Russian Hybrid Offensives: November Statement to Parliament

Below is the unedited text of a statement sent to to the UK Parliament’s Fake News Inquiry on November 21 2017.

The intention at the time of its submission was to provide Parliament and MPs the time to deal with inevitable future disinformation campaigns led by the Kremlin.

Following the Skripal poisoning time ran out and the Russian hyrbid offensive has escalated to a point beyond control. The government, security services, national infrastructure, and the public at large face unprecedented and immediate risk.

It is squarely in the public interest to publish the text now and, though the information itself has already moved even further along, it is important the general public are able to understand what hybrid war is, how it functions, that Parliament have been made aware, and that non-urgent solutions were possible before the new year began.

The Fake News Inquiry has not yet published the statement and has been occupied with Cambridge Analytica issues.

Written evidence from James John Patrick (Known As J.J. Patrick)

Introduction:

Written evidence submitted to the UK Parliament by James John Patrick, known as J.J. Patrick.

This evidence is submitted freely in my capacity as a freelance journalist and private individual and contains 9658 words and spreads over 18 pages. Due to the complex nature of the submission, forgiveness is kindly requested for the length of the statement.

This statement has not previously been published elsewhere and as such is provided on the understanding that, if accepted and published by Parliament, it falls within the protections afforded by absolute privilege in this form.

The content is true to the best of my knowledge and honest belief and I am happy to appear before any hearings or committees.

Summary of Evidence:

1. Russia is deliberately interfering in Western democracy through the use of disinformation, cybercrime, psychological manipulation – through social media and disinformation (also known as fake news) – and the collaboration of well-placed of third parties. This hybrid conflict is live.

2. This global hybrid conflict has decisively impacted upon the democratic process in the United Kingdom and the United States with negative effect. The threat is continuing and extends to additional nations.

3. The current legal frameworks and responses of the UK and the US are inadequate and have contributed to the continuance of the live threat and success of Russian operations to date, but a number of solutions and tactical options are available.

4. Urgent action in response to the actions of Russia is being hampered by unnecessary, circular debate and fundamental misunderstandings of the core issues around the power of disinformation and psychological targeting of populations.

Personal Background:

1. Between 2004 and 2014 I served as a police officer with the Derbyshire Constabulary and Metropolitan Police Service in the United Kingdom. I retired in 2014 after giving evidence in a parliamentary inquiry.

2. In 2013 I acted as a whistleblower in the course of my duties, giving evidence to the House of Commons Public Administration Select Committee on the manipulation of crime figures by the police. The final report of the committee said of me “we are indebted to PC Patrick for his courage in speaking out, in fulfilment of his duty to the highest standards of public service, despite intense pressures to the contrary.”

3. I am now a freelance journalist and member of the National Union of Journalists and my primary publication platform is Byline, an independent news website based in the United Kingdom. This is a non-partisan publication which holds no editorial input or sway over my work. I am also signed up to the Impress regulations. My funding comes direct from the public and is unaffiliated to advertising of any kind.

4. I have also acted as a freelance specialist consultant in respect of crime data analysis with an NGO in Mexico.

Background: What Is A Hybrid Conflict And How Long Have We Known?

1. The term ‘hybrid warfare’ was first mentioned sometime during 2005, and the year after it was used to try and describe the tactics deployed by Hezbollah in Lebanon. Since then, the term “hybrid” went on to occupy most of the discussions around modern and future warfare, while also being broadly adopted by senior officials and military groups.1

2. The concept of a “hybrid threat” was first introduced in the North Atlantic Treaty Organisation’s Strategic Concept of 20102 and then incorporated in the NATO Capstone Concept3, defining hybrid threats as “those posed by adversaries, with the ability to simultaneously employ conventional and non-conventional means adaptively in pursuit of their objectives.”

3. Their 2010 Strategic Concept, entitled Active Engagement, Modern Defence (AEMD) was, according to the organisation: “A very clear and resolute statement on NATO’s values and strategic objectives for the next decade.” They set their stall out decisively, I suppose as an aid to the uninitiated, saying: “Collective defence, crisis management and cooperative security are the Alliance’s essential core tasks in today’s transformed security environment, an environment the Alliance is equipping itself for both politically and militarily.”

4. According to the organisation itself, recapping essential history in the concept’s preamble: “The political and military bonds between Europe and North America have been forged in NATO since the Alliance was founded in 1949; the transatlantic link remains as strong, and as important to the preservation of Euro-Atlantic peace and security, as ever. The security of NATO members on both sides of the Atlantic is indivisible. We will continue to defend it together, on the basis of solidarity, shared purpose and fair burden-sharing.”

5. It is obvious why NATO is perceived as a threat to its enemies, and why – very squarely – Russia is placed in the category of a potential threat, with particular focus on its ballistic and nuclear weapons being placed on or located within reach of the European borders. NATO makes clear an active and effective European Union contributes to the overall security of the Euro-Atlantic area, defining the union as a unique and essential partner. “The two organisations share a majority of members, and all members of both organisations share common values. NATO recognizes the importance of a stronger and more capable European defence,” the AEMD states, adding: “We welcome the entry into force of the Lisbon Treaty, which provides a framework for strengthening the EU’s capacities to address common security challenges.”

6. The AEMD adds: “Notwithstanding differences on particular issues, we remain convinced that the security of NATO and Russia is intertwined and that a strong and constructive partnership based on mutual confidence, transparency and predictability can best serve our security,”

7. Though the idea of a hybrid threat has come a long way since the concept was first introduced, it was drafted to included cyber-threats, political disruption, state-engaged criminality, and extremism, in addition to traditional warfare threats. It articulated the “unique challenges posed by current and future hybrid threats” and explained why these developing challenges required an adaptation of strategy by NATO, so it could adjust both its structure and capabilities accordingly.
8. Capstone discussed both a general approach to dealing with the (then) new hybrid threats, as well as laying down a framework for the organisation to deliver an effective response should such threats manifest in reality. The draft was central in informing the development of the new AEMD Strategic Concept and, even in those early days, NATO was sure “analysis and maturation” would support Capstone’s implementation. The paper also suggested broader implications for NATO’s core military components.

