The most comprehensive analysis on the planet of what Russia did this year in Ukraine and what it plans to do in the United States in 2020.
Ukraine is Russia’s testing ground for what it plans to do in American elections, and in 2019, it spent over $350 million in its hybrid war to interfere in Ukrainian elections.
That hybrid war consists of three concurrent lines of attack:
(1) an information war which includes widespread use of disinformation and propaganda to sow chaos and distrust among the population,
(2) a cyber war which includes hacking, election manipulation, the use of viruses, and attacks on infrastructure to undermine confidence in democratic institutions and governments, and
(3) a hot war which includes military attacks on sovereign nations, such as Georgia and Ukraine, and the assassination of opponents and journalists to spread fear and instill a feeling of hopelessness.
The same Russian groups and operatives that have been attacking Ukraine (the propaganda group and the military cyber group) have also been attacking the United States through cyber means. Ukraine has had a great deal of experience countering these malign activities because Ukraine is on the front line of the “hybrid war” with Russia. The malign activities of Russia against Ukraine during this year’s March and April presidential elections and July parliamentary elections were at fever pitch. From these activities, one can predict what Russia will attempt to do in the United States during the 2020 election. With this knowledge and robus countermeasures by government agencies and civilian organizations, Russian interference can be contained or mitigated as it was this year in Ukraine.
Russian Malign Activities in Ukraine this Year The March 31, 2019 presidential election consisted of 39 candidates from a wide range of political parties. A candidate was required to win 50% of the vote to be elected president but with so many candidates that was not possible.
Therefore, a runoff election between the top two candidates was held on April 21, 2019.
The Kremlin’s primary plan was to sow chaos in Ukraine by intensifying its efforts to implement propaganda in the media and social networks. Here are the main areas where Russia increased its efforts: propaganda campaigns in the Ukrainian media using bots and trolls through cyber interference; financially supporting pro-Russian candidates; distributing material to the media paid for by Russia; using black propaganda to increase negative ratings of individual politicians; and discrediting the Ukrainian electoral process in the international media, international organizations and in Western political circles.
During the election campaign, Russia went all out to interfere with the election, testing new malware and tactics in the hope that it could either rig the vote or cause enough chaos and doubt to undermine the credibility of the election results. It aggressively attempted to intervene in the information space, violated cyber security laws, and resorted to political and technological manipulations.
The Kremlin attempted to exploit left-wing radical groups and nationalist right-winggroups by urging them to “assert themselves by way of force” to make people afraid and destabilize the country. They made every effort to influence the electoral preferences of target groups (by age, gender, geographical position, social status, etc.). Moreover, Russia attempted to exploit false exit poll data during voting in order to sow chaos and create grounds for the Kremlin to claim alleged illegitimacy of presidential elections.
Much of Russia’s widespread disinformation and psy-ops during the campaign centered on the war in Donbas. For example, it increased hostilities in the war zone along with propaganda on social media to spread fear that an invasion of the entire country was imminent. Also, it used social media to threaten to invade in order to protect Russian Orthodox Churches from being taken over by the newly formed Ukraine Orthodox Church. It engaged in false flag operations whereby Russian operatives committed acts of violence and arson which Russia blamed on Ukraine.
At the same time, it promoted the pro-Russian “Opposition Platform for Life” candidate Yuriy Boyko, a former minister of energy under President Viktor Yanukovych, who was backed by oligarch and Putin protégé’, Viktor Medvedchuk, giving them both a number of high profile media events aimed at presenting them as the only people who could stop the war. In fact, Medvedchuk actually bought a large television station in order to spread his pro-Russian propaganda, as did another pro-Russian oligarch.
Russia used religion to create provocations. Under the guise of pilgrims, Russia attempted to deploy intelligence operatives in Ukraine, which were really “religious orthodox” fighters trained to initiate and take part in riots. Special services of the Russian Federation prepared a series of provocations directly at polling stations in the eastern regions of Ukraine, bordered by the territories temporarily occupied by Russia in Donetsk and Luhansk regions of Ukraine.
Among the provocations was the staging of refusals for internally displaced persons, IDP’s, to vote. Provocateurs were trained to stage provocative situations at polling stations to be covered in the media, aimed at creating an impression of conflict, unfair elections, and their illegitimacy, in particular in terms of violating the rights of IDPs. Russian analysts considered it expedient to adhere to the tactics of instigating confrontation and conflict between the 39 candidates running for president.
In late 2018, Facebook initiated new steps and anti-propaganda filters in Ukraine to curtail use of its platform by Russia to spread propaganda. However, Russia soon began using a new tactic to circumvent those steps: i.e., it spent large sums of money to either buy or rent Facebook accounts owned by Ukrainians and then used those accounts to spread disinformation inside Ukraine. By January, this was discovered, and Facebook removed more than 150 of such accounts. Facebook was so concerned about fake news and disinformation that it banned all political ads from outside Ukraine during the election period.
