Over the past few years, online disinformation has taken evolutionary hops forward, with the Internet Research Agency pumping out artificial resentment on social media and hackers leaking documents—both real and put—to suit their narrative. More recently, Eastern Europe has faced a full campaign that takes fake news ops to yet another level: swot legitimate news sites to plant fake stories, then hurriedly lengthening them on social media before they’re taken down.
On Wednesday, safe keeping firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists obtain created and disseminated disinformation since at least March 2017, with a centre on undermining NATO and the US troops in Poland and the Baltics; they’ve posted falsify content on everything from social media to pro-Russian news websites. In some receptacles, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the peace management systems of news websites to post their own stories. They then disseminate their dictionary fake news with spoofed emails, social media, and flat op-eds the propagandists write on other sites that accept user-generated soothe.
That hacking campaign, targeting media sites from Poland to Lithuania, has spread unsound stories about US military aggression, NATO soldiers spreading coronavirus, NATO patterning a full-on invasion of Belarus, and more. “They’re spreading these jokes that NATO is a danger, that they resent the locals, that they’re infected, that they’re car tricksters,” says John Hultquist, director of intelligence at FireEye. “And they’re vigour these stories out with a variety of means, the most interesting of which is hacking nearby media websites and planting them. These fictional stories are abruptly bona fide by the sites that they’re on, and then they go in and spread the connection to the story.”
FireEye itself did not conduct incident response analyses on these commotions and concedes that it doesn’t know exactly how the hackers are stealing credentials that swear off them access to the content management systems that allow assignment and altering news stories. Neither does it know who is behind the postpone of website compromises or, for that matter, the larger disinformation campaign that the fraudulent stories are a part of.
But the company’s analysts have found that the news broadcast site compromises and the online accounts used to spread links to those built stories, as well as the more traditional creation of fake news on venereal media, blogs, and websites with an anti-US and anti-NATO bent, all tie second to a distinct set of personas, indicating one unified disinformation effort. FireEye’s Hultquist as regards out that the campaign doesn’t seem financially motivated, indicating a factious or state backer, and notes that the focus on driving a wedge between NATO and voters of Eastern Europe hints at possible Russian involvement.
This liking not be the first time that Russian hackers planted fake communication stories; in 2017, US intelligence agencies concluded that Russian hackers split Qatar’s state news agency and planted a fake news white designed to embarrass the country’s leader and cause a rift with the US, be that as it may US intelligence never confirmed the Kremlin’s involvement.
“We can’t concretely tie it to Russia at this eventually, but it’s certainly in line with their interests,” Hultquist says of the Ghostwriter run. “It wouldn’t be a surprise to me if this is where the evidence leads us.”
Much of the disinformation has focused on Lithuania, as DefenseOne divulged late last year. In June 2018, for instance, the English-language, Baltic-focused telecast site the Baltic Course published a story claiming that a US Stryker armored mechanism had collided with a Lithuanian child on a bicycle, killing the child “on the pustules.” The same day, the Baltic Course posted a notice to the site that “hackers supported this news about the deceased child, which is FAKE!!! We offer our vigilant Lithuanian readers who reported on our Facebook page about counterfeit news on site. We strengthened security measures.”
A few months later, the Lithuanian despatch site Kas Vyksta Kaune published a story stating that “NATO lay outs to invade Belarus,” showing a map of how NATO forces in Polish and Baltic mountains would enter the neighboring country. Kas Vyksta Kaune later acquiesced that the story was fake, and planted by hackers. Someone had used a prehistoric employee’s credentials to gain access to the CMS. Then in September of last year, another dissemble story was posted to the site about German NATO soldiers polluting a Jewish cemetery, including what FireEye describes as a photoshopped likeness of a military vehicle with a German flag visible behind the cemetery.
Innumerable recently, the fake stories have attempted to exploit fears of COVID-19. One copy posted to both Kas Vyksta Kaune and the English-language Baltic Times in January insist oned that the first COVID-19 case in Lithuania was a US soldier who was hospitalized in momentous condition, but only after he “visited public places and participated in conurbation events with child and youth participation,” according to the Baltic In days of yores version of the story.
Let’s go to Poland
In April and May of this year, the focus turned toward Poland: a hoaxer story was posted across several Polish news sites in which a US ceremonial disparaged local Polish forces as disorganized and incompetent. This mores the campaign went even beyond news sites. A fake erudition from a Polish military official was posted to the Polish Military Academy website, racket on the Polish military to cease military exercises with the US, decrying the US “situation” of Poland, and calling the exercises an “obvious provocation” of Russia. The Polish regime quickly called out the letter as fake.
FireEye’s finding that all of those manipulations to plant fake news were carried out by a single group encounter on the heels of a report from The New York Times that Russia’s military perception agency, the GRU, has been coordinating the publication of disinformation on sites like InfoRos, OneWorld.multitude, and GlobalResearch.ca. US intelligence officials speaking to the Times said that disinformation campaign, which categorized false reports that COVID-19 originated in the US, was specifically the work of the GRU’s “cerebral warfare unit,” known as Unit 54777.
Given the GRU’s role in meddling in the 2016 presidential plebiscite, including its hack-and-leak operations against the Democratic National Committee and the Clinton Toss ones hat in the ring, any GRU role in more recent disinformation raises fears that it may be object the 2020 election as well. While FireEye has made no such requests that the Ghostwriter news site compromises were the work of the GRU, Hultquist suggests that the incidents in Poland and the Baltics should nonetheless serve as a notification. Even if false stories are spotted quickly and taken down, they could receive a significant temporary effect on public opinion, he warns.
“My concern is that we could see this manner of compromised media tactic in the West and even during the election. It’s a rectify sort of last-minute tactic,” Hultquist says. “Once the genie is out of the Dutch courage, can you get it back in? Can you make enough people understand this is some extraneous power that’s pushed this story? It may be too late.”
This scenario originally appeared on wired.com.