9. Capstone’s Integrated Project Team (IPT) was established in early 2009, indicating how long the threat we face now had been on the horizon. The IPT subsequently developed a detailed campaign to “assess both hybrid threats and the broader challenges facing NATO within the emerging security environment,” according to Royal Marine Lieutenant Colonel Richard Hills, the IPT’s Lead Concept Developer. “Between 2009 –2010 a number of ACT led international workshops were held to both focus the key analysis and better inform the development of the concept. The workshops included a broad range of participants from NATO and non-NATO organisations,” he said.

10. Capstone, led by the IPT, asserted that hybrid threats involve any adversaries, including “states, rogue states, non-state actors or terrorist organisations,” who may employ a combination of actions in an increasingly unconstrained operating environment in order to achieve their aims. Almost ten years later, they have been proven right.

11. While not a new problem, at the time NATO said “the interconnectedness of the globalised environment now makes hybrid threats a far more significant challenge for the Alliance and its interests, whether encountered within national territory, in operational theatres or across non-physical domains.” I found the description used chill-inducing: “Hybrid threats will apply pressure across the entire spectrum of conflict, with action that may originate between the boundaries artificially separating its constituents. They may consist of a combination of every aspect of warfare and compound the activities of multiple actors.”

12. On behalf of the IPT, Hills set out NATO’s role at an early stage, saying Capstone “also asserts that NATO’s role in managing the emerging security environment will invariably be a supporting one. The Alliance needs to develop its understanding of how it can cooperate with other organisations and stakeholders to both deter potential threats and mitigate their impact.”

13. With principal support from Joint Irregular Warfare Centre (JIWC), NATO set out to conduct its first Counter Hybrid Threats Experiment in Tallinn, Estonia. The primary purpose defined at the time was “to explore and discuss the key implications of the new draft concept and develop with other international stakeholders an understanding of potential approaches in addressing the likely challenge areas.” Academic centres, businesses and international bodies attended.

14. Explaining the experiment, Hills said “one of the key outcomes of the event will be clear recommendations to NATOs Political and Military leadership of what the organisation must do to support the international community in tackling the array of potential hybrid challenges. The results will feed directly into the further development and refinement of the CHT Concept Paper with the aim to potentially produce a more informed draft, by late 2011.”

15. The experiment, according to the official report, was conducted to examine the utility and feasibility of the Military Contribution to the Countering Hybrid Threats Concept. The Tallinn activity also centred on NATO’s potential support role in the wider context – what they called a “comprehensive approach” in addressing hybrid threats in a “steady state, security environment.”

16. The complex environment of hybrid threats was “examined through three different lenses.” The first dealt with cyber, technology and economic threats – followed by the second on stabilisation, conflict prevention and partnership. The final aspect of the experiment examined the “Global Commons and Resource security.” The global potential for resource-based conflict has been well established in the defence community for many years, but this is the first time it appeared to have been fully considered in the context of a multifaceted conflict.

17. During the Tallinn test, Supreme Allied Commander Transformation, French Air Force General Stephane Abrial, stated: “Unforeseen NATO Operations in Libya remind us of a historical string of ‘strategic surprises’- central in assessing Hybrid Threats.” He went on to say that hybrid conflict situations are linked to “the versatility of threats and a lack of strategic predictability.”

18. Hybrid threats gained renewed traction in response to Russian actions in Ukraine and the Da’esh campaign in Iraq.

19. In 2014, Russian military forces made several aggressive incursions into Ukrainian territory. After subsequent protests and the fall of the then Ukrainian President Viktor Yanukovych, Russian soldiers without insignias (often referred to as the Green Men) took control of strategic positions and infrastructure within the Ukrainian territory of Crimea. Russia went on to annexe Crimea after a disputed referendum concluded the electorate wanted to join the Russian Federation. In August 2016 the SBU, the Security Service of Ukraine, published telephone intercepts – dated 2014 – showing details of Sergey Glazyev, a Russian presidential adviser, Konstantin Zatulin, a Russian politician, and others discussing the covert funding of pro-Russian activists in Eastern Ukraine and arranging the occupation of administration buildings, along with other activities, which led to the eventual armed conflict4. Glazyev did not deny the authenticity of the intercepted records and Zatulin confirmed they were real but claimed they were “taken out of context.” The intercepts showed that, as early as February 2014, Glazyev was giving direct orders to pro-Russian parties in Ukraine, asking them to instigate civil unrest in the key locations of Donetsk, Kharkiv, Zaporizhia, and Odessa.

20. Meanwhile, Barack Obama declared Da’esh a hybrid threat in 20145, with world security services at the time reporting the sophisticated use of social media for worldwide propaganda in a campaign which attracted thousands of foreign fighters from Europe, the Maghreb and Asia. The combination of conventional and non-conventional warfare, with disinformation and terrorist operations, saw Da’esh placed in the centre ground of the hybrid conflict arena from that point on.

21. By February 2015, EU Defence Ministers meeting in Riga called for more unity and decisive action across the union. By May, the European External Action Service had created a circular entitled Countering Hybrid Threats6, which encouraged member states to recognise the risks and build individual responses.

22. The report was particularly bleak in its outlook, setting the full potential of hybrid threats against a more developed context than Capstone initially outlined. It stated: “Elements of hybridity can be traced in many other dimensions of the current security environment” with “various governments in the EU’s southern neighbourhood (i.e. the Gaddafi regime in Libya or the current government of Turkey)” having “used the complexity of migratory movements as a pretext to demand various concessions from the European Union.” It also concluded that ISIL/Da’esh simultaneously sought to instil fear in EU citizens and governments which, in turn, had the effect of “pushing them to take more hostile attitudes towards refugees, ultimately strengthening the image of the EU as an anti-Muslim society, to its discredit.” There is no doubt such a response, in fact, fed (and feeds) the continued propaganda necessary to drive the cycle, escalating the conflict steadily.

