Disinformation and the Case for a Well-Regulated Cyber Militia

As experts contemplate how to address the serious risk to national security posed by disinformation, there is consensus among many for better expert coordination, better communication and better education as our best options for addressing the issue. Some are arguing for a centralized government office to help direct it all.

Still others, like former CIA Officers Stephanie Hartwell and Steven Hall, aren’t looking to government to do more, but are instead urging us to look to other countries that are having greater success managing the threat and mobilizing their citizens to help.

Steven L. Hall, Former Member, CIA’s Senior Intelligence Service

Cipher Brief Expert Steven L. Hall retired from the CIA in 2015 after 30 years of running and managing intelligence operations in Eurasia and Latin America. Most of Hall’s career was spent abroad, overseeing intelligence operations in the countries of the former Soviet Union and the former Warsaw Pact. 

Stephanie Hartell, Former Group Chief, CIA

Stephanie Hartell is former Group Chief of CIA’s Counterterrorism Center’s Technical Targeting, one of CIA’s largest technical collection programs. Hartell also managed CI programs for several field locations in Southeast Asia and for CIA’s Counterproliferation Division. 

“A well-regulated militia, being necessary to the security of a free state…..”  – excerpt from the Second Amendment to the Constitution of the United States

Estonia is located right next door to Russia, a geographic reality which over the years, has proven challenging for the small Baltic country.  The experience of having been invaded by the Soviet Union in 1940, and then subsequently, occupied for almost 50 years, has provided Estonia a degree of focus that we, in the United States, lack.  The Estonians have long understood that living in the shadow of the much larger Russian bear, means that each and every one of their citizens needs to do their part to protect themselves from Moscow’s attacks, whatever form those attacks might take.  Estonians understand it is not just about their government or their military.  It’s about each and every one of them.

Contrast this with the situation in the United States.  As of now, the probability of an actual physical invasion by Russia using conventional or even nuclear forces is highly unlikely.  While the United States has more and much larger hard power, like Estonia, America has been subjected to withering attacks from Russia using the most virulent form of soft power, cyberattacks and information warfare.  Yet, Vladimir Putin has been more successful at damaging our country using information warfare than he has against Estonia, a country which is both much closer to Russia and much smaller than America.

How is this possible?  Why has the United States, with a huge military budget (one that includes funding for both offensive and defensive cyber capabilities) failed to stop or even meaningfully address Russian disinformation attacks – attacks that for the most part weaponized social media run by American companies?  Perhaps it is American diversity, or our individualism, or maybe multiple generations who have not broadly experienced war that has made us complacent, even doubtful, of the extent and danger of Russian aggression.  It is, whatever the reason, remarkable.

After its independence following the dissolution of the USSR in 1991, Estonia established itself as a Western-leaning democracy, and elected American-educated Toomas Ilves as its president.  Ilves was president in 2007, when the Russians launched a large-scale cyberattack against Estonia, damaging its infrastructure from news outlets to its financial system. The attack was Russian retaliation for the removal of a Russian statue from Tallinn, Estonia’s capital, venerating the Soviet Union’s contributions during World War II.  Part of the Soviet “contribution” was the annexation of Estonia into the USSR, so Estonia’s desire to remove the statue is understandable.  And while the Russian outcry in response to the statue incident was predictable, the use of a cyberattack was not. The 2007 Russian attack was the first time Moscow truly flexed its cyber muscle as a means to achieving a geopolitical goal.  Since 2007, Western democracies from Germany to France to America have all experienced the results of Russia’s new-found cyber capability.

Estonia, perhaps more than any other country, learned from the experience, and has steeled itself against further online Russian attacks by creating a modern-day force of Estonian volunteers to fight back against its much larger neighbour.  Their goal: to find, fix, and finish Russian cyber warfare aggression against their country.  They are real patriots, citizens who do more than stand at a ball game while the flag is raised, hands over hearts.  The group Estonia has formed to defend itself against Russian cyber aggression is comprised of Estonian citizens taking civic action on behalf of their country, assisted and orchestrated by a website called Propastop.org.

Think of it.  A country a fraction of the size of the United States, with a fraction of our resources, is successfully and unambiguously standing up to the threat of Russian cyber aggression.  Sound inspiring?  To all Americans, regardless of political bent, it certainly should.  Why can’t we do the same?

