Matt Taibbi – CTI Files #4: The Hamilton 68 Connection (or Russiagate Never Dies)

Yves here. We reposting this Matt Taibbi new offering on what he calls the CTI Files. Because this series winds up going down many Flexian network rabbit holes, with various key players wearing many hats and operating though numerous connections, the story can seem overwhelming in documenting the nature and reach of the sprawling “Russia disinformation” touting enterprise. So get a cup of coffee!

Taibbi’s meticulous work shows this was a con that was too eagerly promoted by parties that should have considered asking some questions, such as the Columbia Journalism Review.

A brief overview from an earlier Taibbi post:

Two days ago, my colleagues and I published the first batch of internal files from “The Cyber Threat Intelligence League,” which show US and UK military contractors working in 2019 and 2020 to both censor and turn sophisticated psychological operations and disinformation tactics, developed abroad, against the American people.

Many insist that all we identified in the Twitter Files, the Facebook Files, and the CTIL Files were legal activities by social media platforms to take down content that violated their terms of service. Facebook, X (formerly Twitter), and other Big Tech companies are privately owned and free to censor content. And government officials are free to point out wrong information, they argue.

But the First Amendment prohibits the government from abridging freedom of speech, the Supreme Court has ruled that the government “may not induce, encourage or promote private persons to accomplish what it is constitutionally forbidden to accomplish,” and there is now a large body of evidence proving that the government did precisely that.

What’s more, the whistleblower who delivered the CTIL Files to us says that its leader, a “former” British intelligence analyst, was “in the room” at the Obama White House in 2017 when she received the instructions to create a counter-disinformation project to stop a “repeat of 2016.”

You will also see that Taibbi has asked other sites to reproduce this post because Twitter is suppressing Substack posts. So much for Substack as a way to get more reach (we linked to a post that also debunked Substack as income-enhancing for any other than the “Pro” publishers that Substack recruited and did promote. Others are on their own to build traffic and give Substack a 10% cut for the privilege).

Lambert adds:

Taibbi begins:

In February 2014, two new employees joined an obscure Kenyan software company/open-source intelligence group called “Ushahidi.” One was the future founder of the Cyber Threat Intelligence or “CTI” League, Sarah-Jayne “SJ” Terp. Another new Ushahidi employee in 2014 was the future CEO of New Knowledge, Jonathon Morgan….

The post delves into Terp and Morgan, who seem to be Patients Zero for the Censorship Industrial Complex, but as it happens, Ushahidi is not new to me, although I nearly fell off my chair when I read Taibbi’s lead.

Many years ago, when I was a Drupal maven — that is, before the Drupal leadership optimized their code base for professional programmers instead of users who wanted to solve problems and could code — I had the following use case. IIRC, I was tracking fracking protests at the time, and would create a short post everytime I encountered a protest in the news flow. The post would be tagged with the location, and I would aggregate the locations onto a map.

This was useful, but the map lacked a time dimension (and you can easily see how useful a time dimension would have been tracking events like Occupy protests. Or Covid outbreaks). Imagine a map with a progress bar at the bottom. You click the Run button on the bar and, as time progresses, there are one or two protests (or outbreaks) then more, and more, and more (and, with outbreaks, we hope, fewer and fewer). Certainly a useful visualization. I did not have sufficient skill to add that functionlity to Drupal. So I went looking.

I found Ushahidi, which at one time had that exact functionality (see here; the demo link is busted, which tells you what you need to know). Sadly, Ushahidi was updated immediately after I discovered it, that functionality was removed, and I could never make it work.

The real problem was the architecture of the firm. Drupal has a plugin architecture, whereby users, if they obey certain coding conventions, can develop the functionality they want, and then gift it to the entire community. With Ushahidi, you deploy the entire code-base, fork it, and make your changes. There is no way to scale your change to the entire community.

Ushahidi, says WikiPedia:

is an open source software application which utilises user-generated reports to collate and map data. It uses the concept of crowdsourcing serving as an initial model for what has been coined as “activist mapping” – the combination of social activism, citizen journalism and geographic information. Ushahidi allows local observers to submit reports using their mobile phones or the Internet, creating an archive of events with geographic and time-date information. The Ushahidi platform is often used for crisis response, human rights reporting, and election monitoring.

If Ushahidi had a plug-in architecture, like Drupal, it would have been possible for crisis response teams, reporters, monitors, and citizens, to leverage each other’s added functionality and even integrate their maps; one could, for example, have integrated one team’s work on UN peacekeeping missions with another team’s work on cholera.

Instead, Ushahidi treats each deployment as standalone. (Customizations can be integrated into the the existing Usahidi platform “if desired by Enterprise partners’). It’s hard to see a better technical method of keeping NGOs completely siloed (and, one might argue, suboptimally effective).

