On the frontlines of World Cyber War 1, part 1: why Russia produced a fake version of a real plan to attack Ukraine
More details have emerged of the Russian “invasion plan”, for Ukraine’s Zaporizhia province, Operation Troy, which I covered for byline on 14 March 2018. It has been established that the document is a fake which misrepresents a genuine Russian plan.
The fake plan was part of a cache of documents sent to Ukrainian journalist Mikhail Golub in early 2018. The individuals who sent the documents described to themselves as “a group of hackers from different countries” and used the name “Cybershoock”. They claimed to have failed in an attempt to extort money from Russia for the return of the documents. The files they sent to Mikhail Golub were supposedly a sample of a much larger cache of materials. They demanded one bitcoin, the equivalent of $9000 USD, by 2 March for the remaining files.
However, as I reported on 14 March, there were grounds for suspecting the authenticity of the documents. Aric Toler of Bellingcat noted that the files had been stripped of their metadata. Christo Grozev , an analyst specialising in Russian propaganda stated that "this is not the proper way to dump hacked data... the documents cannot be correlated to other documents/events , as would be the case in a full driver, folder or mailbox dump." The sole “proof” of their authenticity was an animated avi file purporting to depict a reply to Cybershoock's e mailed demand for cash from the Russian security services (FSB) press department.
The materials were subsequently analysed by Sean Brian Townsend, a spokesperson for the Ukrainian Cyber Alliance (UCA). He noted that the plan produced by “Cybershoock” “contains several inconsistencies. However there is another ‘Troy’ plan which was hacked by the UCA and published by InformNapalm on 22 November 2017." The original Operation Troy was contained in an e mail account managed by Inal Ardzinba, deputy to Russian presidential Vladislav Surkov. It formed part of the “Surkov Leaks”, which consists of three tranches of e mails and files linked to Surkov. The plan was drafted by Volodymyr Novikov, a terrorist linked to the Russian intelligence curated “Donetsk People’s Republic”. While it was aimed at seizing power in Zaporizhia its emphasis was on destabilisation rather than invasion.
Townsend dismisses the idea that the purpose of releasing the documents was simply to make money, noting that “someone really wanted to make this information public." The documents had also been published by a twitter account created in March 2018 and linked to fake e mail addresses supposedly belonging to InformNapalm and the #SurkovLeaks campaign. He believes that the bogus hackers hoped people would “write to these addresses in the belief they were operated by the two Ukrainian organisations. Equally they might treat documents from these phoney accounts as genuine.” It’s hard to disagree with his view that ultimately Russia was behind this elaborate fake. But why?
The bogus documents would, if given credibility, allow Russia to release cleverly misleading fakes and maintain the confusion surrounding its real plans. The production of the bogus “Operation Troy” precedes a report for the Royal United Services Institute on the genuine document, which will be published in May 2018. The authors of the analysis of the genuine “Operation Troy” and associated materials from the Surkov Leaks are Alya Shandra, of Euromaidan Press, and British MP Bob Seely. Their report is a crucial step in making the United Kingdom and the west aware of how hybrid war techniques tested against Ukraine are deployed elsewhere. Russia has always argued that the Surkov Leaks are fake. Their stance is contradicted by the documents themselves which contain ample evidence of their authenticity and are widely accepted as genuine.
The publication and exposure of a phoney “Operation Troy” would distract from the RUSI analysis of the genuine files. It would allow their assets in the west to argue that claims of Russian subversion of democracy were bogus. It would help them to continue subverting the west without facing any adequate counter measures. “Operation Troy” was a kind of Trojan horse aimed at undermining Ukraine’s largely volunteer cyber forces and analysts while maintaining the confusion surrounding Putin's real plans. That is in itself proof of Ukraine’s success in countering Russia. The west needs to learn from organisations such as Euromaidan Press, the Ukrainian Cyber Alliance, and InformNapalm. Simultaneously it must recognise that the kind of subversive techniques deployed against Ukraine are, as I argued in 2014, already being implemented against western society. Putin’s cultivation of the extreme right is now well understood. However his facilitators and collaborators span the entirety of the spectrum. There is a Putin friendly politician for every shade of public opinion. In the words of the Al Stewart song “My Enemies have Sweet Voices….”