Part 13 (1/2)
Even with a bulletproofed network, it's important to remember that while the Kremlin provides open and global Internet access to its citizens, it also collects and controls all of the data originating within its borders.
A recent interview with Anton Nosik, the editor-in-chief of the Russian news website BFM.ru, was published in the Russian online newspaper the New Times. In it, Nosik spoke of SORM-2 (System of Operation Research Measures), which copies every byte of Internet traffic coming from Russian households and businesses and sends it to the Federal Security Service (FSB) via a redundant array of inexpensive disks (RAID).
Nosik also pointed out that the Kremlin either owns the pipes (Rostelekom, Transtelekom, and Elektrotelekom) or controls the licenses of every communications channel in Russia. This degree of control may work against the Russian Federation if an international body determines that it could have acted to stop cyber attacks originating from within its borders but didn't.
The Kremlin and the Russian Internet.
One of the most difficult questions that the Project Grey Goose team faced in investigating the cyber war between Russian and Georgia was whether there was evidence of Russian government involvement. Our key finding in October 2008 was: We a.s.sess with high confidence that the Russian government will likely continue its practice of distancing itself from the Russian nationalistic hacker community thus gaining deniability while pa.s.sively supporting and enjoying the strategic benefits of their actions.
While forum members are quite open about their targets and methods, we were unable in this round of collection/a.n.a.lysis to find any references to state organizations guiding or directing attacks. There are several possible explanations as to why this is the case.
There was no external involvement or direction from State organizations.
Our collection efforts were not far-reaching or deep enough to identify these connections.
Involvement by State organizations was done in an entirely non-attributable way.
The situation has since changed. In February 2009, the Russian media reported a story that has provided new evidence pointing to how the Russian government sponsors and pays leaders of Russian youth organizations to engage in information operations, up to and including hacking, to silence or suppress opposition groups.
Nas.h.i.+.
Nas.h.i.+ (nas.h.i.+.su) is short for Molodezhnoye demokraticheskoye antifas.h.i.+stskoye dvizhenye ”Nas.h.i.+” (translation, ”Youth Democratic Anti-Fascist Movement 'Ours!'”). Its logo is shown in Figure 7-9. It was formed in 2005 to either counter the possibility of another youth revolt like the 2004 Orange Revolution in Ukraine or counter a growing interest in n.a.z.ism in Russia. Funding for the group purportedly comes from Russian business owners; however, there has been widespread speculation that it receives government funding as well, which has been strengthened in recent days by the Anna Bukovskaya story (related later in this section).
Figure 7-9. The Nas.h.i.+ logo One of the most important supporters of Nas.h.i.+ is Vladislav Surkov, the first deputy chief of the presidential staff and, more importantly, a man who has the ear of Russian Prime Minister Vladmir Putin.
Surkov intends to use Nas.h.i.+ to enforce the Kremlin's will regarding RUNET communications, i.e., ”Ensure the domination of pro-Kremlin views on the Internet” (published by The New Times Online in Russian, February 16, 2009). That's easier said then done, particularly since that effort was tried and abandoned about 10 years ago by RUNET co-founder Anton Nosek.
Surkov has a new plan that involves the enlistment of Russian youth organizations, including Nas.h.i.+ and United Russia. He has organized a March 2009 conference with about 20 key people in the Russian blogging community, as well as leaders of the aforementioned youth organizations, some of whom include: Maksim Abrakhimov, the Voronezh commissar of the Nas.h.i.+ movement and blogger Mariya Drokova, Nas.h.i.+ commissar and recipient of the Order for Services to the Fatherland Second Cla.s.s medal for her ”energetic” work in the area of youth policy Mariya Sergeyeva, leader of the United Russia youth wing Young Guard Samson Sholademi, popular Russian blogger Darya Mitina, former state duma deputy and Russian Communist Youth Union leader Other attendees included Russian spin doctors who specialize in controlling the messages communicated via the blogosphere. The objective was a straightforward Information Operation: The aim of the conference is to work out a strategy for information campaigns on the Internet. It is formulated like this: ”To every challenge there should be a response, or better still, two responses simultaneously.”
A source who is familiar with the process of preparations for the meeting explained: If the opposition launches an Internet publication, the Kremlin should respond by launching two projects.
If a user turns up on LiveJournal talking about protests in Vladivostok, 10 Kremlin spin doctors should access his blog and try to persuade the audience that everything that was written is lies.
Although this campaign concerns internal Russian politics, it demonstrates the IO model that the Kremlin uses across the board, including what happened in Georgia in August 2008 thanks to the influence of Vladislov Surkov. His strategies were captured in the book Chronicles of Information War (Yevropa publis.h.i.+ng house, Moscow, 2009), written by two Kremlin spin doctors, Maksim Zharov and Timofey Shevyakov. The following is from the book's introduction: Net wars have always been an internal peculiarity of the Internet-and were of no interest to anyone in real life. The five-day war showed that the Net is a front just like the traditional media, and a front that is much faster to respond and much larger in scale. August 2008 was the starting point of the virtual reality of conflicts and the moment of recognition of the need to wage war in the information field too.
Confirmation on the relations.h.i.+p between Nas.h.i.+ and the Kremlin came on April 10, 2009, when Nas.h.i.+ commissar Aleksandr Kuznetsov entered the nation of Georgia en route to Tbilisi to conduct an anti-government rally with 15 or 20 other Nas.h.i.+ members scheduled for April 16. Kuznetsov was arrested at the border, and during his interrogation he produced a letter from the Russian Duma's Committee on Youth Affairs, requesting Russian officials along the way from Moscow to Tskhinvali to a.s.sist the ”Moscow-Tskhinvali-Tbilisi Motorcade” in its mission. Nas.h.i.+ founder Vasili Yakemenko currently heads that committee.
