On October 16 Andrei Soldatov held the second October Lecture of RaamopRusland. Research journalist Soldatov wrote two books about the Russian FSB and the history of the Russian internet and the fight for internet freedom in Russia. His speech in the Amsterdam debating centre De Rode Hoed had as its main thesis: for a long time the Russian authorities didn't know what to do with the internet. Then they started to exploit 'patriotic hackers'. And finally the military have tuned in with their cyber troops. A worrying development.
Illustration Nanette Hoogslag
by Andrei Soldatov
Many aspects of the current day cyber attacks from Russia we can trace back to the Soviet legacy. Let's go back in time. In the summer of 1991 Soviet president Michail Gorbachev on the one hand had his fights with Boris Yeltsin who wanted to move on, but on the other hand with high placed officials and Politbureau members who were really unhappy with perestroika. This group, led by KGB chairman Kryuchkov, started a coup d’état. Part of the preparation for the coup was to seize control over communications. Kryuchkov wanted to know what Yeltsin's people - the potential troublemakers – were up to during the coup d’état.
In the midst of August Kryuchkov summoned the chief of the powerful 12th department of the KGB, that counted more than 900 people. They were in charge of eavesdropping and listening in to phoneconversations. Huge as it was, due to the failing communications system it was not that sophisticated. The department could eavesdrop only into 300 people in Moscow at a time. Telephone connections were awful. Intercity connections were bad and there was no automated connection to the world outside the USSR. That’s why the KGB needed a lot of people on the spot, who had to be close to the persons they listened to. That’s why almost every Western embassy in Moscow had next to it a tiny building for KGB people. Technically speaking the KGB had to be physically close to the embassies.
KGB-chairman Kryuchkov was one of the organisers of the coup d'état in August 1991.
In August 1991 all 900 people were summoned from vacation. They started listening in to conversations of Yeltsin’s crowd. In the mean time the military not only deployed tanks in the streets, but also put in place electronic warfare equipment. Their task was to jam any communication coming from Yeltsin's headquarters in the White House [the parliament building on Moscow river].
When the putsch started on August 19 it was relatively easy to put communications and the media under control. But the KGB completely overlooked a rudimentary form of internet, that originated in a tiny two-storey mansion on Ovchinnikov Embankment, not far from the Kremlin. A year before a dozen or so people there funded Relcom Network, from the English 'reliable communications'. It was not yet a real web, rather a system of emails. The network not only connected Moscow with the outside world, but also with most big cities in the Soviet Union. And by August 1991 it was fully operating.
Relcom net was used not only to spread information – for instance they posted all statements made by Yeltsin’s crowd in the White House – but it was used as a kind of social media. One guy thought it a good idea to ask all his contacts in the cities connected by Relcom to report what they saw happening outside. This immediately provided them with the picture that the coup d’état was not that serious. Troops were only deployed in Moscow and in St. Petersburg. And when that news was passed on to the West [and broadcasted back to Russia, ed.], people thought there might be hope. And indeed, the coup failed after three days and soon the Soviet Union would collaps. These three days for years to come defined the Russian security services’ approach to communications and the internet. Fot many years they didn’t know what to do with the internet.
Threat to national security
In 1996, when I was a young journalist, I was assigned by my newspaper to go to the State Duma, to report on the first hearings on the internet. The room was full of scientists. They were asking for support from the government to expand the network and to connect research institutions. All of a sudden the deputy head of the Russian security service took the stage. He said straightforwardly: ‘We think the internet poses a threat to the national security of Russia.’ And then he left.
I was extremely surprised and when I later asked him for an explanation, his answer sounded perfectly logical: all Russian communications were built on American technologies, which gives American intelligence agencies an advantage. We need to do something about it. He was partly right: before 1991 Russian communications were appalling.
Russia thinks the internet poses a threat to its national security
Then, under Yeltsin, our minister of communications came to the conclusion that it was absolutely impossible to modernize the Russian communications system by using Russian equipment. So he decided to buy all equipment in the West and within three years time most Russian digital communications operated on equipment from Cisco. I am not naïve: ofcourse this posed a threat to the Russians.
