Connectivity
Russian Disinformation Technology
Russia’s reinvention of war exploits old techniques for a new century. Open-source citizen investigators are fighting back.
On July 17, 2014, as passengers checked in at Amsterdam’s Schiphol Airport for Malaysia Airlines Flight MH17, “Necro Mancer” (@666_mancer) tweeted about an unusual convoy 1,500 miles east in Ukraine. His citizen intelligence network had noticed a covered anti-aircraft missile system trundling through Donetsk on a low loader. Minutes later, half a world away in Brasilia, Vladimir Putin wrapped up a pre-dawn Russian press conference. His answer to the last question—about the Moscow Metro’s worst accident, two days earlier, which killed 24 people—was overlooked until Russian conspiracy theorists picked it up 15 months later. In the aftermath of the deadliest shoot-down in history, his words acquired a macabre resonance.
“Responsibility should always be personal,” said Putin. “There is a classic example from criminal law called a ‘shooting tragedy,’ when two hunters shoot at a bush thinking there is game there, and accidentally kill a man. Since experts cannot establish who did it, they are both set free … Investigators should expose the guilty party … and they should be held responsible, but only those specific individuals whose fault it was.” By day’s end, questions about guilt and responsibility for MH17’s downing were of global concern. International investigators would range from the official—well resourced and highly trained—to a self-organized group called Bellingcat. Using little more than laptops, open-source materials, and relentless dedication, these “citizen investigative journalists” would find the exact missile launcher, identify dozens of soldiers, and, eventually, reveal a senior Russian soldier with a key role in coördinating the missile launch.
The horror of the MH17 atrocity was peculiarly intimate: in the debris fields, stuffed toys spilled from children’s suitcases. It briefly brought Ukraine’s war into focus in a way that Russia’s misdirection over the annexation of Crimea, or their murky fight in the farthest corner of Europe, had failed to do. However, a deeper and wider war remained concealed.
Andrei Illarionov was Putin’s senior economic advisor, and personal representative to the G8 for five years, until he resigned in protest at growing corruption. Two months before the downing of MH17, he called Ukraine “an introductory chapter” in “the Fourth World War.” (Stalin’s dismal term for the Cold War was “World War Three.”) Illarionov dislikes the phrase, but he says it’s being used “by the Kremlin propaganda machine” for a war “being waged now by Russia against the rest of the world.”
It took the weaponization of information in the 2016 U.S. presidential election for the Western world to start to notice. We now know of e-mails stolen from the Democratic National Committee by Russian hackers, of sophisticated botnets, of similar attacks across Europe; but the full extent of Russia’s activities is still being uncovered. Realizing that we are at war, and understanding how we can fight back, is now urgent business. The story of MH17, and Russia’s exposure, offers a grim but useful case study.
Devices of disinformation
As with the Soviets’ shooting down of Korean Air Lines Flight 007 in 1983, when 269 died, Russia’s reaction to the international outrage over MH17 was to contrive and deliver counternarratives. A buzzing and growing cloud of ever-changing claims emerged—placing the blame on a Ukrainian fighter jet, Ukrainians on the ground, or the CIA, or claiming that Putin’s private plane was the real target. Russia’s tactics, says Ben Nimmo, senior fellow in information defense at the Atlantic Council’s Digital Forensic Research Lab, rely on what he calls “the 4D approach”: “Dismiss, distort, distract, dismay. Never confess, never admit—just keep on attacking.”
“The single most prevalent Russian response is to attack the critic,” he says. “They use a ‘vilify and amplify’ technique.” Critics are besmirched, sometimes in an official announcement, sometimes through proxies, sometimes through anonymous sources quoted in state media; then paid trolls and highly automated networks of bots add scale. In response, an ad hoc blend of civilians, private companies, and NGOs has evolved to cast a bright, shining light on MH17 and Russian aggression in Ukraine, Syria, and the Atlantic partnership. Exemplifying the values Italo Calvino outlined in Six Memos for the Next Millennium—lightness, quickness, exactitude, visibility, multiplicity, and consistency—their methods are in sharp contrast to the West’s generally sclerotic response to a revanchist Russia.
