Emergency Edition: Got that DOJ in him
Welcome to an emergency edition of Memetic Warfare. This week’s post will cover the DOJ’s bombshell disruption of two Russian covert influence operations in the US on September 4th, available here and here. The press conference and publication include a link to the 277 page affidavit and 32 page indictment which we won’t cover in full.
Let’s get right to it with the Doppelganger disruption. The DOJ seized 32 domains used by Doppelganger, and additionally unsealed indictments against the previously sanctioned Social Design Agency (SDA), Structura National Technology (Structura) and ANO Dialog, which operated Doppelganger. We have an additional sanctioning of 10 individuals and new entities regarding ongoing Russian IO, and a rare finger-wagging at the specific Russian government official behind DG.
There are then multiple quotes that I’ll save you from about “cutting edge” AI and so on. Where it gets interesting again is below:
So here’s where we really set some precedents.
The affidavit includes internal documents from these various companies, including presentations and documentation of campaigns, plans to utilize influencers and more. Additionally, there’s an unorthodox enforcement lever here: trademark law! Would be interesting to see how that gets used going forward in other cases. Money laundering laws are also utilized.
Each of the above documents is translated into English and available via the links. The first, available here, is titled the “Good Old USA Project”. The introduction sets the stage and provides insight into how Russian operatives and officials perceive IO, a separate topic in of itself.
It was very mindful of the FBI to censor the names of the various parties here, but we know which is which. Goals and objectives are similarly clear and also quantitative:
Target audiences also get attention with a high degree of granularity, Jews being an especially noteworthy target audience considering their strong tendency to vote Democrat. Shoutout to 4Chan and Reddit for being called out as well! I always tell people in IO to spend more time on 4Chan, and somehow we still don’t pay enough attention to it.
Other platforms get called out as well, but nothing that you wouldn’t expect:
From here, we get more specific planning of the operation:
Other tactics, such as spamming comments, targeted advertising and working with influencers are all mentioned as well. Overall - a fascinating look into how operations are planned and perceived by Russian operatives. Seemingly, IO, including activity that we in the West often call ineffective, is still viewed as being such by at least the owners of these companies and certain Russian officials.
The Guerilla Media Campaign document is also quite similar in its structure.
The next section dives into the planning of the campaign and the narrative points to be hit - overall, things that we’re used to seeing:
From here, there’s some discussion of monitoring official American accounts, target audiences and so on - but most interesting is the description of two sample posts:
The final document is titled “US Social Media Influencers Network” and is the shortest of the three. Here, the goal of creating “platforms” on US social media networks is described. This case is straightforward, but includes one point that I want to emphasize: the authors view Meta as a partner of the NSA, making Twitter a much more effective platform for them.
The next case is arguably even bigger. Two RT employees allegedly used almost 10 million USD to publish “RT-curated” content through a Tennessee digital media company:
This company has been identified by CNN and others as being Tenet Media. Tenet features “heterodox” commentators:
Tenet published English-language videos on the platforms that you’d expect, with the two RT employees using apparently “multiple fake personas” to operate this company.
The scale here is staggering, and of course this whole operation violated FARA laws:
Even more fascinatingly, the operators were able to exploit some Youtubers with serious online followings by claiming that the money used to fund their videos came from a fictitious “Eduard Grigoriann”.
They even created a fake CV for Grigoriann:
CNN provided quotes from some of these individuals, who claimed that they were victims and exploited:
The operation was funded by an international network of shell companies, including a company in Canada, shell companies in Czechia and Hungary and beyond.
These companies all transferred money to Tenet:
There are some fun pivot points for further investigation:
There’s much more to deal with specifically in the indictment and affidavit, and I wish that I had the time to get into the weeds, but unfortunately we’ll have to stop there for now, so let’s sum this up.
Overall, the Doppelganger affidavit and seizure of the domains affiliated with it is a big deal. The US government, led by the FBI, is increasingly willing to - seemingly - use cyber/SIGINT methods to gain evidence (not surprising per se) and to publish it (more noteworthy). Utilizing financial intelligence and other levers will also be critical as this is how actually impactful IO is done - coopting high-profile influencers for example is much more impactful than a botnet.
The risk appetite that the USG has re Russian IO, especially in the buildup to the elections, is seemingly higher than in the past and I can imagine that we’ll see further aggressive prosecution and targeting of Russian online IO.
IO can be combatted not only by promoting cohesion, but also by cyber operations, the use of additional legal foundations for prosecution and beyond. I’m curious to see where this goes next.