all repos — site @ 2e62d976dc907a96e45f0f644e3f8f9fd3299b02

source for my site, found at icyphox.sh

pages/txt/ru-vs-gb.txt (view raw)

  1   12 December, 2019
  2
  3Disinfo war: RU vs GB
  4
  5A look at Russian info ops against Britain
  6
  7   This entire sequence of events begins with the attempted poisoning of
  8   Sergei Skripal^[1]1, an ex-GRU officer who was a double-agent for the
  9   UK's intelligence services. This hit attempt happened on the 4th of
 10   March, 2018. 8 days later, then-Prime Minister Theresa May formally
 11   accused Russia for the attack.
 12
 13   The toxin used in the poisoning was a nerve agent called Novichok. In
 14   addition to the British military-research facility at Porton Down, a
 15   small number of labs around the world were tasked with confirming
 16   Porton Down's conclusions on the toxin that was used, by the OPCW
 17   (Organisation for the Prohibition of Chemical Weapons).
 18
 19   With the background on the matter out of the way, here are the
 20   different instances of well timed disinformation pushed out by Moscow.
 21
 22The Russian offense
 23
 24April 14, 2018
 25
 26     * RT published an article claiming that Spiez had identified a
 27       different toxin -- BZ, and not Novichok.
 28     * This was an attempt to shift the blame from Russia (origin of
 29       Novichok), to NATO countries, where it was apparently in use.
 30     * Most viral piece on the matter in all of 2018.
 31
 32   Although technically correct, this isn't the entire truth. As part of
 33   protocol, the OPCW added a new substance to the sample as a test. If
 34   any of the labs failed to identify this substance, their findings were
 35   deemed untrustworthy. This toxin was a derivative of BZ.
 36
 37   Here are a few interesting things to note:
 38    1. The entire process starting with the OPCW and the labs is
 39       top-secret. How did Russia even know Speiz was one of the labs?
 40    2. On April 11th, the OPCW mentioned BZ in a report confirming Porton
 41       Down's findings. Note that Russia is a part of OPCW, and are fully
 42       aware of the quality control measures in place. Surely they knew
 43       about the reason for BZ's use?
 44
 45   Regardless, the Russian version of the story spread fast. They cashed
 46   in on two major factors to plant this disinfo:
 47    1. "NATO bad" : Overused, but surprisingly works. People love a story
 48       that goes full 180�.
 49    2. Spiez can't defend itself: At the risk of revealing that it was one
 50       of the facilities testing the toxin, Spiez was only able to "not
 51       comment".
 52
 53April 3, 2018
 54
 55     * The Independent publishes a story based on an interview with the
 56       chief executive of Porton Down, Gary Aitkenhead.
 57     * Aitkenhead says they've identified Novichok but "have not
 58       identified the precise source".
 59     * Days earlier, Boris Johnson (then-Foreign Secretary) claimed that
 60       Porton Down confirmed the origin of the toxin to be Russia.
 61     * This discrepancy was immediately promoted by Moscow, and its
 62       network all over.
 63
 64   This one is especially interesting because of how simple it is to
 65   exploit a small contradiction, that could've been an honest mistake.
 66   This episode is also interesting because the British actually attempted
 67   damage control this time. Porton Down tried to clarify Aitkenhead's
 68   statement via a tweet^[2]2:
 69
 70     Our experts have precisely identified the nerve agent as a Novichok.
 71     It is not, and has never been, our responsibility to confirm the
 72     source of the agent @skynews @UKmoments
 73
 74   Quoting the [3]Defense One article on the matter:
 75
 76     The episode is seen by those inside Britain's security
 77     communications team as the most serious misstep of the crisis, which
 78     for a period caused real concern. U.K. officials told me that, in
 79     hindsight, Aikenhead could never have blamed Russia directly,
 80     because that was not his job--all he was qualified to do was
 81     identify the chemical. Johnson, in going too far, was more damaging.
 82     Two years on, he is now prime minister.
 83
 84May 2018
 85
 86     * OPCW facilities receive an email from Spiez inviting them to a
 87       conference.
 88     * The conference itself is real, and has been organized before.
 89     * The email however, was not -- attached was a Word document
 90       containing malware.
 91     * Also seen were inconsistencies in the email formatting, from what
 92       was normal.
 93
 94   This spearphishing campaign was never offically attributed to Moscow,
 95   but there are a lot of tells here that point to it being the work of a
 96   state actor:
 97    1. Attack targetting a specific group of individuals.
 98    2. Relatively high level of sophistication -- email formatting,
 99       malicious Word doc, etc.
100
101   However, the British NCSC have deemed with "high confidence" that the
102   attack was perpetrated by GRU. In the UK intelligence parlance, "highly
103   likely" / "high confidence" usually means "definitely".
104
105Britain's defense
106
107September 5, 2018
108
109   The UK took a lot of hits in 2018, but they eventually came back:
110     * Metropolitan Police has a meeting with the press, releasing their
111       findings.
112     * CCTV footage showing the two Russian hitmen was released.
113     * Traces of Novichok identified in their hotel room.
114
115   This sudden news explosion from Britan's side completely bulldozed the
116   information space pertaining to the entire event. According to Defense
117   One:
118
119     Only two of the 10 most viral stories in the weeks following the
120     announcement were sympathetic to Russia, according to NewsWhip.
121     Finally, officials recalled, it felt as though the U.K. was the
122     aggressor. "This was all kept secret to put the Russians on the
123     hop," one told me. "Their response was all over the place from this
124     point. It was the turning point."
125
126   Earlier in April, 4 GRU agents were arrested in the Netherlands, who
127   were there to execute a cyber operation against the OPCW (located in
128   The Hague), via their WiFi networks. They were arrested by Dutch
129   security, and later identifed as belonging to Unit 26165. They also
130   seized a bunch of equipment from the room and their car.
131
132     The abandoned equipment revealed that the GRU unit involved had sent
133     officers around the world to conduct similar cyberattacks. They had
134     been in Malaysia trying to steal information about the investigation
135     into the downed Malaysia Airlines Flight 17, and at a hotel in
136     Lausanne, Switzerland, where a World Anti-Doping Agency (WADA)
137     conference was taking place as Russia faced sanctions from the
138     International Olympic Committee. Britain has said that the same GRU
139     unit attempted to compromise Foreign Office and Porton Down computer
140     systems after the Skripal poisoning.
141
142October 4, 2018
143
144   UK made the arrests public, published a list of infractions commited by
145   Russia, along with the specific GRU unit that was caught.
146
147   During this period, just one of the top 25 viral stories was from a
148   pro-Russian outlet, RT -- that too a fairly straightforward piece.
149
150Wrapping up
151
152   As with conventional warfare, it's hard to determine who won. Britain
153   may have had the last blow, but Moscow -- yet again---depicted their
154   finesse in information warfare. Their ability to seize unexpected
155   openings, gather intel to facilitate their disinformation campaigns,
156   and their cyber capabilities makes them a formidable threat.
157
158   2020 will be fun, to say the least.
159     __________________________________________________________________
160
161    1. [4]https://en.wikipedia.org/wiki/Sergei_Skripal
162    2. [5]https://twitter.com/dstlmod/status/981220158680260613
163
164References
165
166   1. https://icyphox.sh/home/icy/leet/site/build/blog/ru-vs-gb/temp.html#fn:skripal
167   2. https://icyphox.sh/home/icy/leet/site/build/blog/ru-vs-gb/temp.html#fn:dstltweet
168   3. https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/
169   4. https://en.wikipedia.org/wiki/Sergei_Skripal
170   5. https://twitter.com/dstlmod/status/981220158680260613