Nowhere is this weakness more brutally apparent than in Russia’s use of digital technology to reinforce its greatest tool of statecraft: maskirovka. The literal translation—“little masquerade”—disguises the density and importance of this elusive concept. “Military deception” misses its deep cultural roots: maskirovka involves camouflage, denial, and a deep finesse. As James Jesus Angleton, the founding counterintelligence chief of the CIA, put it, “The myriad stratagems, deceptions, artifices, and all the other devices of disinformation … confuse and split the West [with] an ever-fluid landscape, where fact and illusion merge, a kind of wilderness of mirrors.”
The most powerful weapon in the maskirovka armory is disinformation, a word acquired in the 1950s from the Russian dezinformatsiya. A generation after the Cold War, the acknowledged masters of “deza” are deploying disinformation technology against the compromised immune system of liberal democracy. “And at this point,” says Andrew Andersen, a Russian-born security analyst at the University of Calgary’s Centre for Military and Strategic Studies, “the West is losing.”
“The first thing you need to understand is that this is a war,” says Andersen. “This is not a joke and not a game of any kind. It’s not ‘socializing with your friends on social networks’—it’s a real war. Even those who don’t want to take part have to behave in accordance with the laws of war,” he says, alluding to Trotsky’s notorious epigram, recalled by several of the interviewees for this story, that translates loosely as: “You may not be interested in war, but war is interested in you.”
Even the name of this new style of war is contested territory. “Ambiguous,” “hybrid,” “irregular,” and “nonlinear” warfare have all been suggested. Mark Galeotti, senior research fellow at Prague’s Institute of International Relations, unpicks the issue in his new book, Hybrid War or Gibridnaya Voina? Getting Russia’s Non-Linear Military Challenge Right. He admits to still worrying at it. “The more I think about what we should be calling hybrid war,” he says, “the more I think the answer is: war.”
“The Russians have stumbled on how the nature of international contestation is changing and will be fought out in the 21st century. It’s an age when direct kinetic warfare [the military’s term of art for ‘things that go bang’] is ridiculously expensive, in political but also economic terms,” he says. “Instead, war will be fought out through a variety of other means, many which are covert, ambiguous, and so on. The Russians have, fortuitously for them, simply stumbled on a truth of the century.”
Foul deeds will rise
Exactly an hour before MH17 took off, Necro Mancer tweeted a tentative identification: “It visually resembles a BUK a lot.” (Buks are a family of Russian-made mobile medium-range surface-to-air missile systems.) A Donetsk man of around 50, he spends “almost all” his free time scanning popular Russian-language social-media sites like Vkontakte (“In Contact”), known as “Russia’s Facebook,” and Odnoklassniki (“Classmates”); listening to pro-Russian channels on the walkie-talkie app Zello; and sharing civilian reports of military activities. As an additional hobby, he uses open sources to curate a list, linked in his Twitter profile, of several thousand Russian and pro-Russian dead, “because they hide them.”
“I cannot fight as a soldier, so I try to do my best,” he says of a conflict that has led to more than 30,000 casualties and millions displaced. He’s just one of many keyboard partisans in the war dominating Europe’s largest country. After the annexation of Crimea, the subsequent invasion of eastern Ukraine, and the MH17 shoot-down, the world’s scrutiny of Russian behavior in the region dwindled. Yet Ukraine—site of the continent’s first military incursion by a neighbor since Stalin subjugated Eastern Europe behind the Iron Curtain—is, as U.S. Deputy Secretary of Defense Bob Work said in a speech in 2015, “an emerging laboratory for future 21st-century warfare.”
