all repos — site @ eb5ceb8bad0a830d8f6f0b952e745147eec092f6

source for my site, found at icyphox.sh

pages/blog/ru-vs-gb.md (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
---
template:
title: Disinfo war: RU vs GB
subtitle: A look at Russian info ops against Britain
date: 2019-12-12
slug: ru-vs-gb
---

This entire sequence of events begins with the attempted poisoning of
Sergei Skripal[^skripal], an ex-GRU officer who was a double-agent for
the UK's intelligence services. This hit attempt happened on the 4th of
March, 2018. 8 days later, then-Prime Minister Theresa May formally
accused Russia for the attack.

[^skripal]: https://en.wikipedia.org/wiki/Sergei_Skripal

The toxin used in the poisoning was a nerve agent called _Novichok_.
In addition to the British military-research facility at Porton Down,
a small number of labs around the world were tasked with confirming
Porton Down's conclusions on the toxin that was used, by the OPCW
(Organisation for the Prohibition of Chemical Weapons).

With the background on the matter out of the way, here are the different
instances of well timed disinformation pushed out by Moscow.

## The Russian offense

### April 14, 2018

- RT published an article claiming that Spiez had identified a different
toxin -- BZ, and not Novichok.
- This was an attempt to shift the blame from Russia (origin of Novichok),
to NATO countries, where it was apparently in use.
- Most viral piece on the matter in all of 2018.

Although technically correct, this isn't the entire truth. As part of
protocol, the OPCW added a new substance to the sample as a test. If any
of the labs failed to identify this substance, their findings were
deemed untrustworthy. This toxin was a derivative of BZ.

Here are a few interesting things to note:

1. The entire process starting with the OPCW and the labs is top-secret.
How did Russia even know Speiz was one of the labs?
2. On April 11th, the OPCW mentioned BZ in a report confirming Porton
   Down's findings. Note that Russia is a part of OPCW, and are fully
   aware of the quality control measures in place. Surely they knew
   about the reason for BZ's use?

Regardless, the Russian version of the story spread fast. They cashed in
on two major factors to plant this disinfo:

1. "NATO bad" : Overused, but surprisingly works. People love a story
   that goes full 180°.
2. Spiez can't defend itself: At the risk of revealing that it was one
   of the facilities testing the toxin, Spiez was only able to "not
   comment".

### April 3, 2018

- The Independent publishes a story based on an interview with the chief
executive of Porton Down, Gary Aitkenhead.
- Aitkenhead says they've identified Novichok but "have not identified
the precise source".
- Days earlier, Boris Johnson (then-Foreign Secretary) claimed that
Porton Down confirmed the origin of the toxin to be Russia.
- This discrepancy was immediately promoted by Moscow, and its network
all over.

This one is especially interesting because of how _simple_ it is to
exploit a small contradiction, that could've been an honest mistake.
This episode is also interesting because the British actually attempted
damage control this time. Porton Down tried to clarify Aitkenhead's
statement via a tweet[^dstltweet]:

> Our experts have precisely identified the nerve agent as a Novichok. 
> It is not, and has never been, our responsibility to confirm the source 
> of the agent @skynews @UKmoments

[^dstltweet]: https://twitter.com/dstlmod/status/981220158680260613

Quoting the [Defense One](https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/) 
article on the matter:

> The episode is seen by those inside Britain’s security communications team 
> as the most serious misstep of the crisis, which for a period caused real 
> concern. U.K. officials told me that, in hindsight, Aikenhead could never 
> have blamed Russia directly, because that was not his job—all he was 
> qualified to do was identify the chemical. Johnson, in going too far, 
> was more damaging. Two years on, he is now prime minister.

### May 2018

- OPCW facilities receive an email from Spiez inviting them to
a conference.
- The conference itself is real, and has been organized before.
- The email however, was not -- attached was a Word document containing
malware.
- Also seen were inconsistencies in the email formatting, from what was
normal.

This spearphishing campaign was never offically attributed to Moscow,
but there are a lot of tells here that point to it being the work of
a state actor:

1. Attack targetting a specific group of individuals.
2. Relatively high level of sophistication -- email formatting,
   malicious Word doc, etc.

However, the British NCSC have deemed with "high confidence" that the
attack was perpetrated by GRU. In the UK intelligence parlance, "highly
likely" / "high confidence" usually means "definitely".

## Britain's defense

### September 5, 2018

The UK took a lot of hits in 2018, but they eventually came back:

- Metropolitan Police has a meeting with the press, releasing their
findings.
- CCTV footage showing the two Russian hitmen was released.
- Traces of Novichok identified in their hotel room.

This sudden news explosion from Britan's side completely
bulldozed the information space pertaining to the entire event.
According to Defense One:

> Only two of the 10 most viral stories in the weeks following the announcement 
> were sympathetic to Russia, according to NewsWhip. Finally, officials recalled, 
> it felt as though the U.K. was the aggressor. “This was all kept secret to 
> put the Russians on the hop,” one told me. “Their response was all over the 
> place from this point. It was the turning point.”

Earlier in April, 4 GRU agents were arrested in the Netherlands, who
were there to execute a cyber operation against the OPCW (located in The
Hague), via their WiFi networks. They were arrested by Dutch security,
and later identifed as belonging to Unit 26165. They also seized a bunch
of equipment from the room and their car.

> The abandoned equipment revealed that the GRU unit involved had sent
> officers around the world to conduct similar cyberattacks. They had
> been in Malaysia trying to steal information about the investigation
> into the downed Malaysia Airlines Flight 17, and at a hotel in Lausanne,
> Switzerland, where a World Anti-Doping Agency (WADA) conference was taking
> place as Russia faced sanctions from the International Olympic Committee.
> Britain has said that the same GRU unit attempted to compromise Foreign
> Office and Porton Down computer systems after the Skripal poisoning.

### October 4, 2018

UK made the arrests public, published a list of infractions commited by
Russia, along with the specific GRU unit that was caught.

During this period, just one of the top 25 viral stories was from
a pro-Russian outlet, RT -- that too a fairly straightforward piece.

## Wrapping up

As with conventional warfare, it's hard to determine who won. Britain
may have had the last blow, but Moscow -- yet again -- depicted their
finesse in information warfare. Their ability to seize unexpected
openings, gather intel to facilitate their disinformation campaigns, and
their cyber capabilities makes them a formidable threat. 

2020 will be fun, to say the least.