbs of St. Petersburg – Olgino – in the summer of 2013, the order of the head of the company “Concord” Eugene Prigozhin. In addition, in the open access were reports on the work done, addressed to a man by the name of Volodin.
Vedomosti , by the way, links the Kremlin’s adopted strategy for manipulating public consciousness through new media with the name of Vyacheslav Volodin, the first deputy head of the presidential administration.
As it follows from the documents analyzed by Fontanka.ru , under a single management a scheme was built out of Internet agencies with hundreds of paid bloggers and commentators, as well as several media outlets in Russia and Ukraine. Their maintenance is estimated at 33.5 million rubles a month, of which more than 17 million – in cash. Financial documents are full of notes “not of.” – Apparently, “not officially.””
“In October 21, 2010 he was appointed Deputy Prime Minister under Dmitry Medvedev. as well as—after the dismissal of Sergey Sobyanin in connection with his approval to the Mayor of Moscow—Chief of Staff of the Presidential Executive Office.”
“In April 28, 2014, following the Crimean status referendum, the U.S. Treasury put Volodin on the Specially Designated Nationals List (SDN), a list of individuals sanctioned as “members of the Russian leadership’s inner circle.”[4][5][6][7][8] The sanctions freeze any assets he holds in the US[7] and ban him from entering the United States.[9]
On 12 May 2014, Volodin was added to the European Union sanctions list due to his role in the 2014 Crimean crisis.[10] He is barred from entering the EU countries, and his assets in the EU have to be frozen.”
“He has mostly kept in the shadows, especially since he became first deputy chief of staff in the presidential administration in a reshuffle following the start of mass protests over alleged fraud in a December 4 parliamentary election.
Volodin’s challenge is to ensure Putin wins 50 percent of the votes on March 4 to avoid a second-round runoff, which could undermine his authority.”
“While Volodin has largely stayed in the shadows, he is considered one of Russia’s most influential officials, a puppet master who has directed the parliament’s work and engineered elections. He was also widely seen as a driving force behind a string of draconian laws in response to massive anti-Putin protests in 2011-2012.”
“Russian Prime Minister Vladimir Putin says he has accepted a proposal to stand for president in March 2012.
Addressing the ruling United Russia party’s annual congress, Mr Putin and current President Dmitry Medvedev backed one another to switch roles.”
… “He had already served two terms as president before Mr Medvedev took over in 2008. Mr Putin was barred by the constitution from running for a third consecutive term.”
… “Under recent constitutional amendments, the new president will have a six-year mandate rather than four years as before. He or she will be able to serve no more than two consecutive terms, meaning Mr Putin could be in office until 2024.”
… “However, along with genuine messages of support, a #putin2012 hashtag appeared which raised suspicions of manipulation among bloggers.
It was being promoted, in part, by tweeters who had registered on Twitter on the same date, 27 June 2011, some within seconds of each other, with account locations that spanned Russia.”
“Trending topics: You may not automatically post about trending topics on Twitter, or use automation to attempt to influence or manipulate trending topics.”
Multiple posts/accounts: You may not post duplicative or substantially similar Tweets on one account or over multiple accounts you operate.
… “Abusive behavior: You may not engage in any automated activity that encourages, promotes, or incites abuse, violence, hateful conduct, or harassment, on or off Twitter.”
“In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia.”
“Some of those same suspicious accounts on Facebook, however, also have ties to another 200 accounts on Twitter, a realization it shared with congressional investigators last week.”
“Beyond publishing its findings, Facebook shared more granular details with its peers — standard practice for many tech giants, which generally band together to address online threats, such as hackers. With the aid of that information, Twitter discovered about 200 Kremlin-aligned accounts directly tied to some of the profiles Facebook previously identified. None of those suspicious Twitter accounts had purchased sponsored tweets, the company told lawmakers.”
“The tool will appear by the end of the year in Facebook’s online support center, the company said in a blog post Wednesday. It will answer the user question, “How can I see if I’ve liked or followed a Facebook page or Instagram account created by the Internet Research Agency?” That’s the Russian firm that created thousands of incendiary posts from fake accounts posing as U.S. citizens. People will see a list of the accounts they followed, if any, from January 2015 through August 2017.”
