Your Facts Are Not Safe with Us: Russian Information Operations as Social Engineering

here is Megan KY with your facts are not safe with us Russian information operations as social engineering alright hi everybody thanks for coming so quick question before I get started any Russian operatives out there in the audience show hands no yes okay so can I hear me in Moscow is it working okay good all right let's get started so I'm Megan kine so a little bit about me so you know why I'm talking to you about this issue I'm a Russian language nerd and InfoSec enthusiast I spent a year abroad in Russia on a language immersion program in saint-petersburg while I was over there I purposely avoided English language news sources and I would did that to try to further

my language immersion experience but the unintended side effect of this was that I was basically blasted by propaganda on a daily basis while I was over there the Russians invaded and annexed the Crimean Peninsula of Crimea and also started in military operations in eastern Ukraine so I'm gonna touch on both of those things pretty extensively here and let's jump right in so to give you some background on what I'm talking about here before I talk about it from the perspective of social engineering so Russian information operations is very insidious for a lot of different reasons one of them being that a very common tactic is that it'll take a small piece of truth out of its original context and

then create a new false narrative around that very small grain of truth so a good example of this that's relevant to what I'll be the case study that I'll be discussing later is that the existence of far-right nationalists Ukrainian groups both current and historical has been used to paint all Ukrainians as being fascists so another common tactic here is that Russian information operations pushes expedient narratives and sometimes even creates new realities on the ground so an example of one of these expedient narratives would would be Russia's no worse than the West and this is something that I heard such a common refrain that I became totally numb to it while I was over there and an

example of how this works in practice so a lot of what about ISM goes on here so the us-supported separatist Kosovo in the Yugoslav wars in the 1990s and did so with military operations now Russia decided to point this out as opposed at Hippocrates because when the Crimean operations started they were supposed to well they the US was supposed to support Crimea's supposed self-determination even though it was actually an invasion so another key thing to keep in mind here is that what will often happen is fringe groups will be co-opted to put this disinformation back out and amplify that signal so another example here I'd mentioned the conflict in eastern Ukraine already so thousands of Russian

far-right nationalists decided to volunteer to fight in Ukraine along with side / Russian Ukrainian separatists militants many different words to refer to them but the Russians who were fighting in eastern Ukraine always used very specific terminology that was verbatim what the Russian state used to refer to these fighters so that would be brothers or separatists even though again these were you know armed rebels trying to separate from the elected Ukrainian government so now that you have a basis of understanding here let's take a step back and talk about this from the perspective of social engineering so Russian information operations can be seen as large-scale social engineering so in classic social engineering behavioral norms or social

norms are used to get some kind of personal gain you all know this I don't have to tell you this but in the case of Merson information operations what's actually being abused here the vector is societal norm and the goal is national game so let's take a look at how this works in practice so again another key thing to keep in mind is that Russian information operations never refutes facts or narratives instead they erode and subvert Western values so an example here transparency as a value is something that is pretty widely accepted in Western cultures and this transparency as a value was abused when WikiLeaks was used as a front to dump stolen information and push convenient

narratives that the Russian government wanted out there now backing up just a tiny bit I'm not sure if you can see the logo in those pictures of mr. Assange but that is the logo of Artie and I want to definitely highlight Artie since it is a really key player in this space so Artie used to be called Russia today until it went through a very clever rebranding and was intended to hide the fact that Russia owns and operates this outlet it's the international arm of Kremlin information operations now Russia Today or RT is it so cleverly calls itself abuses Western values of freedom of speech and freedom of press when it presents itself as a news source

and it also presents itself as an alternative to the Western media establishment so the other thing about RT is that there are many many channels here so there's an Arabic channel there's a French channel there's you know an outlet based in Washington DC all of these different channels are tailored to specific audiences based on reconnaissance much like any good social engineer would do so let's go into a specific case study of the annexation of Crimea to talk about again how this works in practice so while I was over there this whole crisis started I saw it unfold and this is really the first and best example of when Russian military operations and information operations were completely

integrated so what actually happened the invasion started when Russian soldiers without insignia on their uniforms infiltrated the peninsula of Crimea and took over key choke points so communications infrastructure government offices and military bases so at the same time Russia's information operations pushed the claim that these quote little green men or quote polite people were militiamen instead of the Russian soldiers that they were actually in fact now Russian forces were deliberately referred to in this way to make the situation seem less threatening and less urgent it also made it seem like it was support for a genuine self-determination or independence movement in Crimea when it was actually again an invasion by Russia so again from personal experience

the effects of Russian information operations are extremely extremely insidious so I was subjected to daily coverage on state news outlets that painted this whole crisis as a quote historic reunion or a quote return to Russia now this language was specifically crafted to appeal to common culture and common history between Ukraine and Russia Crimea the peninsula you see in the south there in dark red was a key destination for Soviet vacationers and also was home to a very important Soviet Navy port now I showed you I've included this map to show you again like how close geographically and also linguistically these invaded regions are to Russia so the dark red indicates that 75% or more of the population are