The 34-ton Buk-M1 TELAR (“transporter erector launcher and radar”), and its bodyguard of irregular troops, rolled through the southeast corner of what the Yale historian Timothy Snyder has christened the Bloodlands. Here, in living memory—between 1933 and 1945—a hellish amalgam of Nazis and Soviets (sometimes collaborating, more often at war) were responsible for 14 million civilian deaths. “During the years that both Hitler and Stalin were in power,” Snyder writes, “more people were killed in Ukraine than anywhere else in the Bloodlands, or in Europe, or in the world.”
Half an hour after MH17 took off, another Ukrainian curator, @WowihaY, tweeted that the convoy had passed through his hometown of Torez, 45 miles east of Donetsk, headed to the city of Snizhne. There, the Buk was unloaded from a white Volvo low-loader truck before continuing south under its own power. Passing through checkpoints held by Russian--backed insurgents, it set up in a field and, at 4:20 p.m. local time, fired a 1,500-pound missile 33,000 feet into the air. Carrying a high-explosive fragmentation warhead weighing 154 pounds, it nearly reached Mach 3. On board MH17 were 15 crew and 283 passengers, including 80 children in 20 family groups and a party, led by the virologist and former International AIDS Society president Joep Lange, heading for the 20th International AIDS Conference in Melbourne.
The warhead exploded around four meters to the upper left of the airplane’s nose. Dying bodies fell “like confetti” for around 90 seconds. One female victim crashed through the corrugated roof of a house into a kitchen. Autopsies found hundreds of metal fragments in the captain’s corpse, another 120 in the first officer, and a bow-tie-shaped fragment—unique to the Buk-M1’s 9N314M warhead—embedded in one of the flight crew.
For long days, governments scrambled to negotiate access with hostile irregular forces, probably composed of what Galeotti calls “a mix of regular Russian units, ad hoc collections of nationalists and adventurers, and everything in between.” These auxiliaries, largely organized by the GRU (the Russian army’s foreign military intelligence agency), now controlled what a spokesman for investigators with the Organization for Security and Cooperation in Europe (OSCE) called “the biggest crime scene in the world.” The hot sun glittered. It was summer. It was very warm.
Penetrating the smog of war
Three days earlier Eliot Higgins, a highly regarded citizen journalist, had launched his crowdfunded project Bellingcat in beta. Bellingcat would use open-source information, he promised, “to investigate, collaborate, and report on worldwide issues that are being underreported and ignored … Syria, Iraq, Turkey, Kurdistan, Nigeria, Jihadists, Shia armed groups, the U.K. phone hacking scandal, police corruption, and more.” That “and more” swiftly became the downing of MH17. Bellingcat could have been designed for the challenge. Less than six hours after the shoot-down, Higgins had found, identified, archived, uploaded, and shared a 35-second video—titled in Russian “The Murder Weapon Malaysians Snizhne”—in which the Buk, now led by a single vehicle, rumbled ominously through Snizhne. Two years later, the Dutch-led international Joint Investigation Team (JIT) would use the video in its findings.
The official investigation by the Dutch Safety Board, conducted in parallel with the JIT’s, embodied a century of hard-won knowledge about air accidents. Over 15 months, the $4.8 million investigation reconstructed substantial parts of the Boeing 777. A wealth of expertise fortifies every part of the 279-page report and its 26 appendices, showing precisely how flight MH17 was destroyed. In their effort to find out what happened—and who was responsible—the JIT’s hundreds of investigators have, among other tasks, processed 1,448 pieces of wreckage, heard over 200 witnesses, analyzed 150,000 intercepted calls as well as half a million photos and videos, and produced over 6,000 reports. Although determined to keep their powder exceptionally dry for future criminal prosecutions, last September they presented preliminary results. After noting the efforts of “research collectives like Bellingcat,” they reached an unequivocal conclusion: a Buk-M1 TELAR, armed with 9M38M1 missiles carrying 9N314M warheads, traveled from the Russian Federation into Ukraine, fired from a launch site roughly halfway between the villages of Pervomais’kyi (May Day) and Chervonyi Zhovten (Red October), and then returned to Russia.
