Return to

April 25, 2019
Notes from the Pentagon

Mueller on Russian influence op
The investigation by special counsel Robert Mueller into Moscow’s election influence operation revealed that one of the key players involved in the scheme began the initial stages as early as 2014.

According to Mr. Mueller’s 448-page report, the St. Petersburg-based Internet Research Agency (IRA), a shadowy quasi-intelligence entity, engaged in social media activism and advertising on Facebook as part of the election-meddling scheme aimed at trying to skew the 2016 U.S. presidential election outcome.

The IRA “carried out the earliest Russian interference operations identified by the investigation — a social media campaign designed to provoke and amplify political and social discord in the United States,” the report said.

Mr. Mueller did not say whether the activities of the group were known at the time by the CIA and FBI — the agencies in charge of conducting counterintelligence against just those kinds of foreign influence activities. The investigation, however, did find that in mid-2014, two IRA employees were sent to the United States on “an intelligence-gathering mission” with specific instructions that were redacted in the report because of an ongoing counterintelligence investigation.

IRA created a special group in the spring of 2014 called the Translator Department that helped consolidate all influence activities in a single unit.

Then in June 2014, four IRA employees applied for visas to travel to the United States for spying missions. The employees lied to the State Department about the purpose of the visit, claiming they were four friends who met at a party. Two of the IRA employees, Anna Bogacheva and Aleksandra Krylova, were granted visas and entered the United States on June 4, 2014.

No details of the spying mission were disclosed, but they probably involved preparation work for what would become the major efforts against the 2016 election.

“The IRA later used social media accounts and interest groups to sow discord in the U.S. political system through what it termed ‘information warfare,’” the report said. “The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system to a targeted operation that by early 2016 favored candidate [Donald ] Trump and disparaged candidate [Hillary] Clinton.”

The IRA operation purchased advertisements using the names of Americans and U.S. groups and staged political rallies in the country. Twitter and Instagram accounts were also used.

“The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA, the report said.

Additionally, the report said that as early as 2014, the IRA took steps to conceal both its funding and activities, although details about the group — including any ties to Russian intelligence — were blacked out. The IRA was funded by Yevgeniy Prigozhin through a company he headed called Concord. Mr. Prigozhin is said to be a close associate of Russian President Vladimir Putin.

Disclosure of the 2014 activities raises further questions about why American intelligence and security agencies under President Obama took no action against the Russians until after the 2016 elections, when symbolic sanctions were imposed on Moscow and a number of Russian intelligence personnel were expelled.

Critics have blamed former CIA Director John Brennan and former FBI Director James Comey for failing to take any action to disrupt the Russian interference that appears to have been successful in polarizing American politics. The government’s most senior counterintelligence official, William Evanina, an FBI agent, said in 2018 that no action was taken because any disruption was a policy matter, “and that’s the world that I don’t live in.”

However, during a 2018 appearance before the Senate Select Committee on Intelligence, Mr. Evanina said he was qualified to head the National Counterintelligence and Security Center because of his record of providing “strategic guidance and policy” to over 100 departments and agencies. “We have to separate counterintelligence activity from policy — two separate things,” Mr. Evanina said at the time.

Mr. Brennan, the former CIA director, has said his agency knew of the Russian intelligence activities targeting U.S. elections since the end of 2015. His only response was to telephone the director of the Federal Security Service in Moscow and warn the Russians to stop the meddling — a warning that was ignored.

The FBI and Department of Homeland Security recently warned that North Korean government hackers are continuing to conduct cyberattacks in the United States and elsewhere.

The latest report from Department’s National Cybersecurity and Communications Integration Center said Trojan malware called “Hoplight” is being used by North Korean government hackers as part of operations code-named Hidden Cobra.

Security officials have identified nine malicious executable files used by the North Koreans to gain access to computers. Seven are applications that mask traffic between the implanted malware in victim networks and North Korean hackers.

The applications are able to generate false electronic “handshakes” using valid public security certificates as a way to circumvent cybersecurity measures. The certificates, known as SLLs, allow the North Koreans to communicate securely without their communications being intercepted.

“This certificate is from,” the report said. “ is the largest search engine in Korea and provides a variety of web services to clients around the world.”

The ability to piggyback on security certificates is an indication of the growing sophistication of North Korean hackers, who are generally considered less sophisticated than those linked to the Chinese and Russian governments.

The Homeland Security center provided information on how to identify and thwart the North Korean malware.

A recent report by the cybersecurity firm CrowdStrike said North Korean cyberattacks have shown no sign of diminishing despite President Trump’s recent direct diplomacy with Pyongyang.

“In some cases, diplomatic activity appeared to motivate an increase in [North Korean] operations,” the report, made public in February, concluded. “For example, preceding the historic summit between [Mr. Trump] and [North Korean] leader Kim Jong-un, CrowdStrike intelligence observed an overall increase in targeted intrusion activity associated with adversaries based on the Korean Peninsula.”

North Korean cyberattacks continue to focus on theft against banks and financial institutions, especially those associated with cryptocurrencies. Cyberheists of banks were detected in several Latin American nations, including Mexico, Costa Rica, Chile and Argentina.

“Large-scale currency-generation efforts likely serve not only to counter heavy economic sanctions, but also as a method to support the regime’s future goals in reforming the country’s economic landscape,” CrowdStrike said in its report.

Retired Air Force Brig. Gen. Rob Spalding, a former White House National Security Council official, is urging the U.S. government to create an Infrastructure Bank of America modeled after the Federal Home Loan Bank as a way to counter China’s massive efforts to corner international markets and exploit U.S. investments.

“The U.S. needs to spend more on infrastructure, STEM education and R&D,” Gen. Spalding, now with the Hudson Institute, told Inside the Ring. “Doing so would spur long-term growth.”

In an article in the online outlet Real Clear World, Gen. Spalding notes that China is investing in U.S. capital markets with little or no regulation or oversight. He urges greater scrutiny for Chinese investments and creating the bank as a means of steering American investment in the domestic market instead of China.

“One way to accomplish this would be to form a private Infrastructure Bank for America,” he wrote. “The Infrastructure Bank could sell American Infrastructure bonds that the retirement funds could buy. The Infrastructure Bank could then lend to the 35 State Infrastructure Banks, almost all of which have no money. By bundling state projects together, the bank could also ensure projects worked synergistically to magnify the regional and national economic impact.”

The plan would curtail the flow of money into China and prevent possible future investment losses as the Chinese economy slows. It also would increase much-needed cash into U.S. infrastructure and the industrial base.

“This would help grow the U.S. economy, and make China’s goal of undermining democracies everywhere that much harder,” he said, noting the bank would be private and would not add to the national debt.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to