Summary: Citizen Lab researchers uncover major disinformation and cyber-espionage campaign

Toronto, 25 May 2017: SRT grantee Citizen Lab has released a report uncovering a major disinformation and cyber-espionage campaign with hundreds of targets in government, industry, military and civil society.

According to the report, titled Tainted Leaks: Disinformation and Phishing with a Russian Nexus, the campaign’s targets include a former Russian prime minister, ambassadors, CEOs, and officials from at least 39 countries, as well as the UN and NATO. The campaign is linked to the planting of disinformation within ‘leaks’ of stolen materials, a tactic in which real materials are seeded with carefully constructed fakes designed to achieve a propaganda end. Citizen Lab researchers refer to this tactic as ‘tainted leaks’.

The investigation began with a single targeted phishing operation against journalist David Satter. After successfully tricking Satter, the operators stole his personal information. The information later emerged, with falsehoods added, in a tainted leaks campaign on a Russia-linked website. The tainted leaks were designed to discredit prominent critics of the Russian government, like Alexei Navalny, by falsely indicating they received foreign funding.

In analysing the attack on Satter, Citizen Lab determined that it was part of a much larger campaign with at least 218 targets. Many of these were prominent officials from countries including the US, Ukraine, Austria, and Turkey, or members of civil society including academics, activists, journalists, and representatives of NGOs.

Citizen Lab does not conclusively link the campaign to a particular Russian government entity; however many elements overlap with groups previously identified as Russia-affiliated. This overlap includes operations associated with the successful breach in 2016 of the email account of John Podesta, the former chairman of the 2016 Hillary Clinton presidential campaign.

Adam Hulcoop, Research Fellow, at Citizen Lab, said , ‘The scope and range of the targets makes it clear that this was a large-scale operation, and would have needed to be supported by substantial analytical resources in order to process the stolen material.’

The report is available here.