On a shoestring budget, using social media and satellite photography, and tapping into a network of obsessives, Bellingcat’s detective work has produced impressive results. In a series of reports, participants identified the actual Buk—unit designation number 332—and its battalion in Russia’s 53rd Anti-Aircraft Missile Brigade. Comparing dozens of Buks, and analyzing photos shared on Vkontakte between 2009 and 2013, they homed in on seven characteristic markers. These included exhaust deposit patterns, dents, the arrangements of cable connections to the missile erector, fonts (and spacing) on the digits, and the vehicles’ mix of hollow and spoked wheels on each side. A Bellingcat with an intelligence background developed an innovative type of “fingerprinting”: using 3-D software “to solve the problem of comparing two vehicles with perspective-distorted photos,” he noticed there were unique patterns of deformation in the protective rubber side skirts above the wheels.
Bellingcat was also the first to publicly describe the route the Buk took through Russia in late June and into and out of Ukraine before, during, and after July 17. The project has since identified several dozen soldiers associated with Unit 32406—the 53rd Brigade—by piecing together content and friend lists on Vkontakte, cross-referenced with posts on a forum for the often anxious mothers and wives of soldiers. (The murdered Russian journalist Anna Politkovskaya wrote movingly on this subject in her essay “My Country’s Army, and Its Mothers.”)
The penumbra of uncertainty
None of this cuts much ice in Russia. The Kremlin’s fog machine went into overdrive. The full panoply of Russian state media, troll farms, semi-automated botnets, and what Russian novelist Nikolai Leskov called “useful fools and silly enthusiasts” began their murky work. The Russian government’s response to the shooting down of MH17 was a charade, wrapped in a travesty, inside a miasma: a relentless campaign of abuse and deceit, trying to entangle every fact of the matter in a net of disinformation. Numerous attempts were made to hack the Dutch Safety Board. Several Bellingcats experienced spear-phishing attacks. Other targets included French and U.K. TV channels, NATO, OSCE, and the Polish, Dutch, Finnish, and Norwegian governments, as well as German political parties.
The primary “threat actor” was a cyber-espionage group called Fancy Bear (which has several names, including Tsar Team, APT28, Strontium, and Iron Twilight): Russia-based, and in all probability controlled by the GRU. As during the operations against the U.S. election last year, Fancy Bear seemed careless about disguising its activities. (FBI director James Comey, testifying to the House Committee on Intelligence in March, called the group “very noisy.”)
Fighting this cyber-espionage is CrowdStrike’s Dmitri Alperovitch (in 2013, one of MIT Technology Review’s 35 Innovators under 35). He was the lead computer security consultant on the DNC hacks and has been instrumental in identifying major Chinese and Russian hacking groups. Alperovitch grew up in Russia until his family moved to the United States in 1995. Like many people of Russian origin, he has strong feelings about disinformation. “The power of cyber,” he says, “isn’t the ‘cyber Pearl Harbor’ scenario—which we’ve been talking about for 25 years now and hasn’t happened. The real power is in information.”
Alperovitch thinks Russia gets “the true nature of the battlefield” in a way the West does not: “They’ve been thinking about this for a very long time—it actually goes at least as far back as the Tsarist era in the 1860s, when they created one of the first modern intelligence agencies, the Okhranka.” After the 1917 revolution, when the Bolsheviks opened the Okhranka’s archives, “they were shocked to discover how infiltrated they were and how much disinformation had weakened their movement,” he says. “They modeled the KGB on the successes of Okhranka. So they didn’t invent it—they stole it.”
The highest-ranking Soviet-bloc defector to the West—Lieutenant General Ion Mihai Pacepa, the former chief of Romania’s espionage service—has exposed even deeper roots. In a book he recently coauthored, Disinformation, Pacepa cites the Marquis de Custine, Russia’s Tocqueville, who wrote in 1839: “Everything is deception in Russia.” Custine quotes a distinguished and well-traveled Russian diplomat quietly confessing, “Russian despotism not only pays little respect to ideas and sentiments, it will also deny facts; it will struggle against evidence, and triumph in the struggle!” The tsar, and then Lenin, banned Custine’s work.
