The Army’s specialist force dedicated to “unconventional warfare” has signed an £8m-plus deal to provide new data sources to support its operations.
According to newly published procurement dcoument, the 6th (UK) Division’s mandate requires it to “monitor and assess the information environment” in which it operates; the unit “orchestrates intelligence, information and partner operations and conducts cyber and electronic warfare activities”.
Its assessment of information sources is “currently achieved through the monitoring of limited data sources provided through OSINT (open source intelligence) collection tools… and other parts of the intelligence community”.
“Through operational experience it has become clear that, in many cases, OSINT sources do not provide great enough fidelity, timeliness or accuracy that commercially procurable data sources could,” the division said.
The contract, signed with Danish IT firm Netcompany, is intended to fulfil “an immediate requirement to rapidly procure operationally important data sets utilising a commercial partner with significant experience and exposure to the commercial data market for use on military data exploitation platforms”.
The deal comes into effect on 1 November and lasts for an initial period of 12 months, plus two potential one-year extensions.
Related content
During the first year, a confirmed £688,969 will be spent via the deal; if the contract is extended to its full term, further sums of £112,074 and £100,574 will be spent.
The vast majority of the potential worth of the deal – some £7.5m – is not guaranteed upfront, but may be spent on an ad hoc basis.
According to the contract, which was awarded via the G-Cloud 12 framework, the services to be provided by Netcompany include: “data governance and strategy; data architecture; data fabric, data lake, and data warehouse management; business Intelligence, analytics and visualisation management; data science, machine learning and artificial intelligence management; data security management; data quality; big data management; data ops management”.
Requirements to be supported by the IT firm include an initial scoping and feasibility assessment, followed by development and testing of a data-hosting environment. Data sets will be procured “on a case-by-case basis” and should be provided to the Army division within one week. Netcompany will then be expected to provide “data science and academic support” to military personnel using the information.
Work will largely take place remotely, but installation services may be required on-site at Army facilities in Corsham, Hermitage, Andover, Farnborough, and Wyton.
According to the Army, the 6th (UK) Division “prepares and generates forces assured for Army Special Operations and unconventional warfare”.
It added: “[The division] brings together a number of specialists with the skills required to help develop and deliver operations at home and abroad. It provides the British Army’s asymmetric edge.”
Sometimes when we talk about cybersecurity, it can feel a little intangible, with theory tending to dominate what we read about it. Therefore, learning from real-life instances can often be the best education. Thus, the security operations center (SOC) team of analysts at AT&T Cybersecurity makes it a priority to share certain security incidents for the greater cybersecurity community to learn from. The following story is an actual security incident uncovered by AT&T Cybersecurity SOC analysts. It is part of a larger series that aims to provide insight from the frontline of cybersecurity, including what triggered alarms for indicators of compromise, the investigation process, the APT actors behind the attack and the responses and defense tactics to remediate the threat.
Welcome to Tales from the SOC.
This second story focuses on an Office 365 threat discovered by the AT&T Cybersecurity Managed Threat Detection and Response SOC analyst team. This is a threat that many other organizations may experience. The team was alerted to several alarms after a customer’s user attempted to send an excessive number of emails, resulting in these emails being blocked within Microsoft Office 365. However, upon further inspection, there was more to the incident than meets the untrained eye… it turned out to be an account compromise and credential abuse attack.
Initially, when analyzing the user’s login behavior, the team discovered abnormal activity as the individual was using foreign IPs outside the user’s typical location when logging in. At this stage, the incident was contained, and the team initiated an investigation into all the activities and systems accessed by this user while engaging with the customer and remediating the compromise before the threat escalated.
In total, three alarms were raised, and these were triggered by three further security incidents: credential abuse, anomalous user behavior and security policy violation from Office 365 activity.
For organizations of any size, credential abuse and compromised user accounts are dangerous threats as they could have a wide and negative impact. Hackers will typically use the credential abuse attack method to gain access to other critical assets within an organization’s architecture and exploit its subsidiaries and partners. Additionally, when criminals compromise an account, it can be leveraged to either exfiltrate data or continue infiltrating other systems.
Hackers will also look to exploit the internal email accounts of legitimate organizations to distribute phishing emails to acquire more information and accounts to steal. Threat actors have even been known to set up inbox rules to have sensitive emails forwarded to accounts owned by the hackers externally.
