Month: February 2022

In 2022 — deepfakes — synthetic photos, videos, text, or audio generated by artificial intelligence poses a potentially significant threat to governments, financial institutions, social media users, and consumers. Criminals could exploit the technology maliciously, impersonating political leaders, posing as executives to steal a company’s intellectual property, or by impersonating customers to commit fraud or extortion.

According to open-source research, the term “deepfake” originated on Reddit in 2017. A Reddit user created a channel on the platform to manipulate the footage in pornographic videos, swapping out faces with open-source technology.

Since 2017, deepfake technology has evolved, with viral video deepfakes of celebrities like Tom Cruise or politicians like former President Richard Nixon saying or doing things they have never done. Those videos, however, posed no threat and were not hard to distinguish as inauthentic.

Politics

In 2018, the people in Gabon — a small country in Central Africa — hadn’t heard or seen from President Ali Bongo for several months. The Gabonese government told the public that Bongo was recovering from a stroke. On New Year’s, a video of Bongo was released, but many viewers suspected something was off with the footage, calling it a deepfake. About a week after the video surfaced, some members of the military used the video as a pretext to launch a coup in Gabon, which failed. Further analysis didn’t even determine whether the video was, in fact, a deepfake.

Before the 2020 U.S. Presidential Election, lawmakers warned that deepfakes could be used to disrupt the race. Rep. Adam Schiff (D-CA) said that deepfakes have “the capacity to disrupt entire campaigns, including that for the presidency.” Schiff’s comments followed a viral video of House Speaker Nancy Pelosi (D-CA) allegedly slurring her speech. The video of Pelosi wasn’t developed with deepfake software but was footage slowed down to make her appear intoxicated. The video, which received over two million views on Facebook, had users on the platform questioning the House Speaker’s cognitive ability and health.

The Private Sector

In 2019, an energy company in the U.K. received a call from what they thought was the CEO of their German-based parent company to initiate a $243,000 wire transfer that would be reimbursed. The caller used deepfake audio technology to impersonate the executive of the German business, so there were no suspicions on the U.K. side. The money was sent, and the criminals were able to disburse the funds to another account.

In 2020, a manager at a bank in Hong Kong was duped by the same deepfake audio technology. In this case, the caller asked for 35 million USD because the company was moving forward with an acquisition. Seeing that email correspondence also lined up with the request, the manager made the transfer.

In addition, in 2020, Jacques Maurico Anderson, a North Carolina resident, pleaded guilty to conspiracy to commit bank fraud by using synthetic identities. According to the press release from the Department of Justice, Anderson purchased synthetic identities from a seller on Craigslist. Anderson exploited his new fictitious identities to trick lenders into extending him credit, falsify his income, and make multiple major purchases.

Deepfakes Targeting Social Media Users and Consumers

Through our research, analysts identified a Facebook user who said that they were a target of a deepfake for extortion. On February 22, 2022, the Facebook user posted, “Friends, Please be aware that I have been the victim of a DeepFake attack. Meaning I’m being blackmailed/extorted to give this hacker money, or he/she will release a very disturbing video with my face and background of someone doing an obscene act. I ASSURE YOU THIS IS NOT ME. If you receive a link on one of your posts or a message, please delete and block the sender.”

We traced the poster’s digital footprint and discovered that he works in the insurance industry, suggesting that criminals use deepfakes to extort more than CEOs and executives.

In November 2021, Daniel Higgins, a Florida resident, couldn’t log into his Instagram account as his password had been changed, which he didn’t authorize. When he went to his Instagram profile, he found a fake video that sounded just like Higgins, telling his followers to buy Bitcoin. In the deepfake video, the impostor Higgins said, “I just invested $300 into Bitcoin and got $10,000 back. Gotta try it.”

Deepfake profiles are also being used on social media to push propaganda messages in favor of the Chinese Communist Party. According to The Centre for Information Resilience (CIR), “The coordinated influence operation on Twitter, Facebook, and YouTube uses a mix of artificial and repurposed accounts to push pro-China narratives and distort perceptions on important issues. The narratives amplified by the accounts are similar to those promoted by Chinese Government officials and China state-linked media.”

How Easy Is It to Create a Synthetic Identity Online?

Creating a synthetic identity online is not as difficult as someone may think. There are websites like https://thispersondoesnotexist.com/, which create artificially generated images of human faces.

In the image, there are inconsistencies we can spot.

• The pink color in the hair doesn’t look natural
• Her earring doesn’t look right
• The teeth don’t look natural

Thispersondoesnotexist.com has been used to create fake LinkedIn profiles that could be used to drop an infected file or link in a LinkedIn message. 

OUR ASSESSMENT

Deepfakes will continue as a tactic of criminals and entities looking to negatively influence events and opinions. Reliable deepfake detectors remain under development by companies like Meta (Facebook), Twitter, and YouTube but a successful algorithm or technology is unclear currently.

Continued desire to be first on news stories without a thorough evaluation of the content will make it far more likely that deepfakes circulate without detection. Without careful diligence and analysis lies, false accusations, and careless defamation will occur with significant consequences.

On February 1, 2022, Overwatch assessed that “the Russian state may respond to the U.S. deploying a small number of NATO troops in Eastern Europe and NATO countries by adding more military assets on the border with Ukraine, or Belarus, escalating the situation, or with rhetoric, criticizing the decision on the international stage. Any further Russian military buildup will likely result in the U.S. placing additional military assets into NATO countries.”

