Welcome to The Cybersecurity 202! We’re about to go on a little more than a week-long break. We’ll be back Sept. 5. Bye for a minute!
Was this forwarded to you? Sign up here.
Below: The Tornado Cash founders are charged, and the United Nations forges ahead on a new cybercrime framework. First:
Without Prigozhin, expect some changes around the edges on Russian influence operations
Yevgeniy Prigozhin, who ran Russia’s Internet Research Agency and had an important role in developing the nation’s modern digital influence operations — most notably, interference in the 2016 U.S. elections — was reportedly on board a deadly plane crash Wednesday.
(Follow the latest on the questions surrounding his fate here.)
A failed mutiny diminished Prigozhin’s status in Moscow after once being known as “Putin’s chef” for his catering business and closeness with the Russian president, and the Internet Research Agency had declared that it was shutting down. So it’s possible he wouldn’t have had a major impact on Russian disinformation and misinformation campaigns going forward if he was/is alive.
Nevertheless, the Wagner Group boss was a formative figure, and his Internet Research Agency serves as a model for autocratic regimes for a quasi-state-connected-entity without leaving definitive fingerprints, an expert on Russian information warfare told me.
But successors within Russia could exhibit diminished effectiveness, said the expert, Gavin Wilde, who served on the National Security Council as director for Russia, Baltic and Caucasus affairs.
“Prigozhin was for Russian information operations kind of what Kurt Cobain was for grunge music,” said Wilde, now a senior fellow in the technology and international affairs program for the Carnegie Endowment for Peace. “The guy ushers in a certain era and perfects a certain craft, but now that he’s gone, what’s likely to follow is a saturated market of copycats, and that will probably end up falling far short of the kind of heyday or the prominence of what it once was.”
- That said, nobody should expect Russian information warfare to go away.
Prigozhin’s possible death "while maybe a temporary setback for the Wagner Group, doesn’t preclude the GRU and other entities in Russian intelligence and security services from continuing operations all over the globe,” David Salvo, senior fellow and managing director of the Alliance for Securing Democracy at the German Marshall Fund, told me. “With Russia likely setting sights on the 2024 election here, there’s plenty of time to get their ducks in a row.”
(I conditioned my questions to Wilde and Salvo on the presumption that Prigozhin is actually dead, but as my colleagues write this morning: “Russian officials and the Wagner Group have yet to officially confirm" his fate. What we know is that his name was on the passenger list for a plane traveling Wednesday from Moscow’s Sheremetyevo International Airport to St. Petersburg that crashed, killing all 10 on board, according to Russia’s civil aviation agency.)
Origins and accomplishments
In blustering fashion, Prigozhin has claimed credit for all of the Internet Research Agency, after once denying any connection.
“I’ve never just been the financier of the Internet Research Agency. I invented it, I created it, I managed it for a long time,” he said this year. “It was founded to protect the Russian information space from boorish aggressive propaganda of anti-Russian narrative from the West.”
The first known signs of the Internet Research Agency emerged in 2013, when it registered with the Russian government as a 2018 indictment of Prigozhin and affiliated figures by special counsel Robert S. Mueller III showed. My colleague Philip Bump had a fully detailed timeline following that indictment, and in it, Prigozhin is intertwined from the beginning.
Efforts to influence the 2016 election began not long after then-candidate Donald Trump entered the race, according to the indictment.
A 2017 intelligence community analysis outlined the overall influence effort in the 2016 presidential campaign, of which the Internet Research Agency was but one part. Furthermore, the interference included hack-and-leak operations, not just disinformation, misinformation and attempts to manipulate social media.
“Russia’s state-run propaganda machine — composed of its domestic media apparatus, outlets targeting global audiences such as RT and Sputnik, and a network of quasi-government trolls — contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences,” that analysis reads.
While the 2016 influence operation drew major attention in the West, the United States is far from the first alleged target of Russian disinformation and wasn’t the last of the Internet Research Agency’s either. Ukraine had been a point of focus as of late.
As might be expected, the activity of the Internet Research Agency and Prigozhin drew the enmity of the U.S. government, and not just with the 2018 indictment.
The Treasury Department’s Office of Foreign Assets Control detailed the offenses of the troll factory, Prigozhin and affiliates when issuing sanctions against them, also in 2018.
“The Internet Research Agency LLC (IRA) tampered with, altered, or caused a misappropriation of information with the purpose or effect of interfering with or undermining election processes and institutions,” the statement reads. “The IRA created and managed a vast number of fake online personas that posed as legitimate U.S. persons to include grassroots organizations, interest groups, and a state political party on social media. Through this activity, the IRA posted thousands of ads that reached millions of people online.”
