As much as anyone, I want to see what the SNP do in the dark be brought into the light. Leaks such as those by whistle-blowers have undoubtedly revealed things in the public interest. Leaks from the SNP revealed they were lying about pensions, supporting sex pests over victims and that the missing ringfenced £600k had been spent on furniture.
Even so – I will be taking any ‘explosive revelations’ from Stewart McDonald’s stolen emails with a heavy pinch of salt, and I’d recommend any unionists to do the same.
Sympathy fur th’ de’il
I have genuine sympathy for Stewart McDonald, the SNP MP whose personal email has been hacked. I’ve criticised him before for being a spokesperson on disinformation while spreading, or not correcting, partisan nationalist disinformation, but let’s set that aside for the moment and look at what has happened.
While the spear phishing attack wasn’t hugely sophisticated (it wasn’t as obvious as a Nigerian prince scam – and those still work), there was some skill in it – yes, he should have known better than to fill in a password after clicking a link in an email, but the email did come from a genuine personal email address of a staff member and with personalised, targeted information.
Alarm bells should have rung when he then got a blank page. A more sophisticated attack would have given a more natural experience – e.g. behaving normally and delivering an expected document. If it had done that, and if the group had been able to better spoof the nature of their log-ins to the staff member’s personal email, then the attack may have gone entirely undetected.
An attack on a UK MP is an attack on the UK.
But the alleged Russian hacking of an SNP MP’s email is not just an attack on the SNP – it is an attack on a UK MP and the West, and should be seen in that context. Those of us who oppose the SNP should take extra care before giving credibility or sharing everything that comes out in the following days and weeks.
There is, of course, a natural curiosity to see behind the facade of SNP secrecy, especially when we are told that there will be “explosive revelations”, and leaks are designed to appeal to voyeurism and crafted to play on our confirmation bias.
The Glasgow MP is quoted in various papers as saying :
“If it is indeed a malicious state-backed group, then, in line with what I’ve seen elsewhere, I expect them to dump some of the information online.
“And I can expect them to manipulate and fake some of that content and I want to get out ahead of that to ensure any disinformation attack against me is discredited before it’s even published,”
Frankly, I agree with his assessment, and he is doing the right thing to pre-bunk it.
Dumps like a truck
That predicted dump is coming: as reported in the national, Craig Murray claims he has them and is willing to publish at least some of them.
The document Stewart was asked to open was with regards to an update on the war in Ukraine, and it’s thought the attack came from the Russian state-sponsored hacking group Seaborgium. The UK Government National Cyber Security Centre recently warned about Russian and Iranian hacker groups:
“The advisory highlights that throughout 2022 separate malicious campaigns were conducted by Russia-based group SEABORGIUM and Iran-based group TA453, also known as APT42, to target a range of organisations and individuals in the UK and elsewhere for information-gathering purposes.
The attacks are not aimed at the general public but targets in specified sectors, including academia, defence, government organisations, NGOs, think-tanks, as well as politicians, journalists and activists.”
And more generally, about the threat of online Russian disinformation to support their war in Ukraine.
A pattern of disinformation
The Russians, and in their time the East German Stasi, became experts, or at least experienced, in disinformation attacks. What we see here fits into their modus operandi.
As I wrote just a few days ago – the most sophisticated disinformation attacks can work on three levels.
- The disinformation itself communicates some effect.
- It’s crafted so that the denial amplifies or augments the message.
- Even when exposed as disinformation, there is a strategic benefit.
If or when the cache of stolen emails is released, it may be impossible to say what is real and what is fake. My understanding suggests that in previous ‘dumps’ a ratio of around 80% real to up to 20% fake is considered optimum – but also that sometimes just one ‘explosive’ fake email is placed in a cache.
As I mentioned: disinformation at its most ingenious can cause harm at three levels – when taken at face value, when denied and when exposed.
TARAKANY (Cockroaches)
When Russia invaded Afghanistan in 1979, they used chemical weapons against the secretly US-backed mujahadeen. The US was gathering evidence on this to submit to the UN. Russia responded with a disinformation campaign which included counter-accusations that the US was preparing biological weapons in Pakistan. Interestingly part of this campaign was not only to drive a wedge between the US and Pakistan but to cause friction within Pakistan:
“In Iran, a rumour was spread that in Pakistan, the Americans were using fellow Shiites as guinea pigs to study the effects of new chemical and bacteriological products on humans, as a result of which many either died or were crippled. The Pakistani regime’s decision to allow the Americans to conduct such experiments on human subjects was evidence that the Pakistani leadership was conscious of the danger which the local Shiites represented, and therefore decided to rid itself of a potential internal enemy” – Materials provided by former KGB archivist Vasili Mitrokhin to CWIHP, following the publication of the Working Paper No. 40, “The KGB in Afghanistan.”
