In Moscow, for just a few million per year, you can operate a successful digital propaganda crew. Russia does. A crew might consist of 3 analysts devising attack themes and scripts plus a few hackers using high speed internet service, regular office equipment, and specialty items such as space on remote servers for staging attacks. The crew would mint a few dozen fake identities on email and social media sites. The crew would then pump out defamatory or incendiary posts supported by “phacts” from websites the crew owns and by purported independent comments from cooperating propagandists. To raise a little cash, some Russian crews engage in extortion against well-known liberal groups, using embarrassing emails stolen from the groups records. Twitter unwittingly hosted 1,062 accounts tied to a Russian government-backed propaganda outfit.
A Russian fake news operation is a cheap way to alter public perceptions. It seems to be a more enduring, flexible, and effective tool than the “dossier” that was quickly identified as a partisan-funded scam to alter the 2016 presidential election. Although the DNC and the Clinton campaign funded Fusion GPS’ Trump Dossier, neither is willing to comment on the amount of funding they provided. Regardless, they would likely get more bang for their buck from using a Russian digital propaganda crew.
In the 1980s and 1990s, the US expanded its military and armament at such a torrid pace that the Soviet Union could not afford to keep pace in the battle of the checkbook. As a result, the USSR gave up and the Cold War was over.
Today Cyber warfare provides Russia with a sharp edge at far less cost than armed forces equipped with missiles, tanks, fighter planes, and battleships. Russia still has some of the expensive military tools, but nowhere near as many as they tried to afford in the Cold War. A propaganda crew is a low-cost example of Russia’s cyber warfare. At higher tiers, Russia and China use cyber skills to steal military plans and equipment designs and on occasion their cyberattacks can damage critical infrastructures.
More sophisticated attacks, such as a persistent surveillance tool, rely on crew members who can find a starting place (e.g. user name, password, second validation) by exploiting social engineering, spear phishing or a day zero flaw. Others in the crew would insert, adapt and maintain high quality surveillance software (e.g. Russia’s Turla or the newer White Bear) in an enemy’s government network. That is precisely what Russia did in Ukraine. A similar piece of surveillance software infected the Office of Management and Budget data base for US government employees.
A more sophisticated cyber crew might infect the control systems of infrastructure, such as air traffic control systems, dams, telecom and power generation and distribution. Cyber experts for infrastructure targets need deep knowledge of specific brands and models used in the targeted control systems. Results from such cyberattacks can be spectacular, as was the attack that destroyed uranium centrifuges in Iran.
Cyberattacks can be structured to leave no fingerprints, and once perfected, an attack pattern can often be cloned at low cost. In contrast, a single cruise missile costs $830,000 plus launch gear and its targeting crew may be exposed to counterattack. Top shelf cyber warfare is something that compromises military communications.
Russia and China are not the sole practitioners of cyber warfare. In 2016, a CIA report “detailed Russian President Vladimir Putin’s direct involvement in a hacking campaign aimed at disrupting or discrediting the presidential race.” Four months later, the US responded when President Obama authorized a covert hacking operation to implant attack code in sensitive Russian networks. Whoever leaked the existence of a covert cyber implant probably ruined its effectiveness. Unfortunately, such treasonous acts are seldom punished to a meaningful extent.
Surveillance that helps the US discover what our foreign enemies are up to when they are outside the US, was recently reauthorized in Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Unfortunately, some US politicians have used Section 702 tools against their US rivals. “One out of every 20 searches seeking upstream Internet data on Americans inside the NSA’s so-called Section 702 database violated the safeguards Obama and his intelligence chiefs vowed to follow in 2011. The Obama administration self-disclosed these violations just days before the 2016 presidential election.”
The self-disclosed violations are probably the core of the secret FISA abuse memo that could undermine Special Counsel Mueller’s probe into Trump-Russia talks. Compared with the hysterical quest for dirt in the 2016 election, there are surveillance issues of far greater value to our security posture – such as tightening up security at our security agencies. Russia, China, and other opponents will not cease their reliance on cyber warfare, so the DOJ and politicians should stop shedding crocodile tears for the cameras. Instead of celebrating our victimhood, we should give Russia some digital propaganda that hits home.