Election Interference: The Russians Are Back, or They Never Left

Every day brings new revelations on Russia’s strategy of disruption to the west, the United States specifically. As Yogi Berra said, “It is déjà vu all over again”—in December 2017 we wrote it was already “Déjà Vu All Over Again – Russian Active Measures.” The tactics being used by the Russian intelligence services are straight out of the playbook of the USSR.

Stepping right through the 2016 election and directly to the final months of the 2020 presidential election, we see that every third-rail topic in the United States is being amplified by the Russians with only one goal: to create divisiveness in the United States.

DevOps Connect:DevSecOps @ RSAC 2022

In August 2020, National Counterintelligence and Security Center Director William Evanina issued a lukewarm admonishment that “foreign states will continue to use cover and overt influence measures in their attempt to sway U.S. voters’ preferences and perspectives, shift U.S. policies, increase discord in the United States, and undermine the American people’s confidence in our democratic process.” Interestingly the statement went on to identify three countries and their presidential candidate preferences—Russia: Trump; China: Biden; Iran: Biden.

The ODNI went on to say that the congressional leadership would no longer be receiving oral briefs; all briefs on election security henceforth would be in writing, which precludes real-time question-and-answer sessions that are so very important when briefing national intelligence topics to policymakers.

Meanwhile, the Department of Homeland Security has offered a multitude of resources to county and state election officials, all available via its Cybersecurity Infrastructure Security Agency and Election Security Resource Library.

Then, incongruously in July, the analytics shop within DHS was accused of withholding information by not releasing a draft bulletin, “Russia Likely to Denigrate Health of US Candidates to Influence 2020 Election.” The bulletin indicated exactly what the NCSC warned of: Russian disinformation about Biden. DHS defended the action by claiming the report was poorly written.

Then there is the FBI (which falls under the Department of Justice) telling Facebook that its platform is being used by the Russians—specifically, the same entity that leveraged Facebook in 2016: the Internet Research Agency (IRA). Following the FBI admonishment, Facebook removed 13 accounts and two pages. The accounts, not surprisingly, were amplifying disinformation about Biden and Harris. While many may opine that the IRA’s capabilities are less and less as the social networks get smarter in identifying their resources, it would be a fool’s analysis. The IRA is morphing and the tactics used in 2016—while still in the IRA quiver—aren’t the only ones being used in 2020.

Facebook noted that the activity it interrupted by its takedown was attempting to direct people to a site called “Peace Data.” Subsequently, Peace Data has been identified as a fictitious international news site that promotes left-wing thinking.

Graphika was provided information from Facebook to provide an analysis of the IRA’s activities and produced a 38-page report “IRA Again: Unlucky Thirteen,” which does a yeoman’s job of explaining the morphing of IRA’s tactics. The IRA moved toward hiring unwitting authors for its pieces or simply lifting content and republishing. The group would engage its targeted authors via Twitter direct message (DM) or the authors may have responded to one of its online ads looking to hire 10 freelancers.

The analysis of the Facebook side of the equation concluded that the effort was “targeting with pinpoint precision.” A deeper dive into Peace Data showed the site came into being in February and that its Twitter account (suspended) was created in December 2019. The individuals associated with the effort are fictitious; their photos are AI-generated.

In a piece written for the Guardian, journalist Jack Delaney provides a first-person account of how he was hoodwinked by Peace Data into creating content. He realized he had been drawn into the scheme when his content was republished on sites known to spew Russian disinformation. Indeed, the Graphika analysis showed that “the site paid particular attention to racial and political tensions.”

While these are the most recent election-related takedowns of Russian actions, as we said in 2017, “The Russian active measures machine chugs along; we can either educate ourselves or continue to fall victim. The choice is ours.”

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 167 posts and counting.See all posts by burgesschristopher