So far the sole beneficiaries of Russia’s dealings with Central Asian states, in exchange for their support for Moscow’s regional ambitions, have been Central Asia’s security services. Russia’s initiative to unite China and Central Asia within a new security alliance led by Moscow has helped facilitate the abduction of suspected terrorists, separatists, and extremists outside normal procedures. All Russia got was some more prestige, but the Kremlin has deliberately turned Russia into a hunting ground for the security services of the most authoritarian regimes in Central Asia.
18
HACKERS
B
EYOND ITS PHYSICAL reach, Russia’s security services maintain a sophisticated alliance with unofficial hackers, such as those who carry out cyber attacks on the Web sites of enemies of the state.
In 2005, a group of adamantly pro-Kremlin, anti-Western Internet activists started to gather in electronic forums in Russia. One such forum was maintained on the website Informacia.ru. The activists were not connected to the state, nor were they high-level experts in computer technology, but they knew their way around the Internet. Angered by the activities of Chechen rebels on the Internet, they felt the Russian government had been ineffective in dealing with Web sites that called for violent rebellion, including the use of weapons and bombs. These activists decided to use their own methods. They paid an expert $500 to write a program that would launch what is known as a “denial of service” attack on a Web site—a simple but effective way to disrupt a site, at least temporarily, by swamping it with outside requests or messages.
In August 2005, the group registered its own Web site, Anti
center.org
. It had a striking black background with an insignia depicting crosshairs aimed at what appears to be an Arab man wearing a kaffiyeh. Defining itself as “Civilian Anti-Terror,” the site carried a call to action against what it described as extremist and terrorist Web sites. At the top of its list were Chechen rebel sites. “The main target of our community is the complete destruction of Web sites that propagate terror and violence, distort facts, and lie to their readers.” Five main Web sites of the Chechen rebels were listed. They also announced their intention to attack the Web sites of the National Bolsheviks, a marginal opposition party.
Anticenter.org
boasted of twenty-five successful cyber attacks, many of which were aimed at the Chechens. For example, on December 5, 2005, the site proclaimed, “Most of the day the Web site of Chechenpress.info was unavailable. Access to the last mirror of the Web site was made seriously difficult.” On December 2, they “closed down the Web site Imam-tk.fastbb.ru.” On December 1, “as a result of activities of Civilian Anti-Terror hackers,
Chechenpress.net
has a big problem. In the last few hours, we see failures in the last mirror of the same Web site, Chechenpress.info, which has been targeted by a people’s attack. We call for all our visitors to download a program for attacking the last mirror, Chechen press.info.”
In 2006, for reasons unknown, the group closed down
Anticenter.org
. But before it disappeared entirely, Anton Moskal, a liberal computer programmer in St. Petersburg, had noticed it and taken the precaution of downloading everything on the Web site. On May 28, 2007, Moskal got a call at his home from a man who identified himself as “Stanislav” from the FSB National Antiterrorism Committee. He had a simple request—he was hunting for the Civilian Anti-Terror group and was interested in learning more from what Moskal had downloaded.
1
In a twenty-minute conversation, which quickly turned to Moskal’s patriotism and an imminent necessity to combat terrorists’ websites, the programmer tried to explain to Stanislav that he by no means shared the views of the
Anticenter.org
site, had no connection to the Web site, and had merely copied its content. But Stanislav, unconvinced, left Moskal his office phone number, ostensibly with the hope of recruiting his help. He seemed to be trying to recruit Moskal for help in tracking the Web sites. He invited Moskal to phone him if he had any more information about the hackers behind
Anticenter.org
.
2
DURING THE LONG wars in Chechnya and the periods of calm in between, the Kremlin found it particularly vexing that Chechen rebels could communicate effectively with the press and outside world through the Internet. The first and most important Chechen Web site was
Kavkaz.org
.
3
Launched by Movladi Udugov, the main Chechen spokesman since the first Chechen war, the Web site soon became the principal mouthpiece for the Chechen leadership’s opinions and an effective propaganda tool against Russian troops.
During the first Chechen war, Russian and foreign journalists managed to slip through Russian lines and were well provided with information from the other side. Television and press coverage was welcomed by Chechen rebels, who granted access to scenes of destroyed Russian equipment and dead Russian soldiers. Udugov, meanwhile, made comments online and frequently appeared on television. Russia’s defeat in the first Chechen war was explained in Moscow by unpreparedness in the “information war.” When the second Chechen war broke out in 1999, Russian troops did their best to prevent journalists from getting information provided by rebels.
