Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege

Domestic Extremists Remain Principal Threat Ahead of Biden Inauguration, FBI Warns
FBI: Disinformation Campaigns Seek to Exploit Capitol Siege
Virginia National Guard airmen guard the grounds of the U.S. Capitol. (U.S. Air National Guard photo by Staff Sgt. Bryan Myhr)

The U.S. Capitol siege is being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, intelligence officials warn.

See Also: Splunk Named a 10-Time Leader in Gartner® Magic Quadrant™ for SIEM

A "joint threat assessment" released on Thursday by the FBI, Department of Homeland Security and eight other agencies warns that "Russian, Iranian and Chinese influence actors have seized the opportunity to amplify narratives in furtherance of their policy interest amid the presidential transition," CNN reported, citing a copy of the memo it obtained.

But the alert notes that domestic extremists pose by far the biggest threat of violence, CNN reports.

The violent Capitol siege on Jan. 6 caught law enforcement agencies by surprise and led to the death of five people - including Capitol Police Officer Brian D. Sicknick - while injuring dozens more. Lawmakers hid inside the Capitol during the two-hour siege, many fearing for their lives. Police also disarmed two apparent pipe bombs that had been placed in Washington.

After delivering a speech on Jan. 6 in which he incited supporters to march on the Capitol, President Donald Trump was impeached by the House of Representatives on Wednesday. Citing their rules against promoting violence, several social media networks either have banned him or frozen his accounts until after the inauguration.

Meanwhile, the FBI is investigating whether a Pennsylvania woman took a laptop or a hard drive from the office of House Speaker Nancy Pelosi during the Capitol incursion, according to federal court documents filed Sunday. A witness told investigators that Riley June Williams took the laptop or hard drive and wanted to sell it to Russian intelligence agents but that the deal fell through for unknown reasons, the documents state. Williams, who faces multiple charges, was arrested Tuesday.

Disinformation Campaigns

In the wake of the Jan. 6 violence and impeachment proceedings, the joint U.S. intelligence memo notes that a Russian "proxy" has seized on the events to advance a conspiracy theory suggesting that the Capitol riot was really the work of "antifa" - short for anti-fascist, referring to far-left-leaning militant groups that resist neo-Nazis and white supremacists, CyberScoop reports.

Russians have also "amplified themes related to the violent and chaotic nature of the Capitol Hill incident, impeachment of President Trump and social media censorship," NBC reports.

Chinese news outlets, the intelligence memo states, "have seized the story to denigrate U.S. democratic governance, casting the United States as broadly in decline - and to justify China's crackdown on protesters in Hong Kong," it adds.

U.S. officials are also probing whether any groups involved in the Jan. 6 insurrection received foreign funding and are tracing a suspicious transfer of bitcoins worth $500,000 last December to "alt-right" white supremacist groups and their members, apparently by a French computer programmer who then committed suicide, NBC reports. All bitcoin transactions appear on a public ledger called the blockchain, which officials can sometimes correlate with individuals who have bought or sold the cryptocurrency.

Disinformation campaigns work best when they can amplify existing divisions in society, be they about the Capitol siege, COVID-19 or vaccines.

Source: Lukas Andriukaitis (@LAndriukaitis), an associate director with the Atlantic Council's Digital Forensic Research Lab

Moscow has long run what information warfare or "active measures" experts refer to as 4D campaigns - for dismiss, distort, distract and dismay. The former U.S. ambassador to Germany, John B. Emerson, in a 2015 speech, warned that the Russian government was becoming more proficient at running 4D campaigns.

Increased Risk of Violence

The intelligence memo issued by the FBI, DHS and other agencies reportedly states that the risk of violence, especially in Washington, remains elevated in the days leading up to President-elect Joe Biden's Wednesday inauguration.

"In light of the storming of the U.S. Capitol on Jan. 6, planned events in Washington in the lead up to and day of Inauguration Day offer continued opportunities for violence targeting public officials, government buildings, and federal and local law enforcement," the threat assessment states, according to CNN. But it says the risk of violence posed by foreign actors remains low.

The FBI and other law enforcement agencies have been seeking to identify all suspects who illegally breached the Capitol building and grounds, especially ahead of Inauguration Day, given the potential for further violence. So far, federal charges have been filed against 80 individuals.

Suspect Allegedly Planned to Kill Pelosi, Pence

On Friday, in Rochester, New York, the FBI arrested another alleged Capitol breach participant: 43-year old Dominic Pezzola, aka "Spaz."

A witness "identified the individual with the gray beard in the photograph … as 'Spaz,'" according to an FBI affidavit.

During the Capitol siege, the self-described “Proud Boy” allegedly boasted about having used a police riot shield to break windows in the Capitol building and gain access. A witness told the FBI that Pezzola also said of his group, "they said that anyone they got their hands on they would have killed, including Nancy Pelosi" - the Democratic representative from California who serves as Speaker of the House - as well as Vice President Mike Pence, according to court documents.

Pezzola allegedly also claimed that his group possessed or had access to firearms and planned to return to Washington this Wednesday "to kill every single 'm-fer' they can."

Armed Protests Expected

As ABC News first reported last week, the FBI has warned the nation's law enforcement agencies that there could be armed protests not just in Washington, but at all 50 of the nation's state capitols.

The FBI memo, issued last week, includes intelligence gathered by numerous agencies, including the Bureau of Alcohol, Tobacco, Firearms and Explosives; the Drug Enforcement Administration; the Defense Department; U.S. Park Police; and the U.S. Marshals Service, among other agencies, NBC News reported.

"We assess that acts of violence and criminal activity can take place with little or no warning and be directed toward law enforcement officers, public property, and bystanders around the White House and the National Mall," the FBI alert reads.

Security at the nation's capitols has been sharply increased since the Capitol riot. More than a dozen states have now activated their National Guard and law enforcement agencies to provide security.

On Friday, a man was arrested in Washington for allegedly attempting to breach the Capitol security cordon with fake access credentials while carrying a handgun and 500 rounds of ammunition. The suspect, Virginia resident Wesley Allen Beeler, had attempted to use an “unauthorized inauguration credential" when he was apprehended by police, according to court documents.

A number of anticipated anti-government “boogaloo” movement rallies scheduled to occur on Sunday appeared to have been called off, with officials reporting only scant numbers of protestors and no violence, Reuters reports.

Beyond physical threats, cybersecurity experts note that U.S. government agencies and organizations are likely at increased risk of hack attacks in the days leading up to the inauguration.

"I expect there is some elevated risk of a cybersecurity attack, especially from those who want to demonstrate the country is in chaos and to undermine democracy," says Phil Reitinger, a former director of the National Cyber Security Center who now heads Global Cyber Alliance, a nonprofit cybersecurity safety firm.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.