by Clint Watts
Up until 2015, I had been trolled, but not hunted by the trolls. That summer, I traveled overseas to consult for a private-sector client. On the road with a couple of colleagues, I let them operate my dating app account as we made our way to Asia. We had joked while waiting at the airport about one profile, an overtly beautiful Russian woman I likened to a “Red Sparrow”—a female KGB agent specially trained to seduce Kremlin targets into sexual trysts. Jason Matthews, a former CIA case officer, had recently penned a bestselling thriller of that title (now a feature film with Jennifer Lawrence), and I remarked as I boarded the plane how easy it must be for the Russian intelligence services to compromise targets in the social media era on dating apps like Tinder, Bumble, and Match. I matched with the “Red Sparrow” account and didn’t think much more of it for the rest of the transcontinental flight—matching and messaging bizarre accounts came with the online-dating territory.
Three days into my overseas trip, I logged back into the dating app and noticed a message from the “Red Sparrow.”
“Thank you for visiting former FBI Special Agent Clinton Watts. We hope you enjoyed your stay at hotel _____. Our agents fluffed the pillows for you.”
They most certainly knew about my travel in the country. My dating profile didn’t have my full name or all my professional details, nor did the limited conversation I’d had with “Red Sparrow” provide any clues about my patterns. Ascertaining this information wouldn’t be difficult, though—a quick screen scrape of my profile picture and some Google searches would give one enough details to render my true identity. As for travel, my staying in a hotel was logical—they didn’t need to actually break into my hotel room or even know where I stayed to intimidate me. They only needed to create the impression that they were spying on me to send my imagination running. A smart play all around, and, who knows, maybe they did break into my hotel room and plant listening devices or surveil me. But this would have been a giant waste of their time and resources, as they would have found out I was no longer a government man and instead pushing PowerPoint slides in corporate conference rooms.
The Russians also intelligently waited to scare me until after I’d left American shores. Since I was traveling overseas, my harassers knew they could batter me and I’d have no one to report to, particularly since I’d be embarrassed that I was being maligned through a dating site. Skeptics might naturally claim that I don’t know for sure it was the Russians, and that’s true—I don’t have a video of the hackers and hecklers on the other end of a dating profile harassing me. But the account was overtly Russian, it bragged about being Russian, and the incident wasn’t isolated: less than two months later, the old Gmail account attached to those dating apps showed attempted log-ins from places I had never been nor visited, and I received new waves of targeted phishing spam tailored specifically to me.
In August 2015, I dumped the Gmail account, cleaned my systems as best I could, and again operated under the assumption that everything I accessed on the internet was being watched either by the Russians, some terrorists, hackers, or all of the above. I started preparing for the worst: a Russian smear campaign fueled by kompromat, some true information about me mixed with a bit of false, all linked through discrediting narratives posted on blogs or news sites. I’d seen it happen to others around me, so, as I learned to do in the Army, I prepared for the worst and hoped for the best.
During the summer and fall of 2015, Weisburd, Berger, and I debated the merits of writing up an overview of Russia’s use of English-speaking social media to influence Americans. But the Islamic State’s violent growth and construction of a caliphate took center stage in national security circles. There seemed to be little interest in Russia and its online operations. Writing up our findings would likely draw significantly more cyberattacks against family and friends and result in few, if any, reads by the mainstream public and government officials. And then there was the issue of pay: we weren’t receiving any support for this research, and all of us had let our curiosities hurt our pocketbooks at some point in the past. The costs seemed to far outweigh the benefits. But the troll army’s behavior continued to evolve in the latter half of 2015.
Russia had decisively entered into the Syrian fight on Assad’s behalf by the end of 2015. Looking for messaging strategies to derail the Islamic State and al-Qaeda’s powerful radicalization narrative, I saw Russia as a possible target of jihadi angst, moving it away from the United States and Europe and toward a shared adversary. For two decades, al-Qaeda, and now its more virulent spawn the Islamic State, targeted the United States. These terrorists referred to America as the “far enemy” for its alleged support of apostate Muslim dictators, who were the “near enemy,” in jihadi-speak. But the United States wasn’t supporting the abusive assaults of the Assad regime and instead wanted the dictator out in Syria. Russia backed the Syrian regime, much in the way it had backed Afghanistan’s dictatorship in the 1980s.
