Russian Underground Sells Disinformation Services to Influence Western Media
Engaging threat actors to launch a disinformation campaign in the Western media is "alarmingly simple and inexpensive" according to a new report.
Using the Recorded Future platform, Insikt Group researchers set up a fake company located in a Western country to gain insight into the chilling world of disinformation. Researchers then hired two sophisticated disinformation vendors, which they found on a Russian-speaking underground forum, to influence public perception of the fictitious company.
The first vendor, given the code name Raskolnikov in the report (presumably as a nod to Dostoevsky's protagonist in Crime and Punishment), was engaged to paint a positive picture of the company. The second vendor, code-named Doctor Zhivago, was hired to destroy the reputation of the company, which was code-named Tyrell Corporation in the report.
Researchers were able to launch a customizable month-long media campaign with each vendor for only a few thousand dollars. Services ranged from $8 for a social media post to $1,500 for SEO services and traditional media articles.
Raskolnikov created accounts for Tyrell Corporation on major Western social media platforms and gathered over 100 followers on each account. They offered a price list for sharing content on 45 websites, including ft.com, thelondoneconomic.com, eveningexpress.co.uk, and thefintechtimes.com.
Insikt Group researchers said: "In two weeks, the Tyrell Corporation was in the 'news'—one of the media sources was a less established media outlet, though the other was a very reputable source that had published a newspaper for nearly a century."
Doctor Zhivago claimed to work with a team that included journalists, editors, translators, search engine optimization (SEO) specialists, and hackers. The threat actor used social media to spread claims that Tyrell Corporation had manipulated employees, and even offered to file a complaint against the company for its supposed involvement in human trafficking.
Researchers said: "First, a group of older accounts—referred to as 'aged accounts'— that posted links to the articles they had published in media sources was employed. Then, a new batch of accounts that reposted content from the aforementioned aged accounts to amplify the messages was used.
"These new accounts befriended citizens living in the same country the Tyrell Corporation was located in to make the campaign more effective by targeting the audience."
Commenting on the research, Roman Sannikov, head of analyst services at Recorded Future, told Infosecurity Magazine: "We were surprised by how professional the vendors seemed to be. They provided much better customer service than your typical underground threat actor. They were there to provide us with advice on how we should carry out the campaigns and were very responsive to our questions and requests."
Asked how the research has shaped his view of the world, Sannikov said: "I think we already suspected that this was going on, though the fact that these threat actors were able to carry out the campaigns so quickly, inexpensively, and effectively in the West was certainly jarring.
"It underscores how important this issue is, not only when it comes to the public sector, but for private companies and individuals as well. We hope that our research will open people's eyes to this problem before it becomes pervasive outside of the vendors' traditional markets of Russian-speaking countries and Eastern Europe."
Source: Information Security Magazine