In Vladimir Socor's report of this event for the Eurasia Daily Monitor (April 17, 2009), he writes that Kuznetsov's statements provide corroboration for earlier reports that Nas.h.i.+ is funded by First Deputy Chief of Presidential Staff Vladislav Surkov.
The Kremlin Spy for Hire Program.
Anna Bukovskaya is a Nas.h.i.+ member and St. Petersburg activist who was paid by the Kremlin to spy on opposition political youth movements, according to an article in the Moscow Times (February 6, 2009): Anna Bukovskaya, a St. Petersburg activist with the pro-Kremlin Nas.h.i.+ youth group, said she coordinated a group of 30 young people who infiltrated branches of the banned National Bolshevik Party, Youth Yabloko and United Civil Front in Moscow, St. Petersburg, Voronezh and six other cities.
The agents informed Bukovskaya, who pa.s.sed the information to senior Nas.h.i.+ official Dmitry Golubyatnikov, who in turn contacted 'Surkov's people' in the Kremlin, Bukovskaya told the Moscow Times. Vladislav Surkov is President Dmitry Medvedev's first deputy chief of staff.
The agents provided information on planned and past events together with pictures and personal information on activists and leaders, including their contact numbers, Bukovskaya said by telephone from St. Petersburg.
They were paid 20,000 rubles ($550) per month, while she received 40,000 rubles per month, she said.
Bukovskaya provided more details during an interview on Russian Ren TV (February 4, 2009): [Bukovskaya] The project was to become more aggressive, i.e., videos and photos to compromise the opposition, data from their computers; and, as a separate track, the dispatch of provocateurs.
In other words, computer espionage was part of the services Nas.h.i.+ provided, which isn't surprising, since Konstantin Goloskov, one of the Russian hackers who acknowledged launching distributed denial of service (DDoS) attacks against Estonia, was a commissar in Nas.h.i.+.
In March 2008, Nas.h.i.+ hackers were accused of orchestrating a series of DDoS attacks against the Russian newspaper Kommersant. A Nas.h.i.+ spokesperson denied that the group was involved.
In October 2007, another Russian youth movement known as The Eurasian Movement of the Youth (ESM) launched a DDoS attack against the president of Ukraine's website, shutting it down for three days. Furthermore, both Nas.h.i.+ and the ESM partic.i.p.ated in protests against the Estonian emba.s.sy in Moscow in May 2007.
The blog Windows on Eurasia (May 31, 2007) points to evidence that the FSB guides and encourages youth hackers such as the ESM to act on behalf of Russian government interests. For example, in early 2007, the ESM (/article.asp?article=1419) threatened to disable the website of the Ukrainian Security Service: ESM, the Russian radical youth organization that has been using sophisticated computer a.s.sets capable of disrupting a government computer network and eager to do so for political reasons, also vowed to disable the website of the Ukrainian Security Service (/article.asp?article=444), SBU, in the near future, unless Yushchenko dismisses Valentyn Nalyvaychenko, SBU's pro-NATO chief.
Russian journalist Andrei Soldatov wrote about the relations.h.i.+p between the FSB and Russian hackers in an article for Novaya Gazeta (May 31, 2007), beginning with Russian students from the Tomsk region attacking the Chechen news website KavkazCenter.com in 2002. Following the attack, the regional FSB office in Tomsk issued a special press release that said, ”[T]he actions of the students do not contradict Russian law but rather is an expression of political orientation and worthy of respect” (Google translation from the Russian).
Soldatov also refers to the National Anti-terrorism Committee (NAC), which was established in 2006 by Vladmir Putin and chaired by Nikolay Patrushev, the director of the FSB, as having an interest in utilizing members of the Russian hacker community when it was in its interest to do so.
Sergei Markov, Estonia, and Nas.h.i.+.
On March 3, 2009, Sergei Markov, a state duma deputy and member of the Unified Russia party, partic.i.p.ated in a panel discussion with Russian and US experts, including James Lewis of the Center for Strategic and International Studies, about information warfare in the 21st century. During that discussion, Markov stunned everyone present by announcing that it was his a.s.sistant who started the Estonia cyber attacks in 2007. The following quote comes from Radio Free Europe, which broke the story on March 6, 2009, on its website: ”Markov, a political a.n.a.lyst who has long been one of Vladimir Putin's glibbest defenders, went on to explain that this a.s.sistant happened to be in 'one of the unrecognized republics' during the dispute with Estonia and had decided on his own that 'something bad had to be done to these fascists.' So he went ahead and launched a cyberwar.
”'Turns out it was purely a reaction from civil society,' Markov reportedly said, adding ominously, 'and, incidentally, such things will happen more and more.'”
Markov, a supporter of the Nas.h.i.+ youth movement, attended its second annual Innovation Forum on July 21, 2008-one day after the President of Georgia's website came under a DDoS attack and 19 days before Russia's invasion of Georgia.
A Three-Tier Model of Command and Control.
It's understandable to want to find a telltale piece of evidence that conclusively links the Kremlin with the actions of its hackers. However, it's important to realize that in the anonymous workings of the Internet, such a goal is not only naive, but it also doesn't accurately represent the relations.h.i.+ps that have been built over the years between Russian politicians and organized youth a.s.sociations.