“Threat actors have even been known to set up inbox rules to have sensitive emails forwarded to accounts owned by the hackers externally”
Dissecting the Triggers for the Three Alarms
Alarm 1 – Credential Abuse:
Upon further investigation, the credential abuse alarm was raised after 12 instances of successful login attempts made from a foreign country and the United States, all within 24 hours. This was unusual as previously, the user had never tried to log in from anywhere else except the United States.
Open-source intelligence (OSINT) tools were then utilized to better understand the foreign IPs, and it was revealed that the IPs belonged to a foreign telecommunications company that had been previously blacklisted. Tools like OSINT are vital during investigations as they can help ascertain ownership, location, history of abuse and malicious activity surrounding an IP address or domain.
Alarm 2 – Anomalous User Behaviour:
The anomalous user behavior alarm was raised because an excessive number of outbound emails were generated in Outlook 365. In fact, the logs showed 53 outbound emails had been sent in the 24-hour period from the foreign IP address – this was a 1000% increase for this individual.
At this point, the intrusion prevention system (IPS) came into action and put on restrictions to prevent the user from sending emails. The systems also sent another alarm on the network to request a review of this suspicious activity. Having IPS is critical, especially in this scenario, as it stopped the possibility of data being exfiltrated from the compromised email account.
Alarm 3 – Security Policy Violation:
The final alarm sounded was the security policy violation which warned that there was potential Office 365 abuse and email restriction due to irregular login activity by the user. Due to the odd login location, the number of login successes and failures, and the resulting email activity from the IP addresses, the system escalated the threat, which notified the security team.
Scanning for Further Compromise
As with any cyber-attack, system scanning needs to be conducted to ensure no further compromise of systems. The AT&T Managed Threat Detection and Response analyst team increased all search ranges to cover a 30-day timespan to detect any other suspicious activity. Thankfully, the searches and extended log activities did not uncover any further signs of compromise.
Once the investigations were complete and the information correlated, the customer was contacted to inform them of the findings in accordance with their incident response plan (IRP). Once the facts were explained, the customer contained the threat by isolating the affected assets and revoking the user’s account credentials.
Fortunately, the customer had some important and necessary security tools in place that helped to identify this Office 365 compromise before it impacted the entire system. Organizations are also advised to deploy multi-factor authentication (MFA) and geofencing to reduce the threat. Furthermore, security best practices pertaining to password and account usage should be followed, including using different passwords for accounts and refraining from using work emails for non-work purposes or accounts.
Most people have heard of open source these days – after all, it has conquered every aspect of computing, with the possible exception of the desktop. But Open Source Intelligence (OSINT) may be less familiar. It was brought to prominence by the Bellingcat group, which describes itself as “an independent international collective of researchers, investigators and citizen journalists using open source and social media investigation to probe a variety of subjects – from Mexican drug lords and crimes against humanity, to tracking the use of chemical weapons and conflicts worldwide.” Its name comes from the fable about a group of mice afraid of a fierce cat, which put a bell around its neck to warn them of its arrival. According to the founder of Bellingcat, Eliot Higgins, “We’re teaching people how to bell the cat.” Here’s how Bellingcat carries out its OSINT investigations:
As smartphone technology has become more available, people are recording and sharing every aspect of their lives. They give away a huge amount of information, everything from their day-to-day activities to war crimes and some of the most horrific acts you can imagine. Some of that is done on purpose, and sometimes it’s just accidental or incidental. But because that’s all online, it’s all information that we can use to piece together what happened around a wide variety of events.
Using this publicly-available information, Bellingcat have helped understand who shot down the MH17 passenger plane, and who poisoned the MI6 double agent Sergei Skripal and his daughter. Those are obviously valuable contributions to public understanding of important events. But there is a darker side to the use of OSINT tools. After all, it is not just bad actors who post huge amounts of personal information online: we all do. This means that potentially anyone with the right software can piece together this digital jigsaw puzzle to discover much about our daily lives.
The Intercept has an important article about two such tools, Kaseware and SocialNet, and the use of them by the Michigan State Police. Kaseware is a case management platform designed for law enforcement agencies. It allows surveillance data to be monitored, mapped and analyzed using a variety of tools. The platform typically holds zip codes, addresses, GPS coordinates, geotags, and satellite imagery, as well as a wide range of socio-economic data. It also allows the use of more specialized tools like SocialNet from the company ShadowDragon. SocialNet pulls in data from a large collection of public social media networks, Web sites, RSS feeds, data dumps and dark Web locations – over 120 according to The Intercept article. The basic idea of the software is summed up well as:
Bad Guys share too much information online. Use it against them.
