A group of 13 Russians and three related organizations have been indicted for carrying out a series of cyber-crimes conducted over nearly three years that attempted to disrupt the 2016 U.S. presidential election.
The 37-page federal indictment that was unsealed on Feb. 16 alleges that Russia’s Internet Research Agency as well as two companies closely related to Russian president Vladimir Putin, conducted illegal activities on social media sites Facebook, Twitter and Instagram in addition to conducing illegal financial activities via PayPal.
The indictments, announced by Deputy U.S. Attorney General Rod Rosenstein, reveal a wide range of illegal activities including identity theft which was used to provide information to open PayPal and bank accounts.
The indictment also alleges that Russian operatives conducted their activities using email and social media when they conspired to violate U.S. election laws, that they tried to cover their crimes by erasing or otherwise manipulating email and social media information and that they constructed fake personalities to use in pretending to be U.S.-based political activists.
The Russian operatives used those stolen and fake identities to procure computer hardware and services in the U.S. so that it would appear that their operations were U.S.-based, the indictment alleges.
Some of the activities included creating fictional groups that were opposed to each other, and then arranging rallies for the same time and place, in hopes that the opposing sides would attack each other.
It’s also worth noting that while the Russians are well-known to be backing the campaign of Donald Trump, they were also backing Bernie Sanders and their operatives in the U.S. had orders not to interfere with those campaigns, but rather to render help.
Other activities alleged in the indictment including posting and promoting fake news stories that tended to denigrate Hillary Clinton, as well as some of Trump’s opponents in the primaries, including Ted Cruz and Marco Rubio.
The Internet Research Agency also set up hundreds of fake Twitter and Facebook accounts using stolen or bogus information that the organization used to conduct its disinformation campaign.
In fact, an email disclosed in the indictment show the Russian operatives specifically referred to their activities and information warfare. At one point, they discussed how to erase traces of their activities when they found out from news reports that the Special Counsel was investigating them.
The IRA and its managers showed their internet and social networking savvy by carefully tracking the results of their fake news reports and their social media engagement. In one case, the managers in Russia reportedly demanded change when they found social media engagement that didn’t meet their expectations.
The Russians were able to use data gathered from social networking sites to convince their unwitting American helpers that they were genuine activists based in the U.S. But not all of their activities were aimed at helping specific candidates. For example, the Russians formed a bogus Muslims in America group promoting Sharia law and even arranged to have demonstrators with signs praising Sharia law in front of the White House and at rallies.
At the same time, Russians used social media to drum up followers for a fundamentalist Christian group, while arranging to have rallies for that group at the same time and place as the rallies for the Muslim group. Notably, the Russians behind the social media accounts never actually showed up at those rallies, and instead used social media to get others to do it for them.
There are a number of other criminal activities alleged in the indictments that aren’t specifically cyber-crime, but in some cases they were supported by cyber-crime. For example the Russians used identity theft to carry out electronic cash transfers. The indictments also allege that the Russians used bogus and stolen identities to hide their real Russian identities when they were illegally involved in political activities in the U.S.
The indictment does not allege that any U.S. citizens knowingly worked with or assisted the Russians in any way, and in fact it makes a point of stressing that the Americans involved were unaware they were helping the Russians. This included one American who pled guilty in California recently for helping the Russians set up fake bank accounts using stolen identities. Apparently he thought he was helping home-grown criminals, not Russian operatives.
Furthermore the indictment also does not allege that the Russians or the IRA broke into any election databases or tampered with voter data. However, the fact that a number of law enforcement agencies have said that this happened may only mean that indictments for such activities haven’t been made public.
However, the ease with which the Russian operatives apparently subverted Facebook and its advertising is revealing. The social network was apparently willing to sell ads to anyone with money, regardless of who they were. The indictment alleges that the Russians at the IRA used credit cards based on stolen identities to purchased thousands of ads costing hundreds of thousands of dollars.
In addition, Facebook apparently made no effort to confirm the identities of the people, many of them bogus, that set up accounts on the service. For that matter, neither did Twitter. This gave the Russians free rein to use social media to try to spread chaos.
The indictments show that U.S. companies, especially social media networks, need to be aware of how easy it is to misuse their platforms and take steps to be more responsible about the information that is being disseminated to its customers in the U.S. and abroad.
Yes, the IRA and its operatives were highly skilled and very sophisticated about their disinformation campaigns. But had there been even some basic awareness that someone might try to commit fraud on their platforms and common sense efforts to block it would have gone a long way in preventing the worst of the Russian abuses.