My thought was: why not remind jihadis fighting in Syria that it was Russia, and not America, backing the human-rights-violating President Assad? If successful in such messaging, the United States might potentially redirect jihadi narratives, much in the way I’d seen Russia’s trolls point fingers at America.
On October 26, 2015, I posted on the Foreign Policy Research Institute’s (FPRI) website a short blog entitled “Russia Returns As al Qaeda and the Islamic State’s ‘Far Enemy.’” It was the first time I’d written publicly about Russia’s influence operations and, I figured, the last. Americans didn’t appear to have much appetite or interest in anything other than the Islamic State, but this opinion piece offered an opportunity to discuss what had been a wasted effort to date.
The post received few reads and little attention, and I figured my remarks would drift into the morass of counterterrorism commentary filling social media feeds. But I was wrong.
Two weeks later, in November 2015, I checked my email messages as I walked into a friend’s promotion ceremony outside Washington, D.C. FPRI’s website administrator had sent a note regarding a visit he’d just received from an FBI agent.
I quickly dialed FPRI in Philadelphia. The FBI had detected a breach of the FPRI website, one that had installed sophisticated malware on my bio page and some of the articles I’d written. The FBI agent wouldn’t say who was responsible for the hack, but the website administrator noted, “I think you were targeted because of what you write.” I bet so, and I bet I know who targeted me.
Terrorists would badger me on social media, but few held the requisite hacking skills to breach computers halfway around the world, nor did they routinely have access to the more advanced malware found on the FPRI website. Hackers often target current and former government officials, but when it came to the Islamic State and al-Qaeda, collectives likely saw me as an ally against terrorists more than a foe. Cybercriminals could breach a system like FPRI’s, but what did they stand to gain when they are motivated by money? A convoluted blackmail scheme against me using FPRI’s website seemed quite far-fetched.
All signs pointed to a nation-state as the likely perpetrator. The FBI had detected the breach and malware installation fairly quickly by cybersecurity standards. They wouldn’t reveal to me who had conducted the attack, but they seemed to be aware of the actor’s techniques and had been scanning for the actor’s breaches. The attack’s timing, just weeks after my Russia article, made sense as well. Even more ominously, the malware that was installed provided hackers with a digital listing of all who accessed my profile and writings. This data would be useful for one purpose more than any others: the delivery of a discrediting campaign directly to the inboxes and social media feeds of those reading my opinions. The malware would provide the perfect mechanism for releasing alleged compromising information on me to those invested in my opinion. Such an attack on my credibility would weaken my public voice, discredit my claims, and shrink my influence among those who knew my work. The malware also provided a conduit by which a nation-state could target those mo
st interested in resisting it. All evidence pointed to only one threat capable of, and motivated to pull off, such a cyber campaign—the same one powering the social media troll army I’d been watching. And again, I asked myself, Is this really worth it?
5
Harmony, Disharmony, and the Power of Secrets
“Brothers in Islam . . . they have influenced the International Community to believe that the Somali religious leaders are Al-Qaeda. . . . The following decision was made: . . . Cooperation has to be made with criminals and hard currency provided as motivations to assassinate the officials of the administrations . . . Care has to be maintained all along to avoid leaking of this information. Whosoever leaks this information and is found guilty should be shot. . . . Unity comes from Almighty Allah . . . Chief of the Imaam of the Islamic Courts . . . Shiikh Hassan Dahir Aweys (signed).”1
Sheikh Hassan Dahir Aweys, once the top leader of the Islamic Courts Union, provided the first sign of Shabaab’s fractures when he defected in 2013.2 Omar Hammami longed on Twitter for Aweys’s support as he ran from al-Shabaab’s assassins through the Somali forests. But Sheikh Aweys, years before his Shabaab escapades, surprisingly became the first victim of Julian Assange’s creation, WikiLeaks.
