#Snowman Series 3 – Data Laundering: The New Chemical Warfare
Updated with hyperlinks/broken links 27/11/2016
Our personal data is electronically stored on thousands of servers across the world. Our employment records, our personal lives, our medical histories, psychological profiles, political views, and our private communications.
When assembled together this forms what’s become known as a big data profile and, in reality, none of us can escape its existence.
Scientific research, including that by Michael Kosinski at Cambridge University, has shown that a big data profile can be used to develop targeted marketing or messaging, designed to drive a behavioural response in an individual. The technique is known as either psychographics or psychometrics and has become famous following its use by Cambridge Analytica in the Trump and Brexit campaigns.
Data is now the single biggest commodity in the world and can be used to drive electorates in almost every aspect of their decision making. The control of the data subsequently controls geopolitics and the world financial markets.
“Data is now the single most valuable commodity in the world”
Our data is also unsafe and being deliberately stolen.
The largest known hack to date was centred around international technology company Yahoo, with the data of 1.5 billion users stolen across its platforms. The company believed the attack was “state sponsored” and in March 2017 the FBI and US Department Of Justice announced charges against Russian individuals, including Russian Federal Security Service (FSB) agents Dmitry Dokuchaev and Igor Sushchin.
The indictment reads “The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”
It also highlights that “during the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers.”
In commenting, the US law enforcement community does not pull punches. “The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat.”
The illegal data trade is well documented across the world, with so-called "Data laundering" now defined as "obscuring, removing, or fabricating the provenance of illegally obtained data such that it may be used for lawful purposes".
Security experts are well aware of the huge scale of the problem. New Zealand based expert Andy Prow has previously said turning hacked data into a legitimate commercial asset is "the nature of a maturing industry". He highlights that hacked data is easily made to look legitimate and then sold on to often unsuspecting clients. "It doesn't raise too many warnings."
“Russian officials are actively involved in the theft of data.”
Hackers, traditionally, sell stolen data for Bitcoin payments.
In May 2016, one hacker offered the private data of 117 million Linked In users, including passwords, in exchange for 5 Bitcoin. In September 2016 a further 68 million account details, this time from Dropbox, were offered for sale for 2 Bitcoin. Both offers were made on the ‘dark web’ outlet The Real Deal.
Bitcoin are worth £1,040 each at the current exchange rate and their value has increased exponentially over the last five years, though there have been other electronic global currencies before its creation.
In 2006, Donald Trump’s advisor Steve Bannon was involved in a company called IGE who, via Goldman Sachs investments, spent $60 million dollars on a ‘gold farming’ enterprise within the online game World Of Warcraft. This involved harvesting virtual gold resources and selling it back to players. Eventually, IGE was confronted with a lawsuit, the gold trade came to an end, and Bannon went on to head up the right-wing news site Breitbart. He also sat on the board at Cambridge Analytica.
Bitcoin’s cryptographic, decentralised currency first appeared in 2007 and was developed by what is thought to be a collective of people operating under the pseudonym Satoshi Nakamoto. The patents for bitcoin and its encryption first appeared in 2008 and were registered by Neal Kin, Vladimir Oksman, and Charles Bry, though they have always denied being involved with Nakamoto.
Nakamoto disappeared from Bitcoin forums - and then altogether - in December 2010. This came after Wikileaks began to accept the currency for donations despite pleas from the Bitcoin founder for this not to happen. He wrote “I make this appeal to Wikileaks not to try to use bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.”
WikiLeaks went on to harness the use of Bitcoin and has also reportedly hidden messages in blockchain code associated with Bitcoin transactions.
Russia officially describes Bitcoin as “a virus” but this hasn’t deterred legitimate global investments elsewhere, with China investing hundreds of millions of dollars. What is clear is that the market is heavily masked, unregulated by conventional standards, and is used as the currency of data criminality.
In July 2016, British citizen George Cottrell was arrested on 21 charges including attempted extortion, money laundering and fraud. At the time, he was stepping off a plane at Chicago’s O’Hare airport with Nigel Farage.
They were on their way to Heathrow at the time of the arrest after attending the Republican party’s Convention in Cleveland, where they appeared on television, met with US senators, and engaged in discussions with aides to presidential candidate Donald Trump. Cottrell had been working for Mr Farage during the Brexit referendum and is the nephew of Lord Hesketh, a hereditary peer and former Conservative Party treasurer who defected to UKIP in 2011.
