NATO Live Stream – Russia’s Strategy in Cyberspace

NATO Live Stream – Russia’s Strategy in Cyberspace

On December 2, NATO held a live stream discussing Russia’s strategy in cyberspace. Among the invited speakers were Oscar Jonsson (from Center for the Governance of Change at IE University) and Bilyana Lilly (Pardee RAND Graduate School Fellow). We participated at this event as viewers, we have written down the most interesting information from the talk and we will go through it in this blog post.

Among the most intriguing outcomes were the tools that can help in coping with propaganda and disinformation on the Internet. We will talk about these tools later, but firstly, let’s talk about the Internet and why it is more vulnerable to propaganda than the traditional media.

The Information Battlefield

In recent years, the information battle has been shifting its field. The television and press had their peak in the past, but nowadays, the influence of social media is rapidly increasing. This can be dangerous because the press and the television have their editors and responsibilities but no authority controls social media, therefore social media is ideal for spreading disinformation. Moreover, social media want to maximize the time you spend on them, they show you the content you like and try to impact your behavior. They usually don’t show you a wide variety of opinions, only the ones that you prefer.

Russian Institutions and Hacking Groups

Russia has few institutions responsible for intelligence. Here is a list of the most important ones:

  • GRU – Main Intelligence Directorate
  • FSB – Federal Security Service
  • SVR – Foreign Intelligence Service

Some hacks and pieces of malware have been attributed to groups connected to these institutions. For example, it is believed that the SVR is behind “Cozy Bear” (APT21) and GRU is behind “Fancy Bear”. As far as we know, these groups and institutions usually do not cooperate or share code.

Russia does not lead an information war; it leads a cognitive war. Its main goal is to spread the opinion that democracy and objective truth do not matter and there are no consequences of spreading lies because everybody spreads his own propaganda. Some activities are directly conducted by the government, some are only sponsored by the government. Russia’s strategy in cyberspace vastly misuses social media and Internet for the purpose of spreading propaganda.

US Elections 2016

Bilyana Lilly, one of the speakers, gave more details on Russia’s modus operandi during the US elections in 2016. Russia used social media platforms (mostly Twitter, Facebook, Instagram) to spread divisive messages or messages favoring one candidate over the other. Also, Russia-sponsored media were involved, for example RT or Sputnik. Russia considers information warfare a continual process. What proves this attitude is the fact that articles favoring one candidate over the other did not stop after the election.

However, one of the most serious acts that occurred during US elections 2016 was the cyberattack on political IT infrastructure and the exfiltration of subsequently leaked data.

Tools to help against Russian propaganda

Even though Russia misuses the Internet and social media for their propaganda, we can use the same platforms and develop tools to fight propaganda. For example, Bilyana Lilly announced, that she has built an AI model with her colleagues, that is capable of detecting Russian trolls on Twitter and Reddit.

The team used a dataset of

  • tweets from Russian trolls active during 2016 US elections
  • tweets from American Twitter users active in the same period
  • Russian English essays for Native Language Identification.

The AI model trained on these datasets had the best precision and accuracy rate around 98% and it will be probably included in the targeted platforms in the future.

Bilyana Lilly also showed the CHAOS (Cyber, Hype, and Associated OperationS) framework that can correlate and visualize

  • cyber operations,
  • media hype,
  • social activities,
  • political activities,
  • and mitigation policies

connected to elections or other important events. The framework was used retrospectively on both the 2016 US Elections and 2017 French Elections, which Russia supposedly also tried to influence. Based on these cases, it is possible to draw conclusions about Russia’s strategy in cyberspace, what kind of inference to expect from Russia during the next elections and how to improve mitigation policies.