On October 7, 2016, David Satter, an American journalist and former Financial Times correspondent who was ejected from Russia after reporting critically on Vladimir Putin, got an email with a security alert from Google. “Someone has your password,” the email said, directing him to make a new one. He didn’t notice the odd sender address: no-reply@accounts.google.com.yandex.com.
In fact, the email was from hackers, likely working for the Russian government, according to cybersecurity researchers. When Satter entered his credentials, he handed over access to his email account — and found himself tangled up in a disinformation campaign that combined hacking with disinformation tactics, according to a report from Citizen Lab, a cybersecurity research laboratory affiliated with the University of Toronto.
Satter’s emails were leaked to CyberBerkut, “a self-described pro-Russian hacktivist group” according to the report, who published them online. The data had been doctored, however. The files that were published online included Satter’s real emails mixed in with fake emails that made it seem like Satter was attempting to plant negative stories about Putin in the Russian press — and also that Putin’s enemies, including Russian opposition leader Alexei Navalny, were “receiving foreign funding for their activities,” Citizen Lab reported.
“They’re trying to create these bogeymen to link the opposition to undesirable people,” Satter told his former employer, The Financial Times, after his emails were dumped. “Me being the undesirable in this case.”
These leaks “test the limits of how media, citizen journalism, and social media users handle fact checking”
Citizen Lab is calling Satter “patient zero” in a campaign that targeted 200 individuals across 39 countries, including the United States, Ukraine and Russia. The attack included high ranking Ukranian military officials, the CEO of a Central Asian investment bank, and a researcher at a Russian anti-corruption organization.
The campaign works by sending seemingly legitimate emails that trick users into giving up their email username and password, a technique also known as phishing. But this time, the hackers are including fake emails among legitimate ones in order to damage the reputation of the people they are targeting. Citizen Lab calls this “tainted leaks” or “fakes in a forest of facts.”
Citizen Lab says these leaks “test the limits of how media, citizen journalism, and social media users handle fact checking, and the amplification of enticing, but questionable information. As a tactic, tainted leaks are an evolution of much older strategies for disinformation, and like these earlier strategies, pose a clear threat to public trust in the integrity of information.”
The report stops short of definitively tying this campaign to the Russian government, but the evidence of a Russian link is compelling. The campaign analyzed by Citizen Lab uses the same tactics Russian espionage campaigns have used in the past, and its targets are people who have spoken out about the abuses of the Russian government or hold valuable intelligence that would benefit Russian interests. For example, Ukraine was the most targeted country in this campaign, next to Russia itself, and its targets included Ukrainian members of parliament and high ranking Ukranian military officials.
This campaign is almost like the reverse of what French president Emmanuel Macron’s campaign did to defend against hackers. Macron’s tech team intercepted the phishing attemptsand directed hackers to inboxes filled with fake emails, so that the campaign could cast doubt on any release of supposedly real emails.
Citizen Lab says a specific category of targets deserve special attention: those not in the military or government. “At least 21% of the targets from our set were journalists, activists, scholars and other members of civil society,” the report says. “All too often, threats against civil society groups receive second-billing in industry reporting and media coverage of government-linked operations.”
Russia’s hacking goes beyond government officials and campaign managers. Even just being critical of the government is enough to have your emails stolen and dumped online — and for you to be framed for something you didn’t say or do.
