Lawfare Daily: Making Sense of the Doppelganger Disinformation Operation, with Thomas Rid

[Intro]

Thomas Rid: It looked exactly like the Washington Post or Bild Zeitung in Germany, and only one story would be planted. The link to the other stories would be real, to the actual real media outlet. And the planted story would sort of spin a certain event in a way that furthers Russia's interests.

Quinta Jurecic: It's the Lawfare Podcast. I'm Quinta Jurecic, Senior Editor at Lawfare, with Thomas Rid. Professor of strategic studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University's School of Advanced International Studies.

Thomas Rid: A lot of entities are playing in the influence operation space, Chinese, Iranian, others. Multiple players in those countries, Russian contractors, multiple Russian contractors, because there's this collective fear of influence operations. So, we have this weird constructivist feedback loop. We think there's a huge threat, therefore there actually is a significant threat.

Quinta Jurecic: Today, we're talking about Thomas's new Foreign Affairs article, “The Lies Russia Tells Itself,” an examination of what a trove of leaked documents can tell us about a long running Kremlin-backed influence operation.

[Main Podcast]

I'd asked you on today to talk about a great article you recently published in Foreign Affairs titled “The Lies Russia Tells Itself” about a really striking tranche of documents that became available about a Kremlin-linked disinformation project known as Doppelganger, which you described in the article as an infamous Russian disinformation project. So, what exactly is Doppelganger and what led you to write about it now?

Thomas Rid: Yeah, so Doppelganger has been widely exposed, in fact, exposed as a Russian disinformation front of sorts, almost immediately after it started operating back in the summer of 2022. So, a couple of years ago. But what's interesting about it is that it's been exposed again and again. And that apparently just kept them, not just kept them going, but made them even stronger. And as a historian of disinformation, that for me is, was always a fascinating feature. Exposure no longer essentially kills an active measure, it helps an active measure.

And so when the leak came out, And we can talk about how it came out, I'm sure, that I was extremely interested in seeing the internal documentation of that phenomenon.

Quinta Jurecic: Yeah. So, let's talk about the leak. So there, there are two components here. One is something that we've actually talked about before on Lawfare, which is this tranche of documentation that the Justice Department released in the form of an affidavit related to an operation to take down some of the websites that Doppelganger put together and we can talk about that. But there is another tranche of information that came in the form of this leaked material. So how did this come out? How did you come across it?

Thomas Rid: Yeah, that's a fascinating story. I think what happened is, I was, in fact, I was in Florida testifying in another disinformation related case when I got this text message from a German investigative journalist who said, hey, we have this leaked material and we're interested in some historic context and some comment from you. Can we talk? And immediately I was extremely interested because leaks tend to be quite interesting. So, we kept in touch and that was from a journalist who cooperates with Süddeutsche Zeitung, the German daily published in Munich. And so they received approximately 2.4 gigabytes of files, 3000 files, if you break them down a little more, from that, from the Social Design Agency.

But the intriguing thing is they don't know from whom, it's an anonymous source. And the source gave the files to two media outlets: to the Süddeutsche Zeitung, as well as to Delphi, which is a Baltic Estonian news site. And they both ran a number of reports in collaboration with other media outlets that they sourced from these leaked files.

And I should add, perhaps, they received the files at some point in mid-August. I can't precisely date the day. It must be before the 21st of August because of some metadata issues. And that, of course, was also before the affidavit came out. We have to assume the affidavit was in the works for a significant amount of time. I would guess something like six to nine months. So that, that also is interesting because there's overlap between the exhibits in the affidavit, the FBI affidavit and the files in that leak to the German, Estonian media.

Quinta Jurecic: And what do you make of that overlap? Does it tell us anything about where this information might've come from?

Thomas Rid: You know, we can't come to any conclusions or even high confidence, really not even moderate confidence assessments, on where it comes from. I will say, and I would like to preface that this is informed speculation, but still speculation. I will say it's interesting that the files overlap and the source that contacted the Süddeutsche Zeitung in Germany, they didn't identify themselves, but they sounded, kind of, very serious. They wanted to help expose what Russia is doing.

And I will also add that it appears that no information about American victims, for example, media organizations that were impersonated were contained in that leak. In fact, they seem to have been removed from the leak, if you look at the broader context. Now, again, this is only speculation, but that kind of removal of American victim information or target information, if you like, is probably what you would expect from an American foreign intelligence entity, you know, running an operation here. But again, we don't know. It was a very soft target, the SDA, the Social Design Agency. They're quite unprofessional in their operational security as well. So it's very possible other entities had access as well.

Quinta Jurecic: So let's talk a little bit about this organization behind Doppelganger: the Social Design Agency. As you said, you know, we have known about this or people in the field have known about this since about 2022, I believe. What is their MO? You kind of gave us a little hint just now when you mentioned American victims and media organizations. What is it that they would do? How do they work?

Thomas Rid: So, their method of operation or the sort of their main thing is to together with another Russian contractor, Struktura, they would essentially clone media sites in different countries, Germany, France, and the U.S. are at the top of the list, but also in the U.K. and Israel. Ukraine, of course, is high up on the list as well.

