Cyber Showdown

When Russian Foreign Minister Sergey Lavrov was asked about Russia’s potential involvement in the recent hack of Democratic National Committee emails, he appeared genuinely surprised, just stopping short of giving a four-letter word in response. Indeed, the most amazing thing in this rapidly escalating showdown between Russia and the United States is that Lavrov was probably not acting. Apparently, he had not been consulted.

Since the annexation of Crimea, something strange has happened in the Russian government’s handling of sensitive issues, both inside and outside of the country. Many Western diplomats noted that the Russian Foreign Ministry is no longer in charge of defining policy for Ukraine or Syria. Inside of the country, meanwhile, Russian President Vladimir Putin has replaced politicians in key government offices with his own bodyguards. Regional governors are so stupefied by the purges the Kremlin started last September (there are already three governors under arrest) that they refrain from doing anything in the regions they are supposed to be in charge of.

Only Putin and his entourage can make decisions, and there always seems to be someone in the group with a ready solution when Putin faces another pressing issue. The more sensitive the matter for the Kremlin, the more drastic the ideas tend to be. The U.S. elections are the most sensitive of all. Democratic candidate Hillary Clinton is seen as a tough and uncompromising adversary. The common assumption is that with Clinton in the White House, sanctions on Russia will remain in place. The Kremlin also believes that Clinton, as secretary of state, supported the protests in Moscow in 2011–12. For Putin, this is reason enough to go on the offensive.

Most Kremlin offensives include an aggressive cyber component: denial-of-service attacks on neighboring countries to teach them a lesson; the leak of intercepted phone conversation between Victoria Nuland, the assistant secretary of state for Europe, and Geoffrey Pyatt, the U.S. ambassador to Ukraine, to provoke a quarrel between the United States and Europe during the Maidan protests; trolling international media to promote Russia’s view on the conflict in Ukraine; and the hacking of a power plant in Ukraine.

What we see now is the world’s most entertaining crowdsourcing effort: teams and individuals all over the world are working on hacking the Kremlin’s hackers.

Yet the Russian institutions in charge of cyber—the security services, primarily the Federal Security Service (FSB)—have been slow to adapt to the fast-moving world of the Internet. In the early 2000s, Russian generals were still talking about the menace of Western spying on government communications while the real threat was Chechen separatists and then Islamists using the web for mobilization and spreading propaganda. When, in 2011–12, Moscow’s streets were filled with protesters mobilized through social media, the FSB’s generals publicly said they had no means to deal with the problem. In the middle of the crisis, they sent faxes to the headquarters of VKontakte, the most popular Russian social network, in attempt to close down online dissent (they failed).

And last year, the Russian authorities started sending activists to jail for posting comments critical of the Kremlin, but most of them were identified not by Russia’s notoriously intrusive system of online surveillance called SORM, but because they were either already on the lists of troublemakers compiled by local branches of police and the FSB or they were reported by their interlocutors—a practice dating back to Soviet times.

While the generals hesitated, others took the lead. When some angry students in Siberia launched a cyber attack on Chechen websites in the early 2000s, the president’s office took notice and soon found a new use for pro-Kremlin youth movements: to provide the rank and file for cyber attacks. In the wake of the war in Ukraine, such movements, including Nashi and the Young Guard, the youth wing of the United Russia ruling political party, were turned into recruitment channels for troll farms—bodies of online commenters. Yevgeny Prigozhin is believed to be in charge of one farm in St. Petersburg. He is a restaurateur with close and informal ties to Putin’s inner circle, and he catered Putin’s re-inauguration in 2012.

As result, although the security and intelligence services have cyberwar capabilities, most of the actual strikes come through other channels. According to reports, the Russian technology company Qrator, which provides services to mitigate denial-of-service attacks, was approached by an official from Russia’s communications ministry in the summer of 2015. The company was asked to lend a specialist to help with something “sensitive.” The company agreed, and the head of Qrator’s service operation was soon contacted by a departmental head at Rostec, the state industrial holding and a giant in the Russian arms sector. The Qrator programmer was told to come to Sofia, Bulgaria. In Sofia, he was asked to help with a “product to organize DDoS attacks.” Qrator’s specialist, who was supposed to help with improvements to the product, was then astonished to have it launched and tested against the website of Ukraine’s Defense Ministry and liberal Russian media. He was disgusted and frightened: he soon left the company and the country. But he was the rare exception.