Alternative War: Unabridged Read online

Page 16


  Following a ‘dump’ of CIA data on the WikiLeaks site in March 2017, security analysts began to draw conclusions that Assange’s site was, in fact, a full-blown Russian interest96. Another deniable asset. Dr Andrew Foxall, director of the Russia Centre at the Henry Jackson Institute openly stated: “Wikileaks has secret Russian intelligence but hasn’t disclosed anything remotely sensitive about Russia. He [Assange] has taken a consistently pro-Russia stance.” Though Assange denied the claims, speaking from the Ecuadorian Embassy in London, Foxall added: “The documents contained 75,000 redactions. These were codes that would also affect Russia’s security, because some of the data was relatively fresh, it is unlikely it had been in the pipeline for a while. And Assange’s team is small. The logical conclusion is that the data was given already redacted. This was the work of a sophisticated team, and it fits entirely into a pattern of behaviour demonstrated by Russia in the past.”

  In fact, in January 2017, the Office of the Director of National Intelligence had already confirmed there was “high confidence that Russian military intelligence relayed material to WikiLeaks.”

  Interestingly, I found while researching all this, Putin’s Russia officially describes Bitcoin as “a virus”97 but this hasn’t deterred legitimate global investments elsewhere, with China investing hundreds of millions of dollars. What was immediately clear, however, is that the market is heavily masked, unregulated by conventional standards, and is used as the currency of data criminality. One particularly relevant example occurred in July 2016, when British citizen George Cottrell was arrested on twenty-one charges including attempted extortion, money laundering and fraud. At the time, he was stepping off a plane at Chicago’s O’Hare airport with Nigel Farage98.

  They were on their way to Heathrow when the arrest took place, after attending the Republican Party’s Convention in Cleveland where they both appeared on television, met with US Senators, and engaged in discussions with aides to presidential candidate Donald Trump. Cottrell had been working for Farage during the Brexit referendum and is the nephew of Lord Hesketh, a hereditary peer and former Conservative Party treasurer who defected to UKIP in 2011. It transpired that, in the events leading to his detention, Cottrell had been offering money laundering services on the Dark Web and met with undercover agents in Las Vegas, where he made arrangements for them to send him over fifteen thousand pounds before threatening to expose them to the authorities unless they transferred him over sixty thousand pounds in Bitcoin. A court document filed by the prosecutors in February 2017 advised the judge in the case to offer Cottrell a light prison sentence because he had been willing to “provide federal agents additional information after his arrest,” and added that this related to extra details “about his role in the offence and how he became involved.” It is not unusual for plea bargains to take place in the US, and the FBI does have a clear interest in criminal operations run on the Dark Web.

  Looking into this, however, made me take a closer look at Farage, the former UKIP Leader and instrumental Leave.EU politician. Unsurprisingly, given the general background of the right which I’d uncovered in Sweden, I found he had more documented close ties to the Trump administration than Breitbart alone and, in March 2017, he personally thanked Steve Bannon for his help in making the trigger of Article 50 – the legal start of the UK’s departure from the EU – a reality. During the same period, the MEP was also seen visiting Ecuadorian embassy, the “home” address of WikiLeaks’s Julian Assange99. Breitbart later deleted the video clip of Farage's gratitude.

  Though Farage said at the time of the embassy visit “I never discuss where I go or who I see,” and later claimed it was for “journalistic purposes,” leaked emails actually show UKIP had been actively supporting Assange since 2011100. The Farage-led Europe of Freedom and Democracy group tabled a motion attacking “the possible abuse of the European Arrest Warrant for political purposes,” when the law was used to trigger Assange’s extradition over Swedish rape allegations and, on RT, a UKIP representative labelled the extradition proceedings against Assange as “legalised kidnap.” The Swedish prosecutor eventually withdrew the warrant in 2017 as, after several years of Assange living untouchable under diplomatic immunity in Ecuador’s London embassy, it was judged there was a limited likelihood of the extradition ever taking place. This did not, however, change the status of the allegation and Assange’s flight was seen widely as a frustration of due process.

  Farage had also personally used his LBC radio show to broadcast a repeat Assange's denial of Russian involvement in the hacking of the Democratic National Committee and their presidential nominee Hilary Clinton during the US election. In January 2017, Farage told his listeners “[Julian Assange] is absolutely clear that all the information he has got is not from Russian sources.”

  In the same month as Farage’s Broadcast, senior officials in the CIA completely contradicted both of them, saying the leaked DNC material had been traced to Russian GRU officials and “handed off to Assange via a circuitous route” in an attempt to avoid detection of the original source. That route was a hacker known as Guccifer 2.0 who, between 2016 and January 2017, publicly stated they were not Russian but Romanian. However, despite stating they were unable to read or understand Russian, metadata of their own emails showed a Russian-language-only VPN was used. In addition, when pressed to use the Romanian language in an interview with reporters, Motherboard noted101 they “used such clunky grammar and terminology that experts believed he was using an online translator.” My investigation led me to explore this particular strand in more detail later on, but Wikileaks and the far-right stayed front and centre the whole time.