They would clone these media sites and then plant, so they would look like exactly like Der Spiegel, Bild Zeitung, or Washington Post, or Fox. And they would have URLs that, if you only took a quick glance at the URL, it contained Washington Post, didn't have dot com, but something like dot pic, for example, lots of different ones.

And then it looked exactly like the Washington Post or Bild Zeitung in Germany. And only one story would be planted, the link to the other stories would be real to the actual real media outlet. And the planted story would sort of spin a certain event in a way that furthers Russia's interests. And then that was one component of what they did. The other component is seed comments on social media that link to those cloned fake sites and in order to try to drive traffic to them.

Quinta Jurecic: So I will say, so what I've seen in terms of the documents here is just the material that was in this affidavit. And the Justice Department definitely took care, I think, to show a couple things.

So one is that it does say explicitly, according to the affidavit, that the Social Design Agency is, and I quote, under the direction and control of the Russian government. And there's a lot of material there about the war in Ukraine. I remember there are a lot of comments where they're sort of workshopping comments.

There's a lot of information about, you know, from the internal workings of this organization saying, you know, you could write something like, you I'm an American, and I live in New York, and I don't understand why we're sending all this money to Ukraine. Particularly and this goes to the issue of professionalism, which I definitely want to make sure that we touch on. There's sort of amusing things like, you know, my wife and I work in areas that involve commenting on issues. Sort of very, you know, clumsy, heavy-handed attempts to impersonate, in this case, Americans. Are there any other themes from your look at these documents that jumped out at you, sort of ideas that were trying to be communicated here?

Thomas Rid: You know, it's an interesting question because what I'm seeing in these files, and for example, the leaked files include a lot of documentation of their comments. For example, Facebook or Instagram, Twitter, and then later, X comments, obviously, that they would post. And so, you can see some of their themes and emerge and scroll through the Excel sheets and look at even screenshots of the actual comment that they usually took immediately after posting it.

And the themes are effectively themes that we already know in terms of U.S. political themes, because we are following our politicized, you know, polarized partisan debates. Whatever it is, Zelensky being corrupt or Zelensky's advisor buy yachts, what obviously was a theme that we have publicly seen links to Russian disinformation operations, although it doesn't appear to originate with Russian entities, it's a, and that I think is the key piece.

What we see is themes that emerge organically in the U.S. debate get amplified by them, and then it becomes really hard to disentangle afterwards what is actually organic and real, so to speak, and what is an attempted influence operation and how successful is that. So that is, I think, the conundrum in this leak. It's really hard to assess how effective they are.

Quinta Jurecic: I absolutely want to dig into that more. I did want to ask, I mean, I've been talking here about the sort of the U.S. narratives, which, as you say, are very familiar. And I should also say, I think one of the material and part of the material in the affidavit is explicitly saying, you know, we want to help elect, I think it's listed as candidate A or candidate one or something like that, but it's clearly referring to Donald Trump and the Republican Party.

So there's a strong political valence in terms of the presidential election. When you were looking at this material that was passed to you from German news, it was their material in there that was touching on, you know, German internal political issues, Baltic internal political issues as well?

Thomas Rid: Oh yes. Yeah. That's the MO. They have a monitoring team in place in the Social Design Agency, this contractor, their total staff is a little more than 100 people and approximately 20, 25 of those are different monitoring teams. So they have a fairly okay understanding of what's happening in their target countries because they're monitoring the actual press. Also, they monitor Telegram groups. They monitor, you know, social media debates.

So they know the trigger issues. They know the polarizing issues in Germany and France and the U.K. So, for example, here, last winter, they really tried to drive a wedge into this issue in Germany— I say here because I'm currently in Europe— in which they wanted to highlight the costs of gas and heating and blame the Ukrainian immigrants, ultimately, for a number of social issues in Germany, including heating costs, but also immigrant violence and all sorts of things, the kind of things that you would expect. So they would do that as well.

Quinta Jurecic: So we've touched briefly on the issue of the kind of professionalism, or lack thereof, of this operation. And a fair amount of your article is pointing out that, you know, this is, it's a workplace, it's a bureaucracy, right? They're putting together metrics, they're trying to sell their bosses on how effective they're being. What did you sort of come to understand about this operation in terms of its internal functioning, but also, you know, its professionalism? What kind of product are they putting forward? How would you rank it?

Thomas Rid: Yeah, it's not super clear from the data because you have to interpret a bit and read different types of documents and compare figures. But one thing that I've seen very clearly from some of their documents that were, and sometimes, you know, header information is missing. Dates are missing, as well. So you don't really know who is that document for. And then we have to infer, okay, this document is like a translation of press coverage with snippets translated into Russian, sometimes with logos inserted so it looks impressive, sometimes even with logos translated into Russian so it looks, you know, even more impressive to a Russian reader.

