Friday, March 30, 2018

Russians, Identity Theft, and Campaign Interference - Michael Bargo, Jr.

by Michael Bargo, Jr.

There is nothing new about one nation trying to manipulate the political campaigns of other foreign nations.  But the internet makes it easy.

The grand jury indictment announced by the Justice Department on February 12, 2018 alleged that 13 Russian nationals acted to interfere with the U.S. political process. The program had the code name "Laktha" and began in 2013. The headquarters, named "Internet Research Agency LLC," was located in St. Petersburg, Russia. Two other companies were also created in order to organize the efforts: "Concord" and "Concord Catering."

In order to conceal the Russian origin of the acts – those 13 defendants indicted for interference with the 2016 election – the Russians had to disguise the identity of the persons behind the activities and carefully conceal the origin of the money used.

In order to purchase Facebook ads, a source of money was needed. Payments were also necessary to purchase campaign rally signs, print leaflets, and so on. The Russians did not want to use their real names, since the U.S. intel community would immediately know that Russian operatives were behind activities to disrupt the American political process.

How the Russians hid their involvement for four years is an interesting story. What they did was pay for everything done in the U.S. through a "straw man" payment scheme. But what is interesting is that the straw men the Russians used knew nothing about their own involvement. The amount of money involved was substantial: often $1.25 million a month. These funds, originating in Russian government grants, were used to fund campaign interference operations in the U.S.

The Russians moved the money into the U.S. banking system by using unwitting Americans to establish bank accounts and PayPal accounts. Through these accounts, the Russians funded their campaign disruption activities.

Since the program needed established, legal American identities, the Russians purchased personal information on the internet of real Americans who already had bank accounts. The Russians obtained the names, addresses, Social Security numbers, and birthdays of Americans. Enough to open bank accounts.

But while most people understand identity theft as a method used to break into somebody's personal bank accounts and credit accounts in order steal that person's assets, or establish a new credit card and run up debt for the unknowing victim, the Russians employed a far more clever identity theft scheme: using the personal information of real Americans, they opened up new bank accounts using people's valid information. Then they put money into those accounts. The next step was that they then opened new PayPal accounts, using as a bank reference the bank accounts. The PayPal accounts were used to pay for all their subversive activities. The money from the Russian government grants was moved into these bank accounts through Internet Research, LLC; Concord; and Concord Catering, who were legitimate companies.

This scheme solved two critically important problems: 1) it enabled the Russian nationals to hide behind the valid accounts of Americans, and 2) it enabled them to readily use a PayPal account, legitimately set up using a valid bank account, to pay for their U.S. subversive activities. These activities involved everything from travel expenses to purchases of signage to set up anti-Hillary rallies and so on. All the expenses associated with traveling to, living in, and setting up campaign rallies were paid for this way.

Since these PayPal accounts were set up using legitimate bank accounts (PayPal requires an established, legitimate bank account such as checking or savings to serve as the source of funds), no one suspected anything. The persons whose identities were stolen were never alerted and never became suspicious, since the Russians never stole from them or set up credit card accounts. When PayPal checked on the credit and personal information of these phony Russian bank accounts, all they found was an ordinary American John Doe, who already had other bank accounts using the same name, Social, home address, and credit history.

The clever part of this is that only eight people's names and IDs were used, and this scheme lasted, for each person, only five days. No red flags came up, since no money was stolen from a person's existing credit card account or bank account. The cleverness is that the identities were used to establish new accounts, and the Russians always put money into these accounts. They made American citizens into straw financiers of their U.S. operations. It was all smoothly done and lasted for nearly four years. The indictment published February 12 actually gives the initials of the real U.S. persons whose identity information was used and the dates the scheme went on.

There may well be similar operations going on right now through PayPal to fund Russian activities in the U.S. And given the tens of millions of American identities floating around on the internet, there may be new accounts started, used, and closed within days. The Mueller indictment covered only the operations done under the three companies. The true number will probably never be known. But for now, the Mueller investigators had enough to indict 13 Russian operatives. It's a fascinating study in how to funnel money into U.S. bank accounts using the information of real Americans.

In the past, the CIA and other U.S. intel agencies would use shell companies or straw purchasers. But compared to the Laktha project, these were relatively unsophisticated.

It was easy for the Russians to find complete identity information on Americans: forty million Target Store accounts were hacked in 2013 alone.

And 22.1 million federal employees had their personal information hacked in July 2015. The database was managed by the federal Office of Personnel Management, and the hack was considered a serious breach of the OPM's I.T. firewalls. The information hacked was personal identity information from retired federal personnel as well as those currently employed.

Any one of these cyber-security breaks, which involved over 60 million people, could have easily provided the Russian operatives all the information they needed to cover up the Russian involvement while engaging in activities designed to disrupt the 2014 and 2016 American elections. In fact, the Mueller indictment lists only eight people who were exploited in 2015 and 2016 whose identity information was used by the Russians to set up PayPal accounts.

These activities, generically called disinformation campaigns by the intel community, are as old as humanity. There is nothing new about one nation trying to manipulate the political campaigns of other foreign nations. The CIA does it all the time. But the internet and the presence of virtually all personal financial information on the web make such information available to anyone around the world who knows how to tap into and exploit it.

Michael Bargo, Jr.


Follow Middle East and Terrorism on Twitter

Copyright - Original materials copyright (c) by the authors.

No comments:

Post a Comment