How hackers planted a fake story on a Lithuanian media outlet
Pro-Kremlin hackers planted an article, which accused NATO of planning to occupy Belarus, on a Lithuanian news website. The article first appeared in English and was likely authored by an individual responsible for spreading NATO-related disinformation and false stories in the Baltics since at least 2017.
On October 25, regional Lithuanian news outlet Kas Vyksta Kaune (translation from Lithuanian: What is Happening in Kaunas) published an article with the headline “NATO is planning on invading Belarus”. The article argued that the ongoing NATO exercise Anakonda 2018 exercise was a cover to stage a provocation against Belarus in order to partially occupy it. Anakonda is a biennial NATO exercise and its main objective of this year’s exercise is to test the “integration of the national security and defence capabilities within joint, interagency, multinational and public environment,” not NATO’s ability to occupy foreign countries.
The story was published by hackers, who infiltrated the news outlet Kas Vyksta Kaune using the login credentials of a former employee, and was removed as soon as the media outlet became aware of the story. Kas vyksta Kaune was the first news outlet to report on its own hacking.
The article was a word-for-word translation of a post first published in English on Military International New Blog the day before. Although the author was not listed, the article linked to a 9gag (user-generated entertainment site) user Rudis Kronitis, who appeared to be the source of the imagery used in the articles and likely the article itself.
Rudis Kronitis published four images on his 9gag page, allegedly showing the four stages of NATO’s plans to occupy Belarus.
The same images were used in all copies of the article in both English and Lithuanian, with most articles linking back to Rudis Kronitis’s 9gag page.
Rudis Kronitis is a pro-Kremlin blogger in Latvia, with articles on Medium, ModernDiplomacy.eu, opednews.com, and other media outlets. He is known for disseminating disinformation and falsified information relating to NATO and Baltic states’ defense capabilities.
In 2017, he published an article, which falsely accused the Lithuanian media of covering up a sex scandal that Lithuania’s Minister of Defense was allegedly involved in. In another one of his posts, he falsely accused U.S. troops of killing a child during a military exercise in Lithuania, which was quickly debunked by the Lithuanian media. Ruditis has also published editorials claiming that NATO makes Latvia vulnerable.
Among the seven outlets which picked up the article was the pro-Kremlin news aggregator The Russophile (also known as Russia News Now), which sourced its story from LiveLeak.
The story on LiveLeak was uploaded by a newly created PaulBlackJournalist account. Paul Black also published the article on his newly created Medium blog.
There is no evidence to believe that Paul Black, the journalist, is a real person. While there is a Paul Black, who is Oxford-based art journalist, there is no record of a defense correspondent named Paul Black. No other articles, no social media pages, or any other type of digital footprint exist. It, therefore, appears Paul Black is a fake social media identity used to launder the false information on the web.
The spread of the story accusing NATO of planning on invading Belarus was facilitated by two common information laundering tactics —a fake online persona and cyber activity. The fake online identity of Paul Black was used to disseminate the article across different social networks and news aggregators, whereas the cyber activity was used to maliciously promote a story through a credible news provider.
The fact that the false story was taken down promptly and Lithuanian media outlets debunked it in a matter of hours is a testament to the increasing resilience of the Lithuanian media to disinformation and made-up stories.
Follow along for more in-depth analysis from our #DigitalSherlocks.