Russian natives their native Russian speakers now the other region in dark red is done yet sck and that's one of the that's one of the sources of the conflict in eastern Ukraine and then also the region to the north east is Lugansk and that's the other hotspot in that conflict so you can see again this these linguistic ties the geographical closeness definitely set up this entire operation so after the infiltration was complete Russian information operations trumpeted the overwhelming and falsified results of the Russian organized referendum in Crimea in that referendum supposedly 95% of those that voted favored reunification with Russia so the referendum was a direct subversion of democratic values as people who want who valued the ability

to determine that the nature of our own governments we're primed to think that we should respect this movement for self-determination for independence in reality the entire purpose of this referendum was to legitimize the seizure of territory and it really to a large extent worked even though there were egregious falsifications including turnout as high as 123 percent in some areas so how did I dig myself out of this thought trap actually sorry I have to go back so this whole narrative the subversion of Derek Radek values it actually worked on me I was tempted to think that Russia's claim to Crimea was legitimate through this narrative I bought it because I had I was not prepared for this

again overwhelming information operations and social engineering that abused the the value that I assigned to democratic rights so again how did I get out of this how did I you know snap out of it it's all about different ways of thinking so when you're immersed in a culture for long enough you develop a lot of different habits including mental ones so for me returning to my home spective was key and this happened when I found out about the Budapest memorandum in a respected Western newspaper I was reading an article much like what you see on the slide with a headline similar to Ukraine pleads for aid as Russia accused of invasion so when I said a little bit about the

Budapest memorandum so you understand why the snapped me out of it this is a 1994 treaty between the u.s. the UK Russia and Ukraine under this treaty Ukraine agreed to give up its nuclear arsenal that it had inherited from the USSR and in an exchange Russia was supposed to respect Ukraine's independence territorial integrity and sovereignty so once I understood this I realized that the information operations much like a good social engineer would do on a smaller scale had tricked me into not questioning the narratives I was consuming again by abusing the value I assigned to democratic rights and this led to my initial failure to recognize the narratives as a cover for breaking international law and as an effort to

undermine the international community's ability to respond so I've already hinted a little bit at this but I wanted to go through some of the targets of Russian social engineering of this type so the first set of targets are definitely foreign policy makers and leaders of Western states in the case of Crimea Russia obfuscated its real goal which was keeping Ukraine from leaving its sphere of influence Russia accomplished this by pushing the little green men narrative that I already talked about and this narrative made it difficult to respond quickly and effectively you can't really counter what you can't definitively identify after all so social engineering worked on policy makers in the early days of the crisis

it prevented meaningful action until after the fact this allowed for creation of new reality on the ground that has proven impossible to rollback the invasion has been accepted as de facto reality with very little consequence to Russia of course there are economic sanctions in place but the will to maintain those sanctions or make them strong enough to have a real effect has definitely waxed and waned another set of targets are mass groups of citizens and it's important to keep in mind here that no society is safe from this these techniques all societies have values and therefore those values can be vectors of abuse at the case of Crimea Russian info ops shaped Russian public opinion to be

overwhelmingly in support of the annexation my host mom was a great example of this she along with the vast majority of Russians bought into narratives designed specifically for domestic consumption he would say things like Crimea has always been Russian or Ukrainians and Russians are one people so this can seem like a really sort of benign call for unity but really what this is is an implication that Ukraine is somehow not a legitimate sovereign state and that's something that was actually actually literally a talking point on the Russian news that I've talked about the most prominent narrative again was this fascism talking point though and this triggers visceral memories of World War two for Russians very strong fears and also invokes a

moral cause of saving the russian-speaking brethren who don't have any they're not under any real threat in reality so this and other narratives abused Russians value of collectivism and convinced citizens to support the annexation that was actually against their best interests the annexation led to astronomical federal spending at a time when the economy was in decline and the federal revenues were also in decline so in this picture you can see this is a rally in support of the annexation it says move miss TIA which means we are together and again this abuses this value of collectivism of the group well-being as being above the individual so now that we have a better understanding of the problem I want to

go through some of the potential mitigation strategies particularly ones that have already been used in the past so there's an over-reliance on debunking or fact-checking but that's really not going to solve the problem in fact it ends up exposing more people to the false narrative and people are in general very reluctant to question their own beliefs especially ones that are deeply held like things political beliefs for example and it's also important to keep in mind that the russian government is really not playing on this level of the fact-checking they don't care about facts they don't care about right versus wrong or correct or incorrect it's all about trying to convince people that none of it matters

and to make people apathetic well and that's very convenient for them because apathetic people don't really question the information they're consuming so another common strategy putting out counter narratives is also problematic you can end up adding to the problem by becoming propaganda yourself and you definitely when you put out another narrative it doesn't really get rid of the original one in fact it just muddies the waters it makes it more people it makes it more difficult for people to distinguish what is real what is true and what is not and people again stop caring to make that distinction so there is no one easy silver bullet solution to this problem it's very complicated and very very massive

