Leaked government documents can often herald a major scandal. But what happens if the leak is not only fake, but also part of a covert propaganda campaign?
According to new research, a mysterious Russian group has spent six years trying out this tactic in order to sow conflict in Western countries. The secret campaign has ended up seeding over 300 social media platforms with disinformation favorable to the Kremlin.
On Tuesday, Graphika, a company that specializes in analyzing misinformation over the internet, published a 120-page report, documenting the secretive group’s activities, which stretch back to 2014.
The group, dubbed “Secondary Infektion,” is responsible for publishing at least 2,500 pieces of content over the years targeting audiences in Western Europe and the US. Platforms that circulated the fake news stories have included Facebook, Twitter, YouTube, Reddit, Quora and Medium, in addition to web forums in local countries.
Much of the content will arrive as explosive news stories. But according to Graphika, the real aim is to spread disinformation to Western audiences about Russia’s perceived enemies. One top topic has involved portraying Ukraine as a failed and unreliable partner. Another go-to favorite has involved painting the US as a government force bent on interfering in other nations' affairs.
To make the disinformation seem real, Secondary Infektion has been tying the fake news stories to leaks of secret government documents. But in reality, the documents are forgeries, which are sometimes poorly crafted and laden with grammatical errors.
“Other actors have at times used forged documents in deceptive online campaigns, but none have used this tactic with such volume, consistency, and persistence,” the research company said. “Graphika has identified more than 250 suspected forgeries, from letters to petitions, that the operation launched online.”
Among the forgeries have been fake letters, tweets and blog posts from US officials including Secretary of State Mike Pompeo, former White House chief of staff John Kelly, and various members of the US Senate Foreign Affairs and Intelligence Committees including Senator Marco Rubio.
To spread the content, Secondary Infektion will usually first post the fake news to a blogging site such as Medium. Links to the story will then be shared on social media via fake accounts.
However, the purported leaks have often failed to resonate with users. “Repeatedly in the course of this research, Graphika came across comments below Secondary Infektion stories that questioned or ridiculed them, or called them out as ‘Russian trolls,’” the research company said.
The activities of Secondary Infektion were initially uncovered in 2019 when Facebook spotted fake accounts belonging to the group, which opened the door for Graphika and other researchers to examine the activities across the entire internet. Last December, Reddit also supplied details to a separate campaign sourced to Secondary Infektion.
Graphika suspects the group is likely working in parallel with the Russian troll farm, the Internet Research Agency, and the Kremlin’s GRU military intelligence agency, to try and shape public opinion on social media. But despite the attempts to spread the disinformation, the Secondary Infektion group has often struggled to make an impact. The reason: it’s typically relied on single-use burner accounts to spread the fake news stories.
“This meant that the operators never had the chance to build an audience: each time they created a new account, they effectively reset their following to zero. It would be hard to envisage a less viral strategy,” Graphika said. The burner-account approach also explains why the group went undetected for so long.
The trade-off is that Secondary Infektion remains an elusive group. “Multiple social media platforms who partnered with our team on this investigation have observed that the people behind this operation were sophisticated at hiding their traces consistently across the years,” Graphika said. “As of May 2020, this operation has not been directly attributed to a particular actor or entity.”
The one major success Secondary Infektion had was leaking apparently genuine documents regarding US-UK trade talks on the eve of the UK election last year. The leaked documents were posted on Reddit in October, and ended up becoming a topic during the campaign.
Since then, Secondary Infektion has been found publishing posts at a lower rate, likely because the group is no longer secret. “On the positive side, Western audiences proved remarkably robust against Secondary Infektion’s trademark combination of fake documents and fake accounts,” Graphika said “The repeated exposure of Secondary Infektion’s operations by platforms, journalists, and researchers may have triggered the steep drop in output observed in July 2019 and January 2020.”
Nevertheless, the group appears to remain somewhat active. In April, Graphika and The Daily Beast uncovered several fake news stories likely from Secondary Infektion that falsely claimed the US created COVID-19.
Russia says Google, Facebook interfered in its election cycle
Get Our Best Stories!
Sign up for What's New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
