Mass Shootings and Manipulation of the Masses: Exposing Russia’s Disinformation Weaponry
Since the beginning of the Trump administration, Americans have been continually stunned by a stream of near constant scandal and corruption. Since Mr. Trump assumed office, a small band of dedicated Americans have come together under the banner of the #AltGov to oppose his most dangerous policies, and stop the flood of misinformation that swept him into office.
Recently, we have assembled a group of specialists to intercept, oppose, and study the measures Russia has deployed against the United States. Harkening back to Soviet tactics, Russia has deployed techniques known as provokatsiya, konspiratsiya and dezinformatsiya, which form the core of their efforts to create social unrest and division among the American people. This type of attack is frequently known as PSYOPS, or psychological operations, which target an enemy’s collective unity and will to fight. In recent years, with the advent of social networking, advancements in machine learning, and specific micro-targeting PSYOPS has become an inexpensive, easily automated, and frighteningly powerful weapon, compared by Russia to the test of the first Soviet nuclear bomb. Its intent is to overwhelm, confuse, and divide the American people into doing what Russia cannot: effectively impacting the American homeland.
For a more comprehensive view, we have included several sources at the conclusion of this article, namely Collusion by Luke Harding, the “Firehose of Falsehood” study of Russian propaganda by the RAND Corporation, and The Kremlin Playbook by Heather A. Conley.
What we are facing is nothing less than an electronic battlefront, and we intend to equip our readers with the skills necessary to effectively oppose this onslaught against our sovereignty:
- Further reading
- Tools and Specific Descriptions of Data Gathering from Social Media
- Definitions of specific terms
What is Happening?
The unsettling part of pysops and automated disinformation is that no event, no matter the devastation, is safe from exploitation. Every moment of significance in our national life, from the joyous to the disastrous is seen by Russia as an opportunity to further their falsehoods.
This past month we saw a clear example of this tactic. On February 14, 2018 Marjory Stoneman Douglas High School experienced a deadly mass shooting by alleged gunman Nikolas Cruz, a 19 year-old former student who gained access to school property and is alleged to have coldly murdered his former classmates. Even as details were emerging, the Russian disinformation weapon kicked into high gear. On Twitter alone an attack originating from an overseas organization was quickly apparent.
Within 48 hours after the shooting, even as students were barely recovering from the incalcuable trauma they experienced, we discovered the following message being transmitted through social media, specifically throughout the Twitter platform.
The Tweet:
‘HIGH SCHOOL SHOOTER CONFIRMED #DACA RECIPIENT #q #QAnon’
Immediately, the attempt to cause division can be seen. By harnessing the debate over border security, this foreign threat sought to amplify divisions between Americans in a time of crisis, the very moment when national unity is most crucial.
The tweet was accompanied with a link to domain Voytus.me and the following image deliberately distorted and confusing image, designed to trick the less observant into believing they were seeing a screenshot from news coverage:
Immediately the nature of this tweet as a deliberate PSYOP became evident. Multiple Twitter accounts echoed the exact same text, rather than retweeting an original message as occurs with natural organic content on the platform:
Data Pull & Analysis
With the obvious pattern of accounts tweeting the same exact tweet, we use that as the query and pulled 100 instances of this from the public Twitter search API. During this process two different programming languages were used to pull and analyze these tweets. With Python we were able to scrap metadata on the accounts that were sending this unified message. After filtering out retweets we were left with 55 instances of this message being tweeted and discovered the following automated pattern.
The earliest tweet in the dataset was created on 2/15/2018 at 12:58:56 AM posted by the account @Christokes0, quickly followed a few minutes later at 01:09:21 AM by an identical tweet from @chris_stokes3. These two accounts appear to be the same person pushing out highly automated content. At 8:09 PM the same day we see our first “planting”, tweets we have concluded triggered a flood of messages from an automated set of accounts known as a “botnet.” The three “planting” tweets came from 3 accounts mere seconds apart at 8:09:07 PM, 8:09:13 PM, and 8:09:14 PM. The rapidity of the repetition clearly indicates an automated computer-driven mechanism of posting, as the proximity of the messages were too closely clustered to have been retyped by a human.
The following day one element of the disinformation weapon that has been tampering with our Democracy came online. A group of automated accounts, which we have coined the “Tokyo Botnet” began pushing the same identical false message for over 13 hours, in repeated bursts every 24 minutes, originating from approximately 50 accounts. These messages spread throughout the network, gaining an unknown amount of views, engagement, and reception, thereby fooling American citizens into believing the shooter was a DACA recipient. Knowing the fault lines in American society over immigration, this was a boldly xenophobic tactic to associate immigrants with such devastating violence intend to divide our nation.
