The Dynamics of Russian Info-Ops, Foreign Counter-Ops, and US Policy Messaging
(Note: at various points throughout this analysis, I use the term “ecosystem” to refer to a largely self-sufficient intangible environment in which humans engage with one another, share, and consume information. In the below text, the term may be used interchangeably and often without predefined context either to refer to the broad overlapping global ecosystem of information-sharing, or to specific sub-systems which exist individually and interrelate within the overlapping system.)
Russian Info-Ops
The Russian Federation has approximated the same wartime info-ops strategy since 2008, and has refined, reinforced, and expanded this strategy continually since 2014.
In general, Russia runs a holistic information warfare campaign consisting of three core elements. Each element is emphasized or de-emphasized within the broader campaign contextually depending on a variety of factors.
These core elements are:
* (1.) Disinformation seeding
* (2.) Ecosystem infiltration
* (3.) Tangible cyber-warfare
Different analysts define these elements in slightly different ways, and some analysts may consider one as a subset of another, or vice versa. However, I’ve found this framework to be most effective for structural analysis.
Each element is critical , both independently and in cohort, to the function and maintenance of the broader campaign.
(1) Disinformation Seeding
This element is arguably the most common and most effective. It consists primarily of hijacking existent information ecosystems through a variety of passive means. Early on, beginning at scale in 2013, the GRU targeted a number of popular “alternative media outlets” and forums, including major sites like Reddit, as a specific pathway by which to passively disseminate certain talking points.
Many of these hijacked outlets reflect a broader ecosystem; for example, 21stCenturyWire captures the burgeoning conspiracy theorist market, ZeroHedge captures the US right wing/libertarian market, The Intercept captures the left wing market, and so on. By structuring their own media apparatus to fit this purpose, the Russian state achieved an outcome of constant, large-scale injection of specific talking points (disinformation) within these ecosystems. These talking points have ultimately reached a point of self-sufficiency within each ecosystem, summarily interrelating with other ecosystems (thus achieving truly passive spread) and reinforcing the implied validity of the original disinformation by ingraining it within the initial targeted ecosystem.
An example of this:
An article which was initially shared on Russia Today will be picked up by The Grayzone. The subsequent Grayzone article will be reblogged and its information continually decontextualized (similar to pixel degradation) on Facebook, Twitter, and other social media platforms by unwitting consumers. These social media posts will make their way to the Twitter feed of a prominent political official or operative, which will prompt coverage of the story on Fox News, which will prompt the story to be reshared by other officials on Twitter, and so on. At all stages, the original disinformation is continually reinforced in its legitimacy and its opaqueness. As the “call is coming from inside the house,” addressing the root source of disinformation is nearly impossible, and extricating the validity of information from the targeted demographic becomes exponentially more difficult.
Russian social media accounts play a critical role in this element of the campaign, ensuring both that information is readily disseminated to a wide audience, and that specific talking points are injected when necessary within the broader media ecosystem.
(2) Ecosystem Infiltration
This is arguably the most well-known of all elements, and Russian info-ops are often synonymous with the fabled troll farms of the Internet Research Agency and adjacent groups, which hijacked numerous online discussions after emerging on the scene in 2014 during the Russian invasion of Ukraine.
However, this is an outdated iteration of current efforts to this end, necessary only early on to ensure initial uptake of disinformation within each targeted ecosystem, in this sense interrelating with the first element of disinformation seeding.
In fact, Russia has largely shifted away from direct troll farms, although the IRA and potential adjacent actors still engage in this capacity to a limited extent. Moreso, this element of the campaign has evolved into what we saw during the 2016 US presidential election, whereupon units create specific Facebook pages or other astroturf fronts to disseminate information at scale within specific ecosystems. This is broadly proven to be much more effective in achieving tangible outcomes, and it can be employed evenly across all sides of the political spectrum.
This element also manifests in the establishment of media fronts by Russian state organs in certain target markets — including the creation of Ruptly in 2013 to target the short-form news video market (a la AJ Plus); the creation of In The NOW in 2016 to target the short-form entertainment video market (a la Now This or Nas Daily); and the creation of Redfish in 2017 to target the grassroots investigative journalism video market (a la VICE News). Franchising in this manner allows Russia the capacity to more effectively enact the first element of its campaign across the spectrum.