Later in 2018, U.S. Cyber Command blocked internet access for Prigozhin’s shop, per this story by my colleague Ellen Nakashima.
“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information in the story. “They shut them down.” Trump later acknowledged the cyberattack on the Internet Research Agency during an interview with Post columnist Marc A. Thiessen.
It’s possible all of that and other responses had an impact on the Internet Research Agency’s effectiveness. If Prigozhin has indeed died, there might be other comparisons to fallen rock stars, per Wilde.
“His own legacy, as far as the information operations game, is probably cemented now that he’s dead in a way that would have probably only diminished had he stayed alive because … particularly in the West, I think governments and NGOs and platforms are wise to the gig in a way,” Wilde said. “I just don’t know that he ever would have been able to recapture what he had done in previous years or improve upon it.”
Both Wilde and Salvo also said they could see the Kremlin wanting to exert more control over quasi-governmental operations but that they’re still important tools for Russia.
Tornado Cash crypto firm founders charged with laundering $1 billion
U.S. law enforcement have arrested one founder of the Tornado Cash cryptocurrency service and charged another, and the Treasury Department sanctioned the latter.
Authorities announced on Wednesday they had unsealed an indictment that charged founders Roman Storm and Roman Semenov for operating the service and money laundering, saying Tornado Cash facilitated the laundering of hundreds of millions for the North Korean hackers the Lazarus Group, among other infractions.
- Additionally, they said Storm was arrested in Washington on Wednesday.
- Also on Wednesday, Treasury’s Office of Foreign Assets Control sanctioned Semenov.
The developments arrive one week after a court ruling that awarded the Treasury Department a summary judgment against a group of individuals who contended that prior sanctions against Tornado Cash exceeded the department’s authorities and posed First Amendment and Fifth Amendment problems.
“Roman Storm and Roman Semenov allegedly operated Tornado Cash and knowingly facilitated this money laundering,” said Damian Williams, U.S. attorney for the Southern District of New York. “While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes.”
A lawyer for Storm, Brian Klein, said in a statement to Reuters, “We are incredibly disappointed that the prosecutors chose to charge Mr. Storm because he helped developed software, and they did so based on a novel legal theory with dangerous implications for all software developers. Mr. Storm has been cooperating with the prosecutors’ investigation since last year and disputes that he engaged in any criminal conduct.”
The firm representing Semenov didn’t respond to a request for comment in the Reuters story by Christopher Bing and Zeba Siddiqui.
Court finds teenagers carried out Lapsus$ hacking spree
18-year-old Arion Kurtaj “was a key member of the Lapsus$ group which hacked the likes of Uber, Nvidia and Rockstar Games,” Tidy writes. He allegedly also leaked clips of an unreleased Grand Theft Auto game while on bail.
- Kurtaj is autistic and was considered not fit to stand trial and did not appear to give evidence. An accomplice, a 17-year-old who is also autistic, was involved but could not be named due to their age. Both are expected to be sentenced at a later date.
“The gang — thought to mostly be teenagers — used con-man like tricks as well as computer hacking to gain access to multinational corporations such as Microsoft, the technology giant and digital banking group Revolut,” the report adds.
- The attacks prompted a recent review of the Lapsus$ group by the U.S. Cybersecurity and Infrastructure Security Agency.
- Several members of the group are still expected to be at large. Brazilian police in October arrested an individual who is alleged to have worked with Lapsus$ to target Brazilian and Portuguese companies.
U.N. works to finalize cybercrime treaty in New York
U.N. delegates are in New York this week and next to finalize negotiations on a new international convention for cybercrime ahead of a major 2024 vote the intergovernmental body will take that’s aimed at preventing global cybercrimes, the Record’s Alexander Martin reports.
Martin writes: “Diplomatic sources told Recorded Future News that the ultimate text wasn’t expected to be especially ambitious — or to dramatically transform law enforcement’s approach to ransomware — but that producing anything capable of getting a vote at the General Assembly next year would be seen as a win.”
- The first form of an international cybercrime treaty was established in 2001, though it was not a U.N. document and did not include nations like China or Russia that Western cybersecurity officials have viewed as major hosts for contemporary cybercrime groups, according to the report.
- Delegates have viewed the negotiations as needed but have disagreed on what they should include. “In January, during negotiations in Vienna, the Chinese delegation proposed a redefinition of cybercrime to include the ‘dissemination of false information’ online. The proposal was seen as contentious and removed from the draft,” Martin writes.
Securing the ballot
‘I’m the same Rudy’: Former NYC mayor surrenders defiantly in Georgia (Amy Gardner, Holly Bailey, Josh Dawsey and Jacqueline Alemany)
National security watch
North Korea says spy satellite launch failed, vows to try again (Min Joo Kim)
Secure log off
Thanks for reading!