WikiLeaks began its campaign for international transparency on December 28, 2006, posting a full English translation of a document allegedly written by Sheikh Aweys on November 9, 2005. The message made less news than the messenger. Julian Assange began his climb to international fame and today, more than a decade later, remains a disruptive force of information warfare. WikiLeaks thought “the crowd,” an open-source army of contributors scattered around the world, would investigate the contents of the alleged Aweys letter and determine collectively whether the document was true to its alleged source. That never actually happened, though. Even today, the contents of the document are shrouded in mystery.
Assange’s journey to WikiLeaks began where many transparency activists start: hacking. From his early years to the present, Assange has lived like a nomad, pursuing hacking as a hobby before turning it into his life’s work. His teenage hacking led to criminal investigations and charges, a minor penalty, and later a fight with the Australian state for custody of his child. Whether it was child custody battles with Australia’s Department of Health and Community Services or criminal prosecutions, Assange developed a complete disdain for institutional hierarchies and patronage networks. He crafted his own manifesto, entitled “Conspiracy as Governance,” claiming that illegitimate governance is conspiratorial and the product of people working in “collaborative secrecy, working to the detriment of a population.” This manifesto guided Assange’s vision of WikiLeaks, a virtual hub of secret documents, leaks to be used in information attacks against the corrupt and the criminal, the states, organizations, and bodies they govern.3
Raffi Khatchadourian’s 2010 New Yorker article “No Secrets” provides an exceptional accounting of Assange and the early years of WikiLeaks. In 2006, Assange invited collaborators to the WikiLeaks mission: “Our primary targets are those highly oppressive regimes in China, Russia and Central Eurasia, but we also expect to be of assistance to those in the West who wish to reveal illegal or immoral behavior in their own governments and corporations.”4 Assange remarked passively that his social movement to expose secrets could “bring down many administrations that rely on concealing reality—including the US administration.” Rop Gonggrijp, a Dutch activist, hacker, businessman, WikiLeaks funder, and overall backbone for Assange’s operations, told Khatchadourian that WikiLeaks plays an essential role in the media. “We are not the press,” Gonggrijp said. Rather, he considered WikiLeaks to be an advocacy group for sources. According to Gonggrijp, WikiLeaks created a world in which “the source is no longer dependent on finding a journalist who may or may not do something good with his document.”
The statements by both Assange and Gonggrijp appeared almost immediately to be at odds with each other and with reality. WikiLeaks wasn’t the press, but it would provide raw information to all of the press in hopes that someone would get the story “right” by WikiLeaks’ standards. WikiLeaks would go after the most oppressive regimes and any behavior it deemed illegal or immoral, making itself the arbiter for the world as to where the blurry lines of morality lie. These paradoxical statements have played out in confusing ways throughout WikiLeaks’ history.
Notoriety brought in new pilfered secrets, and Assange claimed in 2010 that WikiLeaks was receiving dozens of disclosures a day. Each year, these disclosures struck bigger targets with larger caches of pilfered materials. WikiLeaks’ hit list from 2006 to 2009 included China, Kenya’s police force, Scientology, Sarah Palin, Bank Julius Baer, the Bilderberg Group, and Iran. But gradually, Western governments and businesses began to outnumber oppressive regimes by a sizable margin, and Assange’s top target increasingly became the U.S. government.
In early 2010, an Army private first class then named Bradley Manning provided WikiLeaks with hundreds of thousands of diplomatic cables and classified reports, along with a 2007 video showing a highly contentious Baghdad airstrike by American Apache helicopters that had killed twelve people, including two Iraqi journalists working for Reuters.
WikiLeaks and Assange released their “Collateral Murder” video, using footage delivered by Manning, creating a worldwide debate about not only the contents and context of the video but the need for justice and accountability and the legality of the attack. The video appeared to be a major step forward for WikiLeaks’ pursuit of injustice. Donations poured in, awards came from human rights groups, and Manning, the source of the videos, went to military prison, with a thirty-five-year sentence.
Assange’s journey since 2010 has been the substance of documentaries, movies, articles, and books. Internet hosting providers waxed and waned as Western governments, particularly the United States, placed enormous pressure on WikiLeaks’ technical backbone, seeking to take the outlet offline. Until the U.S. presidential election of 2016, surprisingly few questioned the validity of Assange’s attacks on the West and particularly on the United States.
