Information operations · Information Warfare · Russia

Kremlin Watch Briefing: Kremlin’s influence operations from cyber-space to infrastructure projects

Topics of the Week

Major FSB contractor hacking reveals Kremlin insecurities in intelligence gathering
How the Kremlin uses the railway sector to expand its foreign influence
US Intel Committee questions social media companies about deep fakes ahead of 2020 election
A new report by the Atlantic Council’s DFRlab: Operation Secondary Infektion

Good Old Soviet Joke

A frightened man came to the KGB “My talking parrot disappeared.”

“This is not our case. Go to the criminal police.”

“Excuse me. Of course, I know that I have to go to them. I am here just to tell you officially that I disagree with that parrot.”

Facebook Twitter
Follow us on Facebook or Twitter!

Policy & Research News

FSB contractor hacking reveals Kremlin insecurities in intelligence gathering

BBC News Russia reported a security breach of the Russian FSB security agency by hackers that occurred on July 13. After breaching major FSB contractor SyTech, hackers from 0v1ru$ passed data to larger hacking group Digital Revolution, who shared 7.5 terabytes of stolen files on FSB projects over Twitter and several other media outlets in what has been called the “largest data breach in history”. Amongst the digital programs revealed to the public through the breach include plans to de-anonymize Tor browsing and scrap social media as part of a larger plan to develop a controlled and isolated internet disconnected from the global infrastructure of the world wide web.

This project of a Russian domain name system can allow the Russian government to prevent off-grid communications and collect or intercept such data more easily, provoking concerns of politicians disconnecting Russians from global digital media and sources for their own benefit. Ultimately, however, the details of said projects pursued by the Kremlin unveiled by this breach confirmed existing suspicions. For security experts, the occurrence of the breach and its scale are more significant and indicate that contractors remain a vulnerability in the chain of intelligence agencies globally. Previous compromises of intelligence organizations, including Edward Snowden’s revelations and discovery of an NSA contractor selling US secrets for over 20 years, validate concerns over the security of state secrets in the possession of major contractors.

Lithuanian Railways: Attack from the East

Brought to you by the Vilnius Institute for Policy Analysis

Vilnius Institute for Policy Analysis has conducted a new study titled, “Lithuanian Railways: Attack from the East. How the Kremlin carries out geopolitical expansion under the guise of businessmen in the Baltic States”.

The study conducted by Marius Laurinavičius, senior analyst at VIPA, gives a closer examination of a new aspect of Russian strategic influence in the Baltic States. It specifically reveals the Kremlin’s strategic approach to transport. In particular, the railway sector used as an expansion tool for Russian foreign policy by instrumentalising a network of interconnected individuals and companies, which coordinated acts in Lithuania, Latvia and Estonia.

According to Laurinavičius, this network and its influence can be compared to a model piloted by the Kremlin in the energy sector, using intermediary companies. Supposedly, such companies can act as buffers, which help to overcome political risk linked to international relations. Meanwhile, although Lithuania is taking the path of energy independence, Russia could seek to employ the railways as a strategic weapon.

Additionally, the threat of such Russian influence to the national security of the Baltic States is not only due to the geo-economic and geopolitical expansion of the Kremlin. The study also points out the inevitable factors associated with the Putin regime to include: the probability of corruption, money laundering, criminal mafia activity and direct impact on domestic political decisions. The last of these which is not only theoretical but also a practical possibility, shown by the activities of the individuals and companies mentioned in the study.

Polish-Ukrainian relations in the crosshairs

According to a report by Info Ops Polska, an infospace watchdog, 23% of Sputnik messages in Poland are aimed against Polish-Ukrainian relations and designed to shape a negative image of Ukraine.  The authors argue that to do this, the disinformation actors manipulate all areas of the infosphere: virtual area (cyberspace), physical area (actual events), and cognitive area (perception of the events).

In the first area, the cyberspace, Russian disinformation mainly focuses on three narratives that are adapted to current events. The first narrative depicts Ukraine as a nationalist country unfriendly to Poland. The second one focuses on shaping an image of Ukraine as a corrupt failed state. The third narrative specifically targets Ukrainians in Poland who are blamed for unemployment and portrayed as a risk to the pension and healthcare systems.

In the physical area, provocations are organized to facilitate the propaganda messages. A grenade launcher shooting of the Polish consulate in Lutsk or attacks on Polish cemeteries in Ukraine serve as good examples.

To influence the cognitive area, special models for disinformation distribution are used. The model that the authors focus on starts with disinformation originating on Sputnik. It is then picked up by other websites almost unchanged. Afterwards, the stories are spread on different blogging networks, usually as opinions on the articles published by the second-stage websites. Now, the disinformation is disguised as opinions of users and designed to influence perception. Then, a different team of operators, fake forum users, adds disinformation to their other original content. Finally, the disinformation actors attempt to “sell” the fake stories to Internet opinion-makers, individuals or social groups.

