The British and US governments have just jointly sanctioned two Russian intelligence operatives for their attempts to derail the democratic process through a series of coordinated cyber attacks. The US State Department is also offering a reward of up to $10M for information on the Russian hackers responsible for the coordinated cyber espionage attack, which is international and spans several years. Targets even included the former MI6 director Richard Dearlove, and more recently scientists at several nuclear facilities in the United States. But what distinguishes this recent wave of Russian cyberattacks is that they are not just targeting governments or politicians.

Civil society became a significant target for Russia’s state backed hackers, including “universities, journalists, public sector, non-government organisations and other civil society organisations”. Paul Mason, a former BBC and Channel 4 journalist, has put out a statement confirming he was targeted by these hackers. At the time his private accounts were hacked, I had been helping Mason work on an article challenging Russian propaganda narratives that were spreading during the Bucha massacre in Ukraine. Overnight we were turned into the latest circulating ‘deep state’ conspiracy theory.

The Mason hack

As we worked, I received an urgent message from Mason saying his emails with me may have been compromised. He published a statement saying he had been “targeted by a Russian hack-and-leak operation”. I then received an email from a Grayzone writer who has also written for Russian state media (Sputnik/RT), saying, “Been going over various emails and DMs of yours. Very interesting…” The writer said he thought my employer and “the academics you’re trying to target are likely to be very unhappy indeed when they hear about all this. I think we’d better talk.”

The writer said the email was not a threat. But it was clear to me I was facing an impending reputational attack to harm my career and relationships. This email didn’t resemble the right to reply that journalists usually send posing questions prior to reporting, and it made no mention of an article or outlet.

Within hours the first article hit Grayzone, a website with a pro-Kremlin stance on world events. A series of stories followed linking me to activities of which I had no knowledge and suggested that Mason and I could be part of a nefarious plot to silence critics of NATO in Russia’s war on Ukraine.

I do not, of course, help any government produce lists of people to censor. My work regularly defends transparency and free expression – including that of those I disagree with. Indeed my work often questions Western governments, but such questioning must be built on facts.

The author of the Grayzone articles apparently told Politico in 2022 that the emails at the centre of these claims were sent to the organisation anonymously via burner email accounts. The Grayzone has argued that “there is not even hard evidence that Russian hackers were the source of the leaks.”

But this week the UK and US governments issued sanctions against the individuals from hacking group Cold River (also known as Star Blizzard, SEABORGIUM, and the Callisto Group) which was reported to be behind this series of hacks. Cold River, they say, is operated by the Russian intelligence entity, the Federal Security Bureau (FSB), and “selectively leaked and amplified the release of information in line with Russian confrontation goals.”

Hacking freedom of expression

Hacking is normally discussed as a security issue. But this new form of cyber attack significantly threatens freedom of expression as I explain in my recent academic writing. Joe Burton, a professor at Lancaster University, has described this phenomenon as cyber intimidation, “a form of intentional bullying and intimidation that affects how individuals, groups and states act, including the things they do and the things they do not do. This includes the ability to express themselves free of fear of persecution or retribution.”

The UK Foreign Secretary David Cameron said the hackers had “failed”. But some impacts can be difficult to track rendering them invisible, particularly where they silence and suppress activism. And new research indicates cyberattacks cause “equally high levels of psychological distress as conventional terrorism and political violence,” driving political pressure that can escalate conflicts.

Today, aggressive cyber tools are increasingly available for authoritarian regimes wishing to target civil society actors. We ordinary people, not just governments are targeted with lawfare, spyware, social engineering and hacking. Russian hackers, for example, last year also reportedly doxed (malicious publication of personal information) those defending Ukraine. As Citizen Lab has shown, emails hacked from journalists and civil society are also often doctored before they are published, a phenomenon they called “tainted leaks”. Where it is hard for the Kremlin to defeat truth with lies, we see these chilling efforts deployed against researchers and journalists, eroding trust in those delivering any message counter to its interests. The ease at which this can now happen should terrify democracy defenders everywhere.

The hacking of journalists and their sources in particular undermines the ability to privately discuss, research and develop journalism. It also threatens free expression by closing down one side: Rather than contributing to debate, a pre-emptive hack against a journalist halts it.

In the case of Mason’s journalism and my efforts to contribute to it last year, the hack occurred before critical work on those defending Putin’s bloody invasion could occur. For the Kremlin’s hackers and their support alternative credible counter-perspectives cannot be allowed to rise on the left.

A crisis of trust

Conspiracy theories like these proliferate due to a deep crisis of trust in our media and political system. This has its roots in real injustices. But it is also exacerbated by the crisis facing traditional journalism that feeds a rising popularity of news ‘alternatives’. Social media’s engagement-based algorithms then tailor our feed of content to maximize popularity, which of course increases the politically divisive or fear-driven framing of content we see. This business model monetises the most misleading and toxic content, then social media companies are not consistent in responding to the content violating their policies against hacked material. Where cyberattacks are used to intimidate and silence civil society, victims may have limited power to respond. State-backed cyberattacks steal content that can be selectively used to create distrust in reliable journalists, researchers and NGO’s, or to drive anti-government conspiracy theories. Hacks also provoke government reactions that extend secrecy, roll back citizen rights or restrict vital journalism, which can be exploited by Russia to further fuel distrust of government and appetite for hacks – I call this a spiral of “secrecy hacking”. Ironically, increasing efforts by the British government to control information disclosure on national security have fed an information vacuum that provides fertile ground for misleading hacks to spread.

While I welcome sanctions against the Russian hackers, and urge all activists, journalists and scholars to be aware of their technical methods – in the long-term the solutions to Russian hacks lie in tackling our deepening crisis of trust.