  By spring 2017, with the French presidential elections underway, the right-wing candidate Marine Le Pen – who had travelled to Moscow to visit Vladimir Putin – was given a rather glowing interview by Farage, and Assange had made a statement to Russian newspaper102 Izvestia that WikiLeaks would: “Throw oil on the fire of the French presidential election.” After Le Pen successfully passed through the first round in the presidential race in April 2017, cyber security experts warned that her rival, ultimately victorious centrist Emanuel Macron, had been targeted by the same hacking group involved in the US elections. Trend Micro, a Japanese cyber security company, stated there was evidence APT (Advanced Persistent Threat) 28, a team of hackers linked by US security services to the GRU (Russia’s military intelligence agency), was directing its resources to influence the French contest103. (I later discovered the group had also, disturbingly, masqueraded as ISIS during previous hacking activities.)

  The GRU hackers were said to have been found setting up a number of phishing sites aimed at duping Macron’s En Marche! members into attempting to log in, thus giving the group access to their email servers – the technique allegedly deployed against the Clinton campaign which led to the release of the thousands of DNC emails via Wikileaks. The Macron campaign insisted at the time it had not been compromised, but days before the final vote thousands of emails were leaked, though the damage was mitigated by a number of restricted reporting measures deployed in relation to the French media.

  Russian election hacking I also found – to my horror, I might add – had also already been deployed in the UK. In 2015, the general election campaign was targeted by Russian hackers, who GCHQ believe were state-backed, and former minister Chris Bryant said in February 2017104: “There is now clear evidence of Russian direct, corrupt involvement in elections in France, in Germany, in the United States of America, and I would argue also in this country.” GCHQ deployed measures to counter the 2015 attack, carried out by APT28 who are also known as Fancy Bears. According to the limited details of their report, the GRU had planned to target every Whitehall server, including the Home Office, Foreign Office and Ministry of Defence, and every major TV broadcaster, including the BBC, Channel 4 and Sky. Additionally, in April 2017, the Commons Public Administration and Constitutional Affairs Committee concluded foreign states had attempted to target the Brexit
referendum. While the committee report focused on a denial of service attack on the Register To Vote site105, it also made clear: “The US and U.K. understanding of 'cyber' is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on an understanding of mass psychology and of how to exploit individuals.” Russia went on to successfully hack the Westminster emails of members of the UK parliament in June 2017, leading to a public declaration that “bribery risks” had become a very real threat106.

  It took me a short while to get to grips with the big concepts in all of this but, in essence, specific state data can be washed and released through back channels like Wikileaks, aiming to negatively impact individual candidate campaigns, and denial of service or phishing attacks can work more crudely towards a similar aim. The exploitation aspect, I discovered, is central to big data’s inherent value and the basic premise of a hybrid assault. You see, using big data, companies such as Cambridge Analytica often conduct what’s called an Ocean personality assessment – normally used in psychology – and the more expansive the data held, the more intricate your individual profile can be. With the right data, it can then be targeted at people you know too. A basic profile, as Michael Kosinski found in his research, can predict your behaviours just based on social media likes alone. An advanced profile, based on what websites you visit, what news you read, your job, your politics, your purchases, your medical records, would mean such a company knows you much better than you know yourself. This allows the people who pay for such services to target you at an individual level with news, information or social media posts which are tweaked to make sure they have the biggest psychological impact on you. Fake news and alternative facts are a central part of this and that includes hacked data dumps which can cause discredit. The Russian terms pokazukha, which means something like a staged stunt, and zakazukha, which refers to the widespread practice of planting puff pieces or hatchet jobs107, are both terms which are relevant in the broader context of all of this. Fake news had to come from somewhere, and there it was, all along.

  Further, using such psychometric profiles, the simplistic creation of AI driven bots on social media can also push selected messages into more common public view, with the added bonus of the Social Media Echo Chamber ensuring the activity is shared between the appropriate, self-selecting recipients too. This can also keep much of the activity out of sight – because it only hits certain groups – and is the core reason the authorities were so late in responding to the threats during elections. It was only in March 2017, after it was too late, that the Ranking Democrat member of the House Intelligence Committee, Adam Schiff, told CNN the committee was investigating whether the Donald Trump campaign coordinated with the Russians to spread fake news through trolls and bots online and sway the election.

  “We are certainly investigating how the Russians used paid media trolls and bots, how they used their RT propaganda platform to disseminate information, to potentially raise stories, some real some not so real, to the top of people’s social media,” Schiff said108.

  In many ways, a little historical digging makes sense of not only bots, but a lot of the alternative outlets spewing conspiracy theories. The Russian state was sponsoring ‘Web Brigades’ as far back as the 1990s109, paying around eighty Rubles a comment for people to spam the internet with false information – not to convince people, but to confuse them. To create distrust in all media. They were also paying high-profile bloggers, which made me think about sites like Info Wars and Prison Planet in an even darker light. If you set this against Trump’s decrying of the mainstream media as Fake News while promoting certain outlets, it is not hard to see the apple hasn’t fallen too far from the tree.

