In punishing Russian hacks and election meddling, the Biden administration on Thursday revealed new details about Russian intelligence’s vast disinformation and cyber-operations, including the names of companies that allegedly help facilitate cyber-attacks and websites accused of spreading false claims to damage the US.
The information release is designed partly to damage Russian intelligence services by blowing the cover of its support network, including companies that provide essential services and, in one case, the location of a technology park near the Black Sea used by spies for Russian’s military intelligence directorate, the GRU.
“This is how you roll up people’s networks,” said James Lewis, senior vice president at the Center for Strategic and International Studies in Washington. “You identify them, so that they have to rebuild their tradecraft and rebuild their cover. It’s cheap for us but can be very costly to them.”
The names of companies and individuals, including a deputy chief of staff to Russian President Vladimir Putin, were officially released in relation to US sanctions imposed Thursday, but the larger harm may come from being associated with Russia’s spy operations, experts say.
According to the US Treasury Department, a Russian cybersecurity company called Positive Technologies hosts large-scale conventions that are used as a recruiting pipeline for Russia’s intelligence agencies, the Federal Security Service (FSB) and the GRU. While the US didn’t identify the name of the conference, one annual event held by Positive Technologies – which names Societe Generale, UniCredit and Enel as clients on its website – is called “Positive Hack Days”. In 2019, it hosted 8,000 people, and participants competed to hack into cash machines and a Tesla car.
The disclosure about the company’s alleged links to Russian intelligence comes just after reports that it was considering an initial public offering, which Kommersant newspaper reported in March, citing an unidentified person familiar with the plan. The company earned 5.6bil rubles (RM302.75mil) in 2020 and was targeting a valuation of between US$2bil (RM8.25bil) and US$4bil (RM16.50bil), the paper said.
Positive Technologies didn’t immediately respond to a request for comment.
The US also sanctioned ERA Technopolis, a research center and technology park located in Krasnodar Krai, Russia, which is near the Black Sea. US officials alleged that ERA Technopolis “houses and supports” units of the GRU, which it said was responsible for offensive cyber and information operations.
The technology park had been publicly linked to the Russian Ministry of Defense, which claims that the facility combines scientific and educational functions. But the fact that it’s now known to house GRU units will likely be an inconvenience for an agency that thrives in secrecy.
Russian officials have repeatedly denied allegations of hacking, election meddling and spreading disinformation in the US.
It’s likely that many of the details about the intelligence agencies’ support networks were classified until recently, but Lewis said the decision to release them was a result of an internal US government debate about how to impose stiff costs for what the US calls “malign behaviour”.
Those activities include aggressive efforts to influence the outcome of US presidential elections in 2016 and 2020, the poisoning of Russian opposition leader Alexey Navalny, and the recent hack of US government agencies and private firms through software made by Texas-based SolarWinds Corp.
“This is a really knotty problem to deal with. These types of attacks are low cost, high yield for Russia,” said Holden Triplett, a former director for counterintelligence in the Trump administration’s National Security Council. “The sanctions might take out some of their operational infrastructure, but they can rebuild. It seems unlikely to deter Putin.”
The Biden administration also disclosed new details about how Russian intelligence agencies have used disinformation outlets and companies to secretly try to influence US voters and spread false claims about candidates and elections.
“Private and public sector corruption facilitated by President Vladimir Putin has enriched his network of confidants, who used their illicit business connections to advance Russia’s campaign to undermine the 2020 US presidential election-and to give Russia plausible deniability in its disinformation activities,” according to the Treasury Department.
The FSB operates several disinformation outlets, including SouthFront, which is registered in Russia and attempts to appeal to military enthusiasts, veterans and conspiracy theorists while hiding its connections to Russian intelligence, according to the Biden administration. Following the November US presidential election, SouthFront allegedly published content alleging voter fraud had taken place during the election.
Another disinformation outlet, NewsFront, is based in Crimea and allegedly worked with FSB officers to attempt to undermine the credibility of a news website that advocated for human rights. NewsFront was also used to distribute false information about the Covid-19 vaccine, “which further demonstrates the irresponsible and reckless conduct of Russian disinformation sites,” according to the Treasury Department.
In addition, SVR directs an online journal called the Strategic Culture Foundation that created “false and unsubstantiated narratives” about US officials involved in the 2020 presidential election, while GRU operates InfoRos, which used a network of websites to spread false conspiracy theories and disinformation, according to the US.
One of the companies outed Thursday is based in Pakistan, but it seems to have provided Russian intelligence agents with an essential – if illicit – service. The US Treasury Department sanctioned the company for creating and selling fake identities to Russian intelligence, including documents to help companies and individuals evade sanctions. Since at least 2012, Second Eye Solution, also known as Forwarderz, provided digital copies of fake passports, drivers licenses and bank statements to help verify social media and financial services accounts, according to a Treasury Department statement.
An archived version of the Second Eye Solution website advertised the sale of illicit documents to support verification for banned or suspended accounts on sites including Facebook, Amazon.com, Google Wallet and CoinBase. “We provide high-quality, real-looking documents through which many of our clients get restored their accounts,” reads the now defunct website.
The site, accessed using the Wayback Machine web archive, now reads, “coming soon”. – Bloomberg