Editor's Note: This report was produced and originally published Feb. 20 by Threat Lens, Stratfor's unique protective intelligence product. Designed with corporate security leaders in mind, Threat Lens enables industry professionals to anticipate, identify, measure and mitigate emerging threats to people and assets around the world.
A Feb. 16 indictment by Special Counsel Robert Mueller of 13 Russian individuals and three entities accused of meddling in the 2016 U.S. presidential election details Moscow's effort to manipulate public opinion during the campaign through social media information warfare. While such trolling is nothing new, the scale and organization of the Russian operation stands out, providing a blueprint for others who wish to optimize their ability to manipulate opinion via online platforms.
An Elaborate Operation
As outlined in the 37-page indictment, the Russian effort raised trolling — or posting inflammatory or irrelevant material on an electronic forum to provoke responses — to a professional level of information warfare. Moscow's ability to coordinate such an operation should be unsurprising given the long history of information warfare on the part of Soviet and Russian intelligence. Information warfare is in fact an integral part of Russia's overall hybrid warfare approach to its geopolitical rivalries.
The individuals and organizations involved carried out a premeditated and well-prepared attack, beginning in 2014 to "spread distrust towards the candidates and the political system in general" in an effort to foment unrest, according to the indictment against them. The individuals and groups involved had multimillion dollar budgets, hundreds of personnel, IT departments and support staff to ensure their success. Social media specialists set up primary social media accounts and started attracting followers, sometimes posing as U.S.-based entities such as the Tennessee Republican Party, Black Lives Matter and pro-immigrant groups to amplify their politically divisive messages. The Russian-backed groups established bank accounts, servers and virtual private networks in the United States to mask their Russian origins. They organized rallies, funded logistics and in some cases hired protesters to appear with posters bearing slogans crafted by the Russian defendants.
As the campaign took shape, those efforts focused on supporting controversial presidential candidates: Democrat Bernie Sanders, Green Jill Stein and Republican Donald Trump. After the defeat of Sanders, the Russians shifted their efforts to supporting Trump and Stein. The groups used their U.S.-based bank accounts to purchase ad space on social media platforms such as Facebook (which according to the indictment has assisted in the U.S. investigation), promoting messages associated with the candidates. The persons and entities in the indictment now stand accused of not reporting in-kind political financial contributions, not registering as foreign agents and stealing identity information of U.S. citizens to carry out the operation.
The operation used search engine optimization and monitored the impact of its messages, tweaking them where necessary to best achieve the desired results. It also followed basic operational security practices — a sign of a more professional intelligence operation — creating a virtual presence in the United States and adjusting social media activity to U.S. time zones.
Russia's tactics can be copied by virtually anyone with access to a computer, with the resulting disruption depending upon the skill of the operator.
The detailed nature of the charges in the indictment, however, suggests operational security apparently was not the highest priority — as does U.S. authorities' ability to track down the origin of the attack. The operation also was not overly technical. It did not require zero-day exploits, cyberattacks or malware, just a good knowledge of social media and heavy doses of social engineering.
Following the 2016 presidential election results, we noted that "for decades, the Soviet Union worked hard to foment dissent in the United States, Europe and elsewhere." In 2016, Russia supported candidates who fell on opposite ends of the political spectrum in an effort to stir things up politically. Russia was thus not necessarily trying to pick winners in the election, but rather trying to destabilize the U.S. electorate by amplifying divisions. That this same organization was heavily involved in organizing the "Not My President" protests in January 2017 to oppose Trump's inauguration shows that they were more interested in disrupting the U.S. political environment than supporting Trump.
Campaigns to Come
The indictment came out a week after U.S. Secretary of State Rex Tillerson warned that Russia was preparing to interfere in the 2018 U.S. midterm elections. But Russian information warfare operations are not waiting until those races heat up to sow discord in the United States. Hamilton 68, a project led by the Alliance for Securing Democracy to identify trending topics among Russian-backed social media personas, identified a spike in Russian activity surrounding the Feb. 14 school shooting in Parkland, Florida. In the following days, "Parkland" and various pro- and anti-gun control hashtags went to the top of the list of activity of Russian-controlled accounts. The Russian operation thus did not end in 2016 and is not limited to electoral politics — and it will continue to inflame tensions surrounding divisive topics.
That same shooting provided more examples of how successful social media provocateurs can be. In the hours following the attack in Parkland, white nationalist trolls on 4chan egged each other on to propagate the rumor that the shooter, Nikolas Cruz, was a member of a local white supremacist chapter. The Anti-Defamation League first fell for the story, after which major news networks spread it to hundreds of thousands of readers. Though the trolls behind the Nikolas Cruz rumor were not nearly as organized as the Russian campaign, they were following the same basic tactics. In fact, Russia's tactics can be copied by virtually anyone with access to a computer, with the resulting disruption depending upon the skill of the operator.
Ultimately, the tactics in ongoing use by Russian information warriors complement an asymmetrical approach to conflict that seeks to inflict damage while incurring little risk. There is little hope that the individuals named in the indictment will ever appear in a U.S. courtroom, and even if they did, they are expendable. We will continue to see Russia and other actors reliant upon the asymmetrical approach use information warfare against U.S. and other Western audiences in an attempt to stir up divisions and weaken their countries internally.