Since the publishing of our 2^nd brief on Ukraine, Russia, the Russian state has amassed the largest buildup of military assets in Europe since the Cold War. According to open-source data, there are 130,000 Russian troops on the border with Ukraine. Among those troops are members of Russian Airborne Forces, known for their combat experience in Syria and Ukraine.

Additionally, research on social media platforms like VK.com and TikTok shows Russian tanks, electronic warfare systems, self-propelled Howitzers, and ballistic missile defense systems close to Ukraine’s border. Russian military assets have been seen in Belgorod Oblast, Russia, 49 miles from Kharkiv, Ukraine’s second-largest city.

The following video was posted by a TikTok user in Belgorod Oblast on February 13, 2022.

Further, satellite imagery indicates that the Russian state set up a field hospital on Zyabrovka Airfield, in the Gomel region of Belarus, where no exercises were planned.

Additional research from Overwatch showed that the local media in Belarus were unsure of why the Russian military was in their region. Also, a field hospital was set up in Osipovichi in the Mogilev region of Belarus, where there were scheduled exercises.

Twitter user and Russian defense policy expert, Rob Lee, shared a video of a PMP pontoon bridge in Kursk Oblast, Russia, 137 miles from Kharkiv. Pontoons have multiple uses, some of which include transportation of supplies, troops, and weapons over waterways.

NATO has increased its level of deterrence through deployments of U.S., U.K. and German troops in Eastern Europe. The U.S. is deploying 3,000 troops to Poland and 900 to Romania, while the U.K. sent 850 troops to Estonia. In addition, Germany deployed more troops to Estonia. Further, from February 28 – March 11, Lithuania is hosting a massive military exercise —Saber Strike and Crystal Arrow — which will include the U.S., Canada, Albania, Czech Republic, Italy, Iceland, Montenegro, Poland, Slovakia, Slovenia, and Spain.

Disinformation

In addition, on February 1, 2022, analysts assessed, “Russian state media like RT, TASS, and Ria Novosti and Russian troll farms (Internet activists working on behalf of a foreign government to manipulate public opinions) will flood the digital space with disinformation about the U.S. and NATO, promoting conspiracy theories about the U.S. government, U.S. military, and North Atlantic Treaty Organization.”

We have seen a significant increase in disinformation, ranging from comments from Russian Foreign Intelligence Chief Sergey Naryshkin, political leaders in Donbas, and Russian state media.

• On February 11, 2022, Naryshkin said, “We have intel on Jihadi militants deployed by NATO and Ukraine to fight against Donbas.”
• On February 11, 2022, the head of the self-proclaimed Donestk People’s Republic (DPR) said they found a mass grave of 130 civilians killed by Ukraine’s Armed Forces.
• On February 13, 2022, the Editor-in-Chief of RT(Russian state media) Margarita Simonyan claimed that Ukraine could set up concentration camps in Ukraine.
• On February 14, 2022, Tsargard TVclaimed that Ukraine was preparing to invade areas of Donbas and that it had set up demining machines for minefields in the region.
• On February 14, 2022, DPR’s Deputy Chief of the People’s Militia Directorate, Eduard Basurin, said that Ukraine had plans to invade the self-proclaimed DPR and Luhansk People’s Republic (LPR) in Donbas.

Russian Separatists

Further, Overwatch analysts assessed in our January 13, 2022, brief on Ukraine, “Should the Russians invade, their forces would support the Russian Separatists fighting for the Donetsk People’s Republic and Luhansk’s People’s Republic. Further, as Russian President Vladimir Putin annexed Crimea in 2014, he could potentially annex the DPR and LPR and station Russian troops in both territories.”

• On February 14, 2022, DPR leader Denis Pushilin said that in the event of an invasion by the Armed Forces of Ukraine, the DPR could turn to Russia.
• On February 14, 2022, Russian State Duma members, Viktor Vodolatsky and Artyom Turov appealed to the State Duma of the Federal Assembly to recognize the self-proclaimed DPR and LPR.

Russian President Vladimir Putin, Russian Foreign Minister Sergey Lavrov, and General of the Army and Minister of Defense Sergey Shoigu, met on Monday. During those discussions, Shoigu claimed that some of Russia’s military drills were over, with others close to completion.

However, according to the Pentagon, the Russian state boosted its forces on Ukraine’s border over the weekend.

Additionally, in a February 14, 2022, interview with The Guardian, Russia’s Ambassador to the EU, Vladimir Chizhov, said Russia was within its rights to counterattack if it felt it needed to protect Russian citizens living in Eastern Ukraine.

U.S. and Ukraine

Also, with the time of this report, U.S. Embassy operations in Kyiv is moving to Lviv, which is 340 miles away from Ukraine’s capital. The U.S. has called for U.S. citizens to leave Ukraine, and said it has no plans to send in the U.S. military to evacuate citizens. However, as we saw in Afghanistan, nonprofit organizations are volunteering their resources and time to help Americans in Ukraine. Project Dynamo, which has helped rescue many Afghans, says that it is laying the groundwork for rescue operations in Ukraine, in the event of a Russian invasion.

According to CBS News, Russian long-range artillery and rocket launchers have moved into attack positions on the Russia-Ukraine border. Pentagon Press Secretary and U.S. Navy Admiral (Ret.) John F. Kirby said on Monday of Russian President Vladimir Putin, “He continues to do the things you would expect one to do if one was planning a major military action.”