23. In addition to intentional actions, the EU report cited increasing concerns about the potential consequences of complex crises resulting directly from, or even combining the different elements, which would require an equally complicated response. The concerns they documented included ideas rarely thought of in connection with war or conflict, including observations that: “Abnormal weather conditions and climate-induced resource scarcity, for instance, increasingly influence relations between states, and might provoke confrontation over access to water or crops production.” At the time, researchers on the impact of climate change in the Middle East and North Africa had estimated, by 2050, summer temperatures across the region would reach around 46 degrees Celsius and hot days would occur five times more often than at the beginning of the 2000s. “Such extreme temperatures,” the report stated, “in combination with increasing air pollution by windblown desert dust, will render living conditions in parts of the region intolerable, leading to a ‘climate exodus’ and social unrest, that might be exploited to destabilise the region by state and non-state actors alike.”

24. Most references to hybrid war are commonly based around the idea of the existence of an “adversary who controls and employs a mix of tools to achieve their objectives,”7 and this brings with it a layering effect, a structure obfuscating the direct responses available in a traditionally declared military conflict. A hybrid conflict has been given the globally accepted definition of “a situation in which parties refrain from the overt use of armed forces against each other, relying instead on a combination of military intimidation falling short of an attack, exploitation of economic and political vulnerabilities, and the deployment of diplomatic or technological means to pursue their objectives.”

25. Despite the relatively early horizon identification, the world’s response has not been sufficiently effective – or unified – in updating the international framework to reflect this developing landscape.

26. As with all conflicts, attributing responsibility and intent is absolutely necessary, not only to ensure state and allied policy responses are proportionate, but they are legitimate and appropriately targeted. However, a cluster of problems is generated in hybrid conflict situations, arising from international law limitations, technological constraints, and the diffusion of actions to non-state actors working together to give an adversary in such a conflict substantial deniability. For instance, the involvement of a third party not immediately identifiable as being state-sponsored (such as Wikileaks) becomes incredibly difficult to set against the legal concept of beyond reasonable doubt when a response is being tabled. Nonetheless, the US have done this with North Korea after the Sony Pictures hack8.

27. Additionally, at a NATO Summit in 2014 the organisation set out that the application of Article 5 of the Washington Treaty in the event of a cyber-attack would apply9. The heads of state of NATO’s member countries met in Wales at what the organisation called a pivotal moment in Euro-Atlantic security. They released a joint statement which said: “Russia’s aggressive actions against Ukraine have fundamentally challenged our vision of a Europe whole, free, and at peace. Growing instability in our southern neighbourhood, from the Middle East to North Africa, as well as transnational and multi-dimensional threats, are also challenging our security. These can all have long-term consequences for peace and security in the Euro-Atlantic region and stability across the globe.”

28. Looking to the future of conflict, NATO correctly anticipated cyber threats and attacks would continue to become more common, sophisticated, and potentially damaging, and, in response to the developing challenges, the alliance endorsed an enhanced cyber defence policy. The commitment, they said, reaffirmed the “principles of the indivisibility of Allied security and of prevention, detection, resilience, recovery, and defence,” making clear the fundamental cyber defence responsibility of NATO was to protect its own networks. The policy emphasised assistance would always be addressed in accordance with the spirit of solidarity and went to lengths to press the understanding it remained the individual responsibility of allies to develop “relevant capabilities for the protection of national networks.”

29. NATO’s cyber defence policy, a key concept developed through Capstone, recognised something crucial: that international law, including international humanitarian law and the UN Charter, applies equally in cyberspace. According to the policy, a decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. “Cyberattacks can reach a threshold which threatens national and Euro-Atlantic prosperity, security, and stability,” the NATO leaders agreed, adding their impact could be as harmful to modern societies as a conventional attack, before confirming the provision of cyber defences as part of NATO’s core task. This marked an extraordinary development in respect of the recognition of hybrid conflicts as the future battleground, making the internet inseparable from a traditional, hot war zone.

30. Article 5 of the Washington Treaty sets out the principle of collective defence – the very heart of NATO’s founding treaty signed in the ashes of World War 2. It remains, NATO says: “A unique and enduring principle,” which “binds its members together, committing them to protect each other.” Collective defence as a term means an attack against one NATO member is considered to be an attack against all and the response is subsequently a joint one. They invoked Article 5 for the first time since the treaty was formed after the 9/11 terrorist attacks against the United States.

31. In Wales, NATO made a clear commitment to developing national cyber defence capabilities, saying they would “enhance the cyber security of national networks upon which NATO depends for its core tasks, in order to help make the Alliance resilient and fully protected.” They identified bilateral and multinational cooperation played – and would continue to play – a central role in building the cyber defence capabilities of the organisation and its members. All the members also agreed to integrate cyber defence into NATO active operations and operational contingency planning, with enhanced information sharing and situational awareness as a focus. Other international organisations, including the EU, agreed and NATO also set out to intensify cooperation with private industry through the NATO Industry Cyber Partnership10 – having identified technological innovations and expertise from the private sector were crucial to achieving their objectives.

32. Currently, however, no specific international legal framework is in place to regulate hybrid warfare, despite the efforts of NATO and others, which creates a conflict between the ability to invoke Article 5 and compliance with the regulations and legalities established and monitored by the UN. Use of force in international relations is still catered for under the United Nations Charter, which states: “In the absence of an armed attack against a country or its allies, a member state can use force legally only if authorised by a United Nations Security Council resolution.”

33. The grey area, of sorts, arises in the definition of using force at Article 2 of the Charter, which reads: “All members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state.” Article 2(4) does not use the term “war”, sticking to “the threat or use of force,” which creates an ambiguity as to whether the provision refers to pure military force or extends to incorporate “economic, political, ideological or psychological force.”