Most overlooked a curious bit of WikiLeaks history, the first glimpse of which occurred on November 17, 2009. WikiLeaks posted email messages between climate scientists at the University of East Anglia’s Climatic Research Unit (CRU). The emails in the raw were used by climate change skeptics to show global warming to be a conspiracy. The CRU claimed that the emails were nothing more than healthy dialogue between researchers. Some investigating the CRU’s breach thought the leaks may have come from Russia, noting signatures that could have been tracked back to “a small web server in the formerly closed city of Tomsk in Siberia.”5 The source of the hacks remains an unsolved puzzle but the suggestion of a connection between Russia and WikiLeaks, curiously, would surface again less than a year later.
“We have [compromising materials] about Russia, about your government and businessmen. . . . We will publish these materials soon,” Assange said during an interview with the pro-Russian-government daily newspaper Izvestia, in what appeared to be a dire warning to Moscow. Kristinn Hrafnsson, another WikiLeaks spokesperson, repeated the warning on October 26, 2010: “Russians are going to find out a lot of interesting facts about their country.”6 Audiences and journalists waited in anticipation for the Russia bombshells, but they never came.
The following day, October 27, 2010, an unnamed official at the FSB’s Center for Information Security, Russia’s internal intelligence arm, issued a statement: “It’s essential to remember that given the will and the relevant orders, [WikiLeaks] can be made inaccessible forever.”7
The Russian secrets never surfaced at WikiLeaks, and instead Assange’s next posting, on November 28, 2010, showcased U.S. State Department stolen diplomatic cables, beginning the slow drip of roughly 250,000 reports harming U.S. relations with countries worldwide. WikiLeaks’ challenge to the worst regimes, and Assange’s bravery in the face of dictators, faded away.
Israel
Shamir, a close associate of Assange’s, also began appearing in WikiLeaks circles in 2010. James Ball, a staffer at WikiLeaks during a tumultuous three-month period, described Shamir’s entrance in WikiLeaks circles: “A self-styled Russian ‘peace campaigner’ with a long history of anti-Semitic writing . . . Shamir was introduced to the team under the pseudonym Adam, and it was only several weeks after he had left—with a huge cache of unredacted cables—that most of us started to find out who he was.”8 A little while later, Shamir landed in Belarus, a Russian ally led by Alexander Lukashenko, who has held on to power through press censorship, communications monitoring, and, above all, the manipulation of politics to quell dissent.
Shamir allegedly provided a cache of unredacted American diplomatic cables to Lukashenko’s chief of staff, Vladimir Makei. Kapil Komireddi, of the New Statesman, said that Shamir then “stayed in the country [Belarus] to ‘observe’ the presidential elections.”9 Lukashenko won the vote on December 19, 2010, by an overwhelming majority, one so suspiciously lopsided that mass protests by Belarusians led to the dispatching of the state militia to restore calm. In January 2011, the Belarusian state-sponsored newspaper Soviet Belarus published extracts of U.S. diplomatic cables provided by Shamir and WikiLeaks. Among those exposed as recipients of foreign cash were a defeated opposition candidate to Alexander Lukashenko, Andrei Sannikov. Also outed in the published cables were Sannikov’s press secretary, who’d died suspiciously months before, and another Lukashenko political opponent, Vladimir Neklyayev, was subsequently placed under house arrest.
Criticisms of Assange’s connections to Shamir mounted in late 2011. WikiLeaks supporters became rightly confused as to why the transparency outlet had helped Lukashenko, the very type of authoritarian the group had originally sought to target. Then, on April 17, 2012, Julian Assange’s show, World Tomorrow, debuted on Russia’s state-sponsored news outlet RT broadcasting twelve episodes into the summer of 2012. Two months after that, Assange retreated to the Ecuadorian embassy in London, to avoid extradition on Swedish rape charges. The Swedish charges have been dropped, but Assange remains inside the Ecuadorian compound, where, ever since October 27, 2010, his efforts have supported the agenda of one country above all others: Russia. And WikiLeaks’ document dumping has harmed one nation most of all: the United States.