The significant Russian military buildup on Ukraine’s border isn’t deterring Ukrainian President Volodymyr Zelensky from the country’s commitment to joining NATO. Likewise, the U.S. position remains unchanged, supporting Ukraine’s sovereignty and providing it with financial and defensive aid.

OUR ASSESSMENT

The Russian state and Vladimir Putin continue applying pressure on the international community through physical movements and placements of forces and the incremental influence on the situation and public opinion. International opinion and support prominently rely on “owning the narrative,” and increased Russian claims and assertions remain visible as Russia influences international players and reinforces their populace support within Ukraine.

The influence campaigns will intensify to portray Russia in the most favorable image as attempting to protect the DPR and LPR people from the Ukrainian Armed Forces. Overwatch’s recent assessments provided insight into the meetings with DPR and LPR Leaders and other iterative activities attempting to provide credibility to their preferred narrative. Additionally, the DPR and LPR officials may stage a “false attack” to capture it on local and social media for Russia to use as justification for their incursion into Ukrainian sovereign borders and annexing those regions.

No orders have been given to mobilize Ukraine’s reserve forces, which would be a significant indicator of a Russian invasion.

Overwatch assesses that with the significant military buildup on the Russia/Ukraine border, stronger rhetoric from Russian officials, reports of Russian military assets moving into attack positions, and increased disinformation from Russian-owned or Russian-sponsored entities and actors, the likelihood further escalation between Russia and Ukraine is high.

Additionally, with tensions between the U.S. and Russia continuously high, cyber-attacks on U.S. entities and critical infrastructure remain a possibility should Russia invade Ukraine. On February 12, 2022, the Cybersecurity and Infrastructure Agency sent out a Shields Up Alert, saying, “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”

Should Russia invade Ukraine and the conflict intensify to where a member of NATO acts against Russia or Russia against NATO, a much larger scale war would result, impacting more than Ukraine, but many other European countries, in addition to the United States.

On February 3, 2022, Facebook pulled down an Iranian disinformation network that aimed to stoke “religious war” and “fear and hatred” against Jews in Israel.

The move from Facebook comes 15 days after the platform disabled Iranian profiles on Facebook and Instagram that posed as Scottish citizens pushing disinformation about the United Kingdom’s government. A week before that, Israel’s Shin Bet (a law enforcement arm that is similar to both the FBI and Secret Service) said that Iranians were using Facebook to recruit women inside Israel to photograph sensitive sites such as the U.S. Embassy in Jerusalem.

While Facebook has been officially banned in Iran since 2009, many Iranians still use the network to push religious and cultural propaganda in favor of the Iranian government and its extreme ideology.

Our analysts identified a U.S.-based organization using Facebook to push pro-Iranian propaganda for this brief.

Elhaam Magazine

Elhaam Magazine is a subsidiary of the Yaseen Educational Foundation, which is based in California. The Facebook page for Elhaam Magazine has 4,060 likes.

On January 31, 2021, Elhaam Magazine posted a photo of the founder of the Islamic Republic of Iran, Ruhollah Khomeini, to its Facebook page. The image has a caption that reads, “Between him and you, there is always a spark of hope.” The picture received 92 likes with shares from U.S. persons and a foreign national using former Quds Force Commander Qassem Soleimani for a profile photo.

 

 

Elhaam posted another image of Khomeini on its Facebook page on January 7, 2021. Further review of both photos shows that they were shared by Sohali Sarani, an Indian national living in Qom, Iran, the heart of extremist Shi’a scholarship in the Middle East. Sarani shares a lot of pro-Iranian propaganda, including videos of Khomeini, Iran’s current Supreme Leader Ayatollah Ali Khamenei, and Seyed Hashim al-Haidar (a radical and influential cleric in Iraq who supports Hezbollah and is connected to Iran’s supreme leader).

In addition, Elhaam has posted images of Morteza Motahari, who was a close friend to Khomeini and chairman of the Council of Islamic Revolution until he was killed in May 1979. On January 10, 2022, Elhaam posted an image of Motahari to its Facebook page, which was “liked” by a U.S. person from California, living in Tehran, Iran.

Elhaam also has a YouTube channel with 6,000 subscribers, where it promotes content that features comments from Khomeini and other radical ayatollahs who have since passed or are living in Iran.

While Elhaam’s website is no longer functional, using the Wayback machine shows that they are also linked to people who studied in Qom, Iran. U.S. nationals who study in Qom, Iran, return indoctrinated, with anti-Western views and supporting the beliefs of Iran’s Supreme Leader Ayatollah Khamenei.

Overwatch identified four different individuals writing for Elhaam, who studied in Qom.

• In 2019, Sayyed Abbas Razavian, a California native, studied in Qom for 20 years.
• In 2015, Hasan Kashani, who studied in Qom.
• In 2014, Ustada Sabika Mithani and Hafidha Soheyla Aryan, who both studied in Qom, and have lived in California, posted articles to Elhaam’s

Additionally, Elhaam has a donation page through givingfuel.com. Analysts identified the donation page receiving shares on Telegram as recent as January 24, 2022.

The active donation page is problematic because public records show the parent organization of Elhaam, the Yaseen Educational Foundation, which was a non-profit, dissolved as of February 5, 2022.

