Project Lakhta: Russian Meddling Gets Russians Indicted

The U.S. Department of Justice (DoJ) announced Feb.16 that a Federal grand jury dropped the hammer on a gaggle of Russian citizens and three Russian entities for their hand in the meddling in the U.S. presidential election of 2016.

This Russian intelligence effort, code-named “Project Lakhta,” was conducted from 2014 to 2016 and is an example of old-school Russian active measures (a covert action) brought forward to the 21st century.

Though the election portion of Project Lakhta concluded with the inauguration in January 2017, the infrastructure the Russians built continues to be exercised.

In September 2017, Irina Viktorovna Kaverzina, one of the indicted, wrote: “We had a slight crisis here at work: the FBI busted our activity…. So, I got preoccupied with covering tracks together with my colleagues. I created all these pictures and posts, and the Americans believed that it was written by their people.”

No need to search further for a smoking gun—Kaverzina’s note to colleagues says it all.

What is more clear now is the goal of the Russian Federation, which was to use its multiyear investment of significant resources to sow distrust within the electorate of the United States. It used its created groups and personas to project support to themes controversial, while spending millions of dollars on its infrastructure to make these efforts hum.

The Trolls of Olgino

The St. Petersburg, Russia-based Internet Research Agency (IRA)—and it’s many aliases: Mediasintez, Glavset, Mixinfo, Azimut, Novinfo—as well as Concord Management/Consulting and Concord Catering were specifically called out in the indictment as being instrumental in creating infrastructure and managing the Russian efforts. (Readers will remember, we too called out IRA, Glavset, Evgeny Prigozhin and Mikhail Bystrov in our November 2017 piece, “Russia Skilled Political Warfare Adversary.”)

Russian Key Performance Indicators

While the efforts of IRA have been previously identified by researchers and analysts, the depth of their efforts in support of the Russian intelligence active measures is remarkable and worthy of review.

We will use the key performance indicators (KPIs) we created in November to measure the level of success enjoyed by the Russian intelligence active measures campaign. The plethora of examples within the indictment serves to confirm much of our analysis, but also shows their successes were more robust than previous analysis had concluded.

KPI 1 – Shape the U.S. election discourse and feed divisiveness into the United States. The efforts in the creation of thousands of online accounts to create, publish and repeat divisive messages, creating slightly nuanced content and otherwise pushing themes that would be most inflammatory has now been documented in the indictment. The DoJ shared an example: “The Russians organized one rally in support of the President-elect and another rally to oppose him, both in New York, and on the same day.”

KPI 2 – Framing the dialogue via ads and fictitious persons. This is where the Russians invested heavily—not only millions in funds which they funneled to social media accounts including Twitter and Facebook, but also in online search ads with Google and Bing. Additionally, their use of email and assuming the identities of real U.S. citizens to infiltrate and provide direct support to various political entities is now well-documented.

How Deep into the United States Did They Dive?

The level of effort which the Russian Federation invested in meddling with the U.S. election will be startling to all but those who have encountered Russian intelligence active measures activities in the past.

The indictment shows that multiple physical trips to the United States were conducted beginning in 2014 by Russian personnel. These trips took the Russian operatives to Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, Georgia and New York. The purpose of the travel? To gather intelligence to increase the likelihood Project Lakhta would be successful, and put in place the pieces of the infrastructure anticipated as being necessary to obfuscate the Russian hand.

It is widely known, and previously shared, that fictitious online accounts had been created by IRA and its army of trolls. These accounts consisted of fake organizations as well as fake personas. The indictment also revealed that the identities of a number of U.S. citizens were stolen and used to set up email accounts and serve as financial funnels, using PayPal and other online financial entities through which the covert funds could—and did—flow.

The Russians set up U.S.-based internet servers to act as their virtual private network hosts, so that all IP addresses used in support of this activity would be U.S.-centric without a visible connection to the Russian Federation.

As noted above, in September 2017, the Russians concluded their efforts were being dissected by the Special Counsel and various server providers. We’ve seen Twitter and Facebook working to identify and delete/block/render ineffective the various accounts created within Project Lakhta. Indeed, the indictment shows that once the the Russians realized the gig was up, they worked diligently to destroy all their data and the breadcrumbs leading to Russian attribution.

With this indictment, the DoJ now must take the next step and prove that these allegations are, in fact, true. What does this mean for the 13 Russian nationals? Once the DoJ requests and the courts issues warrants for their arrest, their ability to travel will be sharply curtailed—they know the United States has a long reach.

Should they doubt such, they might look into the recent experiences of  Roman Seleznev, who was arrested in the Maldives for stealing more than 2 million credit cards in a hacking operation and is now sitting in a U.S. federal prison, or Sergey Medvedev, who was arrested in Bangkok in early February for his role in an international identity theft ring and now awaits extradition to the United States.

It is a safe bet that U.S. law enforcement and the DoJ will be highly motivated to bring these 13 indicted individuals to justice.

The full indictment is available via the DoJ and can be read here: DOJ Indictment.

Sponsored Content
Upcoming Webinar
This Year at RSA: Don’t Miss The Conversation on DevSecOps!

This Year at RSA: Don’t Miss The Conversation on DevSecOps!

The 2018 RSA conference promises to feature a lively, yet critical discussion on the role of DevSecOps and how this movement is transforming the way organizations are building and securing their software.  Many agree that secure software equals good software. As we have seen in so many recent headlines, the ... Read More
March 22, 2018

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 36 posts and counting.See all posts by burgesschristopher