Russian operatives used online forgeries, fake blog posts and more than 300 social media platforms to undermine opponents and spin disinformation about perceived enemies throughout the world, including in the United States, according to a new report published Tuesday.
The list of figures that operatives targeted over six years of persistent, wide-ranging activity reads like an enemies list for Russian President Vladimir Putin: Ukraine’s government, the World Anti-Doping Agency, Kremlin critic Alexei Navalny, French President Emmanuel Macron and former U.S. secretary of state and presidential nominee Hillary Clinton.
The claims, detailed in the report by research firm Graphika, were rarely subtle. Clinton in 2016 was dubbed a “MURDERER.” Political rivals were depicted as incompetent or alcoholics. The World Anti-Doping Agency, which barred Russia and many of its athletes from the 2016 Olympics, was falsely accused of colluding with pharmaceutical companies.
Graphika, despite working closely with researchers from numerous social media companies, was unable to identify what part of Russia’s sprawling intelligence operations was responsible for the disinformation effort. But the motive, researchers said, was clear – to malign and divide people and organizations disliked by Putin and seen as threats to his power, particularly in Ukraine.
The researchers called the operation Secondary Infektion, a reference to the Soviet era “Operation Infektion,” which spread the false claim that the United States created the virus that causes AIDS.
“If Secondary Infektion had a motto, it would be ‘divide and conquer,’ said Ben Nimmo, director of investigations at Graphika. “It looks like the overall goal of the operation was to divide and discredit the countries and institutions it targeted, setting allies against one another and driving wedges between Kremlin critics.”
Because of its extreme stealth, researchers said, Secondary Infektion was not as effective as better-known operations, such as the divisive social media campaign waged by the Internet Research Agency during the 2016 presidential election or the theft by Russian military intelligence operatives of Democratic Party and Clinton campaign emails, which were later posted online.
But the report underscores the ambition, sweep and scale of Russian disinformation operations while offering a timely reminder that such efforts are likely to persist as the United States heads into a hotly contested presidential election in November.
“This reinforces my concerns that there is still a lot we don’t know about foreign influence targeting Americans on social media platforms,” said Sen. Mark Warner of Virginia, the top-ranking Democrat on the Senate Intelligence Committee.
Lee Foster, manager of information operations analysis with the cybersecurity firm FireEye, which has also tracked Secondary Infektion activities, said the operation is “one part of the broader messaging by Russia of Eastern European and Baltic audiences to discredit regional governments and maintain influence over regional audiences. It’s a tool in this giant apparatus of influence.”
Secondary Infektion campaigns featured fake news articles and forged documents. Another hallmark was the creation of “burner” accounts that were used only once, then fell dormant. Such single-use accounts make it difficult to identify who is behind them and suggest that this was the work of an intelligence agency concerned about maintaining secrecy. But it also prevented accounts from accumulating followers or going viral, limiting the operation’s impact.
One notable exception was the leak of a trove of apparently authentic documents from U.S.-U.K. trade talks on platforms such as Reddit in the weeks before Britain’s general election, prompting controversy over whether the ruling Conservative Party was willing to make Britain’s National Health Service part of a trade deal. Graphika found that the leaks were consistent with Secondary Infektion’s tradecraft, though the use of genuine documents was not. Reddit then tied the operation to Secondary Infektion.
Graphika said in its report that the leak apparently “only picked up traction” after the documents were emailed to activists and Labour Party politicians, and as Secondary Infektion took its campaign to Twitter.
Nearly every social media platform carried content from Secondary Infektion at some point, though much of it was removed as Graphika, working with the company’s own researchers, gradually discovered it – often years after material had been posted.
“This shows that we are still uncovering blind spots in our understanding of Russian interference and have work ahead of us to make sure we’re properly prepared to defend the 2020 election,” said Camille François, Graphika chief innovation officer. “Who are these guys and what are they really trying to achieve: These are questions we’re not currently able to answer. That’s disconcerting.”
But in general Secondary Infektion’s track record on audience engagement has been dismal. “Overall,” the report states, “of all the information operations Graphika has studied, Secondary Infektion achieved the lowest impact for the effort it made – taking online virality, sharing, and significance of these stories in the public debate as proxies for impact. Of all the hundreds of fake stories and forged documents, none yielded significant traction online.”
This is a reminder, the researchers said, “that not all influence operations go viral” and that Internet users on fringe forums are not as easy a target as might be thought. Graphika repeatedly came across comments below Secondary Infektion stories that ridiculed them or called them out as “Russian trolls.”
Said the report: “It is therefore especially important to maintain a sense of perspective when crafting responses to such online operations.”