Russian journalists Andrei Soldatov and
Irina Borogan wrote their first book, The
New Nobility: The Restoration of Russia's Security State and the Enduring
Legacy of the KGB, in 2010. It was
about the rise of the FSB in the era of Vladimir Putin from the ashes of what
was once the KGB. Five years later, they
wrote second book, The Red Web: The
Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries. This book could easily have been titled The Russian Surveillance State: How Old
Habits Die Hard from Soviet Times to the Present. One would suspect from the title this book
concentrates on just the Internet in post-Soviet Russia, but this book is much
more. Soldatov and Borogan document in
great detail the breadth of the old Soviet KGB technical surveillance
apparatus, how and where it began, and how techniques and equipment have
adapted to the Internet age.
The story begins in a residential district
in southwest Moscow, wherein lies a nineteen-story gray-and-white building known
as Phone Station M9. Half of Russia’s Internet
traffic passes through this building.
The building has another occupant on its eighth floor – the FSB. The FSB is the successor organization to the
Soviet Committee for State Security – the KGB.
Throughout the building are little boxes marked SORM [which is an
acronym for the Russian words for “operative search measures”]. These are the devices which the FSB uses to
monitor Russian web traffic. First
invented by the KGB to monitor telephone calls, these SORM boxes monitor
e-mails, Internet usage, Skype, cell phone calls, text messages and social
networks [Twitter, Facebook, etc.]. It
is with these SORM boxes the Putin regime monitors political opposition. In 1991 Russia inherited a dysfunctional and
broken communications system with barely a connection abroad, and today the Pew
Research Center approximates that 73 percent of those questioned in Russia said
they had online access, compared to 63 percent for China and 87 percent in the
United States. In a country of over 200
million people, that’s a lot of Internet traffic to monitor.
“Prison
of information.” Soldatov and Borogan describe the old
Soviet Union as a “prison of information”.
They describe the infrastructure that was put in place by the Soviet
security apparatus to build this “prison of information”.
-
Marfino [located northeast of Moscow] stood a
building that was once a seminary.
During Stalin's time, this former seminary was transformed into a Soviet
secret research facility. Their mission
was to create a secure telephone system for Stalin. In 1952, while working at Marfino, Vladimir
Fridkin made the Soviet Union's first working copy machine. Three years later, the KGB smashed Fridkin’s copy
machine to bits in order to prevent the copying of "prohibited
materials". Such was the paranoia
of the Communist Party that they had to maintain a stranglehold on information.
-
Kuchino.
In December 1953, eighteen prisoners were transferred from Marfino to
Kuchino, another security service compound twelve miles east of Moscow. It
became the KGB’s main research center for surveillance technologies, including
the all-pervasive Soviet system of phone tapping and communications
interception. They also figured out how to intercept a human voice from the
vibrations of a window. Kuchino was the main research facility for Stalin’s
secret services in the area of special, or “operative,” equipment—ranging from
weapons to radio sets to, most importantly, listening devices. The engineers employed therein, and at the
Scientific Research Institute of Dalny Svyazi in Leningrad, conducted much
research in the field of speech recognition.
-
The Computation Center of the Academy of Sciences on Vavilova Street in Moscow applied computers to the speech
recognition work. This evolved into a
private company called the Speech Technology Center in 1993. With generous funding from the FSB, this
company created technology that could to store many millions of items of
biometric data, such as voice samples and photo images, and match them to
individuals by searching the world’s communication channels, including video
files. The voice recognition technology can identify the speaker, regardless of
language, accent, or dialect, based on physical characteristics of the voice.