Sounds like that list is maybe not yet available publicly at this time. I wrote to Library of Congress to see if it’s already been entered into the public record. Maybe they can help…
“According to journalists’ investigations, the office in Olgino was named as Internet Research Agency Ltd. (Russian: ООО «Агентство интернет-исследований»).[3][8] The company was founded in the summer of 2013.[6]
Journalists also point out that Alexey Soskovets, who had participated in Russian youth political community, was directly connected to the office in Olgino. His company, North-Western Service Agency, won 17 or 18 (according to different sources) contracts for organizing celebrations, forums and sport competitions for authorities of Saint Petersburg. The agency was the only participant in half of those bids. In the summer of 2013 the agency won a tender for providing freight services for participants of Seliger camp.[3][9]”
… “Novaya Gazeta newspaper reported that, according to Alexey Soskovets, head of the office in Olgino, North-Western Service Agency was hiring employees for similar projects in Moscow and other cities in 2013.[3]”
“We meet with a friend Alexei Soskovets – a native of the youth polittusovki. In “friends” VKontakte he has a lot of activists of the movement “Nashi”, “Young Guard of United Russia” and employees of the Committee for Youth Policy of St. Petersburg, including the former head of the committee Nikita Alexandrov.
In 2013, Soskovets’s “North-West Service Agency” won 18 contests for the organization of holidays, forums and sports events for St. Petersburg authorities. In half of the competitions the agency participated alone. In the summer of 2013, the contest for transport services for participants of the camp “Seliger” won.”
Wish I had a human-translation of this, because the article seems quite relevant and interesting:
“While filling in the questionnaires, Alexey described our functionality. According to him, now they are engaged in increasing the index of certain articles. “There are different articles – social, business, political and so on. We act on the principle of “Yandex-market”, – he began. – “Yandex-Market” is a huge online store that says where it is better to buy. Under each product there is a comment of people who say that this is an excellent phone, this is a bad phone. Alas, the realities of life are such that not always people want to write the first comments. We need to increase the attendance of the site. This can be done by robots, but robots do their work mechanically, and sometimes a system like “Yandex” bans them. Therefore, it was decided to do it by people. Write a comment from yourself with the vector indicated by us. For example, about the G-20, you can write that it is very honorable for Russia,”
“”Now we are recruiting people, in several cities we are acting – Moscow, Peter”, Alexey specifies. He says that they do not have anything to do with Nashi, but it does not exclude that something like that will turn out.”
So Alexey may have an explicit Nashi connection which could make an explicit personnel bridge between Nashi and IRA.
Outside of the above, I’m not finding much reliable source information on Alexei / Alexey Soskovets and North-West / North-Western Service Agency. Or in conjunction with mentions of Moscow. Maybe a Russian-language business search would turn something up, but I’m not quite there yet.
Russian Social Media Disruption Report
By Tim B.
On 24 November 2017
In Announcement, Assessment, Clues, Conjecture, Definition, Entity, Event, Example, Feeling, History, Information, Item, Link, Locale, Message, News, Operation, Other, Overview, Pattern, Program, Proof, Quote, Reference, Research, Review, Thing
From Russia☭ With Love 💔
If you’ve participated at all in comments online over the past year, the certainty is near 100% that you’ve seen other people or have been called yourself, a “troll,” “shill,” or maybe even a <gasp> “Russian.”
Accusations like these are rampant online, as is the paranoia which fosters them, thanks in no small part to a cloud of sensationalist media coverage and our seemingly intrinsic need to find bad guys lurking around every corner…
Disrupting democracy
Showtime’s most recent season of Homeland — season 6, episode 9 (2017) — portrays a shadowy quasi-governmental, private tech startup called the Office of Policy Coordination. Located six floors underground in a nondescript office building outside Washington, DC, the company is found to be responsible for secretly running a massive army of phony sock-puppet accounts across social media, posing as ordinary people in order to advance a nefarious political agenda.
Here’s a two minute clip for reference:
Airing originally in March of this year, the subplot is obviously inspired by events which transpired in cyberspace around the 2016 U.S. presidential election (along with Brexit, and possibly others), where malicious state-sponsored actors allegedly attempted to disrupt the democratic process.
We know the real world analogue of Homeland’s fictional Office of Policy Coordination to be the now infamous Internet Research Agency, or as they’re sometimes called in the media, the ‘Trolls from Olgino.’