The Yaseen Educational Foundation, which has pages on both Facebook and Instagram, hasn’t had any social media activity since January 23, 2022. However, a review of the Yaseen Educational Institute’s Facebook profile reveals additional connections to sheikhs who studied in Iran. 

• On January 5 and 6, 2022, Sayyed Abbas Razavian was the main speaker at a Yaseen Educational Institute event.
• On October 28, 2021, Sheikh Ahmad Modaress, who is from Mashhad, Iran, was a guest at Yaseen’s event in Los Angeles, California.
• On June 10, 2021, Sheikh Navid Charooseh, a U.S. national who studied in Qom for over nine years, performed the Dua Kumayl (a significant Shi’a prayer) at an event sponsored by Yaseen.
• From August 31, 2021 – to September 10, 2019, Sheikh Salim Yusufali, a Canadian national who studied in Qom, was the lecturer for a several-day event Yaseen sponsored.

 OUR ASSESSMENT

Elhaam’s active social media accounts could provide a vehicle to influence U.S. persons to study in Qom, Iran, returning to the U.S. to spread the extremist ideas of Iran’s leadership. While one might suggest an organization like the Yaseen Educational Foundation register as a foreign agent, The Foreign Agents Registration Act has exemptions for “religious” and “scholastic” entities. The fact that Elhaam’s donation page remains active, despite the Yaseen Educational Foundation being dissolved also raises concerns about the magazine’s ethics and transparency.

Providing a platform for Elhaam to share its pro-Iranian propaganda on Facebook and YouTube indicates that major social media companies may need to invest more resources to fully assess accounts that share narratives in line with hostile foreign governments.

 

The World Economic Forum reports that cryptocurrency’s market cap increased by 187.5% in 2021, indicating that many more consumers are investing in digital assets. However, with the growth in the cryptocurrency market, a significant increase in scams also came.

According to the Federal Trade Commission, “more than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021.” The FTC also said it saw a surge in “bogus cryptocurrency investment” scams on social media in 2021.

On January 11, 2022, CNBC reported cryptocurrency scams as the “top threat to investors,” according to security regulators, and on January 31, 2022, Fortune referred to cryptocurrency scams as social media’s “latest crisis.”

Considering the report from the FTC and the threat posed by cryptocurrency scams, Overwatch analysts identified a crypto website scamming consumers for this brief.

The Scam Website

At first glance, https://www.crystalforextrade.com looks like a professional website for people that want to make money from investing in cryptocurrency.

However, crystalforextrade’s first claim is that it is the “most reliable” and “secure” online platform for cryptocurrency trading, investing, and mining. The claim is debunked with a simple Google search, where no reputable cryptocurrency publications or media outlets that cover finance, mention crystalforextrade in their writing.

Instead of stopping on the home page, however, we are going to dig deeper into the site. By scrolling down on the home page, we come across a second red flag, misspelled words.

The next thing we come across on the home page is the claims made by the site. According to crystalforextrade, they have been around 37 days, served 141 people, and withdrawn $19,739.

However, if we refresh the page, the section is populated with new details about the success of crystalforextrade.

What are the facts? Crystalforextrade was registered as a domain on November 31, 2021. Thus, its claims of starting 37 or 1,896 days ago are both false.

At the bottom of the home page, we come across fake accounts that have supposedly withdrawn money with crystalforextrade.

In open-source intelligence, we often use a method called a reverse image search. One of the reliable websites for performing reverse image searches is Yandex, which is Russia’s version of Google.

When we save the first image into Yandex and run a reverse image search, we find that the person in the first photo on crystalforextrade is not named Daniel Burton.

With this reverse image search, Yandex also provides us with a link to where the photo has appeared. By clicking the link, we find out that the individual in the picture is named Mariano, not Daniel.

But as open-source intelligence professionals we look for patterns, so let’s reverse image search the other pictures.

With the second image, we can see that the photo is used in dating profiles in the United Kingdom and the Philippines. Analysts note that the widespread use of the image suggests that it is also falsely represented on crystalforextrade.

The third picture provides us with more compelling data.

The fourth image shows that the photo is used on a website for cryptocurrency investments, legalcloudtrading.com

If we go to legalcloudtrading.com, we can see that it is an exact copy of the crystalforextrade.com website.

Overwatch wanted to delve further than these websites’ front pages. We created two fictious accounts to determine if crystalforextrade or legalcloudtrading were receiving or sending funds.

After logging in, we were brought to a dashboard that provided several different options, and what we want is to “withdraw” because that will give us the Bitcoin wallet address for crystalforextrade.

With blockchain.com, we can put the wallet address in the search box and see if it has received any Bitcoin.

According to blockchain.com, “This address has transacted 348 times on the Bitcoin blockchain. It has received a total of 3.30584675 BTC ($135,124.24) and has sent a total of 3.29005193 BTC ($134,478.64).” That is a significant amount of money for crystalforextrade.com, which as we stated previously was registered as a domain on November 31, 2021.

By creating an account on legalcloudtrading.com and signing up for membership, we get another Bitcoin wallet address.

This address, however, has done a lot more sending of Bitcoin across the blockchain. According to blockchain.com the address “transacted 805 times on the Bitcoin blockchain. It has received a total of 12.69052546 BTC ($518,649.21) and has sent a total of 12.69052546 BTC ($518,649.21).”

Further research shows that crystalforextrade was reported in a scam on Ripoffreport.com in December 2021.

