This week, we have a guest post from Jeannette Dickens-Hale, Senior All Source Threat Intelligence Analyst at NTT Security.

As the US Intelligence Community (IC) looks at various threats to the 2020 elections – cyber attacks from known nation-state sanctioned threat actors such as Russia, China, The Democratic People’s Republic of North Korea (DPRK), and Iran – analysts have many things to consider. The range of threats to be considered encompasses those that are geopolitically based. 

Current geopolitical threats include, but are not limited to:

  • The China Trade Wars, US tariffs imposed on Chinese goods entering the US
  • Iran’s possible increase in cyber attacks against the US in response to being named as culpable in the Strait of Hormuz oil tanker attacks
  • Iran’s shoot down of a US drone

Based on Open Source Intelligence (OSINT), and Department of Justice documents available in the public domain, it appears that each of these threats has a medium to high level of confidence and is viable. However, one threat is persistent, particularly to the 2020 elections, and that is the Russian GRU’s and Project Lakhta’s weaponization of social media to carry out disinformation and influence campaigns.

Background: The GRU, Project Lakhta and the Internet Research Agency (IRA)

Russia’s Main Intelligence Directorate (GRU), also known as the Main Directorate (GU) is the branch of Russian intelligence under which Project Lakhta was created for the purpose of using social media platforms for disinformation and influence campaigns against the European Union (EU), the Ukraine, the Russian Federation, and the United States. Although Project Lakhta was originally created to carry out disinformation and influence campaigns globally, Project Lakhta has since focused on the US elections as a high value target. As early as 2014, Project Lakhta’s threat actors began researching the means and methods to carry out disinformation and influence campaigns against the US.

Russian national Elena Alekseevna Khusyaynova serves as Project Lakhta’s Chief Accountant. She has been identified by the US Department of Justice (DOJ) as being responsible for directing financing for all aspects of the Project’s operations. Project Lakhta has various budgets reported from approximately 720 million Russian rubles (approximately 12 million USD) in 2016; approximately 60 million Russian rubles (approximately 1 million USD) in February 2017; and more than 114 million Russian rubles (over 1.9 million USD) in June 2018. 

According to a Department of Justice (DOJ) Criminal Complaint filed against Elena Alekseevna Khusyaynova on September 28, 2018, funds from Project Lakhta’s budget were used for the following:

  • IT expenses: Domain Name Registrations 
  • Purchase of Proxy Servers
  • Social Media Marketing Expenses
  • Purchasing Posts for Social Media Networks
  • Facebook Advertisements
  • Instagram Advertisements
  • Promoting News Postings on Social Networks
  • Social Media Optimization Software, i.e., Twidium and Novapress[RK8] [JD9] 
  • USA and EU Activities
  • US Activists
  • Bloggers
  • Developing Twitter Accounts
  • Online Videos

Sowing Social and Political Discord: Targeted Messaging, Bloggers & Activists

After establishing several social media accounts, Project Lakhta’s threat actors began to buy ads to promote events and social media groups it controlled. This emerging, nascent disinformation and influence campaign began in the US as early as 2015. Social media posts and messaging neither promoted nor denigrated one particular viewpoint or group over another. The laser-focused intent of Project Lakhta’s threat actors - sanctioned and created by Russia’s GRU - was to foment discord and rile tensions within the US population prior to, during and after the US 2016 and 2018 Midterm elections. 

Project Lakhta and the GRU’s methodologies focus on social media advertisements and messaging. Project Lakhta’s threat actors continue to recruit unwitting US persons to become activists and bloggers to support pro and con positions for social and political events and organizations. Project Lakhta’s threat actors are trained on which pictures and messages to post on specific social media platforms to spread divisive messages. The threat actors are instructed on which times are optimal to post messages targeting certain groups in the US. These targeting methodologies continue to be very successful for weaponizing social media platforms. They sow the seeds of discord and cultivate discontent not only within social groups, but particularly regarding the US elections.

How Does the US Defend Itself Against Weaponized Social Media, Targeted Disinformation and Influence Campaigns?

The GRU provides Project Lakhta with a large operating budget continually funded through Concord, and by various Project Lakhta entities that the Department of Justice (DOJ) has identified as The Internet Research Agency (IRA), MediaSintez LLC, GlavSetLLC, MixInfo LLC, Azimut LLC, NovInfo LLC, Nevskiy News LLC, Economy Today LLC, National News LLC, Federal News Agency LLC, and International News Agency LLC. Project Lakhta’s well executed targeting methodologies would seem to provide other nation-state sanctioned threat actors with a model for the means and methods to weaponized social media in order to create and institute their own disinformation and influence campaigns.

How Can the US Mitigate the Impact of Social Media Weaponization?

The Department of Defense’s (DoD) US Cyber Command, and the US intelligence community (IC) defend against cyber threats daily, but how can the US defend itself and its 2020 elections against what has proven to be a successful and effective strategy to impact social and political groups and events?

The defense against weaponized social media has already begun. Facebook, Instagram and Twitter have identified and purged fake social media accounts attributed to the Internet Research Agency (IRA), i.e. Project Lakhta. These social media companies continue to monitor for and to purge accounts owned by Russian threat actors in order to mitigate and attempt to eliminate the threat of Russian social media weaponization. 

Recommendations

Weaponization of social media is a persistent threat and is one that has only recently been discovered in the threat realm. As Project Lakhta’s targeting methodologies become more sophisticated, they could be copied by other nation-state actors. Facebook, Instagram and Twitter purging fake Russian accounts is one step toward mitigating the impact of social media weaponization. Facebook’s Chief Operating Officer Sheryl Sandberg and Twitter’s CEO Jack Dorsey appearing before the Senate Hearing on Social Media and Foreign Influence Operations is another step in addressing Russian threat actor fake accounts.

The US might consider a proactive defense against this possible future threat and current persistent threat. The US could enlist Facebook, Instagram (which is owned by Facebook), and Twitter to create Public Service Announcements (PSAs). These Public Service Announcements (PSAs) could educate the US public on how to identify and block weaponized social media accounts, targeted messaging and advertisements. This forward thinking, pro-active defense strategy would allow US citizens who have social media accounts to have immediate control in eliminating, or at least in mitigating the threat of receiving targeted, weaponized posts in their personal social media feeds.


References

https://www.justice.gov/file/1035477/download

https://www.justice.gov/usao-edva/press-release/file/1102591/download

https://www.justice.gov/storage/report.pdf

https://anomali.cdn.rackfoundry.net/files/white-papers/russian-federation-country-profile.pdf

https://www.npr.org/2018/04/24/604241476/sounding-the-alarm-about-a-new-russian-cyber-threat

https://www.cnbc.com/2019/06/14/us-blames-iran-for-the-tanker-attacks-heres-what-the-navy-could-do.html

https://www.csis.org/analysis/us-response-iranian-brinkmanship

https://www.bloomberg.com/news/articles/2019-06-03/read-the-full-china-white-paper-on-u-s-economic-and-trade-talks

https://www.lawfareblog.com/senate-hearing-social-media-and-foreign-influence-operations-progress-theres-long-way-go

https://abcnews.go.com/Business/twitter-removed-fake-accounts-iran-russia-venezuela-bangladesh/story?id=60760009

https://www.cnet.com/news/facebook-pulls-down-more-fake-accounts-tied-to-russia/