(3) Tangible Cyber-Warfare
This is arguably the most threatening element to institutional structure, and the most traditional mode of engagement within Russia’s holistic information warfare campaign. Thus, Tangible Cyber-Warfare has historically been the element towards which the US government and Western intelligence agencies have contributed most of their resources in combating.
Such activities are typically spearheaded by the GRU. They manifest in instances like the 2016 hack and subsequent release of Democratic National Committee (DNC) server documents, and most recently, in the targeted DDoS attacks on various Ukrainian government and enterprise service platforms. Cyber-warfare has historically been defined almost exclusively by these means, but as the 2016 DNC server hack showed, these efforts can only stand in concert with refined infiltration and dissemination efforts.
Counter-Ops
Western governments who seek to counter Russian info-ops tend to do so in a primarily reactive manner, and specifically by responding to Tangible Cyber-Warfare efforts. Although in some areas the US intelligence community has flexibly responded to these threats in a proactive manner, their response has been hindered by a systemic failure to address the other two elements of Russia’s info-ops effort, which serve as a pacemaker for Tangible Cyber-Warfare. Russia launches specific tangible actions at points in which the broader ecosystem is primed for such action, and subsequently disseminates its tangible outcomes through these means.
No Western government or intelligence agency has a reliable outfit dedicated to combating disinformation seeding or ecosystem infiltration. In many cases, as in the US, Russian efforts to this extent have outpaced a cohesive response, sowing discord and subsequently crippling any institutional capacity for response from the outset. Individual analysts are left to pick up the pieces, and much of the body of work on this particular subject has been compiled by independent analysts and intelligence researchers, rather than any particular agency. Lacking a unified structure, individual analysts can make only limited policy proposals and can take only limited action, largely in a theoretical capacity.
Individual analysts can similarly only approximate the extent of Western governments’ efforts in this field. Although intelligence agencies *are* likely to be running various counter-ops against this seeding and infiltration in secret, their existence can only be measured via secondary effects. As it stands, no party has managed to assert a meaningful counter to Russia’s information warfare campaign at large.
US Messaging
Recent shifts in messaging by the US government have signaled to some that meaningful counter-ops are finally taking form in an effort to challenge Russia’s disinformation seeding and ecosystem infiltration. Selective assertions of intelligence by the US State Department, the White House, and the Pentagon have been described variously by government officials as intentional drops. US officials signaled extensive interagency communication, including with the National Security Council, for the release of these drops, and US president Joe Biden has also repeatedly given the indication that the releases are intended as a policy of deterrence towards Russian intelligence efforts.
If this is the case, it clearly reflects an effort by intelligence agencies to combat non-tangible Russian cyber warfare through dissemination of intelligence through formal press offices and media outlets.
This method of dissemination by the US presents both benefits and drawbacks. It ensures that Russia is informed of the message, and ensures that the broader media ecosystem is primed to receive any subsequent Russian disinformation. In cases where US intelligence has pegged a piece of Russian disinformation to a future tangible action, it also allows the US to head off any specific pretext by Russia and prevent further escalation of conflict.
However, this method of dissemination also allows Russia the ability to hijack or co-opt various aspects of the US effort. By selectively releasing intelligence through public channels, the US government is seen as making official policy statements on the conflict, which are often interpreted as wishful thinking or intentional belligerence.
In any potential cases where US counter-ops have been successful in heading off Russian messaging, the success of the operation invalidates the statement itself, and the nonexistence of Russian actions described in the statement is taken as proof that no such actions were being planned to begin with. The US can’t reasonably do anything to address this effect, lest it burn its intelligence-gathering apparatus. This leaves US messaging in a freefall, which allows Russia to re-characterize these statements as belligerent or imperialistic, and thus gives Russia leverage to define specific rules of engagement moving forward, which leaves the US in a constant state of catch-up.
The structure of potential US counter-ops to this extent are promising, but have a long way to go before achieving a point of sustainability.