The victim, Bella, was scammed for around $1,500 and explained her experience with crystalforextrade from a person she knew who was posting about Bitcoin on her Instagram. The person, Lara Gonzalez, told Bella that she needed to contact Maria Lucas on Instagram. Lucas told her to invest $500. She did that, and a few hours later was told that her account already had $10,000 in it.

However, Lucas said that for Bella to get the money, she had to upgrade her account, which would cost a one-time fee of $950. Bella did that, too, only to have to sign up and pay for a PIN to withdraw for her alleged money. When she realized what was happening, she asked Maria for her Bitcoin back, only to be blocked from contacting her.

Additionally, analysts looked at the U.S. WhatsApp phone number on the legalcloudtrading website and found it to be a VOIP with no name, address, or business attached to it. Also, the social media links on both websites are not functional.

Further, a network analysis of the two Bitcoin wallet addresses found that both websites are connected and show a pattern that indicates they are an investment scam.

Some Steps You Can Take to Mitigate Risk

• If someone reaches out to you on a social media platform about making money in cryptocurrency, ask them for their website URL. Research the URL with a Google Search and search major social media platforms like Facebook, Twitter, Instagram, and YouTube. If you are only seeing data from the website provider, it is a possible indicator that it is a scam.
• Once on the website, look at their photos for their team or clients. If the image looks suspicious or like a stock photo, click Save As on the image and then go to Yandex.com. Once on Yandex.com, click images and upload the image you saved. If the picture is widely used, it will show up in results on Yandex.
• Search for the website URL + scam in Google, Bing, and other search engines.
• If the social media page links on the website don’t work, that is another red flag.
• If the phone number they tell you to call is a WhatsApp number, it is another possible indicator that they are involved in a scam.

Our Assessment

Fraudsters will continue to use social media platforms to target their victims for cryptocurrency scams, specifically focusing on how people can make much larger returns by investing small sums of money. With the significant growth of the cryptocurrency market, Overwatch assesses that social media fraud will increase in 2022, likely costing tens of millions of dollars more in losses than in 2021.

Additionally, novice investors will be especially susceptible to fraudsters in the cryptocurrency space, as they are not familiar with the tactics that cyber-criminals use to appear as legitimate exchanges or how they target their victims.

On Tuesday, February 1, 2022, the FBI warned the 223 U.S. athletes traveling to the 2022 Winter Olympics in Beijing, China, to bring a burner phone because of the risk of cyber-attacks.

The day before that, FBI Director Christopher Wray said that the threat from the Chinese state is more “brazen” and “damaging” than ever before.

With Wray’s comments in mind and tomorrow being the first day of the 2022 Winter Olympics in Beijing, China, Overwatch investigated the threat of China’s soft power for this brief. Soft power is when a country tries to influence another nation through less aggressive tactics, such as culturally, economically, politically, or through propaganda. Specifically, our analysts researched how the Chinese state is influencing narratives surrounding the Olympics in the U.S. and increasing its volume of propaganda in China.

Chinese Consulate in New York Pays 300K to U.S. Person to Push Pro-Beijing Message Ahead of Olympics and Paralympics

On December 10, 2021, Vipinder Jaswal registered Vippi Media, Inc. as a foreign agent working on behalf of the interests of the Chinese Consulate in New York. In Mr. Jaswal’s filing, the Statement of Work says that he will “develop a marketing campaign to promote the Beijing Winter Olympics” and reach out to influencers to “drive viewership, mass awareness, and premium content.”

The Chinese Consulate in New York agreed to pay Mr. Jaswal 300k for his services. Multiple media sources mention how Mr. Jaswal said he is “well aware” of the controversies with China surrounding Xinjiang (Where there is an ongoing genocide against Uyghur Muslims) and Hong Kong. Mr. Jaswal instead says the campaign’s objective is to “highlight the integrity and dignity of the Olympics.” Overwatch analysts note that there is no free or independent media in the Chinese state. Thus, any influencers Mr. Jaswal recruits will have to follow any narratives Beijing desires.

Further research into Mr. Jaswal shows he advocates for some of the Chinese state’s controversial policies. For example, in a video from the Chinese Consulate in New York, dated September 29, 2021, regarding the 72^nd anniversary of the People’s Republic of China, Mr. Jaswal refers to China’s Belt and Road Initiative (BRI) as a “world-class” infrastructure program.

A November 2020 report from the Office of the Secretary State disputes Mr. Jaswal’s claim, laying out how the Belt and Road Initiative is about expanding China’s soft power, not building developing nations.

The report reads, “The CCP uses the BRI as a means of drawing nations, particularly their political and economic elites, into Beijing’s political orbit. BRI infrastructure projects — ports, railroads, highways, dams, industrial parks, civil nuclear facilities and other energy related initiatives, and more — typically rely on imported Chinese workers rather than local labor, and sometimes involve 50–100-year business relationships that entrench China’s long-term access to local elites and confer power over the key parts of the host country’s critical infrastructure. Because of the heavy economic and environmental costs imposed by the CCP, host countries increasingly find these BRI projects unsustainable.”