Cottrell had been offering money laundering services on the ‘dark web’ and met with undercover agents in Las Vegas, where he made arrangements for them to send him £15,500 before threatening to expose them to the authorities unless they transferred him £62,000 in Bitcoin.
“Russian military intelligence relayed material to WikiLeaks”
Following a ‘dump’ of CIA data on the WikiLeaks site in March 2017, analysts have begun to draw conclusions that Assange’s site is, in fact, a Russian interest.
Dr Andrew Foxall, director of the Russia Centre at the Henry Jackson Institute says “Wikileaks has secret Russian intelligence but hasn’t disclosed anything remotely sensitive about Russia. He [Assange] has taken a consistently pro-Russia stance.”
Though Assange denied the claims, speaking from the Ecuadorian Embassy in London, Foxall added “The documents contained 75,000 redactions. These were codes that would also affect Russia’s security, because some of the data was relatively fresh, it is unlikely it had been in the pipeline for a while. And Assange’s team is small. The logical conclusion is that the data was given already redacted. This was the work of a sophisticated team, and it fits entirely into a pattern of behaviour demonstrated by Russia in the past.”
In January 2017, the Office of the Director of National Intelligence confirmed there was a “high confidence that Russian military intelligence relayed material to WikiLeaks.”
Former UKIP Leader and instrumental Brexit politician Nigel Farage has documented close links to the Trump administration and in March 2017 personally thanked Steve Bannon for his help in making the trigger of Article 50 a reality. During the same period, the MEP was also seen visiting Ecuadorian embassy.
Though Farage said at the time of the embassy visit “I never discuss where I go or who I see,” leaked emails show that UKIP has been supporting Assange since 2011.
The Farage-led Europe of Freedom and Democracy group subsequently tabled a motion attacking "the possible abuse of the European Arrest Warrant for political purposes,” and on Russian Today a UKIP representative labelled extradition proceedings against Assange as “legalised kidnap.”
Farage also used his LBC radio show to broadcast a repeat Assange's denial of Russian involvement in the hacking of the Democratic National Committee and Democratic presidential nominee Hilary Clinton during the US election. In January 2017 Farage said “[Julian Assange] is absolutely clear that all the information he has got is not from Russian sources.”
In the same month as Farage’s Broadcast, senior officials in the CIA confirmed the leaked DNC material had been traced to Russian GRU officials and “handed off” to Assange via a “circuitous route” in an attempt to avoid detection of the original source. The US security service and congressional investigations are continuing.
By April 2017, with the French presidential elections underway, right-wing candidate Marine Le Pen had been to Moscow to visit Vladimir Putin and Assange had made a statement to Russian newspaper Izvestia that WikiLeaks would “throw oil on the fire of the French presidential election.” Le Pen was also interviewed by Farage.
After Le Pen successfully passed through the first round in the election race in April 2017, cyber security experts warned that her rival, centrist Emanuel Macron, has been targeted by the same hacking group involved in the US elections.
Trend Micro, a Japanese cyber security company, have stated there is evidence “APT 28”, a group of hackers linked by US security services to the GRU (Russia’s military intelligence agency), was directing resources to influence the French contest. The group initially masqueraded as ISIS during previous hacking activities.
The hackers are said to have been found setting up a number of phishing sites aimed at duping En Marche! members into attempting to log in, thus giving the group access to their email servers. This was the technique allegedly deployed against the Clinton campaign which led to the release of thousands of emails via Wikileaks. The Macron campaign insists it has not been compromised as yet.
Russian election hacking has also been deployed in the UK.
In 2015, the general election campaign was targeted by Russian hackers, who GCHQ believe were state-backed. Former minister Chris Bryant said in February 2017 “There is now clear evidence of Russian direct, corrupt involvement in elections in France, in Germany, in the United States of America, and I would argue also in this country.”
And, in April 2017, the Commons Public Administration and Constitutional Affairs Committee concluded foreign states had attempted to target the Brexit referendum. While the committee report focused on a denial of service attack on the "register to vote" site, it also made clear “The U.S. and U.K. understanding of 'cyber' is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.”
“a cognitive approach based on understanding of mass psychology and of how to exploit individuals”
While specific state data can be washed and released through back channels like Wikileaks, aiming to negatively impact individual candidate campaigns, and denial of service or phishing attacks can work crudely towards a similar aim, the exploitation aspect is central to big data’s inherent value.