The U.S. diplomat George Kennan, whose “Long Telegram” to the U.S. State Department shaped the Cold War and NATO, so admired Custine that he wrote a book about him in 1971. Kennan thought that much of Custine’s analysis still rang true: “the neurotic relationship to the West; the frantic fear of foreign observation; the obsession with espionage; the secrecy; the systematic mystification; the general silence of intimidation; the preoccupation with appearances at the expense of reality; the systematic cultivation of falsehood as a weapon of policy; the tendency to rewrite the past.” (Among Putin’s methods, not least is the effort to ban history books as part of “the war of memories.”) Kennan called Russians “one of the world’s greatest peoples,” but he retained a clear-eyed mistrust of their leaders.
Expectation in the air
“Answer in kind!” commands Edward Luttwak, the eminent if colorful military strategist and historian. Speaking from Moscow, he suggests that we respond aggressively to the global hacking of truth. “There are ample opportunities to hit back,” he says, “but nobody is using them. There are a thousand stories here, openly circulated.” (He shares one picked up in the Beluga caviar bar from two billionaires the previous night.) Putinism can be likened to the Golden Horde “in advanced Mongol form,” he says. “It’s not just the Great Khan who must have billions of dollars: now the companions of the Court must also be multibillionaires.” He suggests using these stories “to ‘disassemble’ Putin.”
To sunlight we can now add another powerful disinfectant: global, peer-to-peer, open-source investigation. On the day Bellingcat opened for business in 2014, Russia began an artillery bombardment from within its own borders, using its own equipment and soldiers. It still lies about the barrage, as it does about most of its actions in Ukraine. Last December, Bellingcat fired back a salvo of truth: an interactive map showing hundreds of artillery strikes on Ukraine made from Russian territory. Open-source investigation was also used by Russia’s opposition leader Alexei Navalny in a recent, virally shared video that exposed the scale of Russian corruption. Bolstered by drone footage documenting the leadership’s spoils, the facts brought out tens of thousands in protests across Russia.
Earlier this year, Bellingcat identified the man who called the instrument of MH17’s destruction “my Buk-M.” In several tapped phone calls released by SBU (Ukraine’s secret service) and the JIT, he was called Sergey Petrovsky. But Bellingcat uncovered his real identity: Sergey Dubinsky, a veteran of Russia’s wars in Afghanistan and Chechnya. The calls begin as MH17 passengers are embarking: Dubinsky can be heard coördinating several still-unidentified people as they head to the launch site. Calling himself “Bad”—from his call sign, “Bad Soldier”—Dubinsky would later prove his identity to a skeptical user on a forum by confirming he owned a black Peugeot 3008: Bellingcat found a dash-cam video showing a black Peugeot 3008 leading the missile-launcher convoy east of Donetsk. Bellingcat also found evidence of Dubinsky acknowledging that he was indeed the voice on the recordings. Instrumental in smashing apart the lives of others, -Dubinsky responded to the Bellingcat reports with an e-mail to the BBC, sent from his home in Russia, that was openly contemptuous, describing his “Homeric laughter.”
Today, at any one time, facts keep a city of several hundred thousand people safely in the air. Most of those air dwellers carry smartphones equipped with the GPS technology that Ronald Reagan accelerated into civilian use in response to Russia’s shoot-down of KAL Flight 007. Perhaps we could gain something similar from MH17: a better global positioning system, this time for information. If it is to work, it is unlikely to be entirely technological.
John Pollock has written for MIT Technology Review about the role of social media in the Arab uprisings (“Streetbook,” July/August 2011) and that of civilians in the Libyan information war (“People Power 2.0,” March/April 2012).