Politically Extreme U.S. Websites Post Pro-CCP Messages Before the Olympics

On January 12, 2022, the website, Midwestern Marx, posted about the coming Olympics and how the ongoing Uyghur genocide in Xinjiang, China, is not a genocide. Midwestern Marx writer Caleb Maupin wrote, “The basis of the out[r]age for HRW [Human Rights Watch] is not real documented events but rumors that don’t match the facts. The claim that ‘genocide’ is being conducted against Uyghurs doesn’t add up. From 2010 to 2018, the Uygur population in China’s Xinjiang Autonomous region grew at a faster rate than the region’s population overall.”

Friends of Socialist China, a U.S.-based political organization with connections to professors at Tsinghua University and the Chinese Academy of Social Sciences, posted a message of solidarity about the Beijing Olympics to its website on January 31, 2022.

Of note is how the message refers to human rights abuses in Xinjiang (Where the U.S. has said there is an ongoing genocide against Uyghur Muslims) as concocted. “A handful of imperialist countries have tried to instigate a so-called diplomatic boycott, concocting vicious and ridiculous slanders about human rights abuses in Xinjiang.”

Midwestern Marx has a significant social media reach with 376k followers on TikTok, 21.5k on Twitter, 1.4k on Facebook, and 21.1k on YouTube. Friends of Socialist China has a smaller online influence with 14.1k followers on Twitter, 2.6k followers on Facebook, and 6k subscribers on YouTube. Midwestern Marx and Friends of Socialist China are just two of many politically extreme websites promoting CCP narratives in the digital space.

Increase in Propaganda in Xinjiang

On February 1, 2022, a video titled: Together for a Shared Future was released by Kashgar County Government in Xinjiang. Kashgar is the second-largest city in the Xinjiang region. In the video, a mixture of Han Chinese and Uyghur Muslims are dancing and singing a song about a shared future.

Julie Millsap, an activist who has worked to stop the Uyghur Muslim genocide for several years, explained to Overwatch about the messaging of the video. Millsap said, “Beyond contributing to the propaganda narrative they are projecting to the world, many of these videos are specifically targeting the Chinese domestic audience. By throwing in a few typical English phrases in a catchy song about harmony and unity, they are emphasizing to the Chinese people the image that the Chinese authorities want them to buy: that China is a harmonious land where the different ethnic groups live ‘as tightly as the seeds of a pomegranate.’”

Our Assessment

Throughout the Winter Olympics, the Chinese Communist Party will only show one side of the country, ignoring documented human rights abuses in Xinjiang and Hong Kong. Additionally, the U.S. influencers will help expand the Chinese state’s “foreign influence” by promoting its narratives about the 2022 Winter Olympics. These influencers will be either paid by individuals like Mr. Jaswal or ideologically aligned with the views of the Chinese Communist Party, as are the Socialist Friends of China and Midwestern Marxism.

Propaganda from Xinjiang like the video from Kashgar will increase during the Winter Olympics. Other propaganda videos about Xinjiang will likely surface from Chinese-state media outlets like Xinhua, People’s Daily, Global Times, CGTN (China Global Television Network), CCTV (Central China Television), China News Service, and China Daily. In these videos, the Chinese Communist Party will aim to make life in Xinjiang look exciting and normal, despite the mass imprisonment of Uyghur Muslims in detention camps throughout the region.

On Wednesday, January 26, 2022, the U.S. provided its official written response to the Russian state’s list of security demands. While the documents weren’t made public, U.S. Secretary of State Antony Blinken said that the U.S. did not agree to Russia’s request about Ukraine never joining NATO or the membership of other post-Soviet bloc states.

Two days later, Russian President Vladimir Putin told French President Emmanuel Macron the U.S. ignored our demands.

Russian Senator Vladimir Dzhabarov, First Deputy Chairman of the Federation Council Committee on Foreign Affairs, provided more detail about where the Russian state’s thinking is, saying the U.S. is heading for a “direct confrontation.”

For this brief, Overwatch analysts focused on Russia’s continued aggression on the world stage and spoke with multiple sources in Ukraine with backgrounds in the military, human rights, and law. Their comments provide an on the ground perspective of what is happening in Ukraine and how Ukrainians are preparing should Russia invade.

In addition, we spoke to intelligence professionals in the U.S. with expertise on Russia and asked them about their primary concerns.

THE CURRENT SITUATION

Since our January 13, 2022, brief, the Russian state has only increased the military buildup on the Russia/Ukraine border and its military assets in Belarus. Additionally, with our first brief on Russia/Ukraine, Overwatch analysts assessed that should Russia invade Ukraine, they would likely target U.S. entities with cyber-attacks, and spread disinformation in the digital space.

On January 26, 2022, the Department of Homeland Security warned that Russia could consider a cyber-attack against the U.S. if they felt a threat to their long-term national security. According to DHS, these attacks range from “low level denial of service to more destructive attacks against critical infrastructure.”

Russian disinformation in the digital space continues to increase. Here are some examples of what we have seen thus far.

On January 27, 2022, Tsargard TV owner Konstanin Malofeev, sanctioned by the U.S. Department of Treasury in 2014 for funding armed groups in Ukraine, said that the U.S. is creating false information about Russian aggression.

Image Credit: Screenshot/Vk.com

On January 28, 2022, RT (Russian state media) claimed that an anonymous EU source said that NATO knows Russia doesn’t have enough forces on the Russia/Ukraine border to invade, despite the U.S. assessment that Russia could invade Ukraine with its troop numbers.

Further, pro-Russian accounts on social media are pushing narratives that the U.S. is “sacrificing” Ukraine and that NATO needs war to survive.