Government Can’t Do it for Us

It is of course tempting to say, “Well, protecting us against Russia and other foreign adversaries is up to the government.  That’s why we have Cyber Command, NSA, and CIA.  That’s why we have the military. That’s why we pay taxes.”  But the cyber threats posed by Russia cannot be entirely or even significantly neutralized by the federal government.  The US military and intelligence agencies, when focused as they were designed to be, on external threats like Russia and China, have significant capabilities.  But those capabilities are much more limited when looking inward toward the homeland, and for good reason.

There are legal constraints that properly protect the notions we value in democracies, such as freedom of speech and privacy rights.  Most Americans are uncomfortable when they see US forces marching down the streets – and that is a good thing, a healthy sign in our democracy.  American civil liberties pose less trouble when the US military or intelligence services are operating on a foreign battlefield.  But Russia has brought the cyber fight to America, into our living rooms and onto our kitchen tables, often using servers owned by American companies and located on US soil.  We cannot rely solely on our naturally outward-facing intelligence services and military to rally Americans to mount a successful counterattack against the Russians or our other adversaries.  It may cause them to think twice, but in the end, it will not stop them.

KGB tactics and the Reagan response

The modern-day version of the Soviet KGB – Russian intelligence services such as the SVR, the FSB, and the GRU – regard on-line disinformation campaigns as a critical component of hybrid warfare against the United States.  Russia understands it would lose a conventional war against the US or any of our NATO allies.  And yet, as part of his geopolitical goal to make Russia a world power again, Putin seeks to weaken democracies worldwide, especially the US.  The Internet is the only place where the Russians can match American strength, and they do so by striking at wedge issues that already divide us, weakening us from within.  While Russia has used information operations against the West for years, Putin must be shocked at his good fortune these days: America is more divided right now than any time in either of the authors’ lifetimes.

The best historical example of the insidious nature of Russian disinformation is the long debunked but often regurgitated AIDS propaganda story planted by the Russians in the 1980’s, now known as Operation Infektion.  As part of this operation (conducted decades before the Internet became widely available), the Soviets disseminated various versions of the genesis of HIV, the virus causing AIDS.  Moscow had the world believing that the disease originated inside the US government (either in the Department of Defense or the CIA) as part of a biological warfare plan.  There was also an African angle – Soviet propagandists claimed falsely that the CDC sent doctors to Africa to find an infectious disease so that America could horrifically weaponize it.  Not unlike the racial undertones used when describing COVID-19 as “The Chinese virus” or “The Wuhan virus,” the Moscow-based AIDS fiction picked, and continues to pick, at the open wound of racism that has plagued America for hundreds of years.  When Moscow’s involvement in the AIDS story became clear, we had a president willing to strike back at the Russian aggression.  Ronald Reagan created a task force that painstakingly traced the bogus AIDS story back to the KGB.  Reagan himself delivered the findings to Gorbachev, eliciting an apology from the Russian President.

Fast forward to 2016, when Moscow authored another information attack against the United States using social media.  This time around, Russia created opposing Facebook pages, one called “Heart of Texas,”  a right-wing entity which among other things, espoused Texas secession, and another entitled “United Muslims of America.”  Both of these purported to be based in the United States and run by Americans.  Moscow, via these bogus electronic pages, organized rallies at the same time and place in Houston:  one (by the United Muslims group) supporting a better understanding of Islam of Texas, and the other (by the Heart of Texas group) violently opposed to it.  The goal in getting the groups together was to provoke violence and amplify dissention.  The Russian intelligence services had little trouble getting Americans to take to the streets against one another.  And all of it was accomplished remotely, from the safety of far-away Russia.

Fast forward again to June 2020.  A left-leaning activist named Adam Rahuba, using a FaceBook page called LeftBehindUSA, urged progressives to protest at the civil war battlefield at Gettysburg.  Predictably, this caused right-wing activists who were worried about the removal of Confederate statues and symbols to descend upon Gettysburg, so as to protect the site from supposed Antifa atrocities, such as flag burning and grave desecration. On cue, a group of angry and heavily-armed individuals, many bearing confederate flags, arrived at Gettysburg to defend Union army graves from, well, nothing.  Rahuba had fabricated the event, with the goal of embarrassing right-wing activists.

This should be a lesson to both sides of the political spectrum: we all need to be on the lookout for social media-based influence operations.  A well-regulated cyber militia would benefit all Americans from attackers, both foreign and domestic.