Now, back in 2012 — eleven years ago, and speculating freely — we learn that Terp and Morgan were at Ushahidi and either made these architectural decisions or could have reversed them. The effect was deleterious to NGOs (and curious, especially when you consider the cross-agency work that CLI has later gone on to do in the Censorship Industrial Complex).

Now to the post proper.

By Matt Taibbi. Originally published at Racket News

Note to readers:

Over the course of the Twitter Files, many of us who worked on the project got used to the social media thread format as a convenient, speedy way to deliver document-based reports. Now that I’m joining Public to report on the #CTIFiles (and also have more UK Labour documents on deck to deliver), I still believe the thread is a good format, or at least one good format, for delivering documents to the public expeditiously and in bulk.

However, I’ve got a problem. Twitter and Elon Musk are sadly stepping on Substack sites like my own to such an extreme degree that it’s actually counter-productive to post there. Even when I don’t post links to Substack, as was the case with the initial #CTIFiles posts put out last week, the material scarcely circulates, suggesting I continue to be denylisted on that site.

Because of all this, I’ve decided to do “threads” here on Substack. I’ll still announce them on Twitter/X in addition to Notes, Facebook, and Instagram, but there no longer seems to be any point in swimming upstream on platforms where I’m being suppressed. I’m not doing this out of pique or to throw anything in Elon’s face — it’s already clear that approach doesn’t accomplish anything — but just as a concession to reality. Like a lot of Substack contributors (and other independents in similar situations), I need to find new ways to get the word out, as the era of one-stop marketing on Twitter/X is over. The new formula will be Threads on this site, followed by explanatory livestreams. Tonight’s will be at 5:00 PM (click here to join). This thread being free material, social media users are welcome to re-post, but I’d appreciate a link somewhere in the thread. Without further ado:

1. #CTIFiles #4: ALL THE DEVILS ARE HERE
2. USHAHIDI? In February 2014, two new employees joined an obscure Kenyan software company/open-source intelligence group called “Ushahidi.” One was the future founder of the Cyber Threat Intelligence or “CTI” League, Sarah-Jayne “SJ” Terp. A whistleblower brought #CTIFiles documents to Public, where Michael Shellenberger, Alexandra Gutentag and I began writing stories about them last week.Another new Ushahidi employee in 2014 was the future CEO of New Knowledge, Jonathon Morgan. Here’s the Ushahidi team today, followed by the LinkedIn pages for the two future anti-disinformation warriors: 3. NEW KNOWLEDGE Morgan’s firm would later become famous, then infamous, then be renamed, then disappear from cultural memory entirely in the wake of a series of scandals. Lacking any kind of real work history, the new company burst onto the scene in 2018. In 2018, after the Parkland school shooting, Morgan’s name suddenly appeared in a New York Times story, “After Florida School Shooting, Russian ‘Bot’ Army Pounced.” Introduced by the Times as “chief executive of New Knowledge, a company that tracks online disinformation campaigns,” the paper added that he was “one of the researchers who worked with the German Marshall Fund to create Hamilton 68, the website that monitors Russian bot and fake Twitter activity.” Hamilton 68, a “dashboard” that purported to track Russian online influence campaigns, was the sole source for the Times report that Russians were trying to “widen the divide and make compromise even more difficult” by highlighting hashtags like #ParklandShooting and even #guncontrolnow.4. Morgan after the Parkland shooting was also interviewed by Chuck Todd on MSNBC, who threw up his hands at the news that Russians were meddling with American discourse. “Whatever these companies are doing, it doesn’t work,” Todd grumbled. “What’s happening here?” Tossed this softball, Morgan argued social media platforms hadn’t solved the “systemic problem” of disinformation.[unable to embed MSNBC video; please see original post]

   5. “GREW UP IN THE NSA” Not long after, in August 2018, New Knowledge announced the receipt of $11 million in startup capital to “protect companies from covert coordinated disinformation campaigns.” Investors included funds with military contracting ties, including GGV Capital, Lux Capital and Moonshot Capital, with VentureBeat pointing out that “what further distinguishes New Knowledge is that its founders are AI and Homeland Security experts who grew up in the NSA… Morgan, for instance, was an adviser for the U.S. State Department”:

   
   6. “PROPAGANDA WAR AGAINST U.S. CITIZENS” Less than a half year from this initial announcement, New Knowledge — after “laboring in secret for months,” according to the Columbia Journalism Review — produced a much-heralded report for the Senate Intelligence Committee called “The Tactics and Tropes of the Internet Research Agency,” detailing a “propaganda war against U.S. citizens” by Russia, as NPR put it. The report produced an outpouring of ecstatic headlines and TV reports, with Politico saying it showed a “sweeping effort to sow divisions, support Trump” on the part of Vladimir Putin, the Washington Post noting Russia had not only tried to help Donald Trump but targeted the saintly Robert Mueller, the Wall Street Journal noting Russia targeted black voters, and so on and so on.

