Topics of the Week

Ruslan Boshirov, one of the two suspects in the Skripal poisoning, has been identified as a GRU colonel by investigators from Bellingcat.

A new report shows that voting infrastructure in the US is highly vulnerable – remotely hackable voting tabulators are in use in 23 states.

Russian state media are bashing the Dutch Ministry of Defence for inadequately dressing their soldiers for cold weather.

STRATPOL report: Of the Visegrad 4 countries, Hungary is most vulnerable to Russian influence.

Good Old Soviet Joke

Stalin, Khrushchev and Brezhnev are travelling in a train. Suddenly, the train grinds to a halt.

Stalin decides to solve the problem. He orders that the engine driver be shot for sabotage and sends his deputy to a camp in Siberia. The train doesn’t budge.

Khrushchev tries next. He brings the deputy driver back from the prison camp and orders him to get the train moving. He cannot and the train still doesn’t budge.

Finally, it is Brezhnev’s turn. He orders all the curtains drawn across the windows and declares: “Now the train is moving.”

Policy & Research News

Skripal suspect identified as GRU agent

A landmark public investigation by Bellingcat and The Insider has established that one of the two suspects in the Skripal poisoning case, Ruslan Boshirov, is in fact GRU Colonel Anatoliy Chepiga, who was honoured as a ‘Hero of the Russian Federation’ in 2014 (Russia’s highest state award, bestowed on select individuals by President Putin himself). The Bellingcat report summarizes how, starting with the suspects’ publicly released photographs and cover identities, investigators were able to determine ‘Boshirov’s’ birthplace, travel history, military school attendance, and information pertaining to his family. On this basis, they were able to conclusively identify that ‘Boshirov’ was in fact Anatoliy Chepiga, a highly-regarded colonel in the GRU. Russia’s predictable response to the revelations was an attempt to discredit Bellingcat, claiming that the group is linked to Western security services. Russia continues to deny that Boshirov and Chepiga are one and the same, ludicrously claiming that the photographs of Chepiga in the report do not bear resemblance to ‘Boshirov’.

Source: Bellingcat

The Bellingcat investigation also highlights the extent to which Chepiga’s identity was hidden from public records. Ultimately, it deals a fatal blow to the claims of Putin and Russian state media that the suspects were merely civilians, confirming that Chepiga’s role in the Skripal poisoning took place on orders from a high-level government authority.

New tricks in Russia’s propaganda arsenal

In an effort to circumvent new restrictions by tech companies to limit Russian influence operations, Russia-linked propagandists are exploring new methods of audience reach and social media infiltration. In particular, they are using a simple tactic – changing web addresses – to hide their origins. On Reddit, for example, users successfully traced content posted to a fervently pro-Trump community, /r/The_Donald, to a Russian propaganda website linked to the St. Petersburg troll factory. These efforts highlight the increasing sophistication of Russian disinformation and influence operations across multiple domains.

Lithuanian elves fight back against Russian trolls

Deutsche Welle features an article on Lithuanian efforts to monitor and debunk Russian disinformation by bringing together Lithuania’s military StratCom team, civil society actors, and the country’s major news outlets. The platform ( in English) uses an automated monitoring system to scan news articles across the Russian and Lithuanian media space and flags articles with specific keywords that indicate likely spread of disinformation. The flagged content is then reviewed by expert volunteers – the so-called ‘elves’ in contrast to Russia’s ‘trolls’ – who share their analyses and expert commentary on topics targeted by disinformation with Lithuanian journalists.

The article also addresses concerns about the elf initiative, specifically in terms of what can legitimately be labelled ‘fake’ and the validity of certain debunking articles on controversial topics, such as the question of Lithuania’s complicity in the Holocaust. Despite these concerns, however, the Lithuanian elves and similar initiatives in other Baltic countries provide a remarkable example of mounting a coordinated national defence against pro-Kremlin disinformation. Predictably, the Russian ambassador to Lithuania has criticised the elves, saying placing a propaganda label on another point of view is illegitimate. In response, the Lithuanian Foreign Minister stated that when information is used for brainwashing, it is no longer a point of view, but a weapon.

US Developments

‘Staggering’ vulnerabilities across US voting systems

The magnitude and severity of exploitable vulnerabilities in voting equipment that is being used throughout the United States remains “staggering”, according to a reportissued by ethical hackers from the annual DEF CON cyber security convention. Among the “grave and undeniable” findings, the report identifies a remotely hackable voting tabulator currently in use by 23 states. “Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election,” the report warns.

Adding to the midterm woes, security researchers discovered that “another machine used in 18 states was able to be hacked in only two minutes, while it takes the average voter six minutes to vote. This suggests that one could realistically hack a voting machine in the polling place on Election Day within the time it takes to vote.” Despite the hefty federal allocation of $380 million to safeguard US voting systems against such cyber intrusions, these findings would indicate that little progress has thus far been made.