-
Kurchatov Institute [which included the
Computation Center] held a prestigious status in the Soviet Union. Much of the work to get the Soviet atom bomb
was done here. Additionally, it worked
on other crucial defense projects, to include laser weapons and development of
Soviet submarines. The Soviet Internet was born here. It was here the Soviets made their first
connection to the Internet. Alexey Saldatov, the father of one of this book’s
co-authors, was a key player in making the Soviet Internet a reality. The elder Soldatov was the head of the
Computation Center. He had done an internship
at the Niels Bohr Institute in Copenhagen. During his time there, he knew of
computer scientists that created a network that connected computers. He had a team of computer programmers that
adapted a bootleg copy of Unix [and called it Demos] to the Soviet’s first
supercomputer with a Soviet-made copy of an IBM mainframe. They created a local area network at Kurchatov. Once they did that, they expanded to a larger
network that connected Kurchatov and the Institute of Informatics and
Automation in Leningrad, 460 miles away. After that, connections were
established with research centers in Dubna, Serpukhov, and Novosibirsk. The
network used ordinary telephone lines.
Almost a year after that first global
Internet connection was made, the abortive Communist coup against Mikhail
Gorbachev took place. The Internet
connection to cities outside of Moscow and beyond the borders of the Soviet
Union proved extremely important because the coup plotters neglected to take
down the computer network. Large amounts
of uncensored information flowed in and out of Moscow, and the coup plotters
unknowingly helped the other side by demonstrating an old way of thinking, to
control radio and TV. The KGB didn’t
think to censor the nascent computer network – it never occurred to them, and
at this time this was a network they couldn’t control. This is ironic because the much of the money
that made the Soviet Internet a reality came from the KGB. The ‘net’ didn’t foil the coup attempt all by
itself, but it was an important new tool in the toolbox against oppression.
Russian
Internet tools.
The Russian security services have quite a few tools in their Internet
suppression toolkit. Among these tools
are:
-
A nationwide system of online
filtering and censorship was put in place by 2012 and has since been
refined. Internet filtering in Russia is
unsophisticated; thousands of sites were blocked/blacklisted by mistake, and
users could easily find ways to make an end-run around it. At the same time,
very few people in Russia were actually sent to jail for posting criticism of
the government online.
-
Distributed denial of service
(DDOS) attacks by “hacker patriots” - when an attacker uses a multitude of
infected computers to access a website at the same time, and the site often
crashes as a result
-
Pro-Kremlin hacktivists and trolls
were hired to attack and harass liberals online
-
SORM devices – the little black
boxes control information online and obstruct a free press and political
opponents. first versions intercepted and
recorded phone calls for the Soviet Union, but now Internet service providers
(ISPs) install the latest generations of SORM onto Internet lines so that the
FSB can intercept content (not just metadata) from email, internet traffic,
mobile calls and voice-over internet such as Skype. All Russian operators and ISPs were required
to install the black boxes, about the size of an old video tape recorder, which
would fit on a rack of equipment, and permit connection to the regional
departments of the FSB.
-
Kompromat - compromising material released to
the public to blackmail activists, embarrass opponents & business rivals,
influence elections, and create confusion.
Kompromat used against journalists and others most likely came from
content that SORM intercepted.
-
Coercion - The main subjects of
Soldatov and Borogan’s book, online service providers including ISPs, media
outlets, aggregators, mail services and social networks, are constantly angling
for a position from which it is safe to conduct business. They are Putin’s
willing executioners. They are told that
if they don’t provide the access to communications that the FSB desires, they
won’t have the ability to do business in Russia. The threat of being dragged into criminal
proceedings – or, indeed, of losing one’s business – serves to activate what is
perhaps the most commonplace survival mechanism in today’s Russia:
self-censorship.
-
Blogger Law – There are many
popular blogs in Russia, and is one of the few areas in cyberspace where lively
and relatively free political debates take place. This was a rewrite of anti-terrorist statutes
that required blogs with 3,000 or more followers to register with the
government. This registration gave
security services a way to track bloggers, intimidate them, or close them
down.
Face
recognition software – The Russians, through a company
called Ladakom-Service, have developed facial recognition software, and have
been using it wherever there are gatherings of large numbers of people, whether
they are sporting events or at the Russian subways. At the entrance to sporting events,
spectators go through metal detectors, ostensibly in efforts to find
weapons. While the spectators are
patted down by security, their pictures are taken. The cameras rapidly capture each face into a
green digital frame and then identify different characteristics of the face,
including such distinctive features as distance between the eyes. A computer
connected to the camera then evaluated each person based on a complex
algorithm, and within seconds the person’s name was established and they were
given a unique number. Near the metal detectors sits an operator with a
laptop. He monitors every face closely.