So we have to assume that they put all this work into preparing some of these word documents, these, you know, reports, in order to impress their funders, because why else would they do it? They don't publish them. So if you look at those reports, one thing that is striking is in some cases they boast about their exposure even before they provide figures about what they actually did.

So it seems in more than one document, very clearly that they like the exposure. One Excel file that I went through listed 163 press reports about their work. And if you look at the video, that internal promotion video that they made for Putin, for the presidential administration, which we can clearly see in a memo that they made it for them. We know exactly when they did it and why they did it. That mentions in the very first sentence, their exposure and the name that they received, namely Doppelganger, in their exposure. So they're really proud of being exposed. And, you know, they're proud of being identified as a potent threat. And that's the key marketing message that they use internally to their funders in the Kremlin.

Quinta Jurecic: And so, right, and just to drive that home, when you say, you know, they're putting this kind of thing together for their funders, that's, we're referring here to the Russian government, or are there more layers in between?

Thomas Rid: No, they have direct meetings with the presidential administration. So basically the Kremlin and the, and various different people in the presidential administration, they list them by name. There are even their email addresses in there, in the leak, unredacted, obviously, nothing is redacted. And it becomes, sometimes they refer to them in acronyms, and their, you know, initials: that also is nicely laid out in the affidavit. So we clearly have evidence that they work for the presidential administration.

Although they don't list them on their website, because they're semi-covert in that sense, working for the Kremlin, and that's who they want to impress. So their most important audience is not the American public or the German public or the French public. Their most important audience, as you would expect from a company, is their clients, the people who buy their product, and that is the Kremlin, not Germans.

Quinta Jurecic: And so how does this compare to past active measures, which is obviously something that you've studied in great depth? And you write throughout your article that, you know, to some extent, what we see here is the Social Design Agency relying on, to use familiar tools from Soviet active measures, and to some extent it's incorporating new tools, we can talk about their use of AI here.

To what extent is this a continuation of what we've seen in the past in terms of Soviet active measures in the 20th century? To what extent is it a degradation of that? To what extent is it something new?

Thomas Rid: Yeah, that's a fascinating question, indeed. And we see a few themes that are clearly continuities. For example, the driving of wedges, but exploiting existing divisions, and weakening countries and turning them inward, by exploiting internal existing divisions. That is a theme that we clearly see, you know, going back a long time, a hundred years.

We also see the theme here continued that it's hard to measure effect for them, but also for outsiders like us, like me. And that is clearly, the case also in the Cold War, here, and we also see in the Cold War that people overstated the ease of measuring effect. They overstated how clear it would be to show effect and then afterwards admitted that they kind of did this in order to get more money and promotions. That we see at work here as well.

I'll point out an interesting difference. The very MO that we just talked about, the cloned media sites, you know, Washington Post, Bild Zeitung, and Süddeutsche, the Daily Mail, others, 20, Vingt Minutes in France. Those cloned sites offer a sharp departure from Cold War tactics. We also saw cloned media outlets in the Cold War, by the way, so that in itself is not brand new, but they appear no longer to try to trick journalists. Meaning, the most important audience for Cold War active measures were actually journalists because they amplified disinformation, out to a vast audience, in some cases.

And that was the jackpot getting, you know, a leak or a fake document into, you know, the CBS coverage or some Der Spiegel, or something, in Germany. They no longer even appear to try to do that, at least not the SDA. Instead, they copy the news site, including the name of real journalists, they don't trick the real journalists. They copy the real journalists, and then amplify themselves. But of course, their own amplification in contrast to the actual, you know, outreach, reach that the real media organizations have is miniscule, it's tiny. So that I think is an interesting lower level of ambition that we see today.

Quinta Jurecic: So is that a good story for the press, in a sense? Like, does that speak to some level of practice or skill or journalistic, you know, standards or norm building such that press organizations are not being taken in. I will say, I mean, reading your article, I was really struck by what's missing here in the Social Design Agency story, which is, you know, a hack-and-leak operation, you know, what we saw in 2016, there were of course, two pieces.

There was the Internet Research Agency’s, sort of, social media influence operation, which, we'll talk about effectiveness metrics in a minute, but it's very hard to measure if it was effective and to the extent that it can be measured, it probably wasn't. The most effective influence operation arguably was the GRU hack-and-leak of the internal Democratic Party and Clinton campaign information. And that worked because as you set out, it, you know, it played the press. It got into the headlines and that's really not what we're seeing here at all.

Thomas Rid: For sure. Absolutely correct. I completely agree. And indeed, I think what we see today is this weird contradiction play out that, you know, the United States in particular, but the same really applies in European countries, is a harder target than it was in 2016 or 2020. Harder target because more journalists are aware. They cover disinformation. They watch out for it. They're quite cautious, not all of them obviously, but a lot of them are. And then also the campaigns are harder targets because, you know, you'd have to assume that more people use, maybe I'm overly optimistic, but still, I'm making that assumption, that they use two factor authentication, are a little more cautious.