Given the confusing, conflicting, and convoluted information out there about this alleged Russian interference, I took it upon myself to do the only logical thing any normal person would do: make a Carrie Mathison-style “crazy wall” inside my shed next to my chicken coop to try and sort it all out.
Okay, sure, it’s not quite as crazy as Carrie’s bipolar-driven Abu Nazir wall, but it’s my first time exteriorizing my own inner crazy wall. So cut me some slack. I had to start somewhere. And I can definitely say: the process was not only extremely useful in developing my understanding, but also oddly very therapeutic.
Persona Management Software Systems
In the subsequent Homeland episode (s06e10), Carrie’s friend and accomplice Max (Maury Sterling) states: “I’ve heard rumors of social media boiler rooms like this in Russia and in China, but not here. And definitely not on this scale.”
I don’t want to tv-splain too much because I know this is just drama, but based on my research into the subject — using all open source, publicly available information, which I’ve documented with a near religious zeal over the past three weeks — Max’s statement overlooks some important facts which are likely to be known by those working IRL in the security and intelligence fields.
Namely, that in 2010, the U.S. Air Force posted a solicitation to build what amounts to exactly the type of sock-puppet app portrayed in Homeland. Or as they called it on the Federal Business Opportunities website, Persona Management Software (fbo.gov, reproduced on Archive.org, June 2010).
It is, essentially, a social media and propaganda battle-station. From the solicitation:
Through a combination of VPNs, untraceable IPs, and traffic routed through regional proxies, such a service would enable mass identity-spoofing, using persistent personas, each of which has a detailed personal and social media character history for complete verisimilitude.
Though another company was ultimately awarded the contract (Ntrepid), there was a very relevant document leak by Anonymous from a security contractor called HB Gary Federal in 2011, in which that company’s own vision for such a persona management system was fleshed out in detail.
Quoting from Daily Kos’s 2011 post on the subject, which quotes the HB Gary emails themselves (archived on Wikileaks):
Character levels
The proposal goes on to describe various “character levels” within their system, based on utility and level of content development:
We can assume with a high degree of certainty, that if such advanced persona management software systems have been under development since at least 2010, that they have very probably advanced somewhat in the seven years which have passed since. To say the least…
Are they at the level of what’s depicted in Homeland’s “Sock Puppets” episode?
Hard to say —without penetrating the secret offices alleged to be using them!
Government manipulation of social media
Whether or not our television fantasies here hew close to actual reality — and Americans have been or are currently intentionally manipulated by secret factions in the United States (e.g., the “Deep State”) — a recent report by Freedom House, a US government-sponsored NGO, announced evidence that governments of some 30 countries currently use astro-turfing techniques to manipulate opinion on social media.
For the most part, the operations of these covert cyber troops are said to have a domestic-focus, with the notable exceptions of Russian interference in the 2016 United States presidential election, Brexit, also likely the French and German presidential campaigns, and more recently around the Spanish independence push in Catalonia.
But the story with regards to Russia goes deeper than that…
Much, much deeper.
Reports from inside the troll farm
Over the past several years, operational details from inside the Internet Research Agency have been provided by a series of leaks from former employees, infiltrations by journalists, and break-ins by hacktivists.
Most recently:
Nashi leaks of 2012
Though not specifically linked to the IRA, the Nashi youth movement leaks of 2012 (which appeared just before Putin’s challenging but successful 2012 re-election for a controversial third term) provide supplemental evidence of quasi-governmental youth organizations orchestrating prototypical astro-turfing and media manipulation campaigns, as well as pro-government counter-protests. Exactly like the techniques which have been documented above by the IRA, both on and offline, but engaged at the time in embryonic form against Russian mass anti-election fraud protests of 2011–2013 and events in the Ukraine.
We see echoes in BBC reporting from March 2012 of the types of attacks which came to be common place years later during the U.S. presidential election:
(See also: IRA support for and infiltration of social movements linked to Calexit, Texas secession, Black Matters, and Native American groups)
The facts about the Internet Research Agency
Via the above sources, we can determine a few key facts which can be used to track and organize our data.
Short list of personnel named in the media allegedly involved with the IRA:
A leaked IRA employee list (in Russian) is reproduced here for reference (source I believe is Savchuk leak).