Chinese spy surveilled American scientists and engineers

US authorities have arrested a Chinese national, Ji Chaoqun, a US Army Reservist living in Chicago, for allegedly violating the Foreign Agents Registration Act, the Justice Department stated. “Chinese intelligence services conduct extensive overt, covert and clandestine intelligence collection operations against US national security entities, including private US defense companies, through a network of agents within and outside of China” writes FBI Special Agent Andrew McKay in the accompanying affidavit.

According to the document, Chaoqun worked under the direction of a “high-level intelligence officer” in the Jiangsu Province Ministry of State Security (JSSD, a provincial department of China’s Ministry of State Security) and was tasked with “providing the intelligence officer with biographical information on eight individuals for possible recruitment by the JSSD”. The individuals in question included Chinese and Taiwanese nationals with links to the US science and technology industry. Whether Chaoqun was successful, however, remains unknown.

Facebook discloses worst security breach yet

Despite earnest reassurances that the social media giant was “better prepared” to safeguard its users against cyber-attacks, and as the company reeled from the Cambridge Analytica fallout earlier in the year, Facebook disclosed its worst security breach in its 14 year history. According to a statement released after the attacks, upwards of 50 million accounts may have been compromised after hackers discovered several software exploits enabling them to steal login credentials. “We have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based”, wrote Guy Rosen, Facebook’s VP of Product Management.

For Senator Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, the disclosure “is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users”.

The Kremlin’s Current Narrative

Fake news: NATO troops were freezing during exercises in Norway

Between October 25th and November 7th, the NATO-led military exercise Trident Juncture will be held in Norway, involving over 40,000 participants from over thirty nations. Yet, despite the importance of this event, Russian media outlets were interested in a far more trivial matter: namely, how the Dutch military experienced a wardrobe malfunction. The Dutch Defence Ministry did not procure winter clothes – specifically, winter underwear! – for its participating troops. Since the snafu, however, it has provided each soldier with a €1,000 stipend to cover the make-up costs.

RT heavily promoted this incident, emphasizing how it was embarrassing for the defence ministry to handle the “underwear crisis”, while also expressing doubt whether NATO soldiers will survive the winter in Norway. In addition, Russian newspaper Argumenty i Fakty published a story on the subject, brazenly titling it “NATO Military Froze During Exercises in Norway”, in an attempt to demonstrate poor logistics provisions by NATO.

Of course, the Russian state-owned press fails to acknowledge that such trivial incidents can occur in any army. Certainly, we would never see Russian media coverage about similar shortcomings plaguing the Russian military. Such sensational disinformation comes with the aim of distorting truth, depressing morale, exaggerating the incompetence of Western institutions, and undermining the upcoming NATO exercises and similar events.

Kremlin Watch Reading Suggestion

Disinformation as a Cyber Threat in the V4:

Capabilities and Reactions to Russian Campaigns

The Strategic Policy Institute has published a policy paper by Asya Metodieva that analyses the Russian cyber and disinformation threat in each of the V4 countries. The report highlights three factors that influence a state’s response to disinformation: the capacity to react, political regime change, and the nature of its relationship with Russia. The capacity to react includes security strategies and measures already in place that may counter a foreign disinformation campaign. A political regime change influences the way new technologies may pose threats to society. For example, autocratic regimes perceive new technology as a means of public control whereas in democracies, new technology exacerbates political propaganda via opinion manipulation.

Hungary is described as the most vulnerable to Russian influence, with Slovakia close behind. Both governments fail to recognize the Kremlin’s influence as a threat, which may be due to their deep economic ties and energy dependence on Russia. Since the government of Hungary was institutionally reorganized, media freedom has deteriorated and cyber defense has fallen under the state intelligence services, making it less transparent. Although Slovak political elites do not consider Russian influence a threat, its civil society is active in countering it.

The Czech Republic aims to play a leading role in the cyber security field and even though its civil society is concerned about Russian influence, some political elites (not least the Czech president, Miloš Zeman) undermine Czech efforts by lobbying to lift EU sanctions against Russia and recognizing Russia’s annexation of Crimea.

In Poland, despite deterioration in media freedom, the government recognizes the threat of Russian influence and stresses the need for developing both offensive and defensive capabilities. The policy paper recommends that the V4 should identify clear definitions of key terminology, introduce concrete measures to address disinformation campaigns, and to openly discuss national-level incidents.

Kremlin Watch is a strategic program of the European Values Think-Tank, which aims to expose and confront instruments of Russian influence and disinformation operations focused against liberal-democratic system.