Moreover, many more requests began popping up on the dark web from Russians seeking hackers to break into voter registries and other election related operations, and law enforcement officials in Ukraine were monitoring these activiuties.
A troubling cyber threat came from the discovery of a new type of malware that was created by Russian military operatives to distort and delay the Election Day vote results as they were being transmitted from the regions to the Central Election Commission. The object of this malware was to cause chaos by undermining the vote counting and confidence in the results. Russia planned a propaganda effort tied to this operation whereby at different times on Election Day, stories would appear en masse on social media blaming election officials of delaying the vote because those tallies showed that the pro-Russian candidate was winning. Fortunately, Ukrainian cyber forces discovered this malware prior to the election and actually reverse engineered it so that that was unable to function. By the time the Russians realized it would not work, most of the results had already been transferred to the CEC.
Several of the most prolific Russian hacker groups, such as Fancy Bear and The Shadow Brokers were very active and tried to storm the Central Election Commission on Election Day with denial of service (DDOS) attacks. Moreover, they tried to take down critical infrastructures such as the court system, the metro system and the electric grid, and several executive administrations, including the Ministry of Justice. These were largely unsuccessful because Ukrainian cyber teams received advance notice of the attacks and were able to repel them.
In addition to these cyber attacks, Russia also engaged in a terror campaign targeting key military officials for assassination during the election campaign. This was done to cause hopelessness and fear among the electorate and those tasked with protecting Ukrainian citizens and the election. The sabotage group was exposed after a bomb prematurely exploded, severely injuring the Russian head of the terror group.
Lessons Learned In Preparation For US 2020 Election
In light of Russia’s attempts to interfere in the 2019 Ukrainian elections, along with other intelligence information, the United States can expect that Russia will engage in the following serious and sustained efforts to interfere with its 2020 election using all three methods of hybrid war.
1.Deep Fake Videos – Russia has a specialized team tasked with creating digitally manipulated DeepFake videos of Democratic politicians and candidates that it will release during the campaign to falsely portray them as engaging in inappropriate behavior or saying inappropriate things, likely focused on disparaging key Democratic constituencies such as women, minorities, LGBTs, foreign allies, and even Democrats. The United States government needs to work with social media companies to help identify and expose these fake videos, use artificial intelligence filters to shut them down on social media platforms, and use criminal and civil laws to stop them.
2.Religion – Russia and the American evangelical communities have already begun working closely to interfere with the election to support Republican candidates. A number of evangelical leaders have recently travelled to Russia to coordinate these efforts, and are seeking a massive influx of fund to their religious organizations from foreigners, including Russia oligarchs. The religious organizations will likely launder these funds and spend them on election related activities as the National Rifle Association did in the 2016 election. Based on similar activities in Ukraine, it is likely that these oligarchs, on behalf of the Kremlin, will use the Russian Orthodox Church as a conduit to funnel money to these religious organizations. This operation is predicated on the belief that religious organizations are beyond the reach of federal agencies and scrutiny, and that they therefore provide the perfect avenue for laundering funds. The United States government needs to direct a team to monitor all money trails from foreign sources to those religious organizations and leaders that have traveled to Russia over the past year and met with Kremlin leaders or Russian Orthodox Patriarch Krill or his staff.
3.Ransomware – Russia has been a key player in the use of ransomware, which allows a hacker to install encrypted malicious code on databases that will lock out the user unless and until it pays a substantial ransom via crypto currency. Russia plans to use ransomware to attack voter databases and possibly other election related infrastructure, including those involved with vote result transfer and tabulation. This could create havoc on Election Day and cause citizens to doubt the integrity and results of the election. The United States government needs to
(1) notify all state and county election supervisors and departments of this serious threat,
(2) advise them to have in place triple segregated redundancy of critical files and databases,
(3) create a cyber security force focused on ransomware attacks that has the tools to crack the encryption in a short time, and
(4) develop means to track the crypto currency and retaliate against those involved.
4.False Narratives – Pro-Russia political operatives in the United States are currently working with Russian operatives in Russia and Ukraine to create false narratives about Democratic candidate(s) that they will then exploit in social and mainstream media. A great deal of money is being used to bankroll this operation, and it will likely include fake documents, false accusations, and possibly even false allegations in court filings. An prime example of this is the recent scandal involving President Trump and his lawyer Rudy Giuliani. The United States government should aggressively investigate, monitor and expose these activities and operations, and arrest those who cross the line of criminality. The United States Congress should hold hearings and bring criminal referrals when appropriate.