Moscow Information Technologies
Last but not least, as further proof the knowledge and technology to pull off these types of online campaigns is alive and well in Russia, we turn to the case of Moscow Information Technologies, an IT group which supports the Mayor of Moscow.
Anonymous International/Shaltai Boltai also in 2014 leaked some emails between media outlets and government-linked Moscow Information Technologies which worked with Mayor Sobyanin to manipulate public opinion about his administration. Among many other activities, Moscow Times reported in May 2017:
Fake news rings
Macedonia
The tactics described by ex-employees of the Internet Research Agency, combined with other leaks relating to Nashi, and those above by Moscow Information Technologies seem to paint a technical picture which just so happens to mesh handily with fake news endeavors around the world, particularly those famously run out of Macedonia.
Russian coordination?
The Guardian in July 2017 suggested Robert Mueller was looking into possible ties between these types of fake news sites, to Russian and far-right websites in the United States leading up to the election. Quoting from that article:
Breitbart
Rolling Stone reporting in November 2017 suggests that Macedonian fake news sites were often sourcing material from U.S. based website Breitbart:
Another NY Times article from September 2017 explains how Breitbart’s Stephen Bannon latched onto false news and rumor-mongering out of Twin Falls Idaho, the so-called Fawnbrook incident:
WorldNetDaily
As reported by The Intercept, November 2016:
At the end of the day, whether all of the above are somehow coordinated, or if it’s just a coincidence is a moot point since the end effect is largely the same.
Micro-targeting
CNN, in September 2017 asked an important question regarding Russia-linked IRA Facebook ad buys targeting Baltimore and Ferguson:
Speculations are of course rife regarding the nature and connections between the Trump campaign, which was obviously served by disinformation and trolling campaigns, and agents of the Russian government. Did the Russians know which voters in which states to concentrate their efforts on? And if so, how exactly did they get this data?
Cambridge Analytica
Though the link is for now tenuous, one avenue of official investigation has gone after the potential role of big data company, Cambridge Analytica, which first worked on Ted Cruz’s campaign, later on Trump’s, and which may or may not have worked on Brexit. Incidentally, Breitbart’s Bannon was at one time VP of Cambridge Analytica, and held between a $1 and $5M stake in the company.
Here’s a video with a bit more info about CA’s methodology of micro-targeting individual voters based on psychological profile and tailoring campaign messaging directly to them:
Other likely suspects within the Trump administration appear to be, variously, Jared Kushner and Brad Parscale who worked on the data operation for the campaign. As well as Michael Flynn, who worked in a brief advisory role for Cambridge Analytica.
(See also: Correct the Record, Hillary PAC which used astro-turfing techniques)
Internet monitoring in Russia
Of course, the Russians may not have needed any outside help when it comes to monitoring internet activity. Since 2011, the Russian government has cracked-down hard on internet freedoms. For starters, all ISPs in Russia are required by the government to run a system called SORM (Wikipedia) which the Federal Security Service can use to access web traffic:
Though it is mysteriously unavailable at the time of this writing, we also have an interesting solicitation by the Russian government from 2014 for monitoring software partly entitled (auto-translation), “automatic selection of media information, studying the information field, monitoring blogs and social media.”
On this, iz.ru published in January 2014 a description:
Detecting signals of malicious actors
Facebook just announced that by the end of the year, they will offer a tool for users to see if they liked or followed accounts or pages linked to the Internet Research Agency. According to their written testimony before the Senate Select Intelligence Committee and an official blog post, Facebook said they have identified and suspended 470 accounts or pages. Twitter testified as to having identified and suspended with the help of third-party information some 2,752 accounts (full list).
Without having access the technical data which those platforms must have, we can speculate with a high degree of probability what signals and indicators Facebook, Twitter and Google must be able to use to identify potential malicious Russian accounts (with the disclaimer that each of these can be spoofed):
Key takeaways
In conclusion:
The best conclusion I think we could draw from this investigation is one I’ll borrow from Kester Ratcliff’s article on open source intelligence for beginners:
Strictly speaking, this isn’t a “Russia issue” at all. Any malicious actor could weaponize these vectors. It’s an information issue. And it’s here to stay until we do something about the entire system, not just the symptoms
Until then, I’ll keep working on my crazy wall.
I have a feeling we’re going to need it…