However, even when exposed as misinformation, the Cockroach plan still had further strategic value. The Russians could claim – “Yes, these are the sorts of games all superpowers play – just like the US is doing when they accuse us of using chemical weapons.”
If someone had believed seeded Russian news stories that were then disproved, they were less likely to believe other news stories even if they were true.
What’s Russian for Deja vu?
This isn’t the first, and it won’t be the last time that Russia and others use this technique. However, one incident in particular that it reminds me of was a Russian disinformation attack at the time of the Crimean annexation, when Russia invaded Ukraine under a false flag.
Jason P Gresh Forged Email
In 2014 Russia hacked the personal email of Ukrainian General Igor Protsyk, and then dumped them online on various sites under the guise of being “Anonymous Ukraine.”
In the emails was a forged email, supposedly from Jason P Gresh, a lieutenant Col. in the US army at the embassy in Kyiv. This email claimed that Washington was directing the pro-eu Ukrainian forces to fake an attack on transport hubs in Crimea that would then be blamed on Russia to create a pretext for the Pentagon and the CIA to intervene.

Additional faked emails then purportedly showed Igor acting on this direction by coordinating with others.
By 2014 online disinformation was maturing. In some ways, this was relatively sophisticated – the US was implicated, but US systems had not been breached, and the leaked emails included fully forged email headers with technical information.
It fell down in the language. According to Thomas Rid in “Active Measures” ( a book I strongly recommend), One of the reasons that the East German Stasi were so effective in their disinformation campaigns in West Germany is because they shared the same language, background, culture and history with West Germany, so could craft disinformation to a high level. This is something non-native English-speaking Russians have struggled with against the West.
The language of the email does not sound perfectly educated native English and does not fit with the supposed source of a US army attache diplomat. The US considered it serious… but a bit of a joke as an obvious forgery and got little heat over it.
A challenge the Russians faced in disseminating the information was that the majority of Igor’s real emails were tedious! If they had just left this email to be found in the middle of a cache, most people would have given up reading the emails out of boredom before they got to the plant! So when uploading the cache, they took care to highlight “This is the exciting email.”
Ihor,
Events are moving rapidly in Crimea. Our friends in Washington expect more decisive actions from your network. I think it’s time to implement the plan we discussed lately. Your job is to cause some problems to the transport hubs in the south-east in order to frame up the neighbor.It will create favorable conditions for Pentagon and the Company to act.
Do not waste time, my friend.
Respectfully,
JP
However, tactically the target audience was scared civilians in the Crimean peninsula who were not as sophisticated in spotting disinformation and who were unused to seeing Ukrainian troops as a presence on their roads, towns and villages – so it was to drive an additional wedge there.
So how should we approach Stewart’s emails when they are released – knowing that there will be some truth there, but also likely disinformation?
The SIFT methodology for slowing the spread of misinformation is generally the best place to start.
- STOP
Pause before sharing any revelations, and give it some extra thought.
- INVESTIGATE THE SOURCE
Remember, the ‘source’ is not Stewart’s emails; the source is an anonymous, possibly Russian state hacker acting through Craig Murray or posting elsewhere.
- FIND BETTER COVERAGE
If there is a claim or revelation – can we confirm it from other sources?
- TRACE CLAIMS, QUOTES AND MEDIA TO THE ORIGINAL CONTEXT
Again hard to do: if all the emails are not dumped, we might not have all the original context, and we might not be able to trust it when we do appear to have all the context.
Checklist -this isn’t perfect and will depend on how well any fakes have been executed
Is it just too good to be true?
Is there some smoking gun or ‘explosive revelation that is very convenient? I’d be especially wary of any emails from Nicola Sturgeon: she famously avoids government email, preferring to send instructions by handwritten notes, which are then destroyed than leave an electronic trace. There may be emails from her, possibly from her personal or party email address, but any which are too good to be true should be taken with a pinch of salt.
It’s also possible that there are genuine emails from Nicola Sturgeon but that Stewart’s response to them is faked, which could change the meaning.
What percentage are boring?
Most emails are boring. Russia may have learned their lesson here from Igor Protsyk, and if there was a dump of the whole cache, there’s probably an analysis that could be done on the ratio of newsworthy and politically interesting, but it seems likely that what will be released will be a carefully edited mix of real and fake.
What’s the language like?
If there are explosive emails, does the language and tone fit with the style of what Stewart has written elsewhere? Even if it’s written in native standard English, there are analyses that can be done – of things like vocabulary, sentence length and other factors that can identify if the author is the same. ( of course, these can also be forged, it depends upon the level of sophistication)
Is any new information independently verifiable?
My advice would be to try to share or react to something new only when it can be verified. With sources, two is one, and one is none. Three is better.
Cui Bono?
Whatever is being released, is being released with an Agenda. This is not just an attack on the SNP; this is an attack on a UK politician and the West. This attack has the fingerprints of Russian Modus Operandi. Whatever your position on the UK constitution: think about the players involved and what reaction they would want you to have.
Stewart is supportive of Ukraine and critical of Russia.
Craig Murray is a Putin apologist who sided with Putin on the Salisbury attacks and is an ally of
Alex Salmond: who until recently had a Talkshow on the kremlin backed propaganda TV station RT is on record as admiring Putin.
Ex Umbra In Solem
I’d love as much as anyone for what the SNP do in the dark to be brought to light. The right way to do that would be through having systems in Scotland with some teeth that could hold them to account – make them answer FOI requests and make them take minutes in meetings. Or from whistle-blowers who are verifiable or protected sources through journalists.
There will no doubt be some explosive revelations; some of them may be true, and some of them will be false. My advice is ca’canny. Be sceptical – especially about what you might want to be true.
At face value, Russia will be happy to attack a UK MP who is critical of their invasion of Ukraine while potentially stirring up UK internal divisions in order to soak up our political capital. Some of the ‘explosive revelations’ may appear to show the SNP exposing some actions of the UK government. The UK, with trouble at home, has less attention and energy to spend on Ukraine.
We know that Stewart is a Sturgeon loyalist, and what’s embarrassing to him may be uncomfortable to her – but it’s also possible the timing of revelations will come at a time that is most awkward for her at the March “de facto” conference, or time at some point of the news cycle around then. Salmond and Murray would undoubtedly like to see Sturgeon weakened within the SNP and independence cause.
The danger to Unionists is that if we were to unquestioningly share and give credit to whatever Craig Murray publishes on this, say an ‘explosive’ email about Nicola Sturgeon, and that then is shown/proven/admitted to being misinformation, then that will be used against us in the future. They are ‘flooding the zone’ which means when something DOES get uncovered, it’s less credible because it can be more easily denied as “just more disinformation” it gets less media attention because the public disengages rather than keeps up, and people are paying less attention because these stories have lost their novelty.
Don’t get me wrong; I’ll read whatever comes out, but I’ll be trying to do it with the above factors in mind and with the understanding that we just aren’t always great at spotting disinformation, as this Ofcom study shows.
So read, but don’t trust. There’s no point striking a false blow against Scottish separatism only to find out you’re Putin’s cat’s paw.
References:
Active Measures: The Secret History of Disinformation and Political Warfare, Thomas Rid
New Statesman: How conspiracy Theories about Salisberu attack tap anti-Semitic tropes
Leaked recording of SNP MPs supporting Grady ‘utterly unacceptable’ – Sturgeon
https://www.independent.co.uk/news/uk/ian-blackford-snp-mps-first-minister-commons-b2107718.html
Moscow Times – Russias Reinstatement to pace is a grave mistake – Stewart McDonald
https://www.themoscowtimes.com/2019/06/26/russias-reinstatement-to-pace-is-a-grave-mistake-a66174
The National – Craig Murray to publish Stewart McDonald’s emails after phishing scam
‘Hacked’ email from Jason P Gresh
Flooding the zone – the Bannon Playbook
Leaked paper shows SNP fears over cost of benefits
https://www.heraldscotland.com/news/13094979.leaked-paper-shows-snp-fears-cost-benefits/
Leaked SNP accounts’ show £670,000 spent on furnishings, computers and software last year
UK exposes sick Russian troll factory plaguing social media with Kremlin propaganda
KGB Active Measures in Southwest Asia
https://digitalarchive.wilsoncenter.org/document/kgb-active-measures-southwest-asia-1980-82
Alex Salmond’s ‘Admiration’ For Vladimir Putin
https://news.sky.com/story/alex-salmonds-admiration-for-vladimir-putin-10407874
What is the SIFT method?
Nicola Sturgeon in row over unofficial email account
https://www.heraldscotland.com/news/17966516.nicola-sturgeon-row-unofficial-email-account/