Last week's events concerning the pro-Kremlin disinformation campaign

Topics of the Week

The Kremlin has introduced new economic sanctions against 322 Ukrainian citizens and 68 companies.

RT and Sputnik, along with other foreign accounts, circulated disinformation on Brazilian social media to influence the presidential election.

As part of its new Defending Democracy program, Microsoft is developing machine learning tools to help politicians and candidates thwart cyberattacks.

The Pentagon and US intelligence community are bracing to execute a major cyber offensive against Russia should the latter systemically interfere in the November 6 elections.

The Kremlin is pursuing reflexive control against the US military, which is ramping up efforts to educate troops about disinformation.

In light of America’s anticipated departure from the INF treaty, the Kremlin is cozying up to Cuba, with plans including a Russian ground station with extensive GPS and telecommunications access.

A new report by the International Cyber Policy Centre reveals the Chinese military’s penetration of foreign universities and research institutions in order to develop and improve Chinese military technology.

Good Old Soviet Joke

Brezhnev is rehearsing his speech for the opening ceremony of the 1980 Moscow Olympic Games:

“Oooooohhhh… Ooooooohhh… Ooooooohhh… Ooooooohhh… Ooooooohhh…”

His assistant interrupts nervously. “Comrade Brezhnev, those are the Olympic circles! You don’t have to read them!”

Policy & Research News

The Kremlin targets Ukraine with new sanctions list

Russia has unveiled a new sanctions list targeting prominent Ukrainians and businesses. Prime Minister Medvedev signed a government decree introducing “special economic measures” for 322 Ukrainian citizens and 68 companies. The list includes journalists, parliamentary deputies, businessmen, judges of Ukraine’s Constitutional Court, and officials of the Presidential administration. According to the Russian news agency TASS, the measures include blocking cashless accounts, freezing electronic securities and property in Russia, and banning the transfer of funds from Russia, among other things.

News of the sanctions triggered an instant reaction on Ukrainian social networks. Some Ukrainian opinion leaders who evaded the list were disappointed to have been omitted. Meanwhile, others considered the sanctions to be a targeted act of manipulation and intimidation. For example, Ukrainian journalist Vitaliy Portnikov said: “What can be taken away from a person who doesn’t have anything in Russia – neither accounts nor property? I have not been to Russia since 2013, because I consider it immoral to visit a country that is waging war against my state. That is why my name in the list of officials and deputies is a signal. This is a warning. This is a wish to silence us.”

Of some surprise was the negligence evident in the compilation of the list. For example, the owner of an art gallery in Kyiv was named in the document, but it turned out that Russian officials had confused him with the head of the Ukrainian nationalist group C14, who has a similar name. “‘The great and terrible’ Russian intelligence services have failed again,” Ukrainian users joked online. Russian officials also revealed embarrassing historical ignorance. The list indicates that Ukrainian politician Yuri-Bogdan Shukhevych was born in 1933 “in the Lviv oblast, the USSR”. At that time, however, this territory belonged to Poland and the “Lviv oblast” did not exist.

Twitter, Facebook, WhatsApp and the Brazilian Election

The election of Jair Bolsonaro, a far-right populist who has been compared to Donald Trump, represents a major change for Brazil, which has mostly elected left-leaning presidents for the past two decades. An analysis for the Atlantic Council’s DFR Lab examines how foreign accounts engaged in Brazilian political discourse on Twitter with disinformation and manipulative messaging. Amongst the most influential accounts were RT and Sputnik, some political leaders from the US and Italy, and an American alt-right YouTube personality. Notably, the analysis revealed that of the 232 accounts examined, a significant portion was also active in other electoral campaigns, including Brexit and the French, German, and US elections.

Meanwhile, the New York Times reports that WhatsApp is increasingly used in Brazil for political communication, with a poll finding that 44% of voters use it to consume political information. At the same time, in the lead-up to the first round of the presidential election, alarming amounts of disinformation and rumours were circulated on WhatsApp. Notably, efforts to weed out fake news in Brazil, for instance through third-party fact-checking on Facebook and an initiative to encourage debunking in Brazilian newsrooms, have seemingly backfired and pushed disinformation messaging to closed networks like WhatsApp, which are much harder to monitor. Cristina Tardáguila, the director of a Brazilian fact-checking platform, recommends three strategies to mitigate the spread of disinformation on WhatsApp during election periods: the platform should 1) restrict the number of times a message can be forwarded, 2) restricting the number of contacts a user can simultaneously send a message to, and 3) limit the size of new groups.