Using big data, companies such as Cambridge Analytica often conduct what’s called an 'Ocean' personality assessment (normally used in psychology). The more expansive the data held the more intricate your individual profile can be and, with the ‘right’ data, it can then be targeted at people you know too.
A basic profile, as Michael Kosinski found in his research, can predict your behaviours just based on social media likes. An advanced profile, based on what websites you visit, what news you read, your job, your politics, your purchases, your medical records, would mean such a company knows you better than you know yourself.
This allows the people who pay for such services to target you at an individual level with news, information or social media posts which are tweaked to make sure they have the biggest psychological impact on you.
Fake news and alternative facts are a central part of this and will be covered as part of this series in more detail, though the Russian terms ‘pokazukha’, which means something like a staged stunt according the BBC college of journalism, and ‘zakazukha’, which refers to the widespread practice of planting puff pieces or hatchet jobs, are both terms which are relevant in the broader context of this investigation.
Using psychometric profiles, the simplistic creation of AI driven ‘bots’ on social media can push selected messages into more common public view – with the added bonus of the Social Media Echo Chamber ensuring the activity is only seen by the appropriate recipients. This kept much of the activity out of sight and is the core reason the authorities were so late in responding to the threat.
Giving evidence to the Senate Intelligence Committee in April 2017, former FBI Agent Clint Watts highlighted the reason the bots are so effective as a delivery mechanism “whenever you're trying to socially engineer them [voters] and convince them that the information is true, it's much more simple because you see somebody and they look exactly like you, even down to the pictures.”
AI was originally thought to be primarily a Twitter issue, but Facebook has now recognised that the creation of these bots (false accounts) has also infected their platform. They acknowledge how this impacted on both the US Presidential election and on the UK’s Brexit referendum.
Watts says the bot campaign comes via a "very diffuse network" which often competes with its own efforts “even amongst hackers, between different parts of Russian intelligence, and propagandists — all with general guidelines about what to pursue, but doing it at different times and paces and rhythms."
Facebook does, now, directly attribute the growth of its false accounts problem to ‘government’ interference. “We recognize that, in today’s information environment, social media plays a sizable role in facilitating communications – not only in times of civic events, such as elections, but in everyday expression,” they said in their latest security report. “In some circumstances, however, we recognize that the risk of malicious actors seeking to use Facebook to mislead people or otherwise promote inauthentic communications can be higher.”
In advance of France’s election campaign the company shut down around 30,000 suspicious accounts posting high volumes of material to large audiences, saying: “We have had to expand our security focus from traditional abusive behavior, such as account hacking, malware, spam and financial scams, to include more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people.”
“a computer virus for all intents and purposes, designed to attack humans rather than machines. The next generation of chemical warfare.”
What’s clear is that all of the strands of the hacking web interact to create a whole. A viral organism dependent on each of its elements to work effectively, mutate, and spread. We, people, are little more than the host keeping it alive; like any good virus, it relies on us.
This is a natural progression, a computer virus for all intents and purposes, engineered by a malicious enemy to attack humans rather than machines. The next generation of chemical warfare. And, so far, it has proven highly effective.
Big data provides the key to the delivery system and the route to infection. Hence the commodity value.
What is also clear is that the organism relies on the interactions of key figures across the world - ones who share a common goal. Among them are many who show some signs of having fallen to a much older, cold war technique: provokatsiya.
The full meaning of the term is often given as “taking control of your enemies in secret and encouraging them to do things that discredit them and help you. You plant your own agent provocateurs and flip legitimate activists, turning them to your side.” In some cases it can extend to creating extremists and terrorists where none exist, effectively creating a problem in order to solve it, and the Russian services have been known to deploy such tactics since the Tsarist period.
As with all classic money-laundering operations, the trick to successful data-laundering to these ends would be to establish a legitimate looking front. And it would make sense to deploy provokatsiya in this context to integrate the business as quietly as possible, this would be especially effective somewhere cash has been successfully cleaned for years.
In March it was revealed that $740 million of money from Russian criminal operations was laundered in the UK as part of a global scheme to clean up to $80 billion in illegal funds. One source, while discussing how the financial sector is so complex this could easily go unnoticed, said: “if you are on the back end you are kind of playing whack-a-mole, trying to pick this up.”
But this is no longer about following the money - finances are now secondary. The thing to follow is the most valuable commodity of all: the data itself…
*Due to human error and volume of background material from diverse sources, some links or attributions may be found to be missing at a later stage once contemporaneous news reporting period have ended. Any such issue will be corrected as soon as reasonably practicable.