Like most of us, criminals enjoy the benefits of online activities and social networking. SocialNet captures these digital tracks, maps against their aliases, and explores their connections in near real time to expedite your investigations and threat analysis.
There’s an interesting blog post by the founder of ShadowDragon, Daniel Clemens, in which he runs through a basic link analysis, and shows how it can be used in investigations. As he puts it, it enables “the story of complex relationships to be told with a picture, which can make trends and connections more obvious.” The analysis is not that sophisticated – it is simply finding connections between data held in many disparate sources. Its power derives from the size and number of those databases, and the computing power brought to bear on finding links. That is, the success of this automated OSINT analysis – as opposed to the human kind conducted by Bellingcat – is largely a function of Moore’s Law. This allows unprecedented amounts of data to be ingested and digested to produce useful information.
It’s not a new idea. It’s precisely what Edward Snowden revealed the NSA and its UK equivalent, GCHQ, have been doing for years. The full Internet flows across international cables were collected and then analyzed. There are even older precedents for this approach to surveillance. Back in 2003, the US Information Awareness Office operated a system called “Total Information Awareness“. It was designed to correlate information in order to spot and prevent terrorist incidents before they happened. It was defunded in late 2003, because of fears that it might be used to carry out large-scale surveillance of US citizens.
Since the tools are relatively straightforward conceptually, it seems likely that foreign governments have created similar systems, kept secret for obvious reasons. But these are not the only threat to privacy today. The new commercial versions like SocialNet mean that anyone anywhere that uses the Internet can be investigated by trawling through the even-larger quantities of OSINT that are available today. Compared to the older systems, or those created by foreign governments, the costs are relatively moderate, and no special equipment is needed. The real problem is not that these services exist, but that we all leave such revealing data trails as we use the Internet. Avoiding that would require a massive re-design of the online world – something that seems an unlikely prospect. Until then, the best we can do is to be more circumspect in our use of these services that provide such rich raw material for OSINT analysis.
WASHINGTON — Using a little known contracting method, the National Geospatial-Intelligence Agency is now able to test out the commercial capabilities it’s interested in before it buys them.
NGA Head of Commercial GEOINT Dave Gauthier says the use of bailment agreements is helping the service get access to commercial solutions and integrate them with existing systems and processes faster. Bailment agreements are a contracting tool that essentially allows the agency to purchase commercial services for a brief period of time, test them out, and provide feedback to the provider.
Bailment agreements can be set up in less than two to three weeks using standard language, and the contracts usually only run for about two months, but can run as long as a year. When the agreement ends, NGA can either pursue a long-term contract with the company or go in a different direction.
“I think it’s a tool that’s been available, and has been, I would say, rarely used in the history of working with commercial industry. And you know in 2018, one of our ambitious action officers basically said, ‘Why don’t we start trying to use bailment agreements to get access to some of these commercial solutions quicker, and help us do evaluations to see if they’re able to meet our mission needs?’ And so we gave it a shot,” said Gauthier.
The agency’s use of bailment agreements has picked up quickly. Starting with just three in 2019, the agency issued another five in 2020 and is set to issue 20 by the end of this year.
And the new “try before you buy” approach is already bringing new commercial services online for the agency.
On Sept. 15, NGA announced it had issued Geospark Analytics a contract for its artificial intelligence solution, which uses machine learning to process open source intelligence — news reports, social media, economic data, weather and more — to provide real-time insights and threat forecasts. But before it issued the company a contract, it tested out the new capabilities with a bailment agreement. Assessing the AI tool against a variety of the NGA’s mission areas, the agency found it could provide significant value.
And in another case, NGA was able to leverage a study contract issued by the National Reconnaissance Office to test out a new product. Using a 2019 study contract with Hawkeye 360 on the company’s commercial radio frequency data service — which uses satellites to locate and identify RF emissions all over the world — NGA was able to launch the RF GEOINT Pilot program to test out the newly available data on a trial basis. That pilot program led to an official request for proposals for commercial RF capabilities, and on Sept. 30 Hawkeye 360 announced it had won a contract from NGA.
