A new report from the Citizen Lab at the Munk School of Global Affairs has uncovered an extensive disinformation and cyber espionage campaign targeting high profile individuals around the world. The campaign operators have a strong Russian nexus and are linked to planting false information within “leaks” of stolen official documents. “Tainted leaks plant fakes in a forest of facts in an attempt to make them credible by association with genuine, stolen documents,” says John Scott-Railton, senior researcher at the Citizen Lab.

The campaign targets at least 218 individuals, including a former Russian prime minister, ambassadors, journalists and activists from at least 39 countries, as well as the United Nations and NATO. Citizen Lab’s investigation began with a single targeted phishing operation against American journalist David Satter, whose personal information was stolen, laced with falsehoods and then published in a tainted leaks campaign on a Russia-linked website. The leaks were designed to discredit prominent critics of the Russian government by falsely indicating they received foreign funding. In analyzing the phishing attack on Satter, Citizen Lab researchers were able to determine his targeting was part of a larger campaign. “The scope and range of the targets makes it clear that this was a large-scale operation, and would have needed to be supported by substantial analytical resources in order to process the stolen material,” says Adam Hulcoop, a research fellow at the Citizen Lab.

While the researchers do not conclusively link the campaign to a particular Russian government entity, they found that many elements of the campaign overlap with groups previously identified as Russia-affiliated by other reports. They also found overlap between this campaign and operations associated with the successful breach of John Podesta’s email account last year. Podesta is the former chairman of the 2016 Hillary Clinton presidential campaign. “The motivations behind Russian cyber espionage are as much about securing Putin’s kleptocracy as they are geopolitical competition,” says Ron Deibert, director of the Citizen Lab. “This means journalists, activists, and opposition figures – both domestically and abroad – bear a disproportionate burden of their targeting.”

Read the full report.
Read a blog post on this report from Citizen Lab Director Ronald Deibert. 

Follow this report in the news.

Kremlin critics targeted in hacking attack (Financial Times) (paywall)
Russian spies may have backed email phishing campaign in effort to spread disinformation (CBC News)
Russian ‘Fancy Bear’ hackers tainted their huge leaks with fake data (Forbes)
Researchers say they’ve uncovered a disinformation campaign with apparent Russian link (Washington Post)
Q&A with Citizen Lab on “Tainted Leaks” and Russia’s disinformation campaign (Just Security)
Citizen Lab reveals cyber espionage, disinformation campaign with Russian connections (U of T News)

May 25, 2017