There are now a number of Twitter accounts posing as 'Typhoon Investigations'. I was able to eliminate most of these as imposters or unlikely to be connected to the original source. One, however, stood out.
It does seem plausible that TyphoonInvesti1 AKA 'Martin Aspen' could be connected to the original source of the report (which you may recall gave its author as 'M A'). This account pre-dates the earliest known published version of the report on Sep 3.
The account appears to have tweeted trying to build hype for the report as early as Aug 16. It has tweeted only 8 times overall, including directly claiming authorship of the report. An archive of the account is available here in case it goes down: web.archive.org/web/2020102721…
This account was created on August 1, presenting as a security consultant specialising in Asia and Eastern Europe. There are also associated Facebook, LinkedIn and Wordpress accounts, which I'll get to below.
First, let's have a better look at 'Martin Aspen'. Sharp-eyed #OSINT-ers may already have some questions about this profile picture.
It appears likely that this image has been created artificially using a GAN, perhaps through a tool like This Person Does Not Exist. For example, zooming in on the eyes shows the irregular shape of the iris.
Huge thanks to @benimmo for doing additional analysis on this image, which further suggests this image is likely to be AI-generated based on alignment of the eyes. You can see more about this technique on Ben's Twitter here:
The same profile picture has been used on a recently created Facebook account for 'Martin Aspen'. The earliest activity on this account was Aug 13. On Aug 14, 'Martin' tweeted in Italian about the "view from the new house, beautiful!"
Awkwardly, however, these photos are from two separate holiday accommodation properties.
They are at least both in Lugano, Switzerland, where Aspen and Typhoon Investigations are both supposedly located. On the Wordpress blog (promoted via Aspen's Twitter account on Aug 16) Typhoon's address is given as Via Maggio 1C, 6900 Lugano, Svizzera. This is a virtual office.
It also appears that previously the Wordpress site was listing a Mac repair shop as its address. Could be a coincidence, but under the circumstances it could also be read as a jokey reference to the current Giuliani-linked hard drive story.
I have searched Swiss company registration databases, and I have not been able to find official records of Typhoon Investigations (in English or French) or Martin Aspen.
There is a LinkedIn profile for a Martin Aspen which appears likely to be related. This profile has not yet been indexed by a corporate intelligence database, which may suggest that it has been recently created.
I contacted the listed former employer, Swiss Security Solutions. They confirmed to me that no one named 'Martin Aspen' ever worked for them (and also found two other false employee profiles on LinkedIn).
Aspen also does not appear in their due diligence database, leading them to question whether 'Martin' actually exists.
An AI generated profile picture, recently created social media accounts with stolen photos and a false LinkedIn resume. This may be attempt to build a persona of 'Martin Aspen', a specialist in North Asia and security, over several months in the lead-up to the 2020 elections.
This persona then appears to be used in an effort to promote a report alleging corruption on the part of the family of a presidential candidate.
It appears the sources of this report, possibly linked to the Martin Aspen persona, have shopped this report around to at least three outlets. In order of publishing, Albert Marko at Intelligence Quarterly on Sep 3, Revolver News on Sep 29, and lastly Balding on Oct 22.
In an interesting exchange, Albert Marko acknowledged that he did not know whether the source of the report was trustworthy but published it anyway (I can almost hear the sound of disinfo researchers' heads slamming repeatedly into their desks at this point)
Weeks later, Martin Aspen responded by saying "Anyone is welcome to challenge our analysis" and linking to the then-latest published version of the report on Revolver News, which appears to be broadly the same as the version published three weeks later by Balding.
The report is now also posted on the Wordpress blog, somewhat curiously on a page named 'Bin'
The TLDR; here is that we're still left with more questions than answers. A report of unknown provenance may be linked to what appears to be a fabricated social media persona. The only thing which remains very clear is that someone was determined for this report to get attention.
I'm going to keep poking around a bit, see what else turns up. Journalists, if you're interested in using any of this research in your own stories, go for it but please mention who you got it from. Cheers!
As of yesterday, the 'Martin Aspen' Twitter account has deleted two tweets: the one hyping the report on Aug 13 and the one sharing the website on Aug 15. Both are still available in the archived version of the account: web.archive.org/web/2020102721…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I want to show you a truly incredible tweet. An amazing disinformation turducken. Here is Alex Jones, retweeting nonsense about Ukraine from Russia propaganda network RT. And that 'MAGA' account in the middle?
That's a CCP influence op.
Thread 1/
For at least seven years, the pro-CCP influence campaign known as Spamouflage (unless you're Google and insist on calling it Dragonbridge) has been infamous among researchers for two things: its enormous scale, and its almost complete ineffectiveness.
For years Spamouflage has run tens, maybe even hundreds of thousands of accounts over the years across every social media platform you've ever heard of and many you haven't. nytimes.com/2023/08/29/tec…
There has been a lot of speculation about how generative AI will impact disinformation campaigns. This latest from me for @ISDglobal looks at an early real-world example of how this is playing out - and it doesn't bode well. isdglobal.org/digital_dispat…
A network of ~60 accounts have been targeting Russian opposition figures @Navalny, @Pevchikh and @ACF_int in a sustained harassment campaign.
It began around July, originally using a more crude method of content creation. On Sep 26, it appears to have started using #ChatGPT.
This campaign poses as pro-Ukrainian and anti-Russian, with accounts pretending to be largely women living in American states.
However, it is conducted primarily on weekdays and lines up strikingly well with Moscow and St Petersburg business hours.
@ISDglobal The comments left by one of the alleged perpetrators, Gareth Train, across several fringe and conspiracy blogs appear to point to a cocktail of conspiratorial beliefs ranging from anti-vaccine, anti-5G, New World Order, Illuminati, climate change, MK Ultra... you get the picture.
This trend towards totalising conspiratorial worldviews, in which people believe not just one but many conspiracy theories and subsume every aspect of their world into those conspiratorial beliefs, is something we've seen a lot since 2020.
I've spent months investigating cryptocurrency schemes run by sanctioned individuals connected to the pro-Russian militia in Donetsk. At the time, I thought it might be hard to convince people it mattered.
The three men in this picture, L-R, are Denis Pushilin, Alexei Muratov and Alexander Lavrentyev. Pushilin is the leader of the self-declared Donetsk People’s Republic. Muratov and Lavrentyev both have their own interesting roles in DNR politics.
Turns out, Muratov and Lavrentyev have a lot of other things in common as well.
For one, they're both founders of 'revolutionary' new cryptocurrencies which happen to look an awful lot like Ponzi schemes.
Pro-Russian propaganda accounts on Facebook are similarly trying to discredit Russia's horrific crimes in Bucha by claiming the Ukrainians planted the corpses and other evidence after the Russians left.
Russian MoD on its English-language Telegram channel repeating the same claims, that the Ukrainians faked it by putting the bodies there after the Russians left. It's painfully weak but I guess at this point they know they're appealing to biases, not plausibility.
And here's that direct Russian propaganda to QAnon pipeline in action
So I thought I’d do a run-through of some of the messaging coming out of the long running pro-Chinese influence operation known as Spamouflage about Russia’s war against Ukraine. Spoiler alert:
‘Spamouflage’ is a name commonly used by researchers to refer to a sprawling set of accounts across multiple platforms sharing narratives which support the interests of the CCP. Parts of this activity are attributed by the platforms to Chinese state-linked actors.
Chances are if you’ve seen references to ‘Chinese bots’ in reports or media stories, this is what that was referring to. If you would like to know more about Spamouflage, you can find approximately a bazillion reports on it by typing ‘Spamouflage’ into Google.