In addition to pilot programs and bailment agreements, NGA has followed in the footsteps of other agencies and DoD organizations in adopting the use of Other Transaction Authority agreements to fuel rapid prototyping. That effort has helped the agency find new partners and solutions, such as turning to a company with expertise in check scanning to save and digitize its massive, deteriorating film collection.
The agency can use bailment agreements for any kind of service or data industry wants to provide, including emerging commercial capabilities such as space-based synthetic aperture or analytics.
Bailment agreements have also helped the agency get used to adopting commercial solutions on a cultural level, something that’s been difficult for an agency used to having a monopoly on satellite imagery analysis. Gauthier said he’s found letting NGA analysts test and work with commercial products in a limited environment increases their willingness to adopt those products later on.
Gauthier said he hopes NGA’s success with bailment agreements leads to conversations with its intelligence agency and Department of Defense partners, encouraging more of them to use “try before you buy” approaches.
“We’re trying to inform each other what it was used for, whether it had good mission utility, whether we have good customer feedback. We’re all trying to learn as best we can from each other, as we engage the commercial market,” said Gauthier.
Nathan Strout covers space, unmanned and intelligence systems for C4ISRNET.
Geospatial intelligence (GEOINT) is a broad field that encompasses the intersection of geospatial data with social, political, environmental and numerous other factors. The Intelligence Community defines geospatial intelligence as “the use and analysis of geospatial information to assess geographically referenced activities on Earth.”
Geospatial intelligence (GEOINT) has played a pivotal role in military operations and in the broader context of human security for decades. From providing critical intelligence in resolving the Cuban Missile Crisis in 1962 to helping the U.S. facilitate the negotiations that ended the Bosnian War in 1992, GIS military applications have been crucial in ending conflicts that might have otherwise continued for decades longer.
One of the most fascinating aspects of GEOINT, however, is how it has evolved over time and taken advantage of new technologies. In addition to examining what geospatial intelligence is, we wanted to look at GEOINT through a modern lens and examine how governments and other organizations use GIS for GEOINT applications today, as well as some of the developments that have made helped GEOINT evolve, including:
4 Uses of Geospatial Intelligence
The role of machine learning and GEOINT in disaster response
The Next Generation of GIS Intelligence Applications
One of the most significant trends in geospatial intelligence is the shift in creation and ownership of data. As the United States Geospatial Intelligence Foundation noted, new data sources like OpenStreetMap and geotagged social media pictures can be leveraged for vital intelligence. However, the availability and open nature of these platforms also presents challenges for the GEOINT community, which must rely on data it no longer has full ownership and control over.
1. Machine Learning and GEOINT: Managing the Chaos of Natural Disasters
While it may sometimes seem like the entire world is documented, catalogued and analyzed, there are still many permanent and semi-permanent structures that remain unmapped. One of the main barriers to collecting geospatial data has been the manual and time-intensive work involved; this is especially problematic for instances where landscapes and structures change dramatically (i.e. after a natural disaster).
Geospatial intelligence software, augmented with machine learning, could help to map changes in terrain and structures, making disaster response projects more efficient and more effective. Several organizations are looking toward algorithms to help create more timely and accurate maps. One example is the SpaceNet “Road Detection and Routing Challenge,” a $50,000 competition to develop an automated method for extracting information about road networks. Crowdsourced data proved to be an invaluable resource in the response to Hurricane Maria in Puerto Rico, but the successful implementation of machine learning could yield faster and more accurate maps to help emergency personnel find people in need or identify the best routes for delivering supplies.
2. Open Geospatial Data Platforms Helping Fight World Hunger
One of the core challenges in hunger worldwide is the fact that scarcity situations have usually already become dire by the time humanitarian efforts can begin. This is just one of the major challenges that DARPA is hoping to solve through a $7.2 million project awarded to Descartes Labs. The company hopes to create a vast geospatial data repository, leveraging sensors, satellite imagery and data from 75 different partners.
In 2017, the company hosted a hackathon, giving developers the goal of addressing food security issues. The resulting projects included:
A platform to help farmers share information that would help regions protect crop yields and prevent scarcity
The development of a food security risk index
A fish distribution system for optimizing delivery to regions affected by drought
Beyond the direct impact of reducing suffering from food shortages, the company suggests that addressing scarcity before it becomes a dire problem could help to avoid conflicts over resources.