however this there there can be a way to go about this in a way that is multifaceted and community driven so since that a problem can be understood as large-scale social engineering this calls for drawing upon the information security community's practices in guarding against social engineering so in other words public awareness campaigns can go long way toward alleviating the problem and it's particularly important that members of the press are exposed to these public awareness campaigns so that they understand the problem they're dealing with in addition media outlets should consider new policies on how to deal with leaked information journalists and their editors and media outlets should practice data provenance questioning who provided the leaked information why did

they do it and is it ethical to publish the idea here is that journalists should question am i furthering some kind of nefarious narrative or agenda so from personal experience one thing that makes this much more difficult to have an effect on people is that when you are exposed to other cultures and perspectives it helps you break out of your own little echo chambers and it makes you less vulnerable so the information operations worked on me because I had been isolated from my own perspective for long enough and I didn't yet fully understand the Russian government's motives and perspective different people have different perspectives and understanding those points of view increases the likelihood of guarding against social engineering

spasibo za dream on you thanks for listening and before we get into questions I wanted to say a huge thank you to my mentor John Seymour who has been fantastic go follow him on Twitter and again one small caveat before we go into questions I'm not here to wade into partisan issues so if you want to talk politics let's take it outside or you can contact me on Twitter thank you

with your experience over in Russia did you have any exposure to essentially the history behind the Ukrainian pogroms of the 1920s and 30s where they killed 20 million Ukrainians and moved Russians in do you have any awareness if that's the area of genocide by famine the genocide by famine exactly yeah is that the area of the country that is affected by this that they imported native Russian speakers in to fill the gap that was basically left when they went ahead and starved 20 million people right that's a good question I'm afraid I don't know the exact answer to it yeah it would be interesting to know I suspect that there is at least partially a role in that

I do think also that a lot of it has to do with again shared Soviet history where I mean there's always been a lot of movement back and forth between those borders even to this day and especially of course when Ukraine was part of the Soviet Union right so I think a lot of it was just you know these are Russian workers that were brought in to I think in actually in many cases I know for a fact that Donetsk and Lugansk are industrialised regions again those are the two easternmost regions there so I think a lot of it has to do in fact with industrialization more than more than the famine but that's an interesting

question to look into and I'll try to do that so thank you

um was Khrushchev's uh giving of Crimea to the Ukraine in the 1950s talking point oh absolutely thank you for asking yes no that was that was all over all the time I mean you would not believe the repetitiveness of these programs it was the same talking points over and over again and it's again it's like this it's this overloading where you you just start to tune it out because you've heard it so many times and then you don't you don't question it anymore so how much okay how much was the past history of the German invasion invoked as a example of what happens if we don't do something now in terms of Russia cuz I noticed that there

is one slide where you there was the Nazi symbol on right yes thank you for pointing that out I should have talked more about that yes that that was definitely they weren't invoking fascism by mistake it was definitely again very much so tied to World War two and yes it was fears of invasion and fears of again just like repeating historical historical memory so this this picture here is a real photograph from Crimea just before the referendum happened you can see the translation on the screen there so it's I mean this referendum was conducted in such an unbelievably biased environment that even if there wasn't actual rigging it would have been extremely unlikely that people would

have actually voted what they really felt in reality I mean it's today in Russia is there's a similar problem where you know you can't get accurate public opinion information for the most part because well a lot of different reasons but one of the most prominent ones being that people do not they basically tell you what they think you want to hear instead of what they actually believe so I think there's a lot of of that context that went into the vote and does that does that answer your question okay I think we have time for one more question yep Meghan so just in hindsight if we could appreciate everything that was going to happen in Ukraine

how and at what point could say Ukraine or whoever else have intervened and how would they have done that that is a great question I'm afraid I don't have a perfect answer for you I think so one thing that happened was that the UN Security Council was very slow to act on this so on March 1st 2014 the Russian parliament actually voted to give Putin the authority to use military force in Ukraine and despite that like very clear signal that there was something very wrong going on you know the UN Security Council didn't attempt to pass a resolution on this until March 15th the day before this you know horribly rigged referendum so the Budapest memorandum

calls for in event of a violation you're supposed to seek immediate UN Security Council assistance which I guess basically means the UN Security Council needs to pass some kind of resolution and of course we can you know talk a lot about whether or not that type of institution is really that useful especially when Russia itself sits on the UN Security Council and undermines these votes so they did actually fail to pass a resolution on March 15th again because Russia vetoed it so it's you know it's very difficult to say limp there would be limited military operation options excuse me that would be effective in this case you know the Ukrainian military is underdeveloped in many ways so I'm sorry I just don't have

a satisfying answer for you but it was a lot of too little too late I think right exactly alright I think we're out of time but thank you everybody for coming and you can always ask questions from all of our speakers I'm fearless later [Applause]