Certainly, the U.S. intelligence community, including the FBI, Department of Justice, certainly, they are a lot more aggressive in terms of countering disinformation. The platforms are a lot more aggressive, Facebook, others, with the exception perhaps of X, now. But so all this makes the U.S. a harder target. But of course, we're also a lot more polarized, which makes the U.S. a softer target. You can more easily inject narratives or at least amplify these narratives by feeding to the people who are outrage farmers, essentially, who want to, they live off of the outrage.

And we saw them, you know, literally presented in their video there in their promotional internal video, their tweets and whatnot, including, you know, people like Marjorie Taylor Green and others that they internally cite as well. But of course, they are not, and I want to stress this. I don't want to be misunderstood. I'm not calling Marjorie Taylor Green a Russian influence agent at all. She's doing her thing. And they sometimes claim that they, that she may have amplified something that they said.

Actually, not sometimes, not even providing good evidence to make that case, which, and this is, I think, an important point to highlight, we see, you know, their internal documentation, Social Design Agency. They're not scholars. They don't footnote very well. They don't do this with a high, you know, fidelity and attention to detail. So they just claim things on a very abstract way. And as a scholar, I'm like, okay, can I take their claiming credit for something as proof that they did it? And I came to the conclusion that I can't even do that because internally it's so shallow and so unprofessional what they do, that they would just they're just not serious in so many ways.

Quinta Jurecic: So let's talk about the use of AI here. Because that is something that the Justice Department, at least, really played up in the release of this affidavit. There are quotes in the Justice Department's press release about the, and I quote, the Russia's reliance on cutting edge AI to sow disinformation, the covert promotion of AI generated false narratives on social media. What exactly is going on here in terms of the use of AI, and is that, you know, a nefarious example of how generative AI is, you know, destroying the truth, or is it maybe an example of kind of the shoddiness of the work product?

Thomas Rid: You know, I mean, of course we would expect almost anybody in the influence operations game, in fact, also the same is true for cyber operators, you know, breaching, hacking operations, to use AI in some form in order to speed up their development cycle or do things, you know, faster or more easily. I think we, you know, many of us are trying to do a version of that in our own work and sometimes find the technology is helpful and sometimes not so helpful.

So, we should see some effects or some documentation of AI in the leaked files. And indeed there is only one. In fact, there's only one example, which is interesting. I'm going to read it to you in translation because it's so short. They have a memo from June, 2023. So a little more than a year ago, in which they say, run memes through the GPT Chat in the style of Monet and the style of Gauguin, etc. Kandinsky, Midjourney, cartoons too, yes.

So this is very sort of staccato-style instruction, which is perhaps not that interesting, but one thing that, that is in my view, remarkable is that they are not using, at least in that one memo, not using AI or attempting to use it for deepfakes, for something that, to make something that look real, but instead they want to make it look more artistic and even naming, you know, a number of Impressionists, post-Impressionists.

Quinta Jurecic: I like that they named Kandinsky specifically. It's a nice touch.

Thomas Rid: Very much so. But yeah, so that's interesting. I don't know why AI was played up in the press release so much that the DOJ did. It appears that, you know, AI is a hot new thing. So it wasn't factually wrong to say that some AI was used, but it wasn't used in the ways that a lot of people feared it would be.

Quinta Jurecic: And so it wasn't used to generate the text in the article, as you were saying.

Thomas Rid: Well, that, of course, is a really difficult thing to prove or disprove. Because how is the Department of Justice going to prove and show that certain texts were generated with, you know, generative AI models. If OpenAI is able to do that, if they test against their logs, but not even they are able to do that for text that was generated with, you know, Claude from Anthropic or other models, which of course relates to a bigger issue.

How do we actually show content is artificial, if it's text? For images, we have sort of our telltale signs, but for text, it's a little harder. At least if it's text of that sort of short nature, and like a social media comment. So, but I would assume that they used some. But by looking at their logs, you know, you can see these are humans doing the actual work, because they make mistakes, because of the time lag between posting and then screenshotting and then posting the screenshot. You can compare the timestamps and it's just, it's the kind of human variance that you would expect. It's not automated.

Quinta Jurecic: So let's dig into this issue of effectiveness that we've kind of been circling around. As you say, you know, it's very difficult to gauge the effectiveness of an operation like this. Obviously, we've been arguing about the effectiveness of the IRA social media influence operation for many, many years now.

And one of the things that I found really fascinating about this article is that you describe how this question of effectiveness is an issue, even for the people who are producing this work in the first place. And you've touched on that here and there so far in this conversation, but I'm wondering if we can just say dig a little bit more into that. How do you see the Social Design Agency sort of struggling to voice whether or not what they're doing is working, and why is it that it is so hard to determine that both from the perspective of, you know, researchers and people within the organization?

Thomas Rid: Yeah. So let's make a quick thought experiment to get that point across. Let's make the thought experiment for 2016. We have those, let's keep it simple, those two main venues, vectors of influence operations in 2016. Internet Research Agency, the famous troll farm is the one, and the other one is GRU. And again, I'm simplifying the Podesta leaks of October 2016. And let's, and of course it was more complex, but let's just keep it simple.