One window on his screen shows the live camera acquiring the face images,
another part of the screen shows the captured images, and a program was
constantly running to match the captured images with people in a government
passport database, one of the biggest in the country. When the match was
successful, a photograph just taken appeared along the bottom of the screen
with the person’s full identity. The
same company in 2011 had installed this technology in the entrance hall of one
of the busiest metro stations in the city. As people stepped on the subway
escalator, their faces entered a frame and were captured by video cameras. The
images are rapidly linked to their identity in security service databases.
There was no notification to anyone that they were being recorded. The system
is so advanced that a scan of 10 million images would take no more than seven
seconds. The facial images and video are sent to the Metro system’s situation
room, the Interior and Emergencies Ministries, and to the FSB.
Putin’s
“Willing Executioners”. The authors point out that engineers in Soviet
Union [and today’s Russia] are not trained in ethics like medical doctors
are. They were taught to be servants of the
state. These engineers were focused on
the technical needs of the Soviet Union, and they did not [and still do not]
question the uses of their technical creations in service to the state. These people are much more comfortable being
told what to do without question – they have a much better understanding of the
mechanical world than “the often-unruly reality of freedom”. They have little or no understanding of
politics. The authors questioned one
such engineer named Sergei Koval. When
questioned about what he thought about regimes around the world using his
technology to suppress dissent. His
reply - “All this talk about technology
catching dissidents is just bullshit.
It’s typical of the kind of psychological warfare the Americans use
against their opponents. I think all these arguments about human rights are
completely hypocritical. We just come up with the hardware. It’s just technology that is
developed with law enforcement in mind. Sure, you can use it against the good
guys just as easily as you can use it against the bad guys. One way or another,
these governments will be able to use surveillance technology, whether we
supply it or not.… If governments listen in on people’s conversations, it’s not
the microphone’s fault!”
Who
are the “hacker patriots” and Putin’s on-line trolls? During the 2000s the Kremlin had created
large pro-Kremlin youth organizations, which mostly consisted of youth
recruited in Russia’s regions. Two of the most important organizations were
Nashi (“Ours”), the oldest movement, built up under direct guidance of Surkov,
and Molodaya Gvardiya (“Young Guard”), the youth wing of the pro-Kremlin
political party United Russia. These
people aren’t government employees, hence the Kremlin’s ability to maintain the
façade of “plausible deniability” whenever they are accused of stirring up
trouble. A Ukrainian hacktivist group
named CyberBerkut, which consisted of supporters of the country’s former
president Viktor Yanukovych, who had fled to Russia after the Maidan forced him
from office, claimed to have hacked the email accounts of Ukrainian NGOs. They “obtained” emails from Ukrainian NGOs to
“prove” that the targeted NGOs were not only in touch with the US Embassy but
also received funding from American foundations.
“Digital
Sovereignty”.
In the aftermath of Edward Snowden’s disclosures about the practices at
NSA, an idea sprang from the Russian State Duma. The idea was that meant Russian citizens
should be forbidden from keeping their personal data on foreign servers. The pretext of this “fear” of the surrender
of Russian citizens’ data to American intelligence agencies. In order to keep that from happening, the
Kremlin wanted Facebook, Google’s services, Twitter, Gmail, and YouTube to have
their computer servers on Russian soil.
What this really means is that once the servers of these social media
are on Russian soil, the Russian security services can put in their own
internet controls. They wanted the SORM
boxes installed on these social media services.
Since 2011 the FSB complained they had no way to chat messages and
emails on Facebook and Gmail. “Digital
sovereignty” was their ticket to access.
According to the authors, the Russian government announced in March 2015
that Google had indeed located servers in Moscow.
The
Panama Papers.