3. Interoperability Drives the future of Joint GEOINT Operations
The U.S. military has been a long-standing user of GIS intelligence to resolve conflicts, protect troops, assess risks and gain information about enemy operations. While not a new trend, the military has addressed new challenges.
One of the most important shifts in the way the military uses geospatial intelligence was the adoption of the object-based production framework. This philosophy focuses GEOINT around assembling data together around specific issues, rather than tasking analysts with collecting information from many different sources. This way, analysts spend more time developing intelligence and insights rather than with data management.
This approach is especially valuable in multinational joint operations, where data and GIS applications must be interoperable to ensure all stakeholders have access to mission-critical information.
4. Geospatial Data Stewardship as a Critical Factor in Improving Crisis Mapping
Although the visualizations and analyses provided to emergency responders have drastically improved our ability to respond to events likes hurricanes and other natural disasters, it is just one factor in how GEOINT has evolved. During the response to Hurricane Maria, for example, geospatial data was plentiful but disparate and difficult to use. This led to problems like duplicate deliveries and deliveries that were scheduled, but never made.
One of the developments to arise out of problems like these has been a rise in self-service geospatial intelligence products. For example, FEMA’s GeoPlatform Disasters Portal provides curated geospatial information and datasets from numerous other apps and sources, providing a key data stewardship role. This effectively gives first responders and GEOINT teams a running start in responding to natural disasters.
One of the core themes in all the above GEOINT uses is the vast volume of data. As we look toward the future, the ability to manage data at large volumes will continue to be a key theme. However, it’s important to note that the GEOINT industry will require expertise both in the analysis and in the preparation of that data. As Trajectory Magazine noted, data stewardship is often seen as a peripheral function, but it is critical in today’s GEOINT world, where the number of data sources and variety of data types will grow exponentially.
About USC’s Online Graduate Geospatial Intelligence Programs
USC’s GEOINT graduate programs have been designed to prepare students for the challenges and the future of the discipline. As a result, our students will gain a foundation in leveraging spatial thinking to solve geospatial intelligence problems as well as practical knowledge for assessing data quality, analyzing many different types of data and presenting intelligence reports. Learn more about our geospatial intelligence programs by clicking below.
Fill out the information below to learn more about the University of Southern California’s online GIS Graduate Programs and download a free brochure. If you have any additional questions, please call 877-650-9054 to speak to an enrollment advisor.
* All Fields are Required. Your Privacy is Protected.
The University of Southern California respects your right to privacy. By submitting this form, you consent to receive emails and calls from a representative of the University of Southern California, which may include the use of automated technology. Consent is needed to contact you, but is not a requirement to register or enroll.
It’s one thing encountering fakes and disinformation online, it’s quite another when someone fabricates a fake that strives to destroy your own life and career. In the former case you might give the source, however obscure, the benefit of doubt. But in the latter case you immediately know what you are facing.
This is what has just happened to me – a journalist with 20-year experience of covering Russian and Ukrainian politics for major Western media, originally from Russia, but currently based in Latvia.
The Ukrainian infowar outfit Informnapalm released a hit piece suggesting that I am a Russian intelligence asset. In a long-winded piece, the anonymous authors look for signs of my “recruitment” by going through biographical data and mixing it up with wild conjectures and insinuations.
Much more disturbingly, they share personal data, which endangers my immediate family in Moscow, old and vulnerable people. It also poses risks for random people, whose address was doxxed in the piece because it used to be mine.
On the day before Informnapalm’s piece was published, in ten European languages, Google warned me that a government agency was trying to hack my account. Eerily, in the preamble to the piece, the authors brag about the group’s success in hacking emails of various Russian officials. Later, I also received an unusual security warning from Facebook.
Even so, it all may seem like a personal matter unworthy of public exposure, but the story is not really about myself. It pertains to a big political intrigue unfolding in Ukraine as we speak. It also highlights the malign influence of the radical far right on East European politics. Finally, it illustrates the dubious role played by organisations, which claim to counter Kremlin misinformation and propaganda, but in reality disseminate their own. This is why I believe it’s worth unpacking.
Informnapalm’s article is largely based on short bios that appeared under my articles in Western media over many years. Perhaps unbeknownst to its anonymous authors, who describe themselves as OSINT (open-source intelligence) experts, all of these were penned by myself. Yeah guys, you are working with material fed to you by the *enemy*.
