Reddit links leak of US-UK trade documents to Russian influence campaign

Reddit bans 61 accounts and one subreddit for "misuse of the platform."
Written by Catalin Cimpanu, Contributor
Image: Kon Karampelas

Reddit said today that a leak of official US-UK trade documents that took place on its platform was the work of Russian operatives part of a long-running political influence campaign.

The leak occurred in late October when a Reddit user named Gregoratior published multiple files from the ongoing US-UK trade talks taking place in the Trade and Investment Working Group (TIWG).

The files were proven to be authentic after the UK Labour Party used excerpts from the 451-page release in its campaign for the ongoing UK general elections, scheduled to take place next week, on December 12.

The leaked documents showed the intentions of the UK Conservative Party to make available for sale the state-funded National Health Service (NHS) in an attempt to get favorable terms from the US side. The documents were a boon for the opposing Labour party, who capitalized on the leak to boost its pre-vote standings.

Reddit bans 61 accounts and one subreddit

"We investigated this account [Gregoratior] and the accounts connected to it, and today we believe this was part of a campaign that has been reported as originating from Russia," Reddit said today.

"As a result of this investigation, we are banning 1 subreddit and 61 accounts under our policies against vote manipulation and misuse of the platform," the company said.

Reddit said Gregoratior and the other 60 banned accounts were connected to a Russian influence operation that Facebook banned earlier this year in May.

DFRLab: Campaign has been running since 2014

The Atlantic Council's Digital Forensic Research Lab (DFRLab) later linked the Facebook accounts to a global and long-standing Russian influence operation that they've named "Secondary Infektion."

DFRLab said the purpose of this influence operation was to "spread stories that attacked Western interests and unity" by "planting false stories on the far reaches of the internet before amplifying them with Facebook accounts run from Russia."

DFRLab said Secondary Infektion operated across at least six languages on over 30 platforms, and using dozens of fake accounts. Evidence suggested the campaign has been running since 2014.

"The operation's goal appears to have been to divide, discredit, and distract Western countries," DFRLab said. "Some of its stories were calculated to inflame tensions between NATO allies, especially Germany and the United States, as well as Britain and the United States. Others appeared designed to stoke racial, religious, or political hatred, especially in Northern Ireland."

"The operation originated in Russia. It was persistent, sophisticated, and well resourced. It prioritized OPSEC over clicks, showed a high degree of skill and consistency in its tradecraft, impersonated politically active European citizens, and often covered issues of direct relevance to Russian foreign policy," DFRLab investigators added.

A new Guccifer 2.0?

The tactics used here are also reminiscent to what we've seen before, namely in the 2016 US presidential election.

Hackers linked to the Russian government hacked the Democratic National Committee's server in 2016, from where they stole documents and emails, which they later released online via a fake online persona known as "Guccifer 2.0," operating through a WordPress-hosted blog.

Guccifer 2.0's revelations helped shape the news coverage during the 2016 US presidential race.

Gregoratior operated on a similar pattern -- using illegally obtained documents leaked online -- however, this agent's leaks did not have the same impact.

Editorial standards