In our January 13, 2022, brief we also assessed that Russia would likely help the Donetsk People’s Republic (DPR) and Luhansk’s People’s Republic (LPR) should an invasion occur. Overwatch research identified an interview between anti-American news anchor, Vladimir Soloviev, and the DPR’s Deputy Chief of the People’s Militia Directorate, Eduard Basurin, where Basurin claims that the Russian state is going to supply it weapons that it needs, including air defense and electronic warfare systems, artillery fire systems, and reconnaissance equipment.

Further, on January 29, 2022, Viktor Vodolatsky, a member of the Russia’s State Duma, called on people in Donbas, the frontline of the war in Ukraine, to join the Russian military. Vodolatsky said, “If Russian citizens residing in the (territories) want to join the Russian Armed Forces, the Rostov regional military commissariat will register and draft them.”

THE U.S. POSITION

On Friday, January 28, 2022, U.S. Secretary of Defense Lloyd Austin said that Russia now has the capability to invade Ukraine.

On Saturday, January 29, 2022, U.S. officials reported that Russia has moved blood supplies to the Ukrainian border, which would help them sustain a long-term conflict.

In addition, Pentagon Spokesman John Kirby said that several U.S. military units had been placed on heightened preparedness should Russia move into Ukraine. The units include elements of the 82nd Airborne Division, 18th Airborne Corps, 101st Airborne Division, and Fourth Infantry Division.

President Biden also said he is also moving a small number of troops to Eastern Europe and NATO countries.

VIEWS IN UKRAINE

Roman Kulesha volunteered for the Ukrainian Armed Forces in 2014, serving most of his time as a Company Commander.

Image Credit: Roman Kulesha

Kulesha is concerned about reports of medical support on the Russian/Ukrainian border. He said, “I think this is an indicator of a possible start. Because the wounded can be evacuated by air, and they can be taken to the evacuation point by battalion medics. They can also expect to use the seized hospital buildings in the first settlements. We must look at the number and type of armored vehicles and the transfer of troops from the opposite end of the map to our borders. When we do, we see clusters of both heavy groups for storming settlements and opposing our troops and light groups for detours and maneuvers.”

Kulesha also explained how Russia’s Ministry of Emergency Situations operates in Donbas, transporting medical supplies and weapons. He told Overwatch that an increase in numbers in Donbas from Russia’s Ministry of Emergency Situations could suggest that things are escalating.

Additionally, Kulesha believes Belarus could join a potential conflict. “There is also a risk that Belarus will also take part on Russia’s side. Lukashenko is very friendly with Russia.”

David Plaster is a U.S. Army veteran and ex-pat who has lived in Ukraine for ten years. Since 2014, Plaster has trained Ukraine’s National Guard, Special Operations, Armed Forces, and Volunteers, now Territorial Defense Forces.

Image Credit: David Plaster

Plaster does see an escalation in the future. But he says if Russia does invade, it will have a guerilla war on its hands.

“There will be some escalation, but I’m not sure where. A few days ago, a guy in the National Guard of Ukraine took a bunch of weapons and killed several people. The Chief of the National Guard resigned over the incident,” Plaster said.

He supports the possibility of a false flag attack, which matches the U.K.’s report from January. “There could be a false flag attack by the Russians. Russia is going to react to something, whether it is a real or perceived threat.”

He said that a sign that things are getting more serious would be the mobilization of Ukraine’s reservists.

Plaster also shared information about Ukraine’s civilian defense force. “We have over 100,000 members of our civilian defense forces. These are veterans, IT workers, business leaders, single moms, farmers, and hunters, with a strong desire to protect their country. They are learning how to shoot, provide medical support, and other soldiering skills. And the force is growing larger every day.”

Plaster added, “Despite the fact that Russia invaded Ukraine 8 years ago, Ukrainians aren’t looking to “start” a new fight, but she is prepared to finish it.”

Olha Reshetylova is a journalist and human rights activist in Ukraine.

Image Credit: Olha Reshetylova

Reshetylova said that the police are getting fake threats on schools and hospitals daily. “Every day, police get dozens of mine notifications of schools, hospitals all over Ukraine.”

Reshetylova told us that Ukraine has lived with knowledge of additional Russian aggression for the last eight years. “For the last eight years Ukrainians live with the knowledge that invasion will happen, earlier or later That’s why there is no fear or big panic. But the feelings are not pleasant as well. It is uncomfortable to realize that someone behind our back decides whether we live or not, will we have civilized state or not.”

Iryna Koida lives in one of the border regions of Ukraine. She works as an educator and member of an NGO.

Koida said that there is anxiety in her area about the Russian military buildup. When we asked her if her more rural area would resist a Russian invasion, she said, “Rural regions are much more passive. But in case of invasion, we would have a massive underground movement.”

Joe Place is a British ex-pat and Ph.D. student.

Place said he is prepared for the worst but remains calm about the situation. He shared the general sentiment in Ukraine about the issue. “So, I’ve encountered three sentiments. One is, eh, this has happened before. I can’t do much anyway, so whatever. Two, is I am prepared but calm, and three, is “f*** war is coming. I’m strapped and ready, but it’s the minority. Two is the majority, I’d say.”

Oleg Berezuik is the Head of the Law Society of Ukraine and a former member of the Soviet Armed Forces.

