The 2022 invasion of the Ukraine essentially torpedoed the international English-language operations of the RT news network, formerly “Russia Today.” Pulled from cable and satellite provider lineups and deplatformed by YouTube and other streaming video sites, the outfit reportedly turned to a bot farm to hammer the social media outlets it still had access to with disinformation.
The Justice Department has seized two domain names and 968 user accounts linked to the bot farm operation, which it says was managed by RT employees with assistance from Russian intelligence service FSB. The purpose was to pose as legitimate residents of foreign countries, mostly the United States, and post material supporting Kremlin objectives.
2022 backlash against Russian Media led to formation of bot farm
While RT remains in operation in its own country and select foreign countries as a state-run media outlet, it experienced sweeping bans in March 2022 after the invasion of Ukraine commenced. The outlet had been operating in the US and UK since 2010, carried by major satellite TV providers DirecTV and Dish and also available on YouTube and other streaming platforms online. Over its run the network attracted recognizable media figures like Larry King and Dennis Miller as show hosts, but also developed a long-running reputation for promoting fringe conspiracy content and disinformation and platforming guests known for their anti-US sentiment.
Those bans seemed to immediately prompt it to turn to a bot farm to continue reaching English-language markets, according to the Justice Department. This was backed by AI that generated social media profiles purporting to be from real people in the US and other countries, the development of which began sometime in 2022. An unnamed individual working as a deputy editor-in-chief at RT headed up the project, which was supported by RT’s leadership.
The operation seems to have been wholly managed by RT staff through 2022, during which time they began purchasing infrastructure to support the bot farm. FSB involvement came in early 2023 as the Kremlin put government money behind the project and assigned an FSB officer to create a private intelligence organization (P.I.O.) staffed by RT employees to formally make it a disinformation operation.
The operation appears to have focused heavily on spreading this disinformation on Twitter, now called X, which is where all of the 968 seized accounts came from. There are apparently more accounts than this, which X has since voluntarily suspended. Examples shared by the Justice Department from late 2023 show these accounts posing as “anti-NWO” activists and crypto enthusiasts that appear to be real people from the US, making claims such as Ukraine lying about foreign enlistment numbers and that Putin’s true objective is to fight against some sort of NWO plot. Other material also focused on alleged Russian historical claims to parts of land in Ukraine, Poland and Latvia.
Disinformation campaign relied on use of US-based domain names
The disinformation campaign added authenticity by registering two domain names in the US and leveraging the bot farm to create the email accounts then used to register Twitter/X accounts. The use of US domain names constitutes a violation of the International Emergency Economic Powers Act, and the payments made to secure the domains violate federal money laundering laws.
The AI bot farm was also put to use in the form of a tool called “Meliorator” that generates fake social media profiles, not only creating false names and pictures but also generating the disinformation content that they post over time. An IC3 cybersecurity advisory suggests that at present the tool only works on X, but there appear to be plans for expansion to other platforms such as Facebook and Instagram.
The bot farm did not appear to do a particularly good job at reaching its targets with disinformation, however. Screenshots shared by the Justice Department show the sample accounts having a follower count of just a little over 20 people. This mirrors recent reports by Meta and OpenAI that indicate Russia and other foreign intelligence services are attempting to leverage their generative AI tools to create disinformation, but these campaigns are not managing to reach a significant audience. The threat actors have had more luck hand-crafting fake news stories and publishing them through fake newspapers allegedly based in the US, which are occasionally picked up by conservative or pro-Russia commentators with millions of followers.
Microsoft’s Threat Analysis Center recently issued a warning indicating that foreign disinformation campaigns focused on the 2024 election are beginning to ramp up on Telegram, a slow start as compared to Russia’s efforts in 2016 and 2020. Stephen Kowski, Field CTO at SlashNext, warns that we have not yet seen the full range of possibilities that AI bot farms might be used for: “The 2024 U.S. election and ongoing global conflicts will likely lead to increased nation-state cyber activity and disinformation campaigns. We may see more attacks on election infrastructure, political organizations, and media outlets. Protecting against these threats will require a combination of user education, advanced threat intelligence, and robust email/web security measures.”
Jason Kent, Hacker in Residence at Cequence, elaborates on what disinformation attacks by AI bot farms might look like in the near future: “As we approach election season, we can expect more and more of this. I find that these AI driven bots are powerful as they are just as capable as learning the algorithm that drives a post’s views, they can pull the reverse card on the opposite sentiment. Taking these types of bot networks down is an extremely difficult and important task, one that usually results in the head of the hydra growing back with 2 heads. The more detection mechanisms that are known, the harder it is to take the next botnet down. Lets say a politician wants to squash all of the other politician’s posts. One way they can do that is to let a botnet repost with known “bad” information and the post suddenly isn’t ringing with the sentiment detection portions of their AI and suddenly that post isn’t important and isn’t being shared. The same rules apply with pushing a post up and making it trend. Everyone just needs to stop and think, “did I just read a post that caused an emotion?” If this post is on social media the next thought needs to be “I don’t trust this content.””