Let's assume that neither of the two had ever been exposed for a moment. Let's assume IRA, nobody, no journalist that ever had, or no Department of Justice indictment had ever exposed the Internet Research Agency. And also let's assume the same that GRU had never been exposed. And then put yourself into the shoes of those people. How do you prove success? Well, for GRU, it's fairly easy. You can just point to all the press coverage about this, about the Podesta leaks that were, was actually happening and going on. And there was a lot of it, obviously, you can point at reactions on the part of the Clinton campaign, et cetera. So it's fairly easy to prove success there by simply quoting press coverage that otherwise would not have happened.

But for the IRA, it's really hard. Because the actual metrics, the engagement metrics, are not very impressive if you look at the numbers. And we see that in the case of the Social Design Agency as well. In fact, Social Design Agency numbers are a little better than IRA numbers, I would argue. But if we don't include the exposure, then it's very clear that Social Design Agency would be, you know, quite ineffective, presumably. And so it's very understandable that they would highlight their own coverage in their own internal reporting, because let's be brutal for a moment: they are effective.

I'm not saying they're not effective. They are effective, to a very significant extent because we are making them more effective by being so afraid of them. We're talking them up and helping them get money, but also really making them effective in the first place. And I don't want to dismiss this. This is real effect for a 100 person shop. They got a lot of press coverage out of this. So quite effective in terms of, you know, money spent, but only because we're talking about them so much.

Quinta Jurecic: And so when you say there's an effectiveness and, you know, making people afraid of them, how do you see that fear manifest? Is it just in, you know, sort of anxiety around, you know, Russian bots, Russian disinformation? Where do you sort of see that manifest in the public conversation? And also, I guess I'm curious whether you see differences in how it appears in the American context versus in the European context, or whether it's a sort of a similar set of anxieties?

Thomas Rid: Yeah, that's a super difficult, obviously very political question there, you're raising there. I'll take it in reverse. In Europe, I think we see that the whole disinformation conversation does not have the magnitude in the public, you know, certainly in the press coverage, but also the public imagination that it has in the United States.

And of course, in the U.S. disinformation itself has become more highly politicized. The term disinformation, as such, is extremely politicized. I tend to avoid for that reason, actually. And that, of course, they also exploit. So the fact that talking about Russian influence almost marks you out politically as being on one specific side, of the political divide, that in itself is a weakness that we have created ourselves. And it's also an effectiveness. Effectiveness for the adversary that we have created for them in the United States by polarizing disinformation as such. In Europe, you don't have that to the same extent, but it's beginning to be a quite similar problem, but not as high profile as it is in the U.S.

Quinta Jurecic: It seems like, you know, in some ways, what you're describing is a kind of a positive feedback loop, or almost a perpetual motion machine where, you know, the SDA puts out this stuff. It's reported on people, you know, report on it, read it, become anxious. SDA is able to say to the Kremlin, look how we know what great work we're doing. Please keep funding us. And, you know, around and around we go.

Thomas Rid: Yeah.

Quinta Jurecic: And you suggest that this points to what you describe as a flaw in democracy's coverage of disinformation campaigns, that the exposure of these campaigns itself paradoxically feeds the campaign. How do you see that working?

Thomas Rid: If I may, sometimes I get criticized by people who say, well— and rightly so— they say, well, but should we not write about it? Because they’re clearly trying to exploit democracies? And should we not expose these operations? And the answer is, yeah, we should expose these operations. There's no question about it. I mean, I literally wrote a book about that kind of thing. I occasionally dabbled in exposing myself.

And it's important to do, but at the same time, the dilemma is that if we underexpose the adversary, we help the adversary. And if we overexpose, we also help the adversary. The only venue, the only right thing that we can do is to be rigorous and as sober as we can possibly be. And that of course gets really hard if you have, yourself, a vested interest in reporting about disinformation operators, about influence operations.

I sometimes say jokingly, and this is going to sound offensive or at least provocative to some people, so I want to say, I say jokingly, that you can make money, clearly you can make money in D.C., in Brussels, and in Moscow by exaggerating the effect of disinformation. Question is: where can you make most money? It appears that actually D.C. might be on the top of that list. And that of course is an issue as well.

Quinta Jurecic: Yeah, I mean, in the most provocative framing, what this reminds me of is an article by Joseph Bernstein in Harper's that came out a few years ago that, I don't know if it actually coined the term disinformation industrial complex, but it certainly led to a lot of discussion of it. Which is, you know, there is an ecosystem that grew up in the wake of 2016, where, you know, these stories get, you know, if you're a journalist, having a story about Russian disinformation, it's splashy, you get a lot of clicks. If you're a nonprofit perhaps you can get funders excited about your, you know, doing your work to expose that kind of thing. Then that there is a kind of a self-perpetuation there.

