A British think tank known for identifying Russian influence operations has been hacked, seen its files leaked to the public, and been lambasted in Russian government–owned media, echoing tactics the Russian government has used in recent years to discredit opponents.



The think tank, called the Integrity Initiative, whose parent organization, the Institute for Statecraft, has received most of its funding the past two years from the British government, was hacked in late 2018. Starting in November and continuing through January, someone posted four batches of its stolen files online.

The UK’s National Cyber Security Centre, as well as a private security firm, are examining the Integrity Initiative’s servers and its employees’ devices for evidence of how the organization was hacked, and neither has released to the public the details of what has been found.

What is clear, however, is that Russia’s state-owned media outlets have seized on the posted materials, with the government’s RT and Sputnik news sites writing dozens of stories claiming that the materials prove that the British government, rather than Russia, is trying to poison internet discourse with propaganda.

“This is yet another example of Russian disinformation intended to confuse audiences and discredit an organisation which is working independently to tackle the threat of disinformation,” an Foreign Office spokesperson said in a statement provided to BuzzFeed News.

Russia’s military intelligence agency, the GRU, is widely acknowledged to be behind several high-profile hack-and-leak operations against ideological targets: the Democratic National Committee during the 2016 US presidential campaign; the World Anti-Doping Association after it ruled that Russian athletes were cheating in the Sochi Olympics; and French President Emmanuel Macron’s presidential campaign against Marine Le Pen, a far-right candidate with a long-standing alliance with Russia.

In each of those cases, the stolen files were posted by online personalities that alleged the victim was in some way corrupt. The DNC emails in particular gained a life of their own in the US news cycle, leading Clinton to partially blame them for her loss.

The country’s cyber operations often blur the lines between official government employees and hired contractors, and President Vladimir Putin has openly speculated that maybe the DNC intrusion was conducted by “patriotic” hackers “against those who speak ill of Russia.”

Russia’s Ministry of Foreign Affairs didn’t respond to a request for comment.



But according to an unprecedented amount of technical information provided in indictments from special counsel Robert Mueller’s office, the DNC and WADA hacks were carried out not by contractors with a loose affiliation to the Russian government, but by a specific set of named, uniformed GRU officers.

In their stories, RT and Sputnik claim that the Integrity Initiative hack was the work of freelancers aligned with the online Anonymous collective and who were not affiliated with the Russian government. The primary evidence for that, according to RT and Sputnik, is that the stolen Integrity Initiative material was posted to the website of a hacktivist collective called CyberGuerrilla, alongside manifestos claiming “We are Anonymous” and posts saying “We have warned the UK government that it must conduct an honest and transparent investigation into the activity of the Integrity Initiative and the Institute for Statecraft.”

But simply posting to the CyberGuerrilla website doesn’t mean much. “We did not hack the site(s), the post on our site is from a anonymous poster we have [had] no contact,” a CyberGuerrilla administrator told BuzzFeed News in a garbled email that suggested the writer was not a native English speaker.

In fact, while there haven’t been any high-profile Anonymous hacks in years, dormant Anonymous Twitter accounts conspicuously were the first to leak several GRU hacks in 2016.

One of those targeted the Bradley Foundation, a conservative Wisconsin-based think tank. In fact, GRU has a history of targeting such organizations, which tend to have significant political influence yet often don’t have government-grade cybersecurity. In August, Microsoft announced it had taken down phishing pages targeting two other think tanks whose work focused largely on Russian developments.

Despite fears that foreign hackers would resume hack-and-leak operations against American political candidates in the midterm elections, no American candidate’s files were publicly leaked in 2018. The director of national intelligence, in a press statement describing a classified report to the White House, said that countries like Russia, China, and Iran had conducted social media influence campaigns but didn’t put significant effort into actual hacking missions. A source familiar with the report told BuzzFeed News that despite the relative calm of 2018, the US intelligence community fears that foreign government hackers would resume 2016-style tactics in the 2020 presidential election.

The Integrity Initiative has pulled down its website, replacing it with a reiteration of its mission, a description of the hack, and a call for tips.

“This international public programme was set up in 2015 to counter disinformation and other forms of malign influence being conducted by states and sub-state actors seeking to interfere in democratic processes and to undermine public confidence in national political institutions,” a spokesperson said in a statement.