34. The Declaration on Principles of International Law Concerning Friendly Relations, signed in 1970, states: “No State or group of States has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State. Consequently, armed intervention and all against its political, economic and cultural elements, are in violation of international law.” The absence of a specific provision for hybrid use of force clearly arises from the dated nature of the charter itself and, to muddy the waters further, while a number of developing nations continue to argue force includes non-military force, it is the well-established states within the UN who resist adaptation.

35. The charter also permits self-defence and first strike, but both fall foul of the elderly definition of force, which has doubtlessly caused some hand-wringing among the states wishing to openly respond to live hybrid threats. Of course, the secondary issue with the dated law, is the UN are subsequently hamstrung by the charter in identifying and dealing with those actively engaged in hybrid conflicts. In addition, while the rules regarding traditional armed conflict are firmly laid down in international humanitarian and human rights law, hybrid conflict and threats are only covered by a patchwork of legal instruments covering specific policy areas. These are the seas, counter-terrorism, money laundering, terrorist financing, and human rights.

36. The impact of this coalition of defects allowed the growth of complex hybrid conflict operations to run almost unchecked, despite the best efforts of parties such as NATO and the EU, leading the world almost inevitably to the precipice it now stands upon. Trump, Brexit, the attacks on the French and Dutch elections, the world cyber-attack on infrastructure and health organisations, even fake news – these are the multiple fronts in a very real conflict from which there may be no return unless a response begins. Yet, any such response is hampered at the outset by the very structure which has permitted the threat to grow – made it necessary, even, by leaving room for tactics to be developed which exploit the inherent weaknesses.

Recommendation 1:

1.1 A new Act of Parliament is prepared defining Hybrid Conflict and its components, setting out statutory obligations to publish a national alert state and enshrining in British a structure by which an Article 5 response is to be set in motion.

1.2 The establishment of a new national body specifically dedicated to Hybrid Threats, providing reports to the Houses and the Public on a quarterly basis, combined with the introduction of a specific position in Government – The Minister for Hybrid Warfare.

1.3 A national effort by the United Kingdom to secure the commitment of the United Nations to modernising the definitions and understanding of weapons and force.

Main Evidence:

The Impact of Social Media and Online News: A Discussion We Do Not Need To Have

1. We do not need to (and must not waste time upon) the discussion of whether or not social media and online news has the power to influence public opinion, discourse, and behaviour. We know as a matter of fact the online world and the social media platforms do have the power to influence millions of people. We know this because of the advertising revenues and share values of platforms such as Facebook and Twitter, and because of the significant shift in media outlets to online presence, notably including publications such as The Independent and The Daily Mail.

2. Using information provided by Statista11 we know, in the most recently reported year, the social network Facebook generated 26.89 billion U.S. dollars in advertising revenues and this accounts for the vast majority of Facebook’s overall income.

3. In 2015, around 95% of Facebook’s global revenue was generated from advertising, at the time totalling more than 17 billion U.S. dollars. In 2013, this amount was only 7 billion U.S. Dollars.

4. Facebook’s average revenue per user also significantly increased during the same period, increasing from 6.81 U.S. dollars per capita in 2013 to 11.96 U.S. dollars per capita in 2015. The per capita averages are higher than globally in Europe, and significantly higher than globally in the United States.

5. Mobile advertising revenue already accounted for 77 percent of Facebook’s total advertising revenue in 2015 and is projected to grow to a value of 60.68 billion U.S. dollars by 2021.

6. Twitter still holds a smaller market share however, since 2010, the number of Monthly Active Users has increased exponentially from 30 million to 330 million in the latest quarter of 2017.

7. In 2015, Twitter generated 1.99 billion U.S. dollars through global advertising and is expected to earn over 3.26 billion U.S. dollars in 2017.

8. During the same period, traditional advertising expenditure in print media has fallen significantly, and The Independent ceased paper circulation altogether in favour of becoming a digital platform.

9. The reason we do not have to have the circular discussion as to whether social media and online media has an impact on public behaviour is a simplistic one: it is already an industry worth billions of dollars and will overtake almost all other advertising in the next five years. Subsequently, if it was not effective, this would be not be reflected in financial growth and the buying decisions of companies which are based purely upon ROI (return on investment).

10. This is, however, also supported by a growing body of academic research, just a fragment of which can be found with little or no effort using search engines12.

11. The largest and one of the most well known studies was published in the journal Nature. Entitled “A 61-Million-Person Experiment in Social Influence and Political Mobilization13,” and dated 2012, the study suggested messages on Facebook feeds could significantly influence voting patterns.

12. The study data — produced and subject to analysis in collaboration with Facebook data scientists — implied certain messages promoted by “friends” had the effect of increasing “turnout directly by about 60,000 voters and indirectly through social contagion by another 280,000 voters, for a total of 340,000 additional votes.” Following the study, concerns were raised about the potential manipulation of users and “digital gerrymandering.”

13. While dissenting studies have also been produced, there is a distinct marriage between the estimated effect and revenue which cannot and should not be denied. To do so would be nonsensical. Not least to consider is the significant spend by the Trump Campaign on social media targeted activity by controversial firm Cambridge Analytica, which runs into millions of dollars – and the methods of which are subject to two UK inquiries by the ICO and Electoral Commission over their ties to Leave.EU during Brexit.

14. Further, social media was first identified as a weapon by U.S. Contractor HB Gary in 2010, resulting in talks with defence company Palantir.

14.1 Back in 2010, cyber security company HB Gary – who also worked on Federal contracts – were in friendly talks about integrating with Palantir on social media based products.

14.2 Under the subject heading “Social Media, Exploitation, and Persistent Internet Operations,” senior employees of both companies were discussing the opportunities and risks by email.

14.3 “The rise of the social web has created an entirely new set of useful technologies and security vulnerabilities. It is our experience that most individuals and organisations understand there are risks to using social media but don’t understand the full extent, from what types of use, what the real risks are, or how the vulnerabilities can be fully exploited,” one exchange said.