In 2016 the Organized Crime and Corruption Reporting Project (OCCRP),
which consists of reporters based all over Europe and the former Soviet Union,
from Azerbaijan to Romania to Ukraine to Russia, had gotten their hands on an
extensive trove of documents detailing offshore Panamanian companies that
government officials and oligarchs all over the world—Russians included—used
for illegal purposes, including fraud, tax evasion, and evading international
sanctions. The Russian journalists
identified multi-million-dollar accounts owned by Sergei Roldugin, a personal
friend of Vladimir Putin. Putin saw the
publication of the Panama Papers as a personal attack on him funded by the United
States Agency for International Development [USAID]. The Russians, especially Vladimir Putin,
thinks of USAID as a CIA front organization that plots to undermine the Putin
regime. WikiLeaks claimed the OCCRP
targets Russia and other former Soviet countries and is paid by USAID and
George Soros.
The Bolotnaya
protests. In
2008, Vladimir Putin was constitutionally ineligible to serve a third
consecutive term as Russian president.
Putin sidestepped this constitutional inconvenience by having Dmitri
Medvedev [Russia First Deputy Prime Minister] run in his place. Medvedev appointed Putin as Prime
Minister. Medvedev was/is Putin’s
puppet. In September 2011, Medvedev
announced he wouldn’t run for re-election and endorsed Putin as his
successor. Many people in Russia were
disappointed at this turn of events.
There wasn’t great love for Medvedev since he was part of Putin’s United
Russia machine. The disappointment came
in that this decision [“the castling”] was made by two men behind closed
doors. The Russian electorate wouldn’t
get the chance to make a decision between Putin or Medvedev. These people saw this development as a lost
chance for thaw, liberalization, or democratization, modernization.
Parliamentary elections took place in
December 2011. An organization named
Golos is the only independent election watchdog organization in Russia, and
Golos uncovered voting fraud in the parliamentary elections. The method exposed is known as “carousel
voting”. Voters of United Russia [Putin’s
political party] would go from polling station to polling station and stuff
ballot boxes. These people were given
false identity papers so they could vote at different polling places, and they
had ballots marked for United Russia. In
different parts of the country, election observers reported results that
exceeded 100 percent. The same people who were angered by Medvedev being dumped
were further angered by the exposed vote fraud.
On December 10, fifty thousand protesters against election fraud
gathered on Bolotnaya Island in Moscow.
The protests were mobilized by Twitter and Facebook, technology made in
the West. It was a nightmare for
Vladimir Putin. In his worldview,
everything is vertical – organized from the top down. There’s always [in his view] a “boss” to
reach out and crush when things become inconvenient. But these protests were united by horizontal
methods [think “whack-a-mole”]. Putin
can whack a lot of moles, but he can’t get them all.
The
2016 Election.
Putin believed Hillary Clinton had been a driving force behind the
Bolotnaya protests in December 2011. He also believed that she and her people
at the US State Department were behind most of the Western anti-Russian
moves—from the US sanctions, to the activities of the Russian opposition, to
journalistic investigations exposing corruption in Russia [specifically the
Panama Papers]. The authors listed instances
where Russia used cyber warfare against in-country dissidents, Kremlin
“enemies” in former Soviet states, and other countries they see as opposed to
Russian interests [France, Germany]. The
authors see the Russian meddling in the 2016 as “our turn” to get a taste of
Russian statecraft. Unlike the Chinese
[whose government directly supervises cyberattacks], the Kremlin uses all kinds
of informal actors for plausible deniability - from patriotic hackers, to
Kremlin-funded youth movement activists, to employees of cybersecurity
companies forced into cooperation by government officials. The authors briefly discuss the actions of
Cozy Bear and Fancy Bear, and the havoc these groups created inside the
Democratic National Committee.
Disruptive
tactics.
-
The use of rank-and-file
hacktivists not directly connected to the state in order to help the Kremlin
maintain plausible deniability;
-
Guidance and protection from
criminal prosecution, provided by the president’s administration alongside the
secret services;
-
Hacked information was published
as kompromat (i.e., compromising
materials) online as a way of smearing an opponent.