It reminds me of nowadays discussions in Western Europe. Of course we all use American technologies. The idea to ban these technologies because they can be used by spies is a very Soviet aproach to problems. An example: we did not have antisemitic campaigns in the Soviet Union because the Politbureau members hated jews, but because they were afraid that some jews might emigrate to Israel and there expose our secrets. Consequently we should reduce the number of jews to higher education in the Soviet Union. This is a very totalitarian way of thinking.
The role of the Chechen war
Thank God in 1996 nobody listened to this deputy head of the FSB and till 1999 the Russian internet was left alone. But then a defining moment for the history of internet and maybe of Russia as such arrived. The second Chechen war started in 1999. Vladimir Putin, who just came to power, invested a lot in this war and it made his reputation. He needed to win this war.
Putin in Pskov, August 2000, meeting with relatives of the paratroopers
killed during the second Chechen war.
But how could he sell this war to the Russian people? Why had the same Russian army lost the first Chechen war just 4 years before? He had two options: blame Boris Yeltsin, but that was not a very good option given the fact that in 1999 Yeltsin was still the president. Or blame the messenger, blame journalists and that’s exactly what the Kremlin started doing. It said we lost the war because the Russian war effort was undermined by journalists. Western journalists did it because all of them are spies and Russian journalists tuned in because all of them are corrupt and stupid. Alas: the Russian public largely bought this idea. There had been far too many media wars, too many scandals, too many journalists were caught accepting money from oligarchs. People were fed up and this was fully exploited by the Kremlin.
It was Putin who introduced the idea of information warfare
Putin not only introduced very harsh censorship in reporting about the second Chechen war, but he also introduced an idea with which we are all familiar now: information warfare and information security. There is a document signed by Putin about the doctrine of information security. It doesn't speak about cyber or cables, it talks about protecting the information space from hostile media. We all understand the reason: the Kremlin wanted to control the media. So Putin found a way to put the media under control and it became very difficult to report from Chechnya. You needed to be embedded with the troops.
But there was one thing Putin and his security services completely overlooked: the internet. The separatist Chechens launched several websites outside Russia: in Georgia, Western Europe, the United States, out of reach of the Russian government. It was a mixture of propaganda and real information. But because the main stream media could not report from Chechnya, they had to use information from these websites. The Kremlin of course didn’t want to accept this and tried to find a legal solution.
The foreign ministry of Russia sent some angry requests to Western European governments, asking them to take down the websites. But nobody listened, because they never provided any explanation. They asked the Russian security services to help, but they were still busy to prevent the American intelligence agencies to penetrate the Russian communications system. In the mean time the real threat for the Kremlin was the Chechen propaganda.
In 2002 we first started hearing about 'patriotic hackers'
This led to a stalemate that lasted until 2002. That year in the Siberian city of Tomsk, which is famous for its very good technical university, a group of students took down the most prominent Chechen website. That was seen as an opportunity. The local FSB issued a statement, praising the students by saying that they didn’t commit a crime, but that they did their patriotic duty. That was the moment we first started hearing about 'patriotic hackers'. These are people who are officially not affiliated with the government, who are not part of the government bureaucracy. They might be encouraged or paid or directed but the link is not really clear and the government can always say that they have nothing to do with them. For ten years, from 2002 till 2012, that was the tactics used by the Kremlin: hackers attacked liberal media, Navalny’s account, took down Estonian websites. This plausible deniability worked excellent.
Protests of 2012
In 2012 lots of Russians were outraged when they understood that after Medvedev Putin would return to the Kremlin as president. They calculated how old they would be in 2022 or 2024. Some people said that Putin’s rule would last longer than Stalin’s. It was very depressing and people wanted to protest. But all normal tools for organising a protest - political parties, trade unions, etcetera – were already crushed by the Kremlin. But instead we got the social media.