14.4 The emails were dumped on the internet by Wikileaks after one HB Gary employee exposed alleged members of Anonymous to the authorities in 2011, in an event which ruined his career. Before infamy, however, Arron Barr set out in further emails just how significant the development of big data as a weapon would be. “There is an immense amount of information that can be aggregated from social media services to develop competitive intelligence against any target. Take any US defence contractor. If I could harvest a significant amount of data from sites such as FBO, Monster, LinkedIn, Input, Facebook, Twitter. What type of picture could I put together as far as company capabilities, future plans, contract wins, etc. From a targeting perspective could I identify information exposure points that lead to a defensive weakness…I spoke to INSCOM a few weeks ago about their desire to start to incorporate more social media reconnaissance and exploitation into their red team efforts. Such a capability has a broad applicability that will be more significantly needed in the future,” he wrote.

14.5 Barr was years ahead of his time in identifying threats which were subsequently exploited to successfully manipulate both British and American electorates. In one briefing email, he expanded, saying: “The explosive growth of social media has created a highly effective channel for the collection and aggregation of personal and organisational information for the purposes of tailoring content for users. To interact in a social media ecosystem requires some release of personally identifiable information (PII), in fact with most services the more information you provide the more tailored and beneficial the experience. In most cases, these are legitimate reasons for providing the information with tangible user benefits, whether it be to more personalise and localise advertising or tailored and real-time information delivery that increases personal productivity. Unfortunately, the same methods are being used to conduct information reconnaissance and exploitation. The most common current examples are spear-phishing attacks.”

14.6 “Future social media exploitation tactics will likely be applications and service that provide personal benefit or entertainment, but serving a dual purpose to collect information that can be used for more insidious purposes. This marks a new class of exploitation, vehicles directly targeting people rather than the machines they use,” he concluded.

15. Cambridge Analytica have since been touting for Pentagon contracts too.14 In fact, Cambridge Analytica’s parent company, SCL, recently registered an entry in the US Foreign Agents (FARA) declarations for a specific $330,000 campaign on social media entitled “Blockade Qatar”15, which appeared to be supporting Russian interests – resulting in Qatar signing a defence and supply deal with the Kremlin – and came before the later Saudi crisis.

16. We also know that SCL Group was paid £190,000 by the UK Ministry of Defence between 2010 and 2015 for the provision of external training and the procurement of target audience analysis.

17. In short, we must not engage in a pointless debate as to whether social media and online platforms are influential, because sufficient evidence exists across a broad range of views to affirm that they are and also wield immense power.

Recommendation 2:

2.1 It is accepted as a national position that social media and online platforms are recognised as being capable of influencing public opinion and discourse.

2.2 It is accepted as a national position that social media and online platforms are recognised as being capable of being weaponised.

2.3 That social media and online platforms are specifically taken into the considerations around and definitions required under recommendation 1.

What Is The Purpose Of Fake News?:

17. Fake News makes disinformation sound relatively harmless, but it is not and we have also moved beyond debates about what Fake News is. It can be defined as: “disinformation or propaganda which is completely false or adapts partial truths to create a malignant narrative, in both instances designed to misinform the public and obfuscate the truth in order to sway public discourse and opinion to the advantage of the creator, often by creating mistrust, division, and chaos.”

18. Fake News is most prolifically spread through social media and online platforms as they circumvent the traditional checks and balances which are applied across most media organisations, providing unfettered access to the target audiences.

19. While propaganda is, in of itself, an old concept, current disinformation is far more sophisticated and falls squarely within the arena of hybrid threats. Not only does it provide direct access to members of the public, but it forms part of a wider military doctrine developed in the days of the former USSR which destabilises a target nation in layers over a set time-scale. The doctrine16 was set out most clearly by Yuri Alexandrovich Bezmenov, a Soviet journalist for RIA Novosti and a former PGU KGB informant who defected to Canada and died in 1993.

20. However, one declassified CIA Report17 is instructive on the practical application of this doctrine through Russian state broadcaster, RT.

21. Even in 2012, the CIA captured the truth of RT’s position. “In recent interviews, RT’s leadership has candidly acknowledged its mission to expand its US audience and to expose it to Kremlin messaging,” the report states. However, it notes the RT leadership “rejected claims that RT interferes in US domestic affairs.”

22. The CIA meticulously document comments by RT Editor in Chief Margarita Simonyan, who claimed in popular arts magazine Afisha “It is important to have a channel that people get used to, and then, when needed, you show them what you need to show. In some sense, not having our own foreign broadcasting is the same as not having a ministry of defense. When there is no war, it looks like we don’t need it. However, when there is a war, it is critical.”

23. The report states, “according to Simonyan, “the word ‘propaganda’ has a very negative connotation, but indeed, there is not a single international foreign TV channel that is doing something other than promotion of the values of the country that it is broadcasting from.” She added that “when Russia is at war, we are, of course, on Russia’s side,” adding that “RT’s goal is “to make an alternative channel that shares information unavailable elsewhere in order to “conquer the audience” and expose it to Russian state messaging.”

24. Simonyan, the CIA outline, has close ties to top Russian Government officials, especially Presidential Administration Deputy Chief of Staff Aleksey Gromov, who reportedly manages political TV coverage in Russia and is one of the founders of RT.

25. “Simonyan has claimed that Gromov shielded her from other officials and their requests to air certain reports. Russian media consider Simonyan to be Gromov’s protege and Simonyan replaced Gromov on state-owned Channel One’s Board of Directors. Government officials, including Gromov and Putin’s Press Secretary Peskov, were involved in creating RT and appointing Simonyan. According to Simonyan, Gromov oversees political coverage on TV, and he has periodic meetings with media managers where he shares classified information and discusses their coverage plans. Some opposition journalists, including Andrey Loshak, claim that he also ordered media attacks on opposition figures,” the report states.

26. According to the CIA, the Kremlin staffs RT and closely supervises RT’s coverage, recruiting people who can convey Russian strategic messaging because of their ideological beliefs. “The head of RT’s Arabic-language service, Aydar Aganin, was rotated from the diplomatic service to manage RT’s Arabic-language expansion, suggesting a close relationship between RT and Russia’s foreign policy apparatus,” the report states.

27. “RT’s London Bureau is managed by Darya Pushkova, the daughter of Aleksey Pushkov, the current chair of the Duma Russian Foreign Affairs Committee and a former Gorbachev speechwriter,” the report also states.

28. “According to Simonyan, the Russian Government sets rating and viewership requirements for RT and, since RT receives budget from the state, it must complete tasks given by the state,” the report adds.

29. “According to Nikolov, RT news stories are written and edited “to become news” exclusively in RT’s Moscow office,” the CIA also state.

30. The Annex concludes that “RT hires or makes contractual agreements with Westerners18 with views that fit its agenda and airs them on RT.”

31. According to the CIA, “Simonyan said on the pro-Kremlin show “Minaev Live” that RT has enough audience and money to be able to choose its hosts, and it chooses the hosts that “think like us,” “are interested in working in the anti-mainstream,” and defend RT’s beliefs on social media.”

32. Interestingly, the report adds that “some hosts and journalists do not present themselves as associated with RT when interviewing people, and many of them have affiliations to other media and activist organizations.”

33. As the US Senate inquiry has continued, RT has been declared a state actor and even Twitter has off-boarded their advertising. The US Department of Justice also requested that RT register under the Foreign Agents Registration Act.

34. It is known that, through RT, several thousands of pounds of unrinsed Kremlin money has even directly entered UK Parliamentary records and is a cross party issue19.

35. A number of disinformation channels beyond RT are operating in the UK, including Breitbart, Westmonster, and InfoWars.

36. It is quite clear that Disinformation forms part of the live hybrid conflict which the UK has become engaged in, and that RT is a state actor within this. Their position, to repeat it, is clear: “RT’s goal is “to make an alternative channel that shares information unavailable elsewhere in order to “conquer the audience” and expose it to Russian state messaging.”

37. The purpose of Fake News, as defined at point 17, is unambiguous and the impact is visible across the globe and extends to other actors – including Julian Assange who has been actively supporting Russian efforts in Spain, focused on Catalonia, where he was the central hub of externally focused disinformation campaigning20

Recommendation 3:

2.1 The definition of Fake News is accepted as outlined at point 17 and recognised as being capable of influencing public opinion and discourse.

2.2 It is accepted as a national position that fake news is recognised as a weaponised element of military doctrine.

2.3 That fake news is specifically taken into the considerations around and definitions required under recommendation 1.

2.4 It is specifically recognised that some voices are harnessed within this doctrine without their full understanding of its nature and function and this needs to be addressed.

2.5 RT and other known disinformation channels must be officially recognised as such, where necessary they must be clearly declared as state actors and, if necessary, their broadcasting and publication rights reviewed. Though it must be understood there will be claims this is an attack on free speech and any such action must be properly and technically exercised under the rules surrounding matters of national security and morals.

Impact And Scale Of Social Media, Online Platforms, And Fake News In The UK:

38. Through experiments with Social Media, investigating Network Centrality, organic reach, the use of hashtags, and paid advertising, it has been established than one Twitter account with less than 400 followers has the capability of pushing a carefully designed psychographic message into a specific network of people, achieving a reach of over 16,000 people on a nominal budget of £20.0021

39. This means, by enhancing the targeting data and using a budget of £100,000 a single twitter account has the potential to reach approximately 85 million people.

40. Within the same experiment, it was established that an “army” of 30,000 twitter bots (automated accounts) had the potential to reach millions of people22.

40.1 If we were to hypothesise that Twitter hosts 30,000 co-ordinated troll accounts, each with an Organic Reach of 100 impressions and 5 engagements per tweet, this gives us a total, organic reach of 3,000,000 impressions and 150,000 engagements on each single message they push.

40.2 Applying a Hamilton Score (an extension of reach by using trending hashtags) to this means a troll army of 30,000 can, in fact, potentially reach 9,000,000 impressions and 450,000 engagements with every single message they tweet.

40.3. Trolls are not just tweeting once a day, but at least five times an hour. Over twenty-four hours, an army of trolls 30,000 strong could have the capability of reaching across a network and generating 1.08 billion impressions and 54 million engagements per day.

41. The UK is faced with multifaceted issues relating not only to platforms providing fake news for circulation, but by a complex network23 of domestic and foreign social media accounts, some of which are automated and some of which are operated by real people. These issues include the 13,000 Twitter accounts which posted thousands of messages about Brexit before disappearing after the vote, and pro-Kremlin managed accounts claiming to be British such as David Jones, exposed by The Times.

42. We also know this complexity is added to by the operation of Troll Farms, such as the Internet Research Agency in St Petersburg, and by the black market of propaganda operations for sale on the internet and the dark web24.

43. However, before the Olgino list was published by the US Senate, by shifting analysis away from simple mentions and retweets and looking at what other topics were being pushed in tandem with Brexit Leave messages – what’s called co-concurrence – network analysis shows a vote-centred conspiracy theory about using pens was being pushed by accounts which were also driving the tags #Ukraine, #Syria, #Aleppo, #IIS, and #VoteLeave. The story gained such traction it had to be covered by the BBC and other outlets. An initial analysis showed how the trolls and bots were specifically redeployed from regular Russian focus areas Ukraine, Syria, ISIS, and Aleppo to not only #UsePens but #VoteLeave too, with a huge push around referendum day, dwarfing all other bot traffic and after which the majority simply disappeared. This was the first clear example of fake news and social media operating together, and of Russia being actively involved.

44. Taking this method of analysis forwards allowed a broader analysis of the interaction between the currently active Russian botnet operating in America and Fake News surrounding Uranium One25.

45. In turn this led to a surprising finding about the Russian botnets and fake news surrounding both Trump and Brexit: they were operating in Tandem26 and the identified a number of the deleted accounts academics had discovered.

