Wednesday, September 4, 2024

Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere

 

Influence Operation Relied on Influencers, AI-Generated Content, Paid Social Media Advertisements, and Social Media Accounts to Drive Internet Traffic to Cybersquatted and Other Domains

The Justice Department today announced the ongoing seizure of 32 internet domains used in Russian government-directed foreign malign influence campaigns colloquially referred to as “Doppelganger,” in violation of U.S. money laundering and criminal trademark laws. As alleged in an unsealed affidavit, the Russian companies Social Design Agency (SDA), Structura National Technology (Structura), and ANO Dialog, operating under the direction and control of the Russian Presidential Administration, and in particular First Deputy Chief of Staff of the Presidential Executive Office Sergei Vladilenovich Kiriyenko, used these domains, among others, to covertly spread Russian government propaganda with the aim of reducing international support for Ukraine, bolstering pro-Russian policies and interests, and influencing voters in U.S. and foreign elections, including the U.S. 2024 Presidential Election.  

In conjunction with the domain seizures, the U.S. Treasury Department announced the designation of 10 individuals and two entities as part of a coordinated response to Russia’s malign influence efforts targeting the 2024 U.S. presidential election. This announcement follows the designation of actors involved in Doppelganger announced by the Treasury Department in March.

“The Justice Department is seizing 32 internet domains that the Russian government and Russian government-sponsored actors have used to engage in a covert campaign to interfere in and influence the outcome of our country’s elections,” said Attorney General Merrick B. Garland. “As alleged in our court filings, President Vladimir Putin’s inner circle, including Sergei Kiriyenko, directed Russian public relations companies to promote disinformation and state-sponsored narratives as part of a campaign to influence the 2024 U.S. Presidential Election. An internal planning document created by the Kremlin states that a goal of the campaign is to secure Russia’s preferred outcome in the election. The sites we are seizing today were filled with Russian government propaganda that had been created by the Kremlin to reduce international support for Ukraine, bolster pro-Russian policies and interests, and influence voters in the United States and other countries. Our actions today make clear that the Justice Department will be aggressive in countering and disrupting attempts by the Russian government, or any other malign actor, to interfere in our elections and undermine our democracy.”

“The Department’s seizure of 32 internet domains secretly deployed to spread foreign malign influence demonstrates once again that Russia remains a predominant foreign threat to our elections,” said Deputy Attorney General Lisa Monaco. “At Putin’s direction, Russian companies SDA, Structura, and ANO Dialog used cybersquatting, fabricated influencers, and fake profiles to covertly promote AI-generated false narratives on social media. Those narratives targeted specific American demographics and regions in a calculated effort to subvert our election. Our republic depends on elections that are free from foreign interference, and we will not rest in our efforts to expose foreign malign influence operations and protect our democracy, without fear or favor.”

“Today’s announcement exposes the scope of the Russian government’s influence operations and their reliance on cutting-edge AI to sow disinformation,” said FBI Director Christopher Wray. “Companies operating at the direction of the Russian government created websites to trick Americans into unwittingly consuming Russian propaganda.  By seizing these websites, the FBI is making clear to the world what they are, Russian attempts to interfere in our elections and influence our society.  The FBI will continue to work with our partners to expose and shutdown these covert influence campaigns.”

“This seizure illustrates vividly what the U.S. government and private sector partners have warned for months: the Russian government and its proxies are aggressively accelerating the Kremlin’s covert efforts to seed false stories and amplify disinformation directed at the American public,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “Today’s announcement reveals Russia is willing to impersonate our free and open press in its egregious schemes. This is our third disruption of Russian foreign malign influence operations in two months, and the Justice Department remains relentless in protecting Americans from such unacceptable conduct. To Russia, and any other government seeking to stoke discord in our society: know that we will spare no effort and use every available tool to disrupt and expose this malign activity and defend our democratic institutions.”

“Protecting our democratic processes from foreign malign influence is paramount to ensure enduring public trust,” said U.S. Attorney Jacqueline C. Romero for the Eastern District of Pennsylvania. “As America’s adversaries continue to spew propaganda and disinformation towards the American electorate, we’ll use every tool at our disposal to expose and dismantle their insidious foreign influence campaigns.”

The propaganda did not identify, and in fact purposefully obfuscated, the Russian government or its agents as the source of the content. The perpetrators extensively utilized “cybersquatted” domains, a method of registering a domain intended to mimic another person or company’s website (e.g.registering washingtonpost.pm to mimic washingtonpost.com), to publish Russian government messaging falsely presented as content from legitimate news media organizations. In other instances, the perpetrators sought to create their own unique media brands to promote Doppelganger content (e.g., Recent Reliable News). Among the methods Doppelganger used to drive viewership to the cybersquatted and unique media domains was the deployment of “influencers” worldwide, paid social media advertisements (in some cases created using artificial intelligence tools), and the creation of social media profiles posing as U.S. (or other non-Russian) citizens to post comments on social media platforms with links to the cybersquatted domains, all of which attempted to trick viewers into believing they were being directed to a legitimate news media outlet’s website.

Overview

The affidavit describes the perpetrators’ own internal strategy meeting notes, project proposals, and other records obtained during the course of the investigation. Several notable propaganda project proposals directed against the United States included:

  • Good Old USA Project: Attachments 8A, 8B
  • The Guerilla Media Campaign: Attachments 9A, 9B
  • U.S. Social Media Influencers Network Project: Attachments 10A, 10B

Doppelganger’s foreign malign influence efforts were not directed solely against audiences in the United States. Other targets of the perpetrators’ propaganda included Germany, Mexico, and Israel, among others. Doppelganger’s influence campaigns sought to influence the citizenry of those countries to support Russian government objectives, including by undermining the United States’ relationship with those countries.

Doppelganger’s use of the U.S.-based domain names at the direction and control of, and for the benefit of, sanctioned persons, including Sergei Vladilenovich Kiriyenko, SDA, and Structura, violates the International Emergency Economic Powers Act (IEEPA). As a result, the accompanying payments for Doppelganger’s online infrastructure violate federal money laundering laws. In addition, Doppelganger’s publication of content on cybersquatted domains with names and content that mimic legitimate media outlets violates federal criminal trademark laws because those domains feature trademarks registered on the Principal Register maintained by the U.S. Patent and Trademark Office.

The FBI Philadelphia Field Office is investigating the case.

The U.S. Attorney’s Office for the Eastern District of Pennsylvania, the National Security Division’s Counterintelligence and Export Control Section and National Security Cyber Section are prosecuting the case, with valuable assistance from the Criminal Division’s Computer Crime and Intellectual Property Section.

No comments:

Post a Comment