A Well-Regulated Cyber Militia

It is clear that Russia (as well as other adversaries) have launched a new wave of information attacks and hybrid warfare against us.  We have also posited that the tools of the federal government, such as the military and intelligence agencies, are best suited to the foreign battlefield.  What is required, therefore, is for the American citizenry to take the protection of our democracy directly into our own hands.  This is in the American DNA, going back as far as the Revolutionary War.  What we need is a well-regulated cyber militia, necessary to the security of a free State.

What exactly do we mean?  First, all Americans, regardless of political bent, should understand that they are really the front line of cyber defense.  The Russians and other adversaries (China, Iran, North Korea) are targeting society using social media, so we as members of that society must educate ourselves in order to defend the country.  Those of us who regularly use social media must understand how we are being targeted.  Is there a meme or an article or a feed which enrages (or delights) you?  Take two minutes to research it before you amplify it.  Does a Facebook page contain highly-partisan content but remarkably bad grammar?  Perhaps it is run by foreigners who seek to damage America.  Take five minutes and research it.  Does a Twitter account sport a photo of an attractive young woman, downloaded from elsewhere on the Internet?  Perhaps it is a fake account.  Dig into it. Expose it.

How Can an Average Citizen Research such Information?

Let’s look again to Estonia, whose citizens have essentially deputized themselves to fight online for their country.  The Estonian PropaStop.org site is worth taking a look at.  On Propastop, Estonian cyber militia warriors find tools needed to spot and stop the Russians.  The American version should be simple and direct: daily identification of disinformation, a tutorial on how to spot and debunk Russian information operations, and maybe a weekly award for valor in preserving democracy.  There are other mechanisms that also could be included on the American version of such a site, and undoubtedly it would evolve as new threats emerged.  The bottom line is it would go a long way toward getting America where it needs to be if we hope to fight Russia and other adversaries at the best level – the grassroots level.

The American platforms that Russia weaponizes (Facebook, Twitter, Instagram, and so forth) should sponsor and actively support this cyber defense.  Large American companies protecting American national interests is also in our DNA.  During World War II, American industry directly supported the war effort.  During the Cold War, American technology companies worked with the US Government in the face of worldwide Soviet aggression.  It should be no different today. Each social media platform should help develop and prominently display a link to the American version of Estonia’s Propastop.  At the very least, actions like these might help tech companies avert the government regulation they seek to avoid.

It will take all the ingenuity and steadfastness of Americans to beat back the Russians and out other cyber adversaries.  But what better patriotic undertaking, both for the American social media platforms that financially flourish in our free society, and for American citizens, whose militias helped shake off our British overlords in the 1700s.  Our founding fathers strongly supported the formation of militias and deemed them necessary to win our independence from tyranny.  And while the founders could not have imagined cyberattacks, much less cyber militias, we cannot help but think they would support the idea.  This is the 21st century call to arms to protect what Lincoln instructed at Gettysburg:  that a government of the people, by the people, and for the people, shall not perish from the earth.

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief 

Find out more about our network of experts




The post Disinformation and the Case for a Well-Regulated Cyber Militia appeared first on The Cipher Brief.

Russian Aims in Afghanistan

Bottom Line: Russia is accused of funding Taliban contract killings of US troops in Afghanistan. US military officials made limited accusations of Russian arms support for the Taliban in 2018, a turnaround from the heyday of US-Russian cooperation in Afghanistan 2009-2014.

Recent reporting by The New York Times that intelligence indicated Russia may be placing bounties on the lives of US troops in Afghanistan started a virtual uproar in Washington with questions surrounding whether the president had been briefed on the intelligence and what the US response should be, based on what was known.

The House Foreign Affairs Committee is taking on the issue of managing the Russian threat in a session with former CIA Director and Secretary of Defense Leon Panetta on Friday.

The Cipher Brief wanted to take a broader look at the issue, so we brought in a range of experts for their perspective on Russia’s motivations in Afghanistan and elsewhere.  We want to know how Russia is involved in Afghanistan, what their interests are there and to provide some context by revisiting Russia’s history of involvement there.