46. The most startling finding in respect of Fake News and botnet traffic surrounding Brexit was that while domestically it centred around Breitbart and InfoWars, internationally, the bulk of Brexit disinformation was being pushed from the Russian botnet operating in the US around InfoWars – who, in turn, were taking content from RT.

47. Once the US Senate published the Olgino Troll list, this was dip sampled and cross referenced against the previous anaylsis, and led to the exposure of a significant UK network27 of social media accounts pushing Russian messaging which is still active now28.

48. In one round of analysis alone, 8,483 accounts were found to be mutually connected on 10,326 points relating to follower and following data. One of the top 10 aliases for incoming links was established Kremlin troll David Jones (@DavidJoBrexit). In a further analysis, 2534 links were discovered between 9,320 accounts, with both David Jones and the Internet Research Agency itself featuring in the top 10 for incoming links. This led into further analysis of freshly identified accounts.

49. One of the key identifiers across this network of active trolls is their affection towards all things patriotic, including poppies. A simple, visual dupe. And one which was pervasive. There is no silver bullet for the identification of troll accounts on social media. In fact, the process of identifying them and making a decision about what they are is a hugely complex matter. This is a problem, because we aren’t just dealing with automated bots. In one case, an article29 outlining the difficulties of identifying trolls became the subject of fake news itself, seized upon by RT and the Russian embassy30 in order to discredit any work done to expose Russia’s operation. This sits well within the parameters of established doctrine, which dictates all media should be discredited.

50. By dividing the network31 for analysis we were able to establish that 50% of pro-leave accounts connected to the others had been deleted, while the others were still live and 20% of them dormant – having not tweeted for some time but not having been closed or locked. This is a mutually supported finding from the earlier research, though arrived at very differently. Immediately, this increases the network size at the time of the Brexit vote to around 18,000 locally branded accounts.

51. By analysing the times of tweets, we were also able to conclude a number of the accounts were, or had been, operating on Moscow office hours. These UK-branded accounts lacked any real finesse, but this is not uncommon among the sock puppets. The social networks themselves do enough to obfuscate the true source of accounts that a little blatancy goes largely unnoticed when combined with scale. It creates an illusion of normality for those interacting with these networks.

52. At this stage, however, we were presented with a new collection of accounts and a new collection of tweets, which had fallen outside of the intial search parameters: because the accounts were all based in Germany and had only been active on the topic of Brexit on the 23rd of June 2016.

53. Under various, quite plausible, and less nationalistic guises, these innocuous German accounts held the key to a much broader range of data estimations surrounding Brexit.

54. The German accounts are all currently dormant, and haven’t been used in a tasking process for sometime. Though a small hub of 48 accounts, analysis rapidly expanded their network to a more complete 1,967 users, connected between themselves 2,199 times.

55. Through a manual check of the accounts, establishing that profile pictures and local geographical photos have actually been lifted from Instgram accounts from Italy to Estonia, a further super-user – based in the Netherlands – was connected to the hub. This expanded this one network to 4,933 accounts, linked together by 5,200 cross-connections. The super-user was identified through the posting of a Russian meme relating to Chess and the collapse of the EU.

56. The interesting nature of the German hub, which is – with the exception of the super-user – fully automated, is how it looks when you visualise it using a combination of filters on software package GEPHI. It resembles exactly what it is: Bacteria or a virus. An infection aimed purposefully at humans.

57. While the accounts in the original, small hub are dormant, they are still open to full scrutiny. In the lead up to Brexit they were talking about Turkey and Syria, then afterwards they shifted to other issues before going offline at the end of 2016 – presumably shelved for future use as other accounts got shut down. Suddenly, however, on the 23rd of June 2016 all of these accounts were activated and churned out 630 tweets at a rate of up to 8 tweets a minute.

58. Their focus on the day of the vote is undeniable even when analysed in the base form of a word cloud. It is clear they had been specifically tasked to target undecided voters and wavering Remainers and they did so using the hashtags #BrexitOrNot and #RemainInEU, among others.

59. These fake accounts – each of them registered in March or April 2016 and seeded to appear real with photographs and data stolen from every corner of the EU – were specifically deployed on the day of Britain’s crucial vote to post meme’s attacking the weakest link in the Remain chain, David Cameron.

60. After the 23rd of June, every single one of the accounts stood down from Brexit and resumed what they had been doing before – sporadic push messaging at points of interest to Russian activity in the world.

61. Within the larger network, some of the accounts have remained fully active, though – most recently focusing on Catalonia, which is now a confirmed target of Russian hacking and disinformation, intended to destabilise Spain and the EU.

62. What is staggering is the breadth of this network beyond this one hub. On the day they were all activiated, other unconnected network hubs came on line without warning, communicating one or two replies to specific Brexit tweets in English before going to back to dormant status. These were human operators intervening. These accounts came from everywhere, but the one or two tweets in English would all have been seen by someone in the UK following the hashtags on the day, along with the memes.

63. Memes during the period were not restricted to Twitter, however. On referendum day even Flickr was busy, in particular around InfoWars linked accounts.

64. Other dormant Twitter accounts found within the expanded network, and a new hub uncovered during the analysis, were discovered to be promoting pro-leave hashtags which included #IVotedLeave – something which appears to have been highly visible to voters even before the polls closed and may also have been aimed at undecided voters. Again to create an illusion of a bigger crowd, the psychological effects of which do not need explaining.

65. Combining the identified hubs with the original analysis, they all led straight back to the original 9,320 accounts and reaffirmed the direct Olgino connection. This was no coincidence.

66. Running the Twitter activity through Indiana University’s Truthy tool showed not only how the undecided voters had been hijacked during a very specific time period, but also how this went on to influence conversations around prominent leave MPs in the days following the vote. A lot of debate over the last year has taken place around the “will of the people” and social media sentiment has been referred to throughout by policy makers. This is a broad confirmation of the true scale of the impact of an effective disinformation campaign on social media.

