Digital technology, media and intellectual property
Random header image at GB Media

HOLY CYBER!! Part 2 of “THE RUSSIANS ARE COMING!!

April 20th, 2017 |  Published in Cyber security

 

[  Part of a continuing series; for Part 1 click here ]
 
 
 
A gentle tiptoe into the Russian hacking of the political process, the Chinese hacking of the commercial process … 
 
and several aspects of the economics, politics and technology

of cyber war

 
 
 
Putin ear cocked
 
 
 

20 April 2017 (Athens, Greece) – Since I wrote Part 1 of this series we’ve had two notable events:

 
 
 
  • Massive protests against alleged corruption in the federal Russian government took place simultaneously in many cities across Russia, leading to the jailing of Alexei Navalny, a Russian lawyer, political activist and politician whom many (inside and outside Russia) is deemed to be “the man Vladimir Putin fears most”
  • A bomb blast on a St Petersburg metro train killed 11 people and wounded dozens more, with the Western intelligence community framing the issue in a way that suggested Putin and the Federal Security Services could have been behind the attack, a not irrational idea.

I was in Moscow during this period but for an unrelated event: Moscow has spent huge amounts of money and political capital to effect smart digital technology to join the “smart city” rage across the world: sensor networks for street lights, parking, waste disposal and so on, and a lot of underlying digital processes. Having just gone through a “smart city” tour of London, I wanted to understand how Moscow differs from a city such as London which has a roughly comparable metro area population.

 
 
 

But I also took some time to chat with a few “cyber friends” and political associates and I focused on one element: how could a system, so astute in its recent antics on the world stage, brilliantly exploiting information-age tools to confuse audiences about what is truth, what isn’t, and setting their own narrative … miss such widespread organized protest?! Did somebody miss the email?

 
 
 

First, I was reminded of a little recent history. The killing of Boris Nemtsov, one of Putin’s harshest critics, in 2015 on the Bolshoi Moskvoretsky Bridge, a stone’s throw from the Kremlin wall, was intended as a final message to the opposition. It came after three years of constantly leaked audio recordings of Nemtsov’s mobile phone calls and documents … clearly material only available to the Russian security ser­vices.

 
 
 

Friends told me two days later crowds gathered in the center of Moscow to honor Nemtsov. People carried flowers-white roses, yellow chrysanthemums, and red carnations. In contrast to the boister­ ous protests of recent years, the crowd was quiet; almost nobody spoke of the killing or showed their anger. Some carried Russian flags with a black ribbon in a sign of mourning; others brought placards that said simply, “I do not fear.”

 
 
 

The wiretapping of Nemtsov and then his murder just over three years later are two strands in a larger narrative about Russia today, one that was well understood by many Russians. The interception of his calls and their release was an attempt to unnerve Nemrsov and send a message to Putin’s opposition. The killing of a char­ismatic politician near the Kremlin wall was an attempt to send a message to fear to everyone. Both events spoke volumes about how the Kremlin has wielded power in recent years and, in partic­ular, how Putin has confronted the rise of the Internet.

 
 
 

As I wrote earlier, fear … and self-censorship caused by fear … were for centuries essential to the system of government in Russia, from imperial times through the Soviet period and into the present. The leaders often dealt in the currency of threats and intimidation. Since 1999 Andrei Solodotov has chronicled the activities of Russian secret services (he provided me the story in Part 1 of this series on how Google’s Russia HQ is a mere 3 floors below the Federal Secu­rity Service, or FSB, the main successor organization to the KGB which monitors Russia’s internet). Putin and his former Soviet KGB officers’ presence in today’s corridors of power came to dominate the way Putin views the world. He and his colleagues from the security services brought to their governance the old mindset that threats existed and had to be countered. First and foremost they had to fight any threat to the stability of the political regime, which meant any threat to their hold on power.