  • On June 26, The New York Times reported that the Russian military had offered bounties to the Taliban for killing US and Coalition troops in Afghanistan, according to an off-the-record US intelligence assessment. The next evening, Director of National Intelligence John Ratcliffe announced “neither the President nor Vice President were ever briefed” on such intelligence. The Administration has denied being briefed but has neither confirmed nor denied the Russian operations themselves. President Trump tweeted that “Intel… did not find this info credible, and therefore did not report it to me.”
  • 2 US troops have died in Afghanistan from hostile gunfire or explosives this year and 19 died in 2019. According to anonymous sources, interrogation of Taliban-linked militants, criminals, and discoveries of US cash have connected bounties to some of these deaths. The bounties were allegedly offered by the GRU (GU) Unit 29155, the Russian military intelligence agency’s covert action group responsible for the Skripal poisonings in 2018. According to The New York Times, at least one US death was the result of bounties, offered and paid in 2019.
  • Various anonymous sources inside the US and UK intelligence communities confirmed the assessment to The Washington Post and Sky News. Russia has dismissed the allegations as US disinformation. A Taliban spokesman also dismissed the story as an attempt to defame them.
  • Russia has a base in bordering Tajikistan and deployed S-300 air defense units there in 2019. Moscow has been engaged diplomatically, holding contacts with the Taliban (according to Taliban officials) at least since 2007. While the West mediated between the US-backed Afghan government of President Ashraf Ghani and other factions, Moscow hosted parallel talks, shunned by Ghani, including a February 2019 visit by the Taliban.

Russia’s interests include:

  • US military resources being bogged down in Afghanistan, possibly including a breakdown of the February 29, 2020 US-Taliban withdrawal deal, to deflect attention from great power competition
  • The Kremlin’s under-siege narrative in domestic politics could be reinforced by another round of US sanctions, if they were to be triggered by the intelligence on Afghanistan
  • Nevertheless, Russia’s Central Asian allies see the Taliban as a major threat, and it holds the status of a banned terrorist organization in Russia
  • Seeking revenge for the US role in Soviet-era casualties could be one of several GRU institutional interests without approval from Putin

According to NYT, US officials are uncertain about how high in the Russian government the covert operation was authorized and what is its aim.

  • From 1979 to 1989, the Soviet Union waged a debilitating war in Afghanistan, with Mujahideen guerillas then backed by the US. Moscow had close contacts with the Northern Alliance during the 1990s and after the 9/11 attacks.
  • Russia was initially a key partner for US military operations in Afghanistan. In 2009, with President Medvedev’s offer, the Northern Distribution Network was activated, allowing the US military to transport supplies and troops through Russian airspace to bases in Uzbekistan and Kyrgyzstan on the way to Afghanistan. NATO could use the NDN for 4,500 flights per year, offsetting its dependence on Pakistan. From 2012 to 2015, an air hub in Ulyanovsk was opened to Afghanistan-bound NATO supplies.
  • Russia has politically engaged both the Taliban and the Afghan government, viewing the country through a security prism and the containment of ISIS as the highest priority. Openly, it provided arms only to the government.
  • Russia never supported the NATO Resolute Support mission launched in 2015. As the Afghan government’s control of the country waned, Russian influence has increased. In 2017, US military officials began accusing Russia of providing support for the Taliban:
    • In 2018, Resolute Support’s Commander John Nicholson called them out in a BBC exclusive, describing Russian weapons left behind after exercises in Tajikistan and smuggled into Afghanistan. According to Afghan sources, this included night vision goggles and small arms.
    • US officials also disapproved of Russian parallel talks with the Taliban apart from those run by US Special Envoy Zalmay Khalilzad.
      • The US engaged in peace talks with the Taliban from 2018 to February 29, 2020, when a deal was reached that detailed a timeline for US withdrawal of troops from Afghanistan, agreement for intra-Afghan talks between the Afghan government and the Taliban, and agreement by the Taliban not to launch attacks on the US from Afghanistan
        • Intra-Afghan talks have been agreed upon by both sides, but a date has yet to be set

The Cipher Brief tapped Cipher Brief Expert and former Senior Member of the British Foreign Office Nick Fishwick, Founder and President of the Institute for the Study of War (ISW) Dr. Kimberly Kagan, and Cipher Brief Expert and former Russia specialist and Senior CIA Officer Steven Hall to provide perspective on the issue.

We asked each for their insights and began by asking Nick Fishwick how he views the allegation that the Russians were paying bounties to the Taliban.

Nick Fishwick, Former Senior Member, British Foreign Office

If this is true, which I don’t know, it would be disappointing but not surprising. Even when I was in Afghanistan over a decade ago, I was struck by the unhelpfulness of the Russians. They had no interest in helping us to bring stability to Afghanistan. It was all about schadenfreude. Since then, the Skripal affair has brought the modern role of the GRU into the spotlight- they are clearly ready to do very nasty things on the margins. I can only assume that this is in line with the modern Putin axiom that anything bad for the US has to be good for Russia. The Russians have legitimate influence in Afghanistan, especially with some in the north of the country, but are choosing not to use it constructively.

“I wonder however whether the Russians have a longer game. They may assume that any peace deal is bound to collapse, with or without a US stay-behind CT presence. So how do they best increase their influence in a new, Taliban-dominated Afghanistan? Keep their links with the anti-Taliban northerners, but also develop links with the Talibs.

I am guessing that the Russian game is (a) messing the US around as much as possible and (b) maximising their influence in Afghanistan after a peace settlement. They will use all their formidable intelligence capabilities – including good old-fashioned HUMINT – in support of these goals. Of course, US withdrawal from Afghanistan is not something the Russians want to disrupt.

My sense of Russian support for the Taliban is that it’s been about increasing their credit with the Talibs as they move towards power or power-sharing in Kabul, and about settling scores with the US, rather then about decisively shifting the balance of power in favour of the insurgents,” said Fishwick.

Dr. Kimberly Kagan, Founder & President, Institute for the Study of War (ISW)

It’s time to kill the myth in Washington that Russia is a good counter-terrorism partner for the United States. Russia pursues its own interests in its own ways. In Syria, Russia deliberately targeted the moderate opposition to eliminate it and paved the way for al Qaeda sympathetic organizations to prevail. Russia similarly ignored or bypassed ISIS.  In Afghanistan, Russia has supported the Taliban against the United States for years. Russia has engaged in this pattern of behavior in multiple theaters for many years, whether or not Russia issued or paid bounties for U.S. soldiers.

“When Afghanistan is peaceful or stabilized, it serves as a buffer between its neighbors. When it is contested in a civil war, it becomes a fighting ground that draws in its neighbors. The withdrawal of U.S. forces from Afghanistan will likely leave a vacuum in which Afghanistan’s neighbors will compete through existing and newly recruited proxies.  Russia, Pakistan, India, China, and Iran are nuclear armed or arming powers, which makes their competition inside of Afghanistan particularly dangerous for the world.

Russia has a longstanding interest in undermining the partnership between the U.S. and its NATO allies, which have fought together in Afghanistan.

Afghanistan’s minorities, including Uzbeks, Turkmens, and Hazaras have staunchly opposed the Taliban, who oppressed them during their rule of Afghanistan. The modern heirs to the powerful factions that undergirded the Northern Alliance in the 1990s likewise generally oppose negotiations with the Taliban in ways that will permit the restoration of Taliban rule. For these reasons, civil war in Afghanistan may follow the withdrawal of U.S. forces,” said Kagan.

Steven Hall, Former Senior CIA Officer

The Russians want the United States out of Afghanistan. They also want to try to minimize American soft power in Afghanistan; the diplomacy, aid, all of those things. Certainly, we can go back as far as the American government supporting the Afghans in trying to get the Soviets out of Afghanistan in the late eighties and the early nineties. I would argue that it probably goes back further than that in the sense that in Soviet times, countries neighboring Afghanistan, like Uzbekistan and so forth, were formerly part of the Soviet Union. So, the Soviet Union and now Russia, have always had a very deep interest in Afghanistan, which is effectively one of their neighbors.

“In the past, the Russians have identified places like Afghanistan as potential breeding grounds for Islamic extremists, who are closer to Russia and able to carry out those types of terrorist operations inside of Russia. There is a long history of the Russians wanting to consider Afghanistan more of their area of influence, their backyard, as opposed to an American one.

And remember, the United States has conducted several successful military operations against what turned out to be Russian mercenaries in Syria, that resulted in a number of Russian deaths. I think that probably is also on the minds of the Russians as they try to expand their influence in the region.

Geopolitically, one of Vladmir Putin’s main goals is to present Russia as a great power with the ability to exercise its will internationally in various theaters, whether it’s Syria, Libya, or Afghanistan. All of those things come together when it comes to Russia being interested in Afghanistan, interested in the United States being out of Afghanistan and their willingness to deploy all their methodologies to make that happen. I think you’re going to see evidence of that continuing in Afghanistan,” said Hall.

Cipher Brief Interns Abby Sonnier and Alexander Naumov contributed to this brief.  If you’re interested in a virtual internship with The Cipher Brief for fall semester, send an email along with three references to Editor@thecipherbrief.com

Read also The Real Russian Mission in Afghanistan with Cipher Brief Expert Steven Hall, exclusively in The Cipher Brief

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief



The post Russian Aims in Afghanistan appeared first on The Cipher Brief.