One has to listen to Putin’s words [and
those of his spokesman Dmitry Peskov] very carefully, because they are very
adept at parsing words. When they emphasize that no Russian government bodies were involved in
hacktivist activities, they have some plausible deniability. The Russian government isn’t directly involved in these
activities. The Russian government
outsources these activities to informal actors—hackers’ groups and
companies. One thing the Russians didn’t
count on was that in May 2016, that the cyber expert community is now able to
deduce the sources of cyberattacks, including those made by Russia. If an
attack could be attributed to a hacking group with a known history of attacking
similar targets and this group’s attacks consistently worked to benefit one
particular country, cyberattack investigators put two and two together and make
a conclusion. After the Russians were
expelled from the DNC computers, they went on to the next step – kompromat. They released the Democrats’ dirty laundry,
as provided to them by WikiLeaks. The
“laundry” that was released is documented here, as it was in newspapers across
this country.
Why
did WikiLeaks side with the Russians? The arrangement was mutually beneficial. In return for WikiLeaks doing the Russians’
dirty work in digging up dirt on the Democrats and helping disrupt the 2016
campaign, the Russians allowed WikiLeaks to re-locate their servers to
Russia. Perhaps this was WikiLeaks way
of protecting their own operations from Western
snooping-interference-penetration [pick your favorite verb, it’ll fit].
Putin’s
Gift. Vladimir
Putin’s gift to the US was cynicism. He
grew up in the Soviet era where officials never trusted the people. People are unreliable who need to be managed
and controlled. Putin and those like him
think that people can’t come together voluntarily to do something for the
common good. People who try to do
something not directed by the government – his
government - are corrupted by either
foreign governments wishing to do Russia harm, or are corrupted by corporations
[greed]. Nobody is to be trusted. Large sections of America distrust government
and the media, and the Russians exploited the distrust. Russian trolls on Facebook, Twitter and
YouTube spread conspiracy theories about Hillary Clinton. Despite the Russian efforts against Clinton
[and all the dirt they found], the authors characterized the election thusly:
“The
Russian hackers did not compromise polling stations, nor did they affect the
critical infrastructure of the United States during the presidential campaign.
Donald Trump found himself in the White House for a number of very serious
reasons, most of them originating in the United States, not from abroad.”
While the US electoral infrastructure was
not compromised, what was compromised was trust – trust in media, trust in
politicians [which wasn’t high to begin with].
The Russians exploited weaknesses in the American system that were
already there. In an article published
last week on the website Project Syndicate, former CIA analyst Kent Harrington
wrote that Russia was able to “stoke discord along economic, racial, and
political lines” by inundating Google and Facebook with automated messages from
tens of thousands of user accounts. And
Harrington also attributes the gullibility of the American body politic to
civic illiteracy. The hacker patriots
and Putin’s online trolls described by Soldatov and Borogan created English-language sites and Facebook pages that closely mimicked
those created by U.S. political activists. Harrington attributes the lack of civics education
in American schools to a decline in the public’s understanding of issues and the
political process, and made them susceptible to disinformation, what is
now referred to as “fake news”.
In
the authors’ view, though, not all hope is lost. The Russians have many technical means at
their disposal to control political thought.
Putin’s people can coerce their opponents, jail them, smear them, harass
them, monitor them, and sometimes kill them. But Putin’s worldview of a vertical power
structure inhibits his regime’s ability to control the Internet in Russia
because Internet content isn’t generated by the owners of websites and social
media. Internet content is generated by
the users, and anyone with a laptop or a cellphone can participate. As much as he would like it to be so,
Vladimir Putin can’t be everywhere. He
would have to control the mind of every single Internet user, which is not
possible. As a final example of Putin’s inability
to control information, the authors cite the “little green men” in
Ukraine. Russian conscript soldiers
serving in Ukraine are doing more damage than Western media in exposing Putin’s
lies about Russian meddling in Ukraine.
These soldiers are doing so by merely posting images they themselves
took in Ukraine. The Internet enabled
these soldiers to do so. If Putin can’t
control his own soldiers, who can he control?