Matching Mueller’s Explosive Indictment

Much of the information offered in today’s Russian indictment was previously available in open sources

(Source: Department of Justice and @DFRLab)

On Friday afternoon, a long-awaited development finally came to light: Special Counsel Robert Mueller and his team brought forth an indictment against over a dozen Russian nationals and a number of organizations, the most visible of which were Russian businessman Yevgeny Prigozhin and the Internet Research Agency (IRA).

The 37-page indictment contained both new facts and a rehash of old information publicly available since 2014 about one of the most infamous “industries” in St. Petersburg, the so-called troll factory. Much of the indictment corroborated the U.S. Intelligence Community Assessment from January 2017 with specific charges and evidence added.

The indictment removed any doubt, if there was still any, that Russia unleashed a campaign of aggressive information operation aimed at influencing the outcome of the 2016 U.S. presidential election, eroding faith in U.S. democratic institutions, sowing doubt in the integrity of our electoral process, and driving increased polarization between U.S. citizens.

Much will be uncovered in the coming days, but much of the information offered in today’s indictment was already available in open sources. @DFRLab canvassed the names and highlights from the indictment, in order to shed more light on Russia’s efforts to sow digital discord in America’s political discourse.

A rally #FloridaGoesTrump organized by the St. Petersburg Troll Factory on Facebook. (Source: Twitter / @NeeNeeLove4)

The Head Chef of Disinformation

The so-called St. Petersburg Troll Factory (or factories) was financed by Yevgeny Prigozhin, a Russian millionaire and catering mogul, hence his nickname “Putin’s Chef”. The fact that Prigozhin was the man behind the IRA has long been known, after Russian journalists unearthed the fact behind the “Olgino” troll factory in 2013 and its links to Prigozhin’s company named Concord, which was named in the very first indictment.

Prigozhin was front-and-center in today’s indictment, and his inclusion left no ambiguity of who was behind the IRA and its disinformation efforts. The indictment included one bizarre anecdote, in which IRA employees were able to arrange for an American to hold a sign up at the White House congratulating Prigozhin for his 55th birthday.

(Source: Department of Justice)

Lately, Prigozhin has been in the news for a different reason — the “Wagner” private military company (PMC) group that he reportedly bankrolled attacked U.S. forces in Syria and suffered between a dozen or hundreds of casualties.

The Number Two

The indictment named Mikhail Bystrov as the highest-ranking staffer at the IRA and Prigozhin’s direct contact on its ongoing activities.

(Source: Department of Justice)

However, this indictment did not reveal this information, as Russian journalists uncovered the IRA organization structure nearly four years ago. In June 2014, the St. Petersburg-based investigative news site Fontanka, which Prigozhin has had long-running feuds with, described how Bystrov was the General Director of the IRA. In later investigations, Bystrov — who was once a police chief — also headed an organization called Glasvet. The secondary organization was located in the same building as the infamous St. Petersburg Troll Factory at Savushkina 55 and performed the same function under a separate name.

The Executive Director

Under Bystrov, a man named Mikhail Bruchik served as the Executive Director of the IRA.

(Source: Department of Justice)

Much like Bystrov, Burchik’s position in the St. Petersburg Troll Factory was not unearthed by American investigators, but journalists and Russian hackers.

After a leak from the infamous hacker collective Anonymous International (also called Shaltai-Boltai), Burchik’s position as Executive Director became well-known. In 2015, Adrian Chen detailed in the New York Times how he contacted Burchik, who was described as a “young tech entrepreneur” and denied being employed by the IRA. Burchik allegedly said, “I have heard of it, but I don’t work in this organization.”

An open source investigation from independent researcher Lawrence Alexander unveiled more ties between Burchik and the troll factory, which showed he was involved in the development and usage of Twitter bot algorithms deployed by the IRA.

The Translator

Jayhoon Aslanov was listed as the head translator at the IRA for their projects focused on the 2016 U.S. Presidential campaign.

(Source: Department of Justice)

In November 2017, independent Russian media outlet RBC detailed the work of Aslanov, who was described of “the head of the ‘American department’” and a “27-year old native of Azerbaijan.” Aslanov briefly lived in America in the late 2000s, notably in Boston and New York. RBC reported in their investigation that Aslanov’s Facebook page was blocked — rather than deleted by the user — during their research, likely as a result of Facebook’s investigation into Russian interference into the U.S. election.

IRA Payroll

Most of the other individuals named in the indictment were relatively unknown prior to today. However, the payroll information for the Internet Research Agency was leaked in 2014 — with the names of the individuals who traveled to America to conduct “research” in the lead-up to the 2016 elections. The list, which has been publicly available for some time and understandable to anyone who can parse Cyrillic script, can be found here.

Leaked list of IRA employees from 2014. (Source: Imgur / Anonymous International)

IRA Online Activities

The groups created on social networks by the Russian troll factory have been extensively documented by a number of other investigations, both at the @DFRLab and elsewhere. The indictment focused on the more successful examples of the social network efforts from the troll factory, and not on the ones that picked up less traction.

A selection of the messages that were advertised shows the spectrum of language proficiency from the IRA, ranging from boilerplate political slogans (“We cannot trust Hillary to take care of our veterans!”) to extremely awkward and strained abuses of the English language (“Hillary is a Satan, and her crimes and lies had proved just how evil she is”).

(Source: Department of Justice)

One of the minor accomplishments of the IRA is to convince two Floridians to create a display showing “Hillary Clinton” in a prison uniform in a cage.

(Source: Department of Justice)

Since this example was made known, a number of people have tried to identify the exact incident where it was carried out. However, the “Hillary in prison” motif was far from a Russian invention. Thus, it was very difficult to identify any particular incident in Florida as the one described by Mueller’s team. Two such incidents on Florida can be seen below.

(Source: Twitter / Garance Franke-Ruta)
(Source: Twitter / Garance Franke-Ruta)

However, other specific incidents mentioned in the indictment were identified, such as particular rallies in Florida, North Carolina, and other swing states that were organized by Facebook pages operated by the IRA. A list from the Facebook page of “Being Patriotic” (operated by the IRA) showed a number of demonstrations that actually took place.

(Source: Facebook / Being Patriotic)

For example, the rally in Pensacola was attended by nine people, counting the person operating the camera and asking the other attendees to yell “lock her up.”

(Source: Twitter / NeeNeeLove4)

More to come

The Mueller investigation will continue to run its course, but we can objectively erase any doubt, if there was still any, that Russia mounted systematic efforts to undermine the foundation of U.S. democracy— elections.

#DigitalSherlocks and journalists, especially those in Russia who have been investigating Prigozhin and the IRA long before it set its sights on America, have only started to corroborate the information found in today’s indictment. We will continue to research the individual incidents mentioned in the indictment for digital traces, with an eye toward archived social network activity.


Aric Toler is the lead digital researcher for Eurasia at the Atlantic Council’s Digital Forensic Research Lab (@DFRLab).

Graham Brookie, Deputy Director and Managing Editor of @DFRLab, contributed to this report.

Follow along for more in-depth analysis from our #DigitalSherlocks.