Then come the conjectures. I studied English language at the Moscow State University in the early 1990s – a sure sign that I was recruited. I worked in the travel business (sold Interrail tickets and Lonely Planet guides) – that, too. Finally, I was employed by the BBC and spent 12 years working for this media organisation. Bingo! Tinker, tailor, soldier, spy.
Debunking all of it would make for a tiresome read, but here is one of numerous examples of pure disinformation contained in the piece. The authors suggest that a frequently circulated photo of my arrest during the clampdown on anti-Putin protest on May 6, 2012 in Moscow is a fake. The authors probably don’t realise how many people saw it happen.
It was British journalist Howard Amos who took this picture (I didn’t know him before that incident). The person I was talking to literally one minute before my arrest on Pyatnitskaya Street was Julia Ioffe, a famous American journalist. Once I was thrown into a paddy waggon, I befriended Pavel Elizarov – an associate of the slain politician Boris Nemtsov and currently the fiancé of Nemtsov’s daughter Zhanna. Standing next to me, with his face pressed against the wall, was Maksim Gvozdev, now the manager of Kis-Kis, a popular feminist girl band. Now try to fit all of these people into one giant GRU plot focusing on my modest figure.
Wagner and trolls
So what is Informnapalm? Born at the time of Russian attack on Ukraine in 2014, the group describes itself as an “international intelligence community” specialising in OSINT. Its founder “Roman Burko” doesn’t show his face and claims to be a journalist from the Russian-occupied Crimea. There are no traces of his pre-war publications whatsoever.
Russian and Belarusian military propaganda outlets identify him as a specific officer of a psy-ops unit of the Ukrainian army (a description of their OSINT investigation can be found online), but of course the authors of that investigation are also experts in fusing truth and lies, just like Informnapalm. But if this identification is true, then we are talking about an attack by the non-NATO military on a legal resident in a NATO country.
What becomes abundantly clear from looking at social media accounts associated with the group is that members of Informnapalm belong to a part of Ukrainian security community, which is vehemently opposed to President Volodymyr Zelenskiy. It is in turn a part of a broader coalition of hawks and nationalists that has coalesced around former president Petro Poroshenko.
The hit piece about me came completely out of the blue, as I haven’t done any stories about Ukraine since last winter. But the authors made sure that I understand the peg. The piece begins and ends on something that is being peddled by anti-Zelenskiy opposition under the brand of Wagnergate.
This pertains to a foiled operation, which envisaged luring dozens of Russian mercenaries from the notorious Wagner group into Ukraine via Belarus, to be arrested and put on trial. The opposition and part of Ukraine security community accuse Zelenskiy’s chief of staff of revealing the plot to the Russians in what they peddle as an act of high treason.
The magnitude of the rift between Zelenskiy’s administration and security top brass became apparent last month when Zelenskiy fired the head of military intelligence, Gen Vasyl Burba, who had announced that he would testify to a parliamentary commission investigating the Wagner affair, defying orders from Zelenskiy’s defence minister.
Mind you, I didn’t report on this story, apart from a couple of tweets, including the one which Informnapalm chose to begin their hit piece with. In that one, I subtweeted Elliot Higgins, the founder of award-winning investigative outfit Bellingcat, who was denouncing a fake curtain-raiser of Bellingcat’s investigation in Wagner affair.
Ever since Bellingcat made it clear that it was working on that story, Ukrainian media outlets, linked to both the opposition and security circles, kept issuing sensationalist reports promising the imminent release of Bellingcat’s investigation with the implication that its contents would be mortally damaging for Zelenskiy. Bellingcat keeps refuting these claims and refusing to announce the date of the publication.
I have no idea why, but people at Informnapalm tend to conflate my work with Bellingcat’s. Informnapalm’s “Roman Burko” even suggested in a tweet that I might have a love affair with one of Bellingcat investigators, whom I have never met in person, just like any other member of that organisation.
I have nothing to do with Bellingcat, an organisation I highly respect for its investigations into the downing of MH17 airliner and the poisoning of Aleksey Navalny. All I’ve done is share Higgins’ tweet denouncing fake Bellingcat video and supplied it with a comment, in which I called for journalists to look more attentively into the toxic misinformation and online manipulation industry that roots for Poroshenko and against Zelenskiy. This industry is widely known in Ukraine by the collective term of porokhoboty or Poroshenko’s bots.
The reason for me saying that at this particular moment was that I closely followed Russian State Duma elections, which happened in September and were accompanied by widespread rigging in favour of Kremlin’s candidates. One hard-to-ignore feature of Twitter discourse regarding this subject was a co-ordinated campaign waged by a network of popular anonymous satirical accounts, which simultaneously attacked President Zelenskiy and Navalny’s strategic voting campaign, known as Smart Voting. I have tweeted about this weird phenomenon more than a few times.
For good or bad reasons, this group of accounts is known among Navalny’s supporters on Twitter as “Golub’s network”. This refers to Mikhail Golub – the owner of TLFRD, a major strategic communications company operating on the Ukrainian market. The attribution has never been solidly proved, so for now Golub’s personal involvement is a thing of online legends. The activities of this network was thoroughly researched by an online investigator who goes by the nickname of @antibot4navalny.
What’s undeniable, however, is that a prolific and popular Twitter account run under Golub’s real name has been churning out industrial amounts of smear tweets about me ever since Informnapalm published its story. These tweets are typically backed up by a bunch of anonymous trolls supporting his point. Golub spells out his goal quite clearly – it is to get me “cancelled” out of Ukraine and Russia discourse, to silence me in other words.
Prior to Maidan revolution, Golub worked for the Ukrainian daughter of Kremlin-linked stratcom company, Mikhaylov & Partners, in which Mikhaylov stands for Sergey Mikhaylov, the current head of Russia’s main newswire ITAR-TASS. A key Russian propaganda figure, he was once even eyed for Putin’s chief of staff. In 2013, Golub left M&P Ukraine, reportedly with its entire staff, to form TLFRD, which he owns.
It is the stories of online troll armies, their puppeteers and their sophisticated political agendas, which I called upon journalists to have a closer look at, when I posted the tweet that triggered Informnapalm’s publication.
Hitler’s Hammer
There is another reason for a partisan outfit like Informnapalm to be interested in my character assassination and it has to do with the Ukrainian far right. The article dwells for a considerable amount of time on two of my other investigations, which I’ve done for Latvia’s top investigative outfit Re:Baltica, together with its editor Sanita Jemberga.
In a ridiculous lie, evident to anyone living in Latvia except for a bunch far right lunatics, Informnapalm branded Re:Baltika as a pro-Russian outlet, even though it is heavily involved in debunking Kremlin’s disinformation and happens to be Facebook’s official fact-checking partner in the Baltic.
Informnapalm proceeded to describe a group of politically active bodybuilders from our first joint investigation with Sanita as “athletes supporting a national party”. You’d think we had offended some hardcore Latvian nationalists, but these guys are Russian-speakers and the party in question happens to be known in Latvia as pro-Russian. Our story may have contributed to the demise of Riga’s Russian-speaking mayor Nil Ushakov, who headed that party.
But it is our other investigation that drew the ire of Ukrainian military propagandists. In that one, we looked into the beautiful friendship that had grown between the far right Latvian party National Alliance, a member of the current government coalition, and Ukraine’s Azov movement. In one episode, a delegation of NA members arrived at a festival of national-socialist black metal in Kyiv.
The event, which also involved a conference titled Pact of Steel (after Hitler-Mussolini alliance), was organised by Russian neo-nazi Aleksey Levkin, the leader of a band called MOLOTH or Hitler’s Hammer and the founder of WotanJugend online platform. The latter was actively propagating white terrorism and circulating manifestos of the most notorious terrorists. Another organiser was his friend and Azov’s ideologist Olena Semenyaka (hello, “Olena Sergeyeva”, who appears as the author of Informnapalm’s piece in its Russian edition).
The Latvians responded in kind, by inviting a delegation from Azov Regiment’s own sergeant school (operating outside the Ukrainian system of military education and indoctrinating cadets into far right ideology) to Riga and organising their visits to the Latvian General Staff and to a Nato military base.
That publication resulted in a campaign for my deportation from Latvia waged by far right MPs, which has continued relentlessly for the last two years. It even involved a National Alliance MP, Janis Iesalnieks, sharing a tweet that featured a photo of a grave and a wish that Re:Baltica journalists end up there. Another MP, Edvins Šnore, known for comparing Russians with lice, produced a smear video about me, whose contents strongly overlap with those of Informnapalm’s piece.
The main character in our story was Raivis Zeltits, who at the time held the position of secretary-general at the National Alliance. He stepped down after our publication and proceeded to form a more radical far right movement, called Rising Sun, in a nod to his friends from the banned Greek neo-nazi party Golden Dawn. Its symbol is a stylized swastika.
While all language editions of Informnapalm’s articles about me were released on the group’s own website, the Latvian version was run by the website of Zeltits’ illustrious organisation. In no time, it was being circulated by a small group of far right MPs who have been harassing me for the last two years.
Slain Journalist
What’s curious about Informnapalm’s publication is that it completely fails to mention the main (and practically the only) Ukrainian story that I’ve been working on in the last two years. I joined the team set by the Ukrainian outlet Zaborona and Committee for the Protection of Journalists (a global NGO) with the aim of investigating the assassination of journalist Pavel Sheremet. He was killed in a car bomb attack in Kyiv in July 2016.
Poroshenko was then the president. Members of his government pointed fingers at Russia practically the moment the news broke. But the investigation was being stalled for three years until Zelenskiy defeated Poroshenko by a landslide in the 2019 election.
A few months later, the authorities arrested and charged three suspects, who had nothing to do with Russia. All of them belonged to the same “patriotic” milieu as people behind Informnapalm – volunteers and war veterans of nationalist convictions. Indeed, social media accounts associated with Informnapalm are now heavily involved in a campaign demanding their full acquittal in the ongoing trial.
Much of our four-part investigation focuses on the role of Ukrainian security services in the events surrounding Sheremet’s death and their links to the defendants in murder case, which police investigators have chosen to ignore. Another journalistic investigation, led by OCCRP, also pointed at the possible involvement of Ukrainian security agents.
I can’t help thinking that my character assassination is linked to my role in investigating the physical assassination of my colleague, Pavel Sheremet. Twitter comments from anonymous trolls wishing me to be hanged or raped that I am currently receiving can’t help but confirm my suspicion.
Lastly, it’s worth saying a few words about those who circulated or endorsed Informnapalm smear, because they are also a part of a much bigger story, in which I am only playing an episodically role. There are only two notable examples really, while dozens of Western journalists from publications like Time, New Yorker, BBC and Daily Telegraph came to my support and condemn the ones I am mentioning below.
The first one is the controversial Ukrainian anti-disinfo group Stop.Fake. Hilariously, at the time of writing their website was still featuring some of my publications reprinted by them as examples of, well, good journalism countering disinfo.
Much was said in Western and Ukrainian media about Stop.Fake’s whitewashing of the far right and links to them, so I won’t dwell on it except one episode. An article dedicated to those links, which appeared in my partner publication Zaborona last year, triggered a horrific campaign of intimidation and smear against its founders, Katerina Sergatskova and Roman Stepanovych. They had to escape and live outside Ukraine for some time when photos of their child and their apartment block were released by a raving stratcom operative posing as a journalist.
The other one is former Estonian president Toomas Hendrik Ilves, who endorsed Informnapalm’s publication in a shouty tweet, deriding me as Kremlin’s “shill” and “tool”. llves is a person of global prominence, who I once revered as a digitalisation god, but whose maniac obsession with my Twitter personae is now a household joke among members of the press corps. I am afraid this matter belongs to spheres outside political analysis.
Both Ilves and Stop.Fake are part of a toxic community that has been for years suppressing genuine experts and moderate voices involved in the discussion about the conflict between Russia and the West. They also promote conspiracies and xenophobia. Ilves’ call to ban Russians from getting EU visas – a move that would separate millions of families – is just one recent example. These people benefit from a symbiotic relationship with Kremlin’s propaganda, in which both side feed on each other’s hatred.
I am not an asset of Russian or any other intelligence services and I am not spreading Kremlin narratives. My track record as a journalist is clean and it is largely made of stories exploring different sides of Putin’s authoritarianism and repression as well as Russia’s aggression against Ukraine.
The sole reason for my critical attitude to political processes in Ukraine and other East European countries, which I see as a part of the global rise of illiberalism, is that I watched it all happening in Russia in the early years of Putin’s reign. I don’t want it to relive this entire process of political degradation here.
My story goes to show that journalists need greater protection from malign actors striving to suppress freedom of speech. Talk is not enough – law-makers should create additional barriers against abuse and manipulation by invisible actors from organisations involved in manipulating public opinion, whether they act on behalf of governments or private corporations.
Military psy-ops teams should be explicitly banned from attacking and smearing civilians, especially representatives of the media.
