Is It Possible To Neutralise Fake News?

Estonia. Georgia. Ukraine. Czech Republic. Germany. Russian disinformation & fake news is nothing new.

In response to Donald Trump’s executive order banning citizens of seven predominantly Muslim countries from entering the United States, Senators John McCain and Lindsey Graham issued a joint statement arguing that the measure would “do more to help terrorist recruitment than improve our security.”

In response, Trump took to Twitter. “The two Senators should focus their energies on ISIS, illegal immigration and border security instead of always looking to start World War III,” he tweeted.  

This invocation of World War III, which he also made in Charlotte, North Carolina during the campaign (“You’re going to end up in World War III over Syria if we listen to Hillary Clinton”) bears a striking similarity to those aired by Russia’s state-owned media, as Anne Applebaum pointed out in October.

Russian state media outlets favor headlines like “Are NATO’s Massive War Games on Russia’s Border a Pretext to World War III?” from Sputnik in May 2016, or “US Bombing Syrian Army Would Start World War III,” from the same site in October, and “Trump’s Victory Prevented World War 3” from November. Lately, Russian state media have suggested that Trump has been battling a coup to remove him from office since before inauguration. “Is the United States facing a coup d’état?” a British RT columnist wrote in December.

These headlines are characteristic of the disinformation campaigns the Kremlin uses to frighten and destabilize its eastern European neighbors.

The precise nature of Russian state-backed interference in the last November’s US presidential election and the contact, if any, between Russian officials and members of President Trump’s election campaign, may never be fully known.

But the apocalyptic stylings of Russian disinformation have reached across the Atlantic. Resisting this strain of anxious rhetoric means looking to its origin.

Not coincidentally, Senators McCain, Graham, and Amy Klobuchar recently returned from a tour of the Baltic countries, Ukraine, and Georgia, where they sought to restore confidence in US support for their continued independence.

Each of those countries, along with Finland and Sweden, have been targeted by Russian disinformation campaigns attempting to exploit regional, ethnic, religious, and linguistic divisions, usually pitting Russian-speaking populations in Scandinavia, the Baltic region, and Ukraine, against their neighbors, in an effort to divide and conquer.

The alleged Russian interference campaign against the United States, involving hacks and leaks damaging to the Democratic nominee Hillary Clinton, is different in some clear ways: It did not target a population of “Russian compatriots,” nor did it seek to reassert a Russian sphere of influence. It did not come from a neighboring aggressor. But like those earlier campaigns, it sought to exploit a fractured political landscape and sow confusion.

In 2007, the government of Estonia, a former Soviet satellite that Russian President Vladimir Putin still considers a part of his country’s sphere of influence, decided to relocate what is known as the “Bronze Soldier of Tallinn,” a memorial to Soviet soldiers killed in World War II. The Kremlin quickly condemned the plan.

Despite Russia’s response, Estonian officials proceeded with the removal. Soon afterwards, the country was hit with a torrent of crippling distributed denial-of-service attacks that took down critical pieces of the government, banking, and media infrastructure.

Russia has officially denied involvement in the attack, but multiple Russian political figures have claimed responsibility, and Estonian officials have little doubt about the origin of the attacks.

As Piret Pernik, a cyber-security researcher at Tallinn’s International Centre for Defense and Security (ICDS) explained, the assault was meant to impact national decision-making, and reverse the decision to relocate the bronze soldier to a military cemetery.

The same was true of the hacks of the Democratic National Committee and campaign officials, which were geared toward changing public opinion and voters’ choice, she said.

In the years that followed, Russia refined its disruptive techniques in the invasions of Georgia in 2008, and Ukraine in 2014, in an effort to distance both countries from NATO and reassert Russian political control.

Ukraine has been subject to a series of cyber-attacks on critical infrastructure since the Maidan revolution. More recently, the Czech Republic and Germany have been hit by DNC-style cyber operations.

Learning to respond to such intervention is a gradual, but ultimately straightforward process, as Jed Willard, director of the Franklin Delano Roosevelt Center for Global Engagement at Harvard, explained. “When Russia attacked Georgia, they lost the war of ideas. Georgia was very efficient in demonstrating to the west that they were the victim.” With Putin’s return to the presidency in 2012, Russia recommitted to information warfare. “The Russians realised that their information operations were not as effective. So they doubled down and heavily invested in research and in staff,” Willard said.

Five months after the annexation of Crimea in 2014, a dozen Russian television channels were banned from Ukraine for “broadcasting propaganda of war and violence.” But those channels had spread an abundance of falsehoods in the intervening months.

In one now-infamous case, the Russian state TV station Channel One aired a story claiming locals in the Ukrainian town of Slavyansk had crucified a three-year-old boy in the town square. The claim was quickly debunked by Ukrainian and Western sources on the ground, but the story proliferated across the Russian Internet, drumming up anti-Ukrainian sentiment and support for Russia’s military action in Crimea and in Eastern Ukraine.

A similar tactic was used to spread word of false “NATO war preparation against Russia” involving the deployment of 3,600 tanks. Initially reported by the small state media outlet of the Donetsk People’s Republic, the Russian-backed separatist organisation in occupied Eastern Ukraine, the story was replicated over 40,000 times within three days across the United States, Canada, and Europe, according to the Atlantic Council’s Digital Forensics Research Lab. It was a clear case of what the lab calls “disinformation laundering.”

“In Ukraine, there was a lot of uncertainty about what was going on. In one day, all Russian TV channels starting issuing crazy fake stories,” said Tetiana Popova, Ukraine’s former deputy minister of information policy. “It’s a pity that we didn’t do things in time, earlier,” Popova added.

In the summer of 2016 as the Swedish government debated whether to join the NATO alliance, social media in the country swarmed with false rumors about the potential repercussions of the decision.

In Finland, where ethnic Russians are the country’s second-largest minority group, Russian state media circulated false claims that children of Russian mothers in Finland were being removed from their households by Finnish authorities, and that in Europe, children of straight parents were being removed and placed in the care of gay couples. The Russian children’s rights ombudsman accused Finland of perpetrating “juvenile terror.”  

The Swedish and Finnish governments turned to Willard, who has worked extensively on public diplomacy campaigns, to help formulate a response. “Number one, have a message. It needs to be a good, positive one. Number two, stay on message. Do not repeat lies,” Willard said.

He helped the governments of Finland and Sweden to distill their core national values into coherent, positive narratives that could counter-message Russian propaganda, a much easier task for the smaller, more homogeneous Scandinavian nations than it would be for the United States.

Today in Finland, government-run training sessions teach border guards, child protection agencies, educators, and civil servants how to respond to propaganda. In Sweden, a “Civil Contingencies Agency” makes similar preparations.

“The most important thing is salience. The US is not going to get the unified message the way they did. What’s the Swedish message? Free press. What’s the Finnish message? Rule of law. What’s the American message? No one knows,” Willard said. “For the Finns this job was a lot easier than, say, for the Americans, because we don’t agree very much. We’ve really lost the [national] story, because we’ve stopped drilling it into our children,” he said.

Since 2007, Estonia has emerged as one of the leading players in detecting and combating Russian meddling, both online, where it arrives in the form of coordinated cyber-attacks and propaganda campaigns, as well as through more conventional forms of espionage.

The severity of the 2007 attacks forced the government to enhance cooperation both domestically and with its NATO partners “to raise awareness of the Kremlin’s means and methods,” as Harrys Puusepp, press officer for the Estonian Internal Security Service, wrote in an email. The trick, he said, is to prepare for the “lies and half-truths are going to be used against you.”

In 2010, Estonia introduced a new long-term national defense strategy that emphasized “psychological defense,” which it defined as “the development, preservation and protection of common values associated with social cohesion and the sense of security.” The government also launched a Russian-language domestic television channel aimed at “empower[ing] the local identity,” in the words of Ilmar Raag, a filmmaker who helped devise the psychological defense efforts.

Now, the small nation is experimenting with training a portion of new draftees as “cyber-conscripts,” focused on information security, rather than on conventional warfare. The country’s domestic and foreign security services issue annual reports detailing the state of national security operations inside and outside its borders, which more often than not focus on Russian attempts at interference.

Yet it has been difficult to determine the impact of these efforts, Russian-produced news outlets are still widely available in Estonia, after all. The Russian and Estonian populations still often “reside in separate information spaces and hold divergent perceptions and perspectives not just about each other, but also about the Estonian state and its history, its threat environment, and its national security policies,” a 2014 ICDS report found.

While Estonia offers some instructive examples for the United Sates, state attempts at responding to Russian influence in Ukraine and elsewhere in the Baltic region have been less successful.

Outright bans of Russian broadcasters, websites, and journalists tend to backfire, as Peter Pomerantsev and Marina Presenti found in a July 2016 survey of Ukrainian responses to propaganda, which calls for the introduction of stronger government media regulations. Operations attempting to “fact-check the news” are often too narrowly focused, reaching only a select audience of already-engaged readers.

You don’t have to educate the population too much about the Russian threat in Estonia, but it’s quite unknown in America.

For now, it seems unlikely that the Trump administration will choose to respond to Russia’s alleged interference in the United States. But that doesn’t mean that the private sector and civil society cannot. Those who choose to do so should consider the strategies that nations long familiar with these methods have deployed in response.

America’s experience with Russian disinformation seems to have “really broadened US interest in [disinformation], such that it almost matches that in Central and Eastern Europe,” said Donald Jensen, a senior adjunct fellow at the Center for European Policy Analysis.

“You don’t have to educate the population too much about the seriousness of the Russian threat in Estonia, but it’s quite unknown in America, though maybe now that’s changing,” Eerik-Niiles Kross, an Estonian member of parliament and former intelligence director said.

“The whole Western world needed to see it happening in the US to understand that it is not some ‘paranoia’ of the Eastern European states when they warn about the Kremlin’s hostile actions,” one EU official dealing with information warfare who spoke on the condition of anonymity told me.

Awareness of the threat, of the potential for head fakes and distracting diversions is half the battle.

“It’s like playing a game of fetch in the forest,” Arnold Sinisalu, head of the Estonian Internal Security Service, said about of Russia’s strategy. “They want us to think only about that game, while the main problem is somewhere else. But it’s not that easy, we’re not playing that game.”

DefenseOne

NATO Tools Up For Cybewar:       How Cyber Propaganda Influenced Politics in 2016

Social Media and the 'Information War’- Russia is Winning:

 

« Banks Lack Confidence They Can Detect Data Breaches
Welcome To Australia: No More Passports & Biometric Identification »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Kobalt.io

Kobalt.io

Kobalt are bringing the monitoring capabilities of enterprise-class security teams to smaller organizations.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Metallic.io

Metallic.io

Metallic (formerly TrapX) is a SaaS portfolio for enterprise-grade backup and recovery, designed to protect your data from corruption, deletion, ransomware, and other threats.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.