Kremlin trolls used Islam to foment divisions in the UK

British think tank Demos has published a new report showing that the Kremlin-linked Internet Research Agency troll factory sought to foment divisions over Islam in its efforts to manipulate British public opinion in the run-up to Brexit. Specifically, the report finds that “Russian influence operations linked to the UK were most visible when discussing Islam”. Tweets about Islam during the terror attack period from March to June 2017 were retweeted 25 times more often than other content. The study analysed 9 million Twitter posts from 3,841 blocked accounts associated with the IRA which Twitter has released. 

Microsoft is developing machine learning against cyberattacks

Microsoft’s head of cybersecurity gave an overview of how the company is stepping up the fight against cyberattacks targeting politicians and electoral candidates. Microsoft’s Defending Democracy programme has developed a tool called Account Guard, aimed particularly at candidates who are running for office, which scans incoming emails for evidence of malicious activity such as phishing attacks. In addition, Microsoft is using machine learning to better identify non-technical social engineering attacks aimed at tricking the victims into breaking cybersecurity practices and to identify patterns which may indicate the presence of malicious activity even at a very small scale.

Hackers claim to have stolen 120 million Facebook accounts

The BBC Russian Service reported last week that hackers claim to have gained access to over 120 million personal Facebook accounts and were selling individual profiles for 10 cents USD. However, the total number of accounts could not be verified and Facebook claims its security was not compromised. Cybersecurity company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages. Data from a further 176,000 accounts provided in the sample could have been scraped from members who had public profiles. The database includes primarily Ukrainian and Russian accounts.

The accounts were hacked using malicious third-party browser extensions designed to monitor a user’s activity on Facebook and collect private messages and personal information. While the hackers have denied any ties to the Russian state, their IP addresses originate in Russia, and they use Russian servers and Russian email addresses.

US Developments

US cyber community braced for offensive

According to current and former US officials familiar with the development, The Daily Beast and the Center for Public Integrity report that the Pentagon, in collaboration with the US intelligence community, has an alleged “secret plan” to initiate a counter cyber-attack against Russia, should Moscow be found to have directly interfered with the November 6 elections. As reported earlier, the US Cyber Command previously engaged in a limited cyber campaign aimed at discouraging known Russian operatives from creating and disseminating disinformation.

While the threat of Russian influence operations remains a persistent concern, particularly after revelations of Moscow’s increasingly shrewd tactics, the trigger for the currently planned counter-offensive would require a deeper, systematic breach of electoral security (e.g., tampering with voter registration and vote counts), beyond the expected “malign influence [...] trying to sway peoples’ opinion or the way people might vote”.

While it appears that Russia hasn’t (yet) attempted such a breach, it is definitely active on the latter front. The Internet Research Agency remains active and has refined its operations to avoid detection, for example by consistently using a VPN and posting during working hours in the US. In addition, numerous Democratic politicians have been targeted by spear phishing and hacking attempts.

Russian influence ops take on the US military

In expanding its efforts to undermine American democracy, the Kremlin has set its sights on the US military. According to defense officials, the Kremlin is aiming to establish reflexive control by sowing specific types of disinformation within US military ranks, designed to predispose decision-making that is favorable to Moscow. The extent to which US military personnel have been targeted or influenced is currently unclear, but officials emphasize that it is a concern. As a result, both the military and the DoD’s partner agencies are ramping up training and education for their staff about influence campaigns.

Clint Watts, senior fellow at George Washington University’s Center for Cyber and Homeland Security, warns that “at the enlisted ranks in the U.S. military, Russia won over a huge base of support in [the U.S.] that still continues on today.” In particular, Russia’s support for Donald Trump in 2016 likely resonated with rank-and-file members of the military (a 2016 survey found significant support for Trump amongst active-duty service members). However, more recent polling indicates changing attitudes, with more than 70% of troops surveyed saying that Russia is a significant threat – an increase of 18% from last year.

