Russia’s Attack On Web Freedom

Uploaded on 2017-02-07 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News

Two years have passed since Edward Snowden exited Moscow’s Sheremetyevo airport and began a new life in exile. His revelations of hitherto unknown US and UK programmes of mass surveillance initiated a global debate, and some minor reforms. 

President Obama vowed to stop spying on Angela Merkel and other friendly western leaders. But what happened in Russia, the host country where Snowden now appears to be indefinitely stuck?

The answer is a dispiriting one, at least according to Andrei Soldatov and Irina Borogan, two brave Moscow-based journalists who have followed the development of the Russian internet since its earliest days. The timing of Snowden’s arrival in Russia in summer 2013 was lousy, they write. The Kremlin was in the middle of a large-scale offensive against internet freedoms.

Russia’s spy agencies have the ability to snoop on emails via Sorm, a sophisticated system first developed by the KGB to eavesdrop on phone calls. 

The FSB’s (Federal Security Service) legal powers go well beyond those of the US National Security Agency or GCHQ. Russian internet service providers are obliged to install Sorm black boxes; they have no clue as to what Russian intelligence agents choose to intercept.

Soldatov and Borogan argue that what troubles Vladimir Putin is that the servers of big global platforms such as Facebook and Twitter are located in the US. Russia’s president takes a dim view of the Internet, which he personally doesn’t use. 

In 2014 he dubbed it a “CIA project”. The challenge for the Russian authorities, as they saw it, was to force these US-hosted platforms to relocate their servers to Russian territory. There, of course, the state could control them.

Soldatov and Borogan are Russia’s foremost experts on Putin’s security services and the founders of the website Agentura.ru. At a time when investigative journalism is practically extinct in Russia they have courageously kept going. 

The Red Web is a masterful account of the struggle between two opposing forces, the Kremlin and its longstanding desire to control information versus the unruly and horizontally mediated world of ordinary digital citizens.

Soldatov and Borogan argue that Snowden’s unexpected presence in Moscow, he was trying to get to Latin America, was a gift to the Kremlin. Snowden might have hoped that his revelations would trigger a debate inside Russia over domestic Internet surveillance, and its limits, as they had in most of the western world. (The exception is Britain, where details of the government’s mass data-scooping were met with a yawn.)

Instead, the Russian authorities gleefully used Snowden and his leaks as a pretext to roll out new repressive measures. Russia’s federal agency for supervising communications, Roskomnadzor, blacklisted sites under a deliberately fuzzy law prohibiting “extremism”. Bloggers with more than 3,000 followers were forced to register with the government. Independent news portals, including one run by former chess champion Garry Kasparov, were banned. All this was done under the banner of “digital sovereignty”.

Meanwhile, Sorm was beefed up. Another law compelled phone companies and internet providers to keep data for 12 hours, so the state might examine it. The FSB got a new and powerful weapon too: deep packet inspection or DPI. This allows the agency to read everyone’s emails and to weed out websites belonging to those it deems to be politically unacceptable.

Moscow turned up the heat up on foreign platforms too. Soon after Putin seized Crimea, it asked Twitter to close the account of the far-right Ukrainian party, Pravy Sektor. Twitter complied. The response generally from western tech giants to the Kremlin’s onslaught against free speech was remarkably spineless. Google, Twitter and Facebook all scurried to Moscow to meet with government representatives.

Soldatov and Borogan are scathing about Snowden’s response to all this. Apart from one question to Putin during a 2014 televised phone-in, when he asked about Russia’s surveillance practices, Snowden has been silent. He doesn’t comment on Russian affairs. He gives interviews to visiting Americans and others, but won’t meet Russian reporters or Moscow-based foreign correspondents. Soldatov and Borogan tried to see him and failed.

In Snowden’s defence, his reluctance to criticise the Kremlin is understandable: he is a man with few options. Negotiations to cut a deal with the US administration petered out some time ago, and if he returns home Snowden faces espionage charges that don’t allow him a public-interest defence. 

One suspects he would like to say more about Russia’s Internet clampdown. And Snowden is this century’s most important whistleblower, not a Russian agent, as his lazier critics have claimed.
Still, Soldatov and Borogan suggest he has failed to rise to the challenges of his situation. Snowden is fond of quoting the UN declaration of human rights, they note, but ended up in a country with a miserable human rights record. 

For months, they add, he pretended he wasn’t in Russia “but just somewhere”. In the words of Stas Kozlovsky, the leader of Russia’s Wikipedia community, which were said in sorrow not anger: “Snowden could have done good things globally, but for Russia he was a disaster.”

Since Putin’s undercover invasion of eastern Ukraine the attack on the country’s independent media, what’s left of it, has got worse. The Kremlin uses an array of methods. They include denial-of-service attacks against opposition websites, and an army of paid “trolls” who post pro-Putin comments on Russian and western news outlets, including the Guardian. The trolls sit in a comfortable glass office in St Petersburg. They earn $900 a month, the authors report.

In recent months, Russia’s two homegrown internet giants – the search engine Yandex and social networking site VKontakte – have come under pressure. VKontakte’s founder Pavel Durov fled after two Kremlin-friendly billionaires bounced him from the company. Another oligarch, Alexander Mamut, fired the editor of the website Lenta.ru after it carried an interview with a Ukrainian nationalist leader. (Mamut owns the Waterstones bookshop chain and has a son at a British boarding school.)

The Russian state doesn’t always prevail, though. Predictably, Roskomnadzor banned a blog by the anti-corruption campaigner Alexei Navalny. A computer geek called Ruslan Leviev found a technical way of outwitting this censorship, and Navalny’s journal remains online. Putin insists Russian troops are not fighting in Ukraine; investigative journalists didn’t puncture the lie – rather, it was Russian soldiers who exposed it by posting photos of themselves on VKontakte.

Soldatov and Borogan’s previous book, The New Nobility, is a lucid study of how the FSB became Russia’s pre-eminent institution. The Red Web is good at tracing how the spy agency’s modern tools of digital repression build directly on technologies devised and perfected, often with extraordinary creative skill, during the long KGB era. For example, the KGB set up secret acoustic laboratories dedicated to creating a secure telephone system. 

They also pioneered technologies that allowed its spies to recognise the identity of a speaker on the phone. This clandestine science got its own name: phonoscopy.

The KGB’s efforts to keep a lid on information were extensive, with paranoia never far away. In 1952 a young physicist called Vladimir Fridkin developed the Soviet Union’s first photocopier. Five years later he was forced to destroy it, after the KGB twigged it might be used to reproduce forbidden journals.

The Red Web is part detective story, as Soldatov and Borogan track down former KGB operatives and persuade them to talk. They meet a woman “controller” whose job it was to sit for hours in front of a whirring tape machine in one of the KGB’s gloomy secret recording studios. This was tedious work and, as espionage goes, not terribly efficient: Soviet phone lines were often poor and it took hours for the controllers to transcribe what they had heard. The Kremlin’s instincts were totalitarian; reality was messy and incomplete.

Few of those involved in spying on their fellow citizens, express regret. The journalists meet an ex-KGB engineer who, after the fall of the Soviet Union, set up a private company specialising in speech recognition. The firm flogs its technology to the FSB and to despotic regimes around the world, where it is used to catch dissidents. Asked if he had any qualms, the engineer shrugged: “We just come up with the hardware.”

Guardian:          Russia To Block LinkedIn:          For Russian journalists fighting hacks is part of the job:
 

 

« US And UK Agree To Take On Islamic State In Cyberspace
Lloyds Bank Cyber Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

AgilePQ

AgilePQ

AgilePQ visibly secures IoT devices worldwide to protect the privacy, safety, and well-being of all people.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.