Attribution and Origin of the Attack
While the origin is not definitively known, our working theory is that the attack was launched by a domestically by Chris Stokes(@chrisstokes0/@chris_stokes3), rather than directly by Russian actors or the owner of the Tokyo Botnet. Mr. Stokes has expressed white supremacist views, and it is possible he simply saw an opportunity to sow derision against immigrants, and used automation to push his simplified message for maximum exposure by hiring one of many botnet services available over the Dark Web. It is also possible that Mr. Stokes was radicalized by ISIS-style online propaganda. We also cannot rule out that he may have had foreign inspiration, training, or instruction.
Below is a subset of those accounts and the content they pushed with identical text and the identical images. After locating the source accounts pushing this message we sought a better understanding of this ‘botnet’ and its inner workings.
The accounts we e explored what appeared to be a series of automated accounts pushing various news stories, with one consistent element: the links originated from two websites: Votyus.me and RealUs.Site . A quick scan of these links showed that they do not contain malware or other malicious content, beyond the false messages they were repeatedly posting.
Based on more recent findings to be explored in an upcoming article, we believe that the elements of the Tokyo Botnet we discovered are only a small subset of a much larger group of accounts directing people toward the falsehoods on these sites.
Who is Chris?
We’re glad you asked. Let’s share what we think we know about Chris.
Here is an archive of his account in case he tries to clean up his act.
And some lovely images of him.
The Sites
While the bots pushed a message and an image they also shared link-backs to news consolidator sites, both votyus.me and realusa.site . This is not the first case in which these sites have been tied to disinformation botnets. In fact, both these sites were linked to an automated push to amplify a scandal involving the former senator Al Franken, with the intent of forcing him from office. Further information on this story is available here.
We then utilized Whois Lookup on these websites, which provides information on the individual or corporation that registered the domain name. To our surprise, this information was public, and undisguised.
Both of the websites linked back to Tokyo, Japan, specifically an address in the business district. An even bigger shock was when we discovered the owner of one of the sites had his name listed clearly as the admin for Voytus.me . Could this possibly be the person running the botnet and artificially creating directing traffic to these sites? Or was this person merely a dupe, an owner of a hacked website hijacked from another source?
The individual registered as the owner of Voytus.me , the same site connected to the unified tweet and same site connected to this botnet, goes by Astufumi Otsuka. Either he, or someone in control of his infrastructure, is connected to the Tokyo Botnet, the same botnet that was rented to spread Chris Stokes’ anti-immigrant propaganda.
Whois source information:
The Founder
Astfumi Otsuka is the founder of a start-up in Japan specializing in web and mobile advertising called APP-CM. Could this be the person overseeing the Tokyo Botnet used by Chris Stokes to spread disinformation about the Parkland Shooter?
Whether he holds all the answers or not, this is a subjected that needs further investigation. We intend to use every resource at our disposal to determine these facts, attribute this attack to its source, and one day live in world with fact based news. Until that day, we want to leave you, the reader, with some data in hope that it may allow you to protect yourself and those you love from the corrosive effects of disinformation and propaganda.
In the absence of a Federal response, when the state fails in its duty to protect its citizens, the inalienable right of self-defense, incapable of extinction, reverts to the individual. While it is crucial that anyone pursuing such investigations adhere strictly to the law, it seems we have reached the point where every day citizens, without necessary assistance from governmental organizations, must educate themselves and organize to protect their own civil liberties.
This article is written in the hope that it leaves Americans better able to confront this existential threat to our Democracy.
Thank you for reading. God Bless you. God bless the brave students of Parkland. And God Bless the United States of America
Signed this day March 5th, 2018, #AltGov Information Restoration Division
Resources
Botnet Accounts
The Companies Behind The Botnet
The main company App-CM is in Japan. Their main funder Yeahmobi, is based in China.
Links For Further Reading
Three articles that lead in and support our findings Pay attention to the one by Mike Farb.
These books will get you up to speed on where we are in the war and how we got here.
Fun Kremlin Terminology
- Provokatsiya: A political event staged by an intelligence service on behalf of its government in order to accomplish some political goal.https://en.wiktionary.org/wiki/provokatsiya
- Konspiratsiya: Conspiracy (stoking conspiracy is a corner stone tactic chem trails anyone? How about some flat earth?) https://en.wiktionary.org/wiki/konspiratsiya
- Dezinformatsiya: Disinformation, especially in the context of the former Soviet Union https://en.wiktionary.org/wiki/dezinformatsiya
This article was jointly written by:
