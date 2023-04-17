Comment on this story Comment Gift Article Share

A Russian cyber operation says less than 1 percent of its bots are noticed

Leaked U.S. intelligence documents are shedding new light on the extent of American surveillance and Russia’s capabilities in cyberspace.

The latest revelation: A top Russian government cyber organization claimed that it has a system for pushing out influence operations where less than 1 percent of its hundreds of thousands of social media bots are being detected, our colleague Joseph Menn reports.

The bots are used on social media sites like TikTok, Twitter and YouTube, according to the document. They can manipulate search algorithms, the document said.

“Bots view, ‘like,’ subscribe, and repost content and manipulate view counts to move content up in search results and recommendation lists,” the document said.

The document focuses on Russia’s Main Scientific Research Computing Center, or GlavNIVTs, which — according to the document — works directly for the Russian presidential administration. The Russian network running the disinformation campaign is called Fabrika, according to the document.

The document was prepared by the Joint Chiefs of Staff, U.S. Cyber Command and European Command, it indicates.

The Defense Department declined to comment. TikTok, Twitter and Telegram, which was also named in the document, did not respond to requests for comment. YouTube owner Google said in a statement, “We have a strong track record detecting and taking action against botnets. We are constantly monitoring and updating our safeguards.”

The document is still cause for concern.

“Google and Meta and others are trying to stop this, and Russia is trying to get better,” said Thomas Rid, a disinformation scholar and professor at Johns Hopkins University’s School of Advanced International Studies. The figure that you are citing suggests that Russia is winning.” Rid added that the claim of a 1 percent detection rate was likely exaggerated or misleading.

Other experts also said that the claims should be viewed with at least some skepticism.

“If I were the U.S. government, I would be taking this seriously but calmly,” said Ciaran Martin, former head of the United Kingdom’s cyberdefense agency. “I would be talking to the major platforms and saying, ‘Let’s have a look at this together to see what credence to give these claims.’”

“Don’t automatically equate activity with impact,” Martin said.

Joseph’s story contains several other newsy tidbits:

After the 2016 election, social media companies “stepped up their attempts to verify users, including through phone numbers. Russia responded, in at least one case, by buying SIM cards in bulk, which worked until companies spotted the pattern, employees said. The Russians have now turned to front companies that can acquire less detectable phone numbers, the document says.”

Another classified document highlighted several influence operations that are planned or happening this year by a new Russian organization, the Center for Special Operations in Cyberspace.

More on the leaks

The documents emerged after a sequence of events that unfolded on online chat servers, as our colleagues Derek Hawkins and Samuel Granados showed in a visual timeline. It culminated in the arrest last week of Air National Guard technician Jack Teixeira, who was charged Friday with taking and transmitting the classified papers. Teixeira faces 15 years in prison for the charges.

The leaks show the depth of U.S. surveillance around the world. For example, the U.S. government was eavesdropping on members of the Gulf Cartel in the wake of the abduction of four U.S. travelers, our colleague Nick Miroff reported this weekend.

The leaks also show the extent of U.S. intelligence collection. Documents revealed that U.S. intelligence agencies were aware of up to four additional Chinese spying balloons, as our colleagues Evan Hill, Cate Cadell, Ellen and Christian Shepherd wrote.

It’s also important to note that many documents in the cache haven’t yet been reported. The Post has reviewed approximately 300 photos of classified documents, many of which haven’t been made public.

The keys

Israeli cyber firm QuaDream shutting down following report

Israeli spyware developer QuaDream is ceasing operations following a report released last week detailing the company’s business practices, Omer Kabir and Meir Orbach report for Calcalist, citing several sources in the industry.

The report from Citizen Lab and Microsoft last week highlighted the company had customers in at least 10 countries and said that its spyware was used to spy on minority politicians and journalists, among other things.

The decision to close followed pressure and global scrutiny against the company following the report’s release. Kabir and Orbach report that the company was facing a difficult situation for months and that the research report was the last nail in its coffin. Calcalist couldn’t reach the company for comment, according to the report.

CISA director comments on tensions between cyber officials, secure-by-design success

CISA Director Jen Easterly sat down with Tim for an interview last week at a Meritalk/Axonius Federal Systems event. Here are some of the highlights:

Eric Goldstein , executive assistant director for cybersecurity at CISA, will release a CISA cyber-specific strategy, Easterly said. The White House released a national cybersecurity strategy last month , executive assistant director for cybersecurity at CISA, will release a CISA cyber-specific strategy, Easterly said.

Anne Neuberger , the deputy national security adviser for cyber and emerging technology. “We’re not all going to be best friends,” Easterly said, but all of the top White House and agency officials are “very focused on doing the right thing for the nation. We all have different styles. We all have different ways of dealing with people.” Ultimately, “I think we all recognize the imperative of what we are doing to protect the nation. So like anything else, there’s going to be tensions on the margins and disagreements on the margins. But I think what you saw in the strategy that came out represents the best of the interagency and the best of industry coming together.” Easterly had not previously commented on a recent Bloomberg News story about tensions between some cyber officials (including herself) and, the deputy national security adviser for cyber and emerging technology. “We’re not all going to be best friends,” Easterly said, but all of the top White House and agency officials are “very focused on doing the right thing for the nation. We all have different styles. We all have different ways of dealing with people.” Ultimately, “I think we all recognize the imperative of what we are doing to protect the nation. So like anything else, there’s going to be tensions on the margins and disagreements on the margins. But I think what you saw in the strategy that came out represents the best of the interagency and the best of industry coming together.”

How will the agency measure success with its push for secure-by-design and secure-by-default products? “Success looks like a world where it’s only these exotic zero-days, a world where threat actors are not able to take advantage of common vulnerabilities,” she said. For more on what she said about this, check out Grace Dille’s report at MeriTalk

“There are going to be growing pains ” at CISA, she said, and the administration is calibrating as such. “With this last budget, we did not get that significant growth in positions. … We only asked for $449 million more over the enacted [amount], which I think is a recognition that now it's really time to dig into stability and sustainability in terms of growth, but also in terms of mission execution.”

New report calls for space systems to be labeled as critical infrastructure

The Cyberspace Solarium Commission’s successor organization, CSC 2.0, wants space equipment to be considered critical infrastructure, Christian Vasquez reports for CyberScoop.

A new CSC 2.0 report published Friday argues “the official critical infrastructure designation would close cybersecurity gaps in the industry such as ‘uneven’ defenses and an approach to safeguarding hardware that is often more focused on harsh weather conditions than cyberattacks,” Vasquez writes.

The CSC 2.0 report says NASA should take the reins on serving as the agency for space risk management, though the report notes that NASA “has yet to demonstrate interest in becoming an SRMA” in becoming a sector risk management agency.

The Federal Communications Commission has also taken steps to shore up defenses against cyberthreats to critical communications infrastructure.

Bryan Ware, a former CISA official, will join ZeroFox’s executive team, according to a ZeroFox is buying LookingGlass Cyber Solutions for around $26 million, the company announced this morning. LookingGlass CEO, a former CISA official, will join ZeroFox’s executive team, according to a news release