67. Looking at the data in a second visualisation, around connected discussion topics, how effective the hijack of voters timelines by the Russian network becomes even clearer. Using the available data on the extent of the network, married with the data on tweet frequency, it was possible to start to make some estimates about the true extent of Twitter traffic originating from Russian networks on the day of the vote.

68. While 50% of the accounts were deleted, we can estimate that one network of 1,967 producing 13 tweets each across the day on the 23rd of June 2016 could have produced 25,571 tweets.

69. By reversing the deletion of accounts, we can estimate that one network hub could have produced 51,142 tweets over the course of the day.

70. We know however we are looking at a network, as a baseline, of some 15,000 accounts. This means that single network – before account deletions – could have easily produced as many as 195,000 tweets aimed at undecided voters on the 23rd of June 2016. This would take the Russian network traffic up to a fifth of the twitter activity on the key hashtags, and matches the evidence which eventually came out at the US Senate.

71. However, a growing body of academic research fully supports discoveries made through these journalistic investigations32.

72. Earlier this year, academic researcher Marco Bastos released a critical piece of work on the Brexit Botnet, identifying thousands of accounts which vanished after the vote. Published in Social Science Computer Review33, Bastos first outlines the definition of a ‘sock puppet’ – what we commonly refer to as bots or trolls: “A sock puppet account is a false online identity used to voice opinions and manipulate public opinion while pretending to be another person. The term draws from the manipulation of hand puppets using a sock and refers to the remote management of online identities to spread misinformation, promote the work of one individual, endorse a given opinion, target individuals, and challenge a community of users.”

73. Starting with an analysis of almost 800,000 users who had tweeted on either side of the Brexit debate before the vote, the researchers managed to identify location data in only 60% of cases. Of the 482,000 accounts they could successfully geo-locate, only 30,122 users were identified as based in the UK, with the researchers noting it was: “a smaller population than the set of 40,031 accounts that have been deactivated, removed, blocked, set to private, or whose username was altered after the referendum.”

74. Breaking the group of 40,031 down, they identified 26,358 accounts had changed their identity after the vote and 13,493 had been deleted altogether. They did, however, note a clear relationship between the repurposed and deleted accounts in the way they had amplified each other, and specifically recorded that a much higher proportion (37%) of their content showed “notable support for the Leave campaign.”

75. This is also supported by new research from Swansea University34 which identifies potentially 150,000 Russian-based Twitter accounts tweeting tens of thousands of messages on the day of the Brexit vote, having shifted focus from other topics such as Ukraine.

76. One of the researchers; Tho Pham from Swansea University spoke to The Times saying: “the main conclusion is that bots were used on purpose and had influence”. The research looked at 156,252 Russian accounts that mentioned #Brexit, including one, Svetal1972 which posted 92 tweets between June 20 and 24, including one calling for Britain to “make June the 23rd our Independence Day”.

77. The same researchers expanded their parameters and have subsequently found the same botnet sent 400,000 messages relating to Scotland’s independence referendum35. News which came out after Russia had tried to discredit the article centred around Scottish trolls pushing Kremlin messaging cited at point 49.

78. Without considering Facebook, or the growing database of Russian memes36 which were pushed across the Brexit campaign period, Twitter alone saw sufficient activity to have been seen by millions of undecided voters on the day of the Brexit vote, creating a crowd-swell effect which could have easily changed voter behaviour (also refer back to the Nature study).

79. We also have not touched upon the long term relationships with far-right political figures who have acted as Useful Idiots37 for the Kremlin over a period of years, including Nigel Farage and his colleagues Arron Banks and Andrew Wigmore. Yet the evidence the UK was targeted by Russia using a known military tactic is clear.

80. While we are now living in the wake of a complex hybrid offensive, an Alternative War which saw Russia deploy a new range of psychological and cyber weapons with the assistance of far-right relationships cultivated over years, this is not a blockbuster movie. There have been indictments in the US and more will come while, in the UK, we see a long-term pattern of fluffed action being repeated – we’re currently responding to an act of war, as defined within NATO, with a Culture Committee and the inadequate system of fines provided by the ICO and the Electoral Commission. However, there will be no sudden revelation. No photographs of those involved in compromising positions with escort girls swimming in pools of Roubles. The most we will ever see is a contaminated crime scene.

Recommendation 4:

4.1 The scale of potential manipulation is set against the will of the people and the government immediately and urgently seeks to re-assess the safety of electoral decisions, working with the British security and military services who have now, alongside the Prime Minister, confirmed Russia is engaged in a hybrid offensive against Western democracies.

4.2 That Parliament immediately takes forwards the recommendations herein for open debate.

Conclusion:

1. Russia specifically targeted the Brexit vote and the reasons for reaching this conclusion are publicly known and obvious – the destabilisation of NATO and the EU for gain being a central element. I am willing to provide every Member of Parliament an electronic copy of Alternative War, which may assist in background reading around this, however my original 70 page statement, sent to Parliament, the EU, and the FBI in May this year, is also attached to assist.

2. Social Media provides an essential platform to people, however, the owners of these companies have allowed a foreign state to use their platform in a complex hybrid offensive to the detriment of the UK, US, and NATO allies. This area and its function in hybrid warfare is broadly and pervasively misunderstood and unregulated. I am willing to assist in preparing an effective package of issue specific responses.

3. In the UK, as in the US, the Russian activity has exposed a lack of preparedness and effective protections, leaving the ICO and Electoral Commission to try and respond, unsupported barring by journalists, to acts of complex warfare with a system of civilian fines. This requires rectification. I am willing to assist in preparing an effective package of responses.

4. Part of the specific problem is RT (and subsequently Sputnik), the Russian state broadcaster which is, in fact, an arm of the Kremlin’s Foreign operations (and admittedly so). As well as providing a platform for disinformation, they have also been paying Members of Parliament for appearances. This means – even though they claim separation by the use of “independent” production companies, that Kremlin money has directly entered parliament and members have unwittingly assisted a declared state actor. I am willing to assist in preparing an effective package of responses.

James John Patrick
21/11/2017

 

Advertisements