   To get a sense of how promiscuously the New Knowledge report was spread, watch this condensed clip of a mortified Mika Brzezinski rattling off report conclusions then tossing, Tinkers-to-Evers-to-Chance style, to a parade of MSNBC commentators: from hurrumphing Joe Scarborough to puppyish Willie Geist, who hands off to eager-beaver Matthew Miller, then later it’s stentorian Jon Meacham, and finally old sad-sack Boston bar-crawler Mike Barnicle mouthing the required pieties about Donald Trump working “hand in glove” with what “Vladimir Putin has set out to do.” Again, the source for this is all analysts hired by the Senate Intelligence Committee, chief among them New Knowledge.

   [unable to embed MSNBC video; please see original post]

7. “WAY TOO MUCH FUN” Mere days after this orgy, news came out that New Knowledge was involved with a fake news scheme in which fictional Russian social media accounts were made to follow Republican Senate candidate Roy Moore, after which reporters were alerted to the “connection.” In an extraordinary display of shamelessness, Times writer Jim Rutenberg — the author of the influential 2016 article “Trump is Testing the Norms of Objectivity in Journalism,” in which it was argued reporters faced with the Trump threat needed to be more worried about being true to “history’s judgment” than mere truth — described the Alabama incident as an unfortunate development that the Russian government had “way too much fun with,” allowing them to claim the incident “seems to cast Democrats’ Russiagate accusations into further doubt” (no shit!). Rutenberg incredibly then quoted Bret Schafer of the Alliance for Securing Democracy as saying the development was “awful for democracy,” despite the fact that Schafer and the ASD had a direct tie to Morgan and New Knowledge — Morgan and New Knowledge helped design Hamilton 68, which the ASD funded. Even the Soviets didn’t write things this dumb: The funder of one fake news operation said the discovery of another fake news operation was sad news, our very serious sources say. Rutenberg also noted parenthetically that “New Knowledge also helped write a report on Russian troll activity released last month by the Senate Intelligence Committee,” omitting the important end clause, “a report we at the Times hyped the living fuck out of”:

8. “THE BULLSHIT IT IS” The #TwitterFiles uncovered that Hamilton 68 was a fraud as well, as according to internal Twitter correspondence, Morgan’s “dashboard” was not “tracking Russian propaganda” and “Russian disinformation,” but a group of 600-odd accounts overwhelmingly composed of ordinary people in places like the U.S., Canada, and Britain. “I think we need to just call this out on the bullshit it is,” said Twitter Trust and Safety chief Yoel Roth. While the Hamilton dashboard was designed by Morgan (with some help from former Global Engagement Center contractor J.M. Berger), the frontman of the operation was former FBI agent Clint Watts, who was (and remains) an MSNBC contributor.
   
9. 279 TIMES The impact of Hamilton on the domestic news landscape almost can’t be calculated. It was used to make assertions about Russian interest in everything from a memorandum about FISA abuse written by Republican Devin Nunes to the Parkland shooting to the spread of the term “Deep State” to the #WalkAway movement to countless other themes. And it was all a lie. Our own Matt Orfalea counted 279 times just MSNBC invoked the site:

10. “THE CHAIRMAN” One of the bizarre things we discovered, when researching the people involved in Hamilton 68, was a video graphic novel series authored by Watts and both funded and produced — this is not a joke — by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. The “Resilience Series” featured full-scale animated features with plots whose sheer paranoia levels make Reefer Madness seem like When Harry Met Sally. In the clip below, a young woman who has a father bearing a remarkable resemblance to Clint Watts sees her old man “ambushed” by“attackers” who’ve been “incited to violence by disinformation,” believing “there’s a link between 5G and Covid-19.” (As will be clear in a moment, the 5G tale was a major fixation of CTIL, which seemed to think the whole world was in its thrall — one stop5ggloba Facebook page had a whole 82 shares at the time of the analysis!). Through tears, the daughter-protagonist in “Resilience” decides to stand up to the disinformation scourge and “fight back.” In as bizarre a scene as you’ll ever see anywhere, in any film or video ever produced, our heroine reports to a “Chairman” of indeterminate species — a sort of metallic wolf, who maybe represents someone like former Time editor and GEC chief Rick Stengel, or maybe Laura Rosenberger of the Alliance for Securing Democracy? The chairman warns her: “We don’t have much time”:

[unable to embed video; please see original post]

11. “SHIT LIST” First of all, Clint Watts is all over the #CTIFiles. Not only are there links to a page with the first draft version of the Resilience series, there are numerous references to the “Clint Watts matrix,” another taxonomic threat-charting graph, which are described and commented upon by other anti-disinformationists. On one hand, it’s important to remember that these charts are supposed to map what the “bad guys” do, so entries like “Shit list: add target account(s) to insultingly named lists” or “Ad hominem: make insults and accusations” should not be understood as instructions. It’s also true however that CTIL members are on videos saying things like, “Basically, we’re using many of the same techniques as the bad guys.” So that should be taken into consideration, too:

12. “ASK GOFUNDME TO INVESTIGATE” Just to take an example, CTIL incident reports and instructional papers regularly list possible “counters” to disfavored themes. In the pair of frames below, for instance, CTIL members are warned about examples of the terrifying 5G conspiracy, and “we can ask gofundme to investigate” and “ask Facebook to go after the original” are listed as possible solutions:

13. “SNIFF HAMILTON68 DASHBOARD FOR THEMES” The CTIL docs also repeatedly refer members to Ham68 as a source and even suggest they “sniff Hamilton68… for themes,” which is odd given that CTIL was supposedly about Covid, not Russians:

14. “MIGHT OR MIGHT NOT INCLUDE PROPAGANDA” The CTIL “Big Book of Disinformation Response” contains multiple references to Hamilton68 as a source/data feed. Remember that CTIL started in 2020, after New Knowledge and CEO Jonathon Morgan had been exposed in the Alabama mess:

14. “PARKLANDTEENS”: The CTIL framework also includes a number of “incident reports sourced to Hamilton68, sometimes by way of popular media (the “ParklandTeens” report below takes text from a Vanity Fair story, “Russian Bots Are Using 2016 Tactics to Hijack the Gun Debate on Twitter”). One of the odder details about these episodes is that the “counters” to Hamilton68 stories for some strange reason don’t recommend takedowns or removals. The tone is diagnostic: “Presumed goals: Divide the American public on the issues of guns, race, generational politics and activism. Method: Amplification via sockpuppet and cyborg accounts,” they write. “Counters: None / Media exposure.”

15. 15. “COUNTERS: NONE” In another report titled KAVANAUGH sourced to Hamilton 68, the #CTIFiles this time tag a Quartz piece that quotes SJ Terp’s long-ago co-worker, Jonathon Morgan: “Morgan, who is currently tracking a set of around 1,000 accounts he believes are tied to Russia, says the Kavanaugh hearings have unleashed more US domestic-focused propaganda from foreign-linked networks than his firm has seen in months.” The analysis includes lines like “Presumed goals: Divide the American public on gender and party lines; Harass and intimidate anti-Trump voices” and “Promote ‘both sides’ relativism” and “alter ‘ground-truth’ resources, such as Wikipedia.” Under “Counters,” it again reads: “None/Media Exposure.”Counters: None / Media exposure

15. 15. 15. 16. “DISINFORMATION… A CHRONIC DISEASE THAT CAN BE MANAGED, NOT CURED” It’s important to remember that the main precursor organization to CTIL, MisInfoSec, included none other than Twitter Files star Renee DiResta, of Stanford Internet Observatory, Election Integrity Partnership, and Virality Project fame. DiResta crucially was also Research Director at Jonathon Morgan’s New Knowledge when it was cranking out informational bogosity like Project Alabama and Hamilton68. In a Medium report about an early MisInfoSec working group meeting, she’s quoted saying something that had to be delight to contractors’ ears: “Disinformation is a not a problem that can be solved. It’s like a chronic disease that can be managed”:

    

    15. 17. ALSO STARRING… CLINT WATTS: MisInfoSec also cited the research of Clint Watts, who said, “The goal is to take an approach that will anticipate changes in threat behavior and proactively disrupt nefarious activity rather than reactively respond to it.”

15. 15. 18. THE ORIGINAL DISCUSSION ABOUT THIS” In an early podcast interview, the future drivers of CTIL, SJ Terp and Pablo Breuer, talk about funding. The “original discussion about this,” Breuer says, was funded by the Donovan Group, a firm tied to the Department of Defense Special Operations Command:

        

        19. 19. COUNTERATTACK… LIMITATIONS” In another MisInfoSec paper, Watts is quoted complaining that Russia has an informational advantage over the United States because it can make use of the “cybercrime underworld,” which the U.S. cannot because it doesn’t have “plausible deniability”:

        

        20. IN SUM: In sum, the gang’s all here. The principals from New Knowledge (Morgan and DiResta) and the Alliance for Securing Democracy (Watts), all key figures from Hamilton68, all also have ties to Terp, CTIL, and MisInfoSec, operations which openly embrace the idea of the pre-emptive, “left of boom” informational strike, yammering repeatedly about “psyops” and the need to “proactively” interrupt speech that is “not desired.” Maybe it’s chance that the authors of high-tech fakes like Hamilton68 just happen to cross-pollinate over and over with this DHS-endorsed program. It’s early days and we’re still spotting these connections, but sometimes, when a surplus of coincidence looks wrong, it is. More to come: