The US District Court for the Eastern District of Pennsylvania has filed an affidavit (PDF) under seal in support of a seizure warrant targeting 32 internet domains allegedly used for “cybersquatting” by the Russian government to conduct malign influence campaigns.
Cybersquatting involves registering domain names with the intent to profit from the goodwill of a trademark belonging to another party. This practice often misleads users into believing they are visiting legitimate sites, creating confusion and undermining trust in online information sources.
Taking aim at Russian influence
Disinformation campaigns aim to sway public opinion and interfere in domestic politics. The recent action by the US District Court against the Russian influence campaign spotlights how cybersquatting can be used as a tool to spread disinformation and manipulate political discourse.
The affidavit presented to the US District Court details how various Russian entities, under the direction of the Russian Presidential Administration, have utilised cybersquatted domains to disseminate propaganda. This includes impersonating legitimate news organisations to further Russian interests and undermine support for Ukraine.
Key players in the campaign:
- Sergei Vladilenovich Kiriyenko: As a high-ranking official within the Russian government, Kiriyenko’s involvement raises questions about state-sponsored efforts to manipulate public perception.
- Social Design Agency (SDA): This organisation has been identified as a key player in creating and managing cybersquatted domains that mimic reputable news outlets.
- Structura National Technology: Another entity allegedly involved in the orchestration of these disinformation campaigns.
The seizure warrant is based on violations of US money laundering and trademark laws, as articulated in the affidavit. The investigation has revealed that funds for these domains were transferred from outside the US, indicating a deliberate effort to evade regulations.
Coordinated national security and electoral threats
The seizure of these domains could hinder the ability of Russian actors to spread disinformation and manipulate US politics. Additionally, it sends a strong message about the US’ commitment to protecting its electoral integrity.
Cybersquatting for foreign influence represents a significant threat to US national security. By undermining public trust in legitimate news sources, these operations can distort the democratic process and sway electoral outcomes.
An investigation uncovered that the Russian campaign also employed influencers and social media advertisements to amplify its messaging. By creating fake profiles and utilising targeted ads, these actors were able to obscure their true identities and intentions.
Furthermore, the affidavit discusses the sophisticated technical measures employed by these actors—including the use of Virtual Private Networks (VPNs) and virtual private servers (VPS) to mask their activities. This level of sophistication indicates a coordinated effort to conduct cyber operations against the US.
This case is not an isolated incident and highlights a pattern of behaviour by the Russian government to engage in disinformation campaigns, particularly in the context of elections and geopolitical tensions. Last year, the UK’s National Cyber Security Centre (NCSC) – a part of GCHQ – warned that hackers based in Russia are conducting increased spear-phishing attacks to steal data and sensitive information.
The district court’s action this week against the 32 cybersquatted domains reflects a proactive approach to addressing foreign malign influence. However, other district courts are countering additional Russian influence campaigns that intend to manipulate democratic processes.
Countering additional Russian influence campaigns
An indictment charging Russian nationals Kostiantyn Kalashnikov, 31, also known as Kostya, and Elena Afanasyeva, 27, also known as Lena, with conspiracy to violate the Foreign Agents Registration Act (FARA) and conspiracy to commit money laundering was unsealed this week in the Southern District of New York.
Scheme details:
- RT’s covert operation: RT, a Russian state-controlled media outlet, allegedly orchestrated a $10 million scheme to create and distribute content to US audiences with hidden Russian government messaging.
- US company: The operation involved a Tennessee-based online content creation company – assumed to be Tenet Media – that published English-language videos across multiple social media platforms, including TikTok, Instagram, X, and YouTube.
- Scale of operation: Since November 2023, the US company posted nearly 2,000 videos and garnered over 16 million views on YouTube alone.
- Content focus: Videos focused on US domestic issues like immigration, inflation, and other topics related to domestic and foreign policy, aiming to amplify divisions within the US.
Kalashnikov and Afanasyeva allegedly operated under covert identities at the US company posing as outside editors and team members for the Russian influence campaign.
“The instruments of the scheme were RT employees Kostiantyn Kalashnikov and Elena Afanasyeva, who managed the operation from Moscow using fake personas and shell companies, and the victims of the scheme were the American people, who received Russian messaging without knowing it,” explained US Attorney Damian Williams for the Southern District of New York.
“As the charges unsealed today demonstrate, this Office will work with our law enforcement partners to unmask and hold accountable all those who conduct malign influence campaigns in the United States, no matter how hard they try to hide their tracks.”
Between October 2023 and August 2024, RT sent wire transfers totaling approximately $9.7 million to the company, representing nearly 90% of the company’s bank deposits. The funds were sent through shell companies in Turkey, the UAE, and Mauritius, often disguised as payments for electronics purchases.
“The Justice Department has charged two employees of RT, a Russian state-controlled media outlet, in a $10 million scheme to create and distribute content to US audiences with hidden Russian government messaging,” said Attorney General Merrick B. Garland.
“The Justice Department will not tolerate attempts by an authoritarian regime to exploit our country’s free exchange of ideas in order to covertly further its own propaganda efforts, and our investigation into this matter remains ongoing.”
The company never disclosed to its viewers that it was funded and directed by RT, nor did it register with the Attorney General as an agent of a foreign principal.
The indictment specifies that two of the people who work for this Tennessee company (Tenet) were “deceived” — meaning they didn’t know that the Russian government was running an influence op.
Dave Rubin has 2.4 million subscribers and Tim Pool has 1.37 million. pic.twitter.com/bdVEElmiDZ
— Aric Toler (@AricToler) September 4, 2024
As digital landscapes evolve, so too must the strategies to protect democratic institutions from disinformation. The actions of both district courts show how US agencies are taking multi-pronged action to protect the country’s democratic processes in a critical election year.
“Today’s actions show that as long as foreign adversaries like Russia keep engaging in hostile influence campaigns, they are going to keep running into the FBI,” said FBI Director Christopher A. Wray.
“We will continue to do everything we can to expose the hidden hand of foreign adversaries like Russia and disrupt their efforts to meddle in our free and open society.”
See also: Nordic satellites targeted by Russia after Sweden’s NATO accession
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
👇Follow more 👇
👉 bdphone.com
👉 ultraactivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com