 
 
 

A few years ago when Putin announced he would return to the Kremlin after his “hiatus” as premier, he touched off massive widespread protests by thousands of voters who felt insulted and angry at how the decision was made … a size and breadth of protests not seen before. Putin sensed a new threat: the internet. It was the internet that proved vital to mobilizing those demonstrations that echoed off the Kremlin walls.

 
 
 

Said another colleague:

Yes, on the surface, the system the Kremlin created was techni­cally advanced and well-orchestrated, with special roles assigned to different actors. Parliament was tasked with producing a row of repressive legislation. Pro-Kremlin hacktivists and trolls were hired to attack and harass liberals online. To spy on and intercept the opposition, the security services got a nod. FSB was handed the power to censor and filter the Internet. Friendly oligarchs were asked to bankroll and take over media companies, both traditional and new media, to bring them to heel as well as called upon to take over Russia’s Internet companies when nec­essary to strengthen the Kremlin’s hand with services that were popular among tens of millions of people. Finally, to provide sur­veillance equipment, manufacturers were selected, both domestic and international.

But what happened, my cohorts tell me, is that a mish-mash of technology turned out to be unsophisticated; thou­sands of sites were blocked by mistake, and users could easily find ways to make an end-run around it. Ar the same rime, very few people in Russia were actually sent to jail for posting crit­icism of the government online. This is a far cry from the fre­quent and brutal persecution of people in China and Turkey, for example, for their opinions. Even with all the mechanisms avail­able, relatively few new media organizations were actually closed down; many more were simply brought to heel. Said Irina Morgana:

 
 
 

Russia did not need to be as repressive or technically sophisticated as, say, China. Putin did not need to carry out mass repression against journalists or activists; he could get results just as effectively by using the tools of threat and intimidation, which is what he did. He carried a big stick, but he didn’t always use it. Putin could be remarkably effective with the threat of the big stick. Russian Internet freedom has been curtailed. The thriving Internet companies, many of them starred in Russia from scratch in an environment of a free and open Internet, agreed to work under state censorship without creating much of a fuss. When invited to talk to Putin, they were so intimidated that they avoided raising the issue of sustaining Internet freedoms. They twisted arms more often than they cut wires.

Bang. Putin’s system is effective as long as people are certain the Kremlin is in control, that the stability of the political regime is unperrurbed. Intimidation is essential in this environment, and it sends an unmistakable message: we are watching you, we are in charge, and there is no way to hide from us.

But what happened say my friends is the dynamic was trans­formed. In a crisis a tidal wave of content is generated and shared in real time. A single message can be copied by millions, and here the Putin system of control cannot cope. It is built to zero in on a few troublemakers, not millions of average users. In times of instability it is average users who spread the information, and the Putin system then breaks down.

Quoting Andrei again:

The Internet today is the printing press of the past. Just as the invention of a printed page once enabled a free flow of ideas, so now simple tools like VKontakte [a massive Russian social network] and Facebook, widely used every day by average people in Russia, have created an environment in which information cannot be stopped.

All I could think of was that classic book by Christopher Hill “The World Turned Upside Down” about the Civil War in England, a work devoted to the radical thinkers of the time. Hill explained why the Revolution caused such a flow of radical ideas. I cannot find an exact quote (Google? what happened, dude?) but it was pretty much that the extensive use of the press made it  easier for eccentrics to get into print than ever before or since. The point Hill made was publishing had not yet developed into a capitalist industry, a capitalist tool.

To my Russian friends, today, for them, the Internet is the “everyman’s platform”. To control it, Putin would have to control the mind of every single user, which simply isn’t possible. Said Irina

Information runs free like water or air on a network, not easily captured. The Russian conscript soldiers who posted their photographs taken in Ukraine … the death, the destruction, the subterfuge, the Russian “unmarked” soldiers marching into Crimea … all posted on VKontakte … did more to expose the Kremlin’s lies about the conflict than journalists or activists. The network enabled them. You had all of these inexperienced young men, boasting of their exploits, bragging to their families what they had done. With photos.   