And I don't want to fall into the most, you know, exaggerated version of this critique, which is, and therefore there's nothing really there. And this is all a bunch of people getting spun up about nothing, because there clearly is something there. But in the same, in a sense, you know, what you're describing here, struck me as kind of a mirror image of that vision where there's a mutual benefit, in some ways, of these sort of the SDA in this instance, and, you know, nonprofits, journalistic organizations and so on kind of playing off each other to the point where I actually wondered whether, you know, there's something about the these kinds of operations that is compelling to the U.S. intelligence community to, you know, nonprofits, bureaucratic organizations on the other side, precisely because it's so recognizable in a way.

I mean, I was reading these documents. And of course, you know, I have never put together anything for the Kremlin saying, you know, please fund my disinformation operation but there is something that's a little bit familiar about, you know, you're trying to show to your funders that your work is impactful. How do you show the metric, right? There's a, there's an extent to which we're sort of, there's a operating in the same kind of like intellectual universe, even though on opposite sides. And again, I don't want to fall into the trap of saying that means that there's nothing there, but it was very thought provoking.

Thomas Rid: Yeah, I think where I would take this is, if you ask yourself, what kind of exposure is helpful? What kind of exposure makes life for the adversary harder? And what kind of exposure makes life for the adversary easier, in fact, helps them get money? That's an interesting question to discuss. And it seems to me the simple answer is the kind of exposure that doesn't just scream, oh no, they're there, they're so, you know, powerful and so big and so effective. That kind of exposure is not that helpful, alone. Sometimes it may still be necessary, but it's not that helpful by itself.

What's more helpful is take action, take away their toys, take away their infrastructure, their freedom to operate by, you know, exposing that infrastructure, shutting it down. Like the Department of Justice was doing, by being quick on the draw in terms of being a platform and like not even letting them come back up on the platform to spread their comments and their amplification attempts. So taking away infrastructure works.

And then, if I may, I would just also quickly offer a sort of very unusual angle on this whole thing. We, there's an alternative history of the past 20 years of Western, you know, U.S. and U.K .and Five Eyes and other intelligence operations, writ large in this space. And that is as the story of, you know, the rise of exposure operations as well. I don't say influence operations for a reason. I say exposure operations.

And that of course has its origin in the cybersecurity context where you expose the infrastructure that adversaries are using sometimes only privately in order to take it down without any public footprint. And we see something similar happening in the disinfo space. Of course, what the Department of Justice, the FBI were doing here was a type of exposure operation in the form of an affidavit.

Whoever leaked to Süddeutsche Zeitung, who also allowed them to share with me, explicit, not with me, named, but with researchers. They also did an exposure operation that probably embarrassed the SDA in the eyes of their funders because they're not, they have their pants down now. So, you know, these types of exposure operations is something that the West is actually pretty good at today. We just don't like to see ourselves in that light. But yeah, I mean, we're also playing, you know, in the dirty trick, they're not that dirty, these tricks, because we're not forging documents, in fact, quite the opposite. But exposure and these kinds of operations that put stuff into the public domain for effect, that's not something that the Russians do exclusively.

Quinta Jurecic: So you said, I think that the West doesn't like to think of itself as being good at these kinds of things. What do you mean by that?

Thomas Rid: Because it seems to me that in the United States and Britain and European countries, we don't usually use the term exposure operations. We just call it cyber defense or call it indictments, we call it by investigative journalism, if you like.

But behind the scenes, you often see certain individuals and sometimes organizations having an interest in exposing adversarial behavior. And when I say adversarial behavior in this context, I very clearly mean authoritarian governments running covert operation or influence operations of some sorts behind the scenes. And it's a healthy thing to expose that and to expose it in a way that is factually accurate and that makes it harder for them to repeat, to repeat what they do.

Quinta Jurecic: So I found your description of this kind of dynamic, which, so the term that you use for this is upstream exposure, very interesting for two reasons.

One is that you seem to really identify something that at least I feel that the Justice Department and other agencies, although chiefly DOJ have really been digging into recently in terms of trying to counter foreign election interference. We also, we've been talking about Russia here. There was also released alongside the Doppelganger affidavit, a big indictment of RT employees for funding U.S. based influencers. But of course, there's also been an indictment of Iranian hackers for an alleged attempt to hack the Trump campaign, and put together a sort of clumsy and so far basically, I think, failed hack-and-leak. That's a conversation for another time.

But DOJ to me has seemed to be very consciously leaning toward a posture of aggressively exposing these operations and putting as much information out as possible, which is really a contrast to 2016, where, I think a lot of people may have forgotten, the intelligence community basically stayed mum. There was one statement that was released in October, and then it was sort of quiet until after the election. So how do you see the federal government using this strategy? Is that a fair description, do you think?

Thomas Rid: Yes, of course they are under significant political pressure now in this election cycle to counter disinformation influence operations threats from, you know, a number of countries. And we see the ODNI, the Director of National Intelligence put out, I think, I believe it's weekly updates on what's happening and have, they have exposed the Iranian operation that you just mentioned. But also Chinese attempts at interfering with congressional races in interesting ways in order to further the Taiwan policy, so to speak, in a bipartisan way because they fund people, appear to help or counter people according to their Taiwan position, not whether they're Republican or Democrats.