The report thus concludes that combating Kremlin influence activities requires attention to all the areas of the infosphere, especially to actual or simulated events designed to support propaganda messages.

US Developments

US Intel Committee questions social media about deep fakes

According to a recent report from Reuters, the chairman of the US House of Representatives Intelligence Committee has expressed his concerns to social media companies about the threat of deep fakes ahead of the 2020 election. Deep fakes are falsely manufactured, hyperrealistic videos or audio clips created to deceive user audiences into believing a candidate or high-profile individual said or did something that they did not. Congressman Adam Schiff from California wrote letters to prominent media companies Facebook, Twitter and Google asking how each entity planned to respond to the aforementioned doctored content produced by malign actors. Other targets of Schiff’s inquiry included YouTube which is owned by Google as well as Instagram, owned by Facebook. Alerting to the Russian cyber-influence campaign launched in an effort to help Donald Trump win the US presidency, Schiff wrote in his letters, “As we look ahead to the 2020 election, I am gravely concerned the experience of 2016 may have just been the prologue”.

Thus far, the congressman has received mix responses from the five platforms listed above, each lacking a specific approach or ready combat plan. This is possibly tied to the fact that many social media companies are still struggling to put policies in place concerning falsified content that may be fused in with election meddling.

Nudging Turkey out of NATO would be a giant gift to Vladimir Putin

Retired U.S. Navy admiral and former supreme allied commander of NATO James Stavridis delivered an assessment in Bloomberg on the budding conundrum regarding Turkey’s acquisition of the contested Russian S-400 missile system. Stavridis discusses at length the legitimate objections that the US and NATO have to Ankara’s purchase of the Russian system, each validated either through compromised technologies of the American F-35 stealth partner program or through an escalating concern of Turkey’s slow pivot toward Russia and the open arms of Vladimir Putin. Here lies the central and overarching predicament. Every level of punishment levied at proud Turkish leader Recep Tayyip Erdogan carries with it the further reason for NATO’s second-largest military to distance itself from the 70-year-old alliance and align more closely to an eager Moscow.

The article mentions potential solutions to help stop the diplomatic bleeding before Turkey begins to feel too ostracized from an already strained relationship with both Washington and the European Union as well. Stavridis advises that the US tread carefully before imposing heavy sanctions on Turkey, after having already cancelled its participation in the American F-35 stealth fighter program. The former admiral suggests a measured approach by Washington that encourages diplomatic relations to be handled through Brussels, giving Turkey a deeper sense of community and value. This conclusion is tied together with an obvious need for creativity and patience from both the US and the 29-nation defensive alliance to maintain a working, even though a fragile military partnership with Erdogan’s government. It goes without saying that a Turkish exit from NATO would be both detrimental to the West and likewise, a tremendous victory for Putin’s Russia.

Facebook Twitter
Follow us on Facebook or Twitter!

Kremlin Watch Reading Suggestion

Operation Secondary Infektion

This May, after Facebook took down a network of 16 fake news pages, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) took the investigation a step further and discovered a much larger influence operation. Their report details a patterned, systemic operation in six languages (using forgeries in an additional three languages) across more than 30 platforms. The report examines seven different case studies (although there are several examples in each case study) and finds a similar pattern throughout. Fortunately, the impact of the operation was negligible – only one false story gained any traction by outside news sources.

DFRLab determined the operation was run by a well-funded and sophisticated organization, and that this organization was most likely Russian in origin based on the pro-Kremlin stance of the fake stories and linguistic errors common to Russian speakers. The posting and attempted amplification of these false stories followed a pattern. First, the fake story was posted to a platform. Second, different users would post the same story on multiple platforms, often translating it into different languages and linking back to the original post. Third, social media accounts were used to spread the story when the initial first and second round of posting failed to garner attention.

Ultimately, this operation was unsuccessful. The main reason for its failure was not the content of the fake stories themselves, but the way in which the stories were posted and spread. With few exceptions, the bogus articles were initially posted by and spread by one-time accounts. These accounts had no following on these platforms, so most users either paid little attention to or were sceptical of the validity of the stories.

Do you like our work?

Our effort to protect liberal democracy across Europe is dependent on private donations.

Support us
Kremlin Watch is a strategic program of the European Values Think-Tank, which aims to expose and confront instruments of Russian influence and disinformation operations focused against liberal-democratic system.

  • For comments related to content or media inquiries, please contact the Director of the European Values Think-Tank Jakub Janda at (+420 775 962 643)
  • For Monitor suggestions or technical comments, please contact Kremlin Watch Coordinator and Analyst Veronika Víchová at
Facebook Twitter
European Values Think-Tank

+ 420 773 064 169

One thought on “Kremlin Watch Briefing: Kremlin’s influence operations from cyber-space to infrastructure projects

Comments are closed.