5.Backing Candidates – Russian propaganda and media will actively promote or disparage candidates in order to create divisions, just as it did in 2016. In addition to backing Donald Trump and other GOP candidates, Russia will actively support Jill Stein and Bernie Sanders in order to peel away support for other candidates. The United States government should monitor these endorsements to ensure that they are not backed by foreign direct or in-kind donations, the latter which includes free air time.
6.Proxies – Russia has a whole strategy to mask its election interference efforts, and will include
(1) using operatives in other countries such as Saudi Arabia and Israel to hack and attack,
(2) using operatives in the United States to create propaganda a’ la the Internet Research Agency likely by creating so-called legitimate corporations in order to appear genuine, and
(3) buying or renting individual social media pages in the United States to spread disinformation and propaganda in order to bypass social media filters.
7.Assassination – Russia has flagrantly and illegally used assassination to create chaos and fear, and interfere with elections. For example:
(1) February 2015, Russian opposition leader Boris Nemtsov was killed on a public bridge in Moscow the day after he called for a march opposing the invasion of Ukraine;
(2) in the heat of the 2004 presidential election in Ukraine, pro-West candidate Viktor Yushchenko suddenly fell ill and disappeared from the campaign trail. When he reappeared, his face was disfigured, the result of what his doctors described as a near-fatal dose of dioxin administered by Russian agents;
(3) February 2017, officials in the country of Montenegro, on the day of the parliamentary elections, uncovered an attempted coup by Kremlin operatives, which envisaged an attack on the country’s parliament and assassination of Prime Minister Milo Đukanović. Montenegro convicted two Russian spies of that crime in May of this year;
(4) August 23, 2019, Chechen Zelimkhan Khangoshvili, who fought against Russia during the Chechen war, was assassinated in a Berlin park by a Russian with a GRU issued passport;
(5) March of 2018, former Russian intelligence officer, Sergei Skirpal, his daughter and and two others were poisoned with a banned nerve agent by Russian operatives in the United Kingdom;
(6) Russia had an active assassination squad in Ukraine during the 2019 election, which was exposed after a bomb blew up prematurely, as mentioned above.
The list of recent Russian political assassinations and attempts is very long and includes, Alexander Litvinenko, Vladimir Kara-Murza, Georgi Markov, Khattab, Alexander Perepilichny, Karinna Moskalenko, and Anna Politkovskaya. Clearly, Russia uses assassination as part of its broad toolkit to undermine democracies and free elections. The United States government should take this threat very seriously and take concrete steps to ensure that Russia understands that any such action in the United States will be considered an act of aggression that will be answered swiftly and boldly.
8.Hacking and Malware – Russian operatives have already attempted to hack into state election infrastructures and to install malware through phishing operations targeting elections officials, political operatives, and political campaigns. Some of these attempts have been successful while others may not bear fruit until they are needed on Election Day. The United States government must work with state officials to identify and counter these malign operations before they can cause harm. Moreover, these state election operations must be required to have segregated backups of all critical data.
9.Critical Infrastructure Attacks – For the past several years, Russia has been probing, attacking, hacking and shutting down critical infrastructure in the United States, including electric grids, gas transport, nuclear facilities, and metro systems. In Ukraine, such attacks have been more widespread to include the Central Election Commission, government administrative offices, the national airport and banks. On Election Day, if Russia caused a blackout in a major swing state that shut down transport and vote tabulation and transfer, this could swing a close election. The federal government should make every effort to protect all critical infrastructures and inform Russia that any attack will result in a crushing, asymmetrical response.
10.Inspire White Nationalists – Russia routinely employs fascist thugs to intimidate citizens and officials. These include the infamous Berkut in Ukraine and the notorious Night Wolves in Russia. White nationalists in America have strong connections with Russian nationalists, and Russia has
provided a platform for their activities. Recently,
more than 100 U.S. neo-Nazi and right-wing groups that were banned by Facebook and other social media companies moved their social media activities to the Russia based VKontakte where they find support from like-minded pro-Russian fascists and provocateurs to cause violence and instill violence and fear in America. Neo-Nazis and other far right groups will use these Russian-based sites to plan provocations to engage in violence and instill fear during the 2020 election, most likely directed at minorities in the Latino and African American communities. The United States government should step up its efforts to monitor and curtail these malign efforts using every available means.
In 2016, the United States was in denial about the possibility of Russian malign interference actually affecting the election results. That head-in-the-sand approach led to the current pro-Russian president sitting in the Oval Office. Now, however, there is no excuse for the United States to fail to act to protect its 2020 election from Russian hybrid war attacks. Follow the lead of Ukraine, which fearlessly and
effectively countered Russia to democratically elect a new president who won with 73% of the vote despite the malign efforts of Russia.