So that's interesting. We see clearly a higher volume of adversarial activity, and of course you, the federal government, precisely because they really entered the game quite late in 2016, now, rightly, is a lot more aggressive, a lot more forward leaning. And I think that's a good thing, clearly. So absolutely that, that trend is happening.

But again, that we see that feedback loop at play here as well. A lot of entities are playing in the influence operation space, Chinese, Iranian, others, multiple players in those countries, Russian contractors, multiple Russian contractors, because there's this collective fear of influence operations. So we have this weird constructivist feedback loop. We think there's a huge threat, therefore there actually is a significant threat.

Quinta Jurecic: Keeping in mind that, you know, some kind of exposure, as you've said, can actually be very productive here: is there a way that you think that, you know, the government, the press, the, you know, the nonprofits we've been talking about should be thinking about framing these kinds of exposures in a way that sort of gets the benefits of, you know, showing the internal workings in ways that, you know, makes these organizations look as, kind of, as silly and, you know, minimally competent as they are, well not feeding into that same feedback loop?

Thomas Rid: I think the question really is particularly pressing for a lot of journalists in this space. You know, after we published a piece in Foreign Affairs earlier this year, together with Olga Belogolova, Lee Foster, and Gavin Wilde, “Don't Hype the Disinformation Threat,” I think was the title.

After that came out, a number of people contacted us privately as well, journalists. Of course, I won't name anyone, but they said, hey, thanks so much for doing this because now I have something to give to my editor when they say, give us the next, give me the next big disinformation story. So there's a certain sort of expectation because you now have people doing disinformation, the disinformation beat, that they actually have to do something for their money, so to speak and write about disinformation.

So then I think they have to make that difficult decision. Will the information operation here that I'm writing about, the influence operation, will it receive more eyeballs and more impact because I write about them, then they would have ever received without that? That I think is the key question. So that could mean sadly, that sometimes when, you know, some researcher pitches you, the journalist, with a story, and you look at the figures, and you have to make that difficult judgment call.

Is it really, am I really helping here by writing about this, or am I making the problem worse? And sometimes the answer is, you know, probably it doesn't deserve to be covered because it just would do more harm than good. And sometimes the answer is the opposite, obviously.

Quinta Jurecic: Yeah, and so where is the kind of the hinge point there? Is it at a certain point of, you know, visibility in terms of, you know, the amount of people who may have engaged with this material? Because in a way, I guess I, you know, it is also interesting to read these news stories saying like, hey, domeone was running this kind of hinky disinformation operation. It doesn't seem like many people clicked on it and was kind of a waste of money. That, you know, on the one hand that can seem like what a waste of a story.

But on the other hand, I have kind of wondered whether those stories are themselves helpful in increasing people's understanding if that's at the top line, because then the takeaway is more, you know, these things are, can kind of be bunk. It doesn't have to be scary.

Thomas Rid: You know, it's, that's a fascinating question and I think it helps probably to think about coverage or making information available, not as a yes or no, but as a question of how much volume, and how much reach should a certain story get and some operations, if they get exposed by some, you know, nerds like ourselves who love to sink their teeth into what a certain inauthentic network is doing.

Then that is probably the right audience for some networks, people who just study that for a living, basically, or intelligence analysts and people in the private sector to counteract, you know, Meta, and elsewhere and Google, but not the Washington Post or the New York Times or NBC News or something like that.

So some operations should be exposed only to the nerds and the professionals and others should be exposed, you know, perhaps to a slightly larger audience and then some should get the big ticket treatment. But then the question is, what should push you up into the Times, you know, so to speak and there, I think it's a difficult, it has to be serious. It has to be a risk for somebody, not just a curiosity to a very few people.

Quinta Jurecic: It's interesting because I'm thinking about, thinking this out as I'm saying it, so we'll see how coherent my question is, but it feels like what you're saying there in terms of, you know, these are going to have to be judgment calls on one level, you know, of course, right, and I feel like I've seen that same conversation happening in terms of how the press should report about hacked information, for example.

On the other hand, it is also the case that the same political environment that leads people to be so anxious about disinformation, part of it is the feedback loop, part of it is the underlying political and societal tensions, just speaking for the United States, which is what I know, that leads the U.S. to be vulnerable to these kinds of anxieties in the first place, have themselves degraded trust in the same institutions that are going to need to be making these judgment calls.

Like, it's very easy for me to imagine, you know, we saw this with the Iran hack-and-leak, for example, they're all this, this sort of outcry on the left, actually saying, you know, why isn't the New York Times publishing these documents? That there's a level of kind of societal trust, I guess, is what I'm trying to say, that is, needs to be there in order for people to kind of trust that the folks, you know, the nerds, as you say are using their best judgment in deciding what to put forward, what to report on that kind of thing, which is itself what has, what is so fractured and what has kind of got us in this situation to begin with. Is that too pessimistic?

Thomas Rid: I mean, I share your underlying sense of the problem that there is a, the erosion in democratic institutions, but also, you know, the criminal justice system, the intelligence community, science, scholars and experts, that trust has been eroding for a while now. And I feel that by talking too much about disinformation about influence operation at a scale that is just more than it deserves, we are risking that we're making that problem even worse.