This is not to belittle the bugging, interception, and technical surveillance operations of the Russian intelligence services. Some of their developed technology is astounding. For instance, they can intercept a human voice from the vibrations of a window. I am sure Western intelligence is just as innovative but I was bowled over by some of the surveillance technology out there.

Russian’s citizen opposition clearly has found a way to cope. And there are a lot more details I did not wish to disclose.

As I said in Part 1, for us the issue remains the same. The West is behind. The collapse of the Soviet Union left the west without an ideological competitor, paving the way for complacency. How now to deter an opponent that has created powerful lobbying networks inside western societies? Such a state, which has been integrated into the world trade and security systems, cannot be successfully deterred. And the Kremlin’s assertiveness has been a way of forcing the west to engage on Moscow’s terms. Today it understands that bullying behavior is self-defeating, so it has adopted tactics designed to split the liberal world.

Coming in Part 3

 
 
 

In the dark world of cyber-espionage, the finger of blame has often been pointed at China. With good reason. I shall leave you with this forbidding tale from a very knowledgable hacker-turned-security expert:

 
 
 

So I had been hired by a large, online entertainment company. And here is the intrusion I found:The Chinese hacking team first went into a subcontractor, a global offshore payment processor that handled credit-card transactions, and then, having gained possession of that network, quietly entered the Company through a legitimate back door that had been installed on the Company’s network to administer consumer accounts. The initial breach was a work of art. The Chinese wrote a piece of customized software purely for that job. It was a one-of-a-kind ‘callback dropper,’ a Trojan horse that could be loaded with any of many malware modules, but otherwise stood empty, and regularly checked in with its masters to ask for instructions. Once inside the network, the Chinese were able to move laterally because the Company, for the sake of operational efficiency, had not compartmentalized its network. 

First, using ‘bounce points’ within the network to further obscure their presence, the hackers went after the central domain controller, where they acquired their own administrative account, effectively compromising 100 million user names and passwords and gaining the ability to push software packages throughout the network. 

 
Second, and more important, the Chinese headed into the network’s ‘build’ system, a part of the network where software changes are compiled and then uploaded to a content-distribution network for the downloading of updates to customers. In that position they acquired the ability to bundle their own software packages and insert them into the regular flow, potentially reaching 70 million personal computers or more. 
 

But, for the moment, they did none of that. Instead they installed three empty callback Trojans on three separate network computers and left them standing there to await future instructions. I concluded that the purpose was to lay the groundwork for the rapid construction of a giant botnet.

We caught it. But you know what? I suspect this same payment processor vulnerability was clearly exploited at other companies, as well, as part of a plan to launch this giant botnet as part of a global cyber-war. Considering I only caught the attack due to one small error made by the hackers, the discovery is unnerving. 
 
 

And coming in Part 4 and beyond ….

 
 
 

We start to roll out our video interviews in several parts and discuss not only the importance of technology in cyber security but also the need to understand the human element. Yes, we need to deal with firewalls, routers, wireless access points,  physical aspects such as locks, security guards and fences. And the latest “new new” thing: applying AI and machine learning to the cybersecurity problem. But there is so much more.

 
 
 

So in Part 4 we start with our video interview of David Grout of FireEye who sets the “cyber table” for us and puts it all in perspective.

 
 
 

About the author


Email | All posts by

"The mind that lies fallow but a single day sprouts up follies that are only to be killed by a constant and assiduous culture."
Latest Videos

Un aperçu de la FIC 2017 / A quick look at FIC 2017 (Lille, France)

Cybersecurity: a chat with John Frank, Vice President EU Government Affairs for Microsoft

From Legaltech NYC 2017: a chat with Andy Wilson of Logikcull

5G is coming ... and it's going to blow you away. Yes. Really.

The Internet of Things ... or the cybernetic consortia? (Part 1)

From the Mobile World Congress 2016: an introduction