BILYANA LILLY
Editor’s note: This post by Dr. Bilyana Lilly provides insights into an aspect of Russia’s information warfare activities. Dr. Lilly, part of the OODA Network, is the author of the book Russian Information Warfare: Assault on Democracies in the Cyber Wild West and a frequent contributor to our network membership meetings (see this summary).
Hakan Tanriverdi is an open-source intelligence-assisted reporter known for reporting and analysis on criminal and state-sponsored hackers in Europe. Recently, Tanriverdi was working on an investigative report on what are known as the “Vulcan Files”: leaks that reveal Putin’s cyber strategy, including Russian Secret Services’ plans for disinformation and attacks on civilian infrastructure using software from the Moscow company Vulkan.
While reporting on the leaked Vulkan files, Tanriverdi “received a tip: an interesting file had been dropped on Virustotal. It turned out to be the master’s thesis (titled “Information Confrontation in World Politics”) by Evgenii Serebriakov, the person who’s heading the infamous Sandworm team, part of Russia’s military agency GRU.”
OODA Loop Sponsor
I was one of the first to be asked to review and assess this document. Let me start first with my assessment. Then I’ll provide links to the base document itself for those who want to dive deeper.
Having read Evgeniy’s thesis, I have good and bad news. The good news is that Evgeniy thinks about information warfare, its channels, its enablers, its applications, and its potential exactly like I do. The bad news is that Evgeniy thinks about information warfare, its channels, its enablers, its applications, and its potential exactly like I do.
I was initially surprised and somewhat disappointed that his research didn’t focus more on actual cyber operations as well as tactics, techniques, and procedures (TTPs). I was disappointed that the head of arguably the most dangerous hacking unit writes so little about hacking. But after I read his thesis, I changed my mind. What he has written is even potentially more telling than had he described an actual cyberattack or given away TTPs.
(Note: The following pages number references are to pages of the master’s thesis document)
The main and very dangerous significance of this work is that Evgeniy is aware that cyber operations are only a part of a larger strategy to use technology as an enabler to disrupt entire societies and violently change political leaders using psychological influence (p. 8). Parts of this document read like the cyber version of Marx and Engels’s Communist Manifesto, or in a way, like an information warfare manifesto.
After establishing his position that Russia’s national security greatly depends on ensuring information security (p. 3), he describes information security in Russia’s zero-sum foreign policy doctrine and threat perceptions where Russia sees itself in perpetual conflict with an aggressive West. In a way, information space is an extension of Russia’s paranoid world view and hence, Evgeniy also sees the existence of a conflict for control over information resources, and achieving and maintaining information superiority in this competitive hostile environment becomes the key to success (p. 4).
He sees information influence as a new weapon that can be as effective as traditional weapons and military technology (p. 4).
He realizes that cyber operations are used with other tools outside of cyberspace in a “fight for brains” or “fight for minds” using thought leaders (influencers) and youth movements (p. 11). He talks about overt and covert methods of influence (pp. 11-12).
He acknowledges the increasingly important role that non-state organizations and actors will play in information warfare, including international companies, international organizations, terrorists, extremist groups (p. 14), opposition parties, and religious leaders (p. 33).
Evgeniy adopts a broad definition of information warfare, which I do as well. I agree with this broader definition and my research shows Russia has been applying exactly this broad definition in its operations against NATO member states. He sees information space in two parts: 1) information-communication space or cyberspace and 2) social space. The first includes information systems, systems for data transfer, etc.; the second includes people, peoples, social systems, and governments (p. 45). He sees information systems as objects for influence (p. 46) and sees psychological manipulation of the entire population as critical, especially during elections, referendums, and crises (p. 46). That’s a very dangerous way of seeing information warfare, especially from the head of Sandworm. This makes me think the US and other states must brace themselves for Russian disruptions around election periods again. We are likely to see more cyber operations with strategic effects, or hack and leak operations.
He recognizes the massive disruptive potential of information-psychological aggression to lead to local wars and military conflicts (p. 49) and its goal is to “destroy the cohesion of nations and societies” (p. 66).
If the above observations aren’t disturbing enough, it gets better: the head of Sandworm describes six clear steps to bring about the violent removal of the chief political leadership in a country through information warfare. These steps are:Change the “cultural-meaningful code of a nation”, depends on the youth and middle-aged people who can more easily be dragged into protest moods and participate in protests (p. 67)
Inculcate the idea of “political insolvency of citizens”, starting to question their governance. (p. 67)
Take control over the levers for economic regulation to create hatred among social groups in the same country (p 68)
Create various social organizations, international movements, and religious sects to further break down social cohesion and position them against each other. The goal of steps one through four is to collect a “critical mass of marionettes” who can turn the tensions into actual action (p. 68)
Stimulate the revolutionary tensions in the country (basically bring about a revolution), (p. 68).
Displace the political leadership (pp. 70-71).
The conclusion of the thesis is interesting – Evgeniy recognizes the importance to maintain cohesion among the Russian population and establish a safe external environment outside of Russia. He recognizes Russia is susceptible to information warfare and the same diabolical techniques he is describing above.
If Evgeniy actually wrote this thesis and didn’t pay someone to do it for him (not unheard of in Russia), this is the cyber manifesto of Sandworm and the Russian government itself. I’d pay attention.
Concluding Context:
Government policy-makers should pay attention to this thesis, it is a manifesto either written by or endorsed by a key leader in Putin’s GRU.
All organizations, government and private sector, should understand that cyber conflict – including cyber espionage, information warfare, misinformation, disinformation, and even cyber-attacks – is not going away. For those of us in the business, we all recognize this challenge and should keep helping others understand the enduring nature of cyber conflict.
Additional resources:
Hakan Tanriverdi, along with his co-author, Carina Huppertz, published a publicly available assessment of the thesis document at: https://www.zdf.de/nachrichten/panorama/hacker-sandworm-evgenii-serebriakov-100.html
If you have a subscription to Germany’s Der Spiegel, Tanriverdi also published an analysis in collaboration with his colleagues at Der Spiegel: The man behind the world’s most dangerous hacking group.
No comments:
Post a Comment