So, yeah, I think it's time to, it's time to rebuild some of that trust. And I, yeah, I think just that the risk that some of our listeners may be thinking now that, well, yeah, clearly the right has the bulk of responsibility here. And I'm not saying they don't have responsibility at all, in fact. But it's important to also see this, what happened in 2017, late 2017, 2018 and 2019, where the whole narrative about, you know, the IRA and Russian election interference was so overwhelming, so big, it's very public as well, that a lot of people assumed that President Trump had not won the election fair and square, but in fact was somehow installed by Russians. That narrative itself was extremely damaging, because it was simply wrong. Trump won in 2016 fair and square, and he lost in 2020 fair and square, and we'll see what happens in a couple weeks.

But that's, we have to trust the system. And I think if we undermine that baseline democratic trust in the system. And I understand the system is under a lot of pressure, I'm not naive, but still, if we lose that trust, then all bets are off, we become, we enter a conspiratorial mindset. That is exactly what Russia has done a long time ago. And we're unable to leave that mindset. So we must. avoid that mistake at all costs that we sort of collectively get drawn into what is a conspiratorial worldview.

Quinta Jurecic: So as you mentioned we're only a few weeks out from the presidential election, of course. Are there things that you're keeping an eye on in this space in the weeks to come?

Thomas Rid: Yeah, the big one is some form of leak operation that could again drive the news coverage, but it's late in the game. It's mid-October. I don't, frankly, I would be surprised if it happens now. It would have happened already, probably. It's getting a little late and probably I would assume that when we look back at this election cycle, whoever wins, I don't think that disinformation or influence operations from foreign countries would be neither Iran, nor China, nor Russia have a major role to play in our sort of collective memory of the 2024 election cycle. That is a good thing.

Quinta Jurecic: Just in the sense that, you know, if it had happened, we would have already started to see the seeds of it.

Thomas Rid: Yeah, absolutely, yes. Because the leak operation ultimately is the one that I think a lot of, you know, professionals like me who watch this space closely, but I would assume also in the intelligence community are probably most concerned about because it's really hard to counter. We know that from history. If you release really newsworthy information into the bloodstream of the public press coverage, even if you know it comes from a foreign intelligence agency, if it's newsworthy, if it's authentic, if you can prove that it's authentic, it's still newsworthy. You should have to still cover it. That I think is the difficult one to deal with for a, for an open democracy because you have to cover it.

Quinta Jurecic: Is there anything else that we haven't touched on that you'd like to make sure we discuss?

Thomas Rid: Yeah, I mean, the one thing that I don't think has received the amount of attention that it deserves is a very curious paragraph in the OpenAI threat report, the second one that came out when was it? Just a couple of, it feels like a couple of days ago or about a week ago, where OpenAI observed that threat actors in the cybersecurity or cyber-operation space, but also in the disinformation influence operation space, are using models, generative AI, large language models predominantly, here, in what they refer to as a midsection in an intermediary phase of their operation to accelerate certain development cycles internally.

And why is that so interesting? Because it means that the labs, OpenAI at the top of the list, but also others, Anthropic, Google, et cetera, will have fascinating visibility into what adversaries are doing on their networks. And I think it's a super exciting moment to be working in the threat intelligence teams or build those threat intelligence teams, really, in the labs because the telemetry that they have, the internal visibility that they have into these operations will be able to probably, I would assume, they will be able to link behavior together and identify new behavior, adversarial behavior, in a way that was simply not possible before the use of LLMs. So that, I think, is an exciting insight that was sort of hidden in a report that got press coverage for something quite different.

Quinta Jurecic: So the nerds should be keeping a close eye out for these kinds of threat reports from OpenAI and other generative AI companies?

Thomas Rid: Yes, and I think the AI companies and I'm not sure how popular Lawfare is among the AI crowd in San Francisco and, you know, Silicon Valley, but I think it's really important that they get the message. I believe they're getting the message that they are abused by adversaries, and they have an opportunity here to build internal teams that see things that nobody else can see. And, but in order to do that, they have to staff their own teams accordingly with people who have that talent and that background. And then of course, they have to equip them with the necessary internal sort of resources to get it, to get the job done. So that's an exciting development to watch for me.

Quinta Jurecic: All right, let's leave it there. Thomas Rid, thank you so much for coming on.

Thomas Rid: Thank you for having me.

Quinta Jurecic: The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get ad-free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter through our website, lawfaremedia.org/support. You'll also get access to special events and other content available only to our supporters.

Please rate and review us wherever you get your podcasts. Look out for our other podcasts including Rational Security, Chatter, Allies, and the Aftermath, our latest Lawfare Presents podcast series on the government's response to January 6th. Check out our written work at lawfaremedia.org. The podcast is edited by Jen Patja, and your audio engineer this episode was Cara Shillenn of Goat Rodeo. Our theme song is from Alibi Music. As always, thank you for listening.