Moscow shoring up political ties in the Caribbean

While the world works through the implications of a US withdrawal from the INF treaty, an anxious Russia has been moving closer to its old Cold War ally in the Caribbean. Since Washington’s decision to level new sanctions against Cuba, which has been under a contentious US trade embargo since 1958, President Vladimir Putin and Cuban President Miguel Diaz-Canel spoke against US “interference into domestic affairs of sovereign nations”. At the latter’s first official visit to Moscow, the two leaders denounced the “use of unilateral sanctions and interference in internal affairs" and reaffirmed support of strengthening the “strategic and allied” relations between the two nations.

As part of their efforts to expand bilateral cooperation, Putin announced preparations to deploy a Russian GLONASS ground station in Cuba, providing access to “extensive” Russian GPS and telecommunications services – with other reports suggesting the possibility of Russia establishing a military outpost on the Caribbean island. Moreover, Russia’s deputy finance minister, Sergei Storchak, stated that Russia may also be close to settling a $43 million loan to help modernize Cuba’s military hardware.

Chinese government-sponsored hacking: ‘real and relentless’

Two Chinese intelligence officers and their entourage, which included private hackers and company insiders, conspired to steal trade secrets from technology industries within the US and abroad over a period of five years, the State Department alleges. Between 2010 and 2015, officers from China’s Ministry of State Security (MSS) and their co-conspirators attempted to steal information relating to a turbofan engine developed by US and European firms – which, according to the indictment, Chinese state-owned enterprises were scrambling to replicate.

Beyond the expected methods of cyber intrusion, such as spear phishing and domain hijacking, the indictment also details how Chinese operatives dangerously managed to co-opt company insiders, who at the discretion of their MSS handlers, installed or monitored malware on their own company systems. This incident marks the third of its kind since September, including the October 10 extradition of a Chinese intelligence officer indicted for economic espionage and the September 25 charges against a US Army Reservist moonlighting for Chinese intelligence.

Facebook Twitter

Follow us on Facebook or Twitter!

Kremlin Watch Reading Suggestion

Picking flowers, making honey

Alex Joste of the International Cyber Policy Centre has published a report that reveals the Chinese military’s collaborations with foreign universities. Since 2007, China’s People’s Liberation Army (PLA) has sponsored more than 2,500 military scientists and engineers to study abroad and develop relationships with Western researchers and institutions. The PLA is engaging in a process called ‘picking flowers in foreign lands to make honey in China’, or in other words, leveraging overseas institutions, research, and training in order to develop and improve military technology in China. As many Western institutions lack domestic funding, mainly in the US, UK, Canada, and Australia, they have turned to China for funding.

The PLA has sent PhD students and other researchers from military institutions abroad under the pretence of attending technical universities or institutes. Currently, the PLA recommends that interested students exclude any military and political courses from their academic record for their visa application, and has previously recommended that students cite the National University of Defense Technology as the Changsha Institute of Technology. Students who are sent abroad are required to maintain ties with the party and are warned against ‘developing issues with their politics and ideology’.

For the host country, there is a risk that PLA researchers may engage in espionage or theft of intellectual property, since China is a non-ally. PLA collaboration does not lead to long-term improvement in the technological talent of the host country as all PLA scientists return to China after their period abroad. The report emphasises that Western universities are risking damage to their reputation by collaborating on military technology with a non-allied country. The report recommends that governments deepen discussions regarding research collaboration with the PLA, increase communication with universities regarding this matter, improve scrutiny of visa applications, regulate scientific training given to non-allied military personnel, and increase government funding to domestic strategic institutions.

Do you like our work?

Our effort to protect liberal democracy across Europe is dependent on private donations.

Support us

Kremlin Watch is a strategic program of the European Values Think-Tank, which aims to expose and confront instruments of Russian influence and disinformation operations focused against liberal-democratic system.

  • For comments related to content or media inquiries, please contact the Director of the European Values Think-Tank Jakub Janda at (+420 775 962 643)
  • For Monitor suggestions or technical comments, please contact Kremlin Watch Coordinator and Analyst Veronika Víchová at 
Facebook Twitter

European Values Think-Tank

+ 420 773 064 169

Facebook Twitter Youtube