In December 1999, when Russian troops stormed Grozny, a few journalists stayed in the city, including Masha Eismont, a Reuters correspondent, and Andrei Babitsky, a journalist for Radio Liberty. Their reports angered the Russian authorities, and FSB spokesperson Alexander Zdanovich accused foreign intelligence agencies of manufacturing the news to undermine support for the war effort.
4
Both journalists were intimidated and detained.
5
Russian newspapers and television channels seem to have learned the lesson: Journalists were ordered not to report from the Chechen side, due to the danger. Lacking journalists in the field, the media turned to information provided directly by the rebels through
Kavkaz.org
. For instance, on May 7, 2000, Russian forces denied claims by rebels that they had shot down a Russian Su-24 jet fighter bomber. But then a picture of Chechen fighters holding parts of the plane’s wreckage appeared on
Kavkaz.org
, and the Army was forced to admit the claim was true.
6
Primarily designed to influence foreigners,
Kavkaz.org
appeared in Russian, English, and Turkish, and its news, interviews with Chechen warlords, video footage, and photographs drew viewers from news media and specialists around the world. In May 2000 Michael Randall, a Chechnya expert at Britain’s Institute for War and Peace Reporting, told Radio Liberty that although
Kavkaz.org
was prone to exaggeration, its information was usually grounded in fact. He credited the site with helping to keep the Chechen situation in public view, by focusing on issues like the abuse of Chechen civilian and military prisoners held by the Russians.
On August 31, 1999,
Kavkaz.org
was attacked by hackers for the first time. They displayed on the home page a picture of Mikhail Lermontov, the famous Russian poet and a symbol of Russian empire in the North Caucasus, wearing a commando outfit and holding a Kalishnikov. Messages like “This site has been closed down at the request of Russian citizens,” signed “The Siberian Web Brigade,” were also posted on the Web site.
7
Kavkaz.org
came under attack again in January 2002 when a group of students in the Siberian city of Tomsk launched a “distributed denial of service” (DDoS) attack. The group consisted of seven people and was headed by Dmitry Aleksandrov, who had fled Chechnya for Tomsk in 1996. The students claimed to have pressured the rebel Web site for three years, attacking it and sending warning letters to hosting providers in the United States and Canada.
8
The FSB’s department in Tomsk appeared to be fully informed about the activity of the hackers, and put out a press release defending the students’ actions as a legitimate “expression of their position as citizens, one worthy of respect.”
9
AT THE TIME the students were acting, the Russian intelligence community possessed highly sophisticated cyberwar abilities. If they had wanted to join in the cyberwar against the Chechen sites, they certainly could have. But they chose not to.
The KGB successor in the electronic intelligence field was the Federal Agency of Government Communications and Information, which had grown out of the eighth and sixteenth departments of the KGB and dealt with encoding/decoding and radio interception, respectively.
10
Like the U.S. National Security Agency, the communications agency was responsible for information security and signals intelligence. While it did not enjoy the level of resources available to the National Security Agency, the Russian communications agency inherited the KGB’s excellent mathematics school, which became the FSB’s Institute of Cryptology; its facilities abroad, including two signal intelligence/electronic intelligence bases overseas, in Cam Ranh Bay, Vietnam, and Lourdes, Cuba; and the so-called Third Chief Directorate, responsible for eavesdropping abroad.
11
Only a few people outside the agency knew the official name of the secretive Third Directorate or were aware of its activities.
12
The cyber facilities of the communications agency were highly regarded by American experts: It was said to have both the authority and the capability to penetrate all government and private information services in Russia. It also has reportedly been successful in collecting intelligence on foreign business ventures, including confidential bank transactions.
13
Starting in the mid-1990s the communications agency took an interest in controlling the Internet, at least inside Russia. In hearings in 1996, its deputy director, Colonel General Vladimir Markomenko, told the State Duma that “the Internet poses a threat to National Security,” and the agency was empowered to monitor electronic, financial, and securities transactions and other communications, including private Internet access.
*
14
Within this sophisticated agency, the primary concern was not Chechen propaganda but protecting the communications networks from intrusion by foreign intelligence services. The professionals in information security were not interested in being at the vanguard of Russia’s cyberwarfare against the Chechens.
15
The communications agency’s Third Directorate was absorbed into the FSB in 2003. By this time, it appeared that hackers with no direct government connections were the most suitable tool for Russian authorities to attack Chechen rebel Web sites. Russian officials publicly announced their displeasure with the Chechen Web sites; unofficial hackers gleaned the message and went into action, allowing the authorities to maintain their distance