It appears that foreign influence operations on this platform are picking up, as expected. So here are a few high-level observations. Under normal circumstances I would write a proper longer piece. But in the interest of time, here you go. A few trends, questions, and hypotheses: Most of the exposed Russian tradecraft is sloppy, and often the engagement on X is fake. But not always. One day after this remarkable WIRED story came out, the U.S. IC confirmed the attribution to Russia to reporters (Confirmation npr.org/2024/10/22/nx-…) wired.com/story/russian-…

"Influence and Cyber Operations: An Update," the new OpenAI threat intelligence report, out a few hours ago. The document is interesting for one specific reason that hasn't been mentioned in public reporting so far cdn.openai.com/threat-intelli… This is the money paragraph, from today's OpenAI report "Influence and Cyber Operations: An Update."

tldr: AI labs sit at a middle section of adversary kill chains—if staffed & equipped properly, the labs are potentially uniquely well positioned for threat intelligence insights

JUST OUT — September was a wild month for scholars of modern covert influence operations. No longer do we have to rely on a campaign's digital footprints alone. My first analysis of ~3K leaked internal files and fresh FBI evidence on "Doppelganger."

foreignaffairs.com/russia/lies-ru… This video was an internal production by the Social Design Agency, a disinformation firm in Moscow, produced in early August 2023, likely to be viewed by Vladimir Putin. Note the memo reproduced in the description, discussing the video.

Several weeks ago German media (WDR, NDR, SZ) received a leak of internal files from the biggest Russian disinformation contractor, Social Design Agency, often referred to as Doppelganger. "Western security officials" confirmed authenticity. First story by @FlorianFlade et al

https://twitter.com/FlorianFlade/status/1835696001891373305

Another investigation in SZ (Would anybody with access share the PDF with me? DMs open) sueddeutsche.de/projekte/artik…

Russian Saboteurs Behind Arson Attack at Berlin's Diehl Metal Factory in May

A huge deal, if confirmed. This WSJ story has some eye-popping details wsj.com/world/europe/r… The WSJ does not identify who these "Western security officials" in this context.

If I taught my DISINFORMATION class again, and if I wanted to include a session on the most self-defeating, the most unethical, really just the dumbest influence campaigns in history, this one would be close to the top of the list. reuters.com/investigates/s… Okay, first, the DoD deserves some credit at least for openly admitting it was engaged in this kind of covert influence activity, when asked by Reuters.

An observation on the Taurus leak that I have not seen elsewhere (could have missed it):

The intercepted recording starts with BG Frank Graefe, in Singapore, saying "Hallo," to which the response is "Moin Moin Herr General, Hauptmann Irrgang hier." "Servus." (A common greeting) Irrgang: "I would add you now, if you like."

Graefe: "Thank you."

Then: automated Webex voice: "You are accessing the conference now."

Some of you asked. So here are a few reflections on how I've started using Twitter moving forward—and whatever will come to replace it. Some of you may want to do the same.

Because this approach works even if—when, really—Twitter itself has disappeared. This, btw, was good nytimes.com/2023/04/18/mag…

Hugely significant, precedent-setting outcome of the biggest insurance trial related to a cyberattack ever (I think): NotPetya was not "hostile or warlike action," insurers must pay $1.4B to Merck, ruled New Jersey appellate division judges Monday wsj.com/articles/merck… Perhaps not how you articulate a winning argument.

This story is interesting. But it straight-up takes my quote out of context. Not great.

Bottom line: I told @josephmenn that I *do not* believe the Russian figures and boasting intercepted and publicized here is credible, in line with historical precedent washingtonpost.com/technology/202… GlavNIVT's "report" should be treated with a great deal of caution. Surprised the analyst writing this didn't include a stronger caveat.

This week Google/Mandiant published a blockbuster report on cyber ops in the context of the Russian invasion of Ukraine. Google is probably, next to Microsoft, the company with the most high-res visibility into CNE/CNA in and around the war. A few thoughts blog.google/threat-analysi… This report is impressive work by a company that has invested an extraordinary amount of resources into defending Ukraine. Google, like Microsoft, deserves credit for doing the right thing and for publishing a big-picture, analytical report on cyber operations in Ukraine.

Last week I was a student for five days, five hours per day—with ChatGPT fully integrated into teaching. Here's what we learned, just in time for Spring Term (which starts tomorrow. Class was Malware Analysis, taught by @juanandres_gs @alperovitch) alperovitch.sais.jhu.edu/five-days-in-c… AI isn’t going to replace people. People who use AI well will replace people who don’t use AI well.

Just wow wow wow. The Ukrainian newspaper Pravda leaked what appear to be personal data of 120,000 Russian soldiers fighting in Ukraine — if confirmed as accurate, we're probably looking at one of the best-timed and most devastating leaks of all time pravda.com.ua/news/2022/03/1… 6,616 pages of names, registration numbers, and places of service of Russians personnel — *just for volume comparison*, and nothing else: that's more pages than were ever published out of the Snowden cache.

Wow, what a remarkable document dni.gov/files/ODNI/doc… So impressed by how much newsworthy detail is in there, really needs some time for proper processing. Good thing I’m on a walk with a sleeping baby.

Today's GRU indictment is an incredible document. The Five Eyes intelligence communities, I would suspect, must have stunning visibility into Russian military intelligence operations if today's disclosures are considered dispensable justice.gov/opa/press-rele… Note: Russian military intelligence camouflaged as North Korean

CAUTION ADVISED with this morning's Burisma-Biden E-mail story. For several reasons. First, the surfacing. This here is highly suspicious behavior. Especially when viewed in the context of a political campaign. Creative, anonymous, credibility-generating, somewhat plausible. Exactly how a professional would surface disinformation and potentially forgeries.

<Deep, smoky narrator voice>: Ladies and gentlemen, may I present to you ... based on piles of newly released secret intelligence files, with stunning, never-seen-before 1960s spy photographs ... the Active Measure NEPTUN 🌲🌊🕳️💥 wired.com/story/uncoveri… This narrative of NEPTUN is based on newly released sources from the Archiv bezpečnostních složek. The project files are about 2,800 pages, with more than 500 photographs—which makes NEPTUN the best-documented AM I know of.

Full file @internetarchive: archive.org/details/stb-ne…