More Russian Information Warfare

In all the hype about "cyberspace" and "cyberwar," it's easy to forget about information warfare. This term was in vogue in the military when I was an Air Force intelligence officer in the 1990s. The Russians were considered to be experts at using information to their advantage and they appear to continue to wield that expertise on a regular basis. The latest incarnation goes like this:

1. Unknown parties, probably Russian SIGINT operators, intercept and record a phone call between US Assistant Secretary of State Victoria Nuland and US Ambassador to Ukraine, Geoffrey Pyatt. In the phone call, the parties use language which could be considered inflammatory or insulting to EU politicians.

2. The interceptors pass the phone call recording to a private third party.

3. Either that third party, or some recipient down the line, posts the audio and a video overlay on Youtube.

4. The third party Tweets about the video.

5. Russian-sponsored television begins broadcasting stories about the video.

6. Reputable news media begin broadcasting stories about the video.

7. The rift between American and European leaders widens (possibly).

I find several aspects of this story fascinating.

First, I am surprised that whomever intercepted the phone call decided it was worthwhile to probably burn an intelligence source. It's possible the Americans were using consumer cell phones, subject to monitoring by foreign intelligence services. If true, the Americans were not very OPSEC-aware. If the Americans were using a line which they thought was secure, then the interceptors just revealed they know how to access it.

Second, the use of third parties is characteristic of Russian activities. We are all familiar with the role of patriotic hackers, youth groups, etc. when doing normal "cyber" activities. This sort of propaganda activity, with direct ties to a probable SIGINT operation, is interesting.

Third, I wonder about the cost of this operation. In some ways it is very cheap -- Youtube, Twitter, etc. In other ways, it may be expensive -- interception and probable manual auditing of the audio to identify divisive and "offensive" content.

I don't pretend to be a Russian SIGINT expert, but I wanted to document this case in my blog. Constructive commentary is welcome but subject to moderation due to spam countermeasures. Incidentally, if I got the origin or order of any of these events wrong, I'm open to that too. I didn't ask my Russian-speaking friends to comment -- I'm just noting this story for future reference.

Update: I noticed that sources like Kyiv Post say:

Among the first to tweet the audio recording was an aide to Russian Deputy Prime Minister Dmitry Rogozin, named Dmitry Loskutov, who also wrote: "Sort of controversial judgment from Assistant Secretary of State Victoria Nuland speaking about the EU."

However, the timestamp on this Russian aide Tweet is "11:35 PM - 5 Feb 2014" whereas the private Tweet I mentioned earlier shows "9:36 pm - 4 Feb 2014" -- a day earlier.


Anonymous said…
Now look what you've started:
Unknown said…
It is indeed a fascinating news. I wonder if we will see more intel and security agencies releasing materials directly to the web or torrent. That will be quite funny, tho not entirely surprising, given the recent events.
lubas said…
1) On top of Nuland/Payette call there is another one published between EU officials Schmid / Tombinski - quite likely disclosed by the same organization - this may indicate that public phone calls were intercepted, and not secure ones.

2) Organization who leaked those calls surely can do basic cost-benefit analysis and unlikely would disclose their capability to monitor foreign secure channels to gain some PR noise. (otherwise it is major fail)

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4