Image Credit: Oleg Berezuik

Berezuik said, “At one time I served in the airborne troops, back in Soviet times, so I have a pretty good idea of ​​the Russian armed forces. In short, in their current state, they are not able to conquer Ukraine, much less keep it. In 2014, we had a much worse situation than today.”

“Next. Russian propaganda in Ukraine works almost with impunity. The measures taken by the president are ineffective. The problem is the lack of staff with relevant experience who could organize counteraction.”

“As for Ukraine’s readiness for a wider invasion, in the absence of the competence of the current heads of state, there are risks of seizing Ukraine by special services rather than military.”

INTELLIGENCE PROFESSIONALS WITH RUSSIAN EXPERTISE

Frank Montoya Jr. Is a former FBI Special Agent in Charge in Honolulu and Seattle, and NCIX, National Counterintelligence Executive to the Office of the Director of National Intelligence, now Director of the National Counterintelligence and Security Center. In his role as NCIX, Montoya Jr. was the head of counterintelligence for the U.S. government.

Image Credit: Frank Montoya Jr.

Montoya Jr. shared his top concern about the Russia/Ukraine border situation. “No question, there is always a possibility that a Russian invasion leads to a wider armed conflict with NATO. Several NATO members share borders with Ukraine. And three that share a common border with Russia and Belarus, a close Russian ally. It wouldn’t be the first time in European history that a domino effect has swept Europe as the result of a nation-on-nation confrontation.”

Montoya Jr. also shared his view on what kind of escalation would benefit Russia. “The Russian Foreign Minister, Sergey Lavrov, said that the U.S. and NATO written responses to Russia’s concerns about eastward expansion failed to address their concerns. That can be viewed as the latest Russian “justification”—at least in the old days they tried to make the saber-rattling sound legitimate—for some kind of armed intervention.”

“But even a limited act—an incursion, for instance will likely escalate. It appears the Ukrainians are better armed and trained than when the Russians first went into the Donbas and if they manage to embarrass the Russians, it seems likely, especially after all his posturing, that Putin will have to escalate…to save face with his domestic audience, if for no other reason.  By the same token, if Putin’s forces smash initial Ukrainian opposition, who is to say he’ll stop at the Donbas? Why not go on to Kyiv? And what will NATO do? Especially if Poland, Romania, or the Baltic nations begin to panic? The biggest x-factor in all of this is Putin himself. Does he even know what he’s going to do?”

Josh Manning is a former Defense Intelligence Agency and United States European Command analyst.

Image Credit: Josh Manning

In our interview with Mr. Manning, Overwatch asked him what his biggest concern is with the military buildup on the Russia/Ukraine border.

Manning said, “The number of assets going into Belarus for ‘military exercises.’ They are perfectly parked for a combined arms operation into Kyiv. Russian airborne forces are the vanguard of the military. Best trained major force and really experienced. We watched them deploy early to areas north of Georgia in 2008 as a major indicator.”

“There are also forces coming into the Central Military District. So, to draw down troops from the capital, suggests they are tossing the whole kitchen sink into the Ukraine area. They are sending guys who were fighting in Syria, Donbas, and Georgia, which shows they are sending people with combat experience.”

OUR ASSESSMENT

The Russian state may respond to the U.S. deploying a small number of NATO troops in Eastern Europe and NATO countries by adding more military assets on the border with Ukraine, or Belarus, escalating the situation, or with rhetoric, criticizing the decision on the international stage. Any further Russian military buildup will likely result in the U.S. placing additional military assets into NATO countries. As Russia demands that NATO decrease its presence in Eastern Europe, strengthening NATO will lead to Russia taking a more aggressive stance against the U.S., further deteriorating already fragile relations between both countries.

The U.S., the U.K., France, Spain, Poland and Estonia — all members of NATO — are providing military support to Ukraine. The continued military support from NATO countries, in addition to increases in security in NATO countries, as we assessed would take place with our January 13, 2022, brief, could potentially deter the Russian state from launching an invasion of Ukraine. Should Putin invade, Overwatch foresees Russian state media like RT, TASS, and Ria Novosti and Russian troll farms (Internet activists working on behalf of a foreign government to manipulate public opinions) will flood the digital space with disinformation about the U.S. and NATO, promoting conspiracy theories about the U.S. government, U.S. military, and North Atlantic Treaty Organization.

Additionally, the call from Russian politicians for Ukrainians in Donbas to join the Russian military could potentially lead to more conflict in the region, as both the LPR and DPR are supportive of the Russian state. As the State Duma voted to recognize the LPR and DPR in February 2022, Overwatch analysts assess that Russia may still annex one of the self-proclaimed states.

The sentiment in Ukraine is that Ukrainians are more prepared militarily for an invasion than in 2014. Should Russia invade, they would have to fight against Ukraine’s military, partly trained by the U.S. and European partners, in addition to a growing civilian defense force. The Russian state would face significant opposition in both rural and populated areas. The potential conflict would lead to many Russian casualties, with Russian forces facing a prolonged guerilla war.

Any further buildup of medical support or emergency services from the Russian state on the border or in Donbas could indicate that the Russian military is planning a more extensive operation in Ukraine.

The Russian state will continue to target the U.S. with disinformation regarding the conflict in Ukraine. Additionally, as assessed in our previous brief on Russia/Ukraine, cyber-attacks against the U.S. and its partners are likely, should Russia invade Ukraine or with any further escalation between the U.S. and Russia occur.