  In 2013, Russian reporters investigated the St. Petersburg Internet Research Agency, which employed around four hundred people at the time, and found the agency covertly hired young Russians as “Internet Operators” paid to write pro-Kremlin postings and comments. Twitter Bot armies of over twenty-thousand artificial accounts were also uncovered. The group's office in Olgino, a historical district of Saint Petersburg, gave rise to the now well-known terms “Trolls from Olgino” and “Olgino's trolls,” both of which are synonymous with both bots and human accounts which spread propaganda. Internet Research Limited, the company behind the Olgino operation is considered to be linked to Yevgeniy Prigozhin, head of the holding company Concord and a “chef” working for Vladimir Putin. Documents published by broadly benign hackers from Anonymous International, appear to show Concord is directly involved and researchers have cited e-mail correspondence in which specific orders were given to the army and, in turn, reports were returned on the completed missions110. According to journalists, Concord organised banquets in the Kremlin and “cooperates” with the Russian Ministry of Defence.

  There are also things called Dark Posts, predominantly used on Facebook, which are only ever seen by the intended recipients and which disappear straight afterwards. According to reports as far back as 2015, these dark posts – which are known generally as unpublished posts – are not the same as targeted adverts but they do share common properties. For example, both allow you to promote posts to specific people. While targeted posts allow you to aim at an audience based only on parameters such as gender, relationship status, education, and so on, dark posts allow you to use keywords. The main difference is that dark posts publish without showing up on your own wall so, only the target sees it. It’s not hard to see how this is deployed so effectively by groups using big data to hone down who they are aiming for and even the most basic advertisers have an understanding of this. One I found111 wrote of dark posts: “Using text that highlights their interests, your community members will feel like you’re speaking directly to them.” The thought of this amount of power in the wrong hands, well, it doesn’t take a lot of imagination to see what has happened and the additional benefit to using dark posts, in particular in regulated election campaigning, is clear: no one will really know, so there’s no accountability. I suspect the spends on dark posts are in no way declared and, subsequently, the Electoral Commission is not only outgunned in terms of powers but clueless.

  Explaining bots while giving evidence to the Senate Intelligence Committee in April 2017112, former FBI Agent Clint Watts highlighted the reason the bot accounts are so effective as a delivery mechanism, explaining: “Whenever you're trying to socially engineer them [voters] and convince them that the information is true, it's much more simple because you see somebody and they look exactly like you, even down to the pictures.” Watts went on to say the bot campaign came via a “very diffuse network” which often competes with its own efforts “even amongst hackers, between different parts of Russian intelligence, and propagandists — all with general guidelines about what to pursue, but doing it at different times and paces and rhythms.” This makes a great deal more sense when set against the Concord investigation.

  Artificial Intelligence, much of which was developed by people like Robert Mercer, was originally thought to be primarily a Twitter issue, but Facebook has also now recognised that the creation of these bots – false profiles – has infected their platform. They have gone as far as acknowledging how this impacted on both the US Presidential election and on the UK’s Brexit referendum. As of the late spring 2017, Facebook directly attributes the growth of its false accounts problem to government interference. “We recognize that, in today’s information environment, social media plays a sizable role in facilitating communications – not only in times of civic events, such as elections, but in everyday expression,” they said in their spring 2017 security report113. “In some circumstances, however, we recognize that the risk of malicious actors seeking to use Facebook to mislead people or otherwise promote inauthentic communications can be higher.”

  In advance of France’s election campaign, the company also shut down around thirty-thousand suspicious accounts114 posting high volumes of material to large audiences, saying: “We have had to
expand our security focus from traditional abusive behaviour, such as account hacking, malware, spam and financial scams, to include subtler and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people.”

  What had become clear to me in a very short space of time was that all of the strands of the hacking web interact to create a whole – a viral organism dependent on each of its elements to work effectively, mutate, and spread. We, people, are little more than the host keeping it alive: like any good infection, it relies on us to continue to exist. This is a natural progression, I suppose. A computer virus for all intents and purposes engineered by a malicious enemy to attack humans rather than machines. The next generation of chemical warfare, if you like, designed to work on dopamine, oxytocin, serotonin, and endorphins and, so far, it has proven highly effective. Big data provides the key to the delivery system and the route to infection, hence the commodity value.

  What was also apparent is the organism relies on the interactions of key figures across the world – ones who share a common goal. Among them are many who show some signs of having fallen to a much older, cold war technique: provokatsiya. The full explanation of the term is often given as: “Taking control of your enemies in secret and encouraging them to do things that discredit them and help you. You plant your own agent provocateurs and flip legitimate activists, turning them to your side.” In some cases, it can extend to creating extremists and terrorists where none exist, effectively creating a problem in order to solve it, and the Russian services have been known to deploy such tactics since the Tsarist period115. As with all classic money-laundering operations, however, the trick to successful data-laundering to these ends would be to establish a legitimate looking front, so it would make sense to deploy provokatsiya in this context, in order to integrate that business as quietly as possible. In my view, this would be especially effective somewhere cash has been successfully cleaned for years. A market you had an understanding of.