Facebook became a mobilising tool for protests
Facebook became a mobilising tool. It was right in the middle of the Arab spring. There were hundreds, later thousands of people protesting and the Kremlin got really scared. They saw it as a part of a conspiracy. At the time Hillary Clinton was US state secretary and some of her advisers spoke about social media as a new tool for revolution.
Once again the FSB was caught off guard. The deputy head of the FSB, Sergey Smirnov, admitted that he had no ways to deal with Facebook. When Putin got elected this was his moment to seek revenge. He introduced censorship, blacklists, people sent to jail just because they posted critical remarks online. It’s quite depressing, but controlling the message is not really effective. Navalny's video’s are wildly popular.
The Kremlin kept neglecting the widespread penetration of the internet in Russia. So every time it wants to keep activities secret, like sending troopt to Crimea and Ukraine, they overlooked that even servicemen and soldiers are users of the Russian site Vkontakte. As these guys posted things about their location, journalists began to monitor the activities of soldiers on social media. They exposed everything: their location, the name of their units, photographs.
Outside Russia the Kremlin became really aggressive with cyberoperations: trolls, hacking etc. How to explain this? I think the Kremlin considered it a low risk, low cost operation, especially as it was difficult to determine exactly who are the perpetrators. Even the use of cyrillic alphabet doesnot prove that the post is from Russia. There are lots of Russian speaking hackers in the Baltics, Ukraine or Israel.
Military became political
However in 2015 there was a big breakthrough. Secret services, hackers and research collectives found ways to prove that a hack was not only originating from a particular country but actually directed by the government of that country. Digital forensics had reached a new level and that explains why we got so many scandals in 2016.
In 2014 the minister of Defense launched his cyber troops
But then, at long last, in Russia a new player appeared: the military. For a long time they strived to have their say in cyber, but the FSB was not happy with that. That changed in 2014 because of Crimea. The new minister Sergei Shoigu wanted to prove himself as a very active minister and he launched his cybertroops. This was not a secret at all: on the contrary, the military and its security service GRU openly boasted that they had cybertroops now. It is all on YouTube, where they show video’s where a kalashnikov as a weapon is compared to a laptop. People are openly invited to join in.
Any newcomer tends to be adventurous. He wants to prove himself. At the same time he is incompetent and lacks experience. It’s a very dangerous combination. We see this everywhere now. The ministry of Defense became much more active in areas where we never expected them to be. For the very first time in Russian history after 1825, after the rebellion of the Decembrists, the military became political and that is a very scary thing.
Concluding I want to leave you with one thought. Why is the Kremlin so helpless inside the country and at the same time so sophisticated and aggressive outside? My fear is that there is a purely technological explanation. The internet was built by its founders as a technology to spread information. Technically speaking information and disinformation are the same thing. You cannot use technology to limit sharing of information, it goes against its nature. The Russian way to control information is based on the concept of controlling a few troublemakers who are known to the authorities. This is a very Soviet idea.
But in the age of social media content is made by users. In quiet times nothing happens and you can control the few troublemakers. But in a crisis, when there are manifestations, protests, riots, disasters, you’ll have thousands, sometimes millions of people posting information. Our system is not designed to deal with this scope, this scale. This gives us some hope.
Q&A with moderator Kysia Hekster
Are we engaged in a cyberwar with Russia, as the Dutch minister of Defense Ank van Bijleveld recently stated?
Soldatov: 'I hope we are not at war. The Russian military makes a clear distinction between targets: on the one hand attacks on critical infrastructure, for instance cyber attacks on powerplants, like Stuxnet, used by Israel and the US against Iran. The second type is called information operations. This includes phishing operations, when you seduce people to give their passwords, or trolling or disinformation operations. They believe that this last kind of activity will not provoke a military response. Only the first type of operation could provoke something really serious from your adversary.'
Would you call the spying operation against the OPCW in The Hague an operation of the second type?
'Yes and the same amounts to the hacking of the US Democratic Party in 2016. It was directed against a political organisation, not the government and it caused no physical harm.'
You say we are not in an open cyberwar, but are cyber and information operations connected?
'Absolutely. In Russian military thinking cyber operations are part of information operations. The military never use the word cyber. Instead they use the word information: information warfare, information security. Why? Because they believe it is not a question of computers, of technology, but of content. For years this was rejected by the Western cyber community because it feared that this would mean a direct path to censorship, to control of content. Sadly enough, the Kremlin has won that game, because nowadays everbody is talking about information operations.'
What is the goal of this information war? Spreading doubts about the information people receive?
'Not only that. Of course, the most common theory is that they want to confuse everybody. The first thing you lose is trust in your institutions. In Russia nobody trusts our parliament, political parties, politicians or high officials. We have only one guy to trust and that is Vladimir Putin. That makes things easier for him. He would like to have the same situation in the West.
If you use the terminology of information war, then everybody, including journalists, are ‘information warriors’. So we can be treated as soldiers, we can be given commands. It’s a very dangerous idea. I don’t want to become an information warrior. I want to question everybody and to be critical.'
The Dutch military intelligence recently gave a press conference in which they presented all these details about the interrupted hacking operation against the OPCW. How was it received in Russia?
'Lots of people in Russia understood that the West has been trying for three years to find a strategy if not to stop offensive operations but at least to slow them down. They tried a lot of things: Obama openly told Putin to stop it. The American intelligence community sent some strong messages. Nothing worked. With the Chinese they had the same problem. Then they decided to go public with naming and shaming. That was effective. The Chinese stopped their operations for some years.
The Skripal affair and the interview on Russian television with the two Russian men who were exposed in Salibury, changed the way many Russians feel about the regime. Many friends of mine suddenly got really scared. It is as if they only now got it, that something is not right. You think everything will be fine, as long as you live your own life, if you know the rules and don’t engage in politics. You try to make your environment predictable. The Skripal case changed this, it is a turning point.'
A lot of things about the military and GRU have become public that should have been remained secret. Collectives such as Bellingcat make use of gathering data from the internet. Are the FSB and the GRU adapting their strategies to this new technologies of outsiders?
'Russia is quite oldfashioned. The intelligence community thinks the best way to control information is fear. The FSB stated publicly that they are investigating the contacts of Bellingcat and everybody understood the message.
Right now it seems they are very confused. The GRU used to be the most secretive agency. Everybody expected some reaction from the Kremlin, but I’m a bit sceptical, given how big the role of the ministry of Defense in the Russian society became. It’s crazy. When you go to a gasoline station, you can buy a meal produced for our soldiers. Why? Because it’s very patriotic. At a very famous music festival there suddenly is a tank show. The ministry of Defense is investing a lot in its public image. They actually became really political. The first time in Russian history since 1825.'
Does it mean we can expect more GRU operations and more of them revealed?
'It’s a bit misleading to think about GRU as some sort of FSB. The FSB is an agency that is accountable only to the president. The GRU is part of the ministry of Defense, so you need to understand what is going on in the ministry of Defense. The ministry, the Russian army became much more active since 2014, since Crimea and Ukraine. The GRU is just a part of this picture. They are trying to prove themselves.
In the Soviet Union the KGB was under strict control of the communist party. The FSB is not under control of anybody. Even for the Kremlin it’s quite difficult to control them, because there is no method for it. It’s a completely independent body. Because of the Chechen war and the operations in Dagestan, the FSB became very brutal, the FSB is much more brutal than the KGB was.
The GRU was the worst performing intelligence agence after the collapse of the SU. Nobody cared about them, because they didn’t interfere in political life. They used to do tactical operations in Chechnya and Dagestan by special forces. In 2014 they became much more ambitious. With WADA it’s clear that they became political. They try to clean the mess left by the FSB, they are hacking computers of Russian journalists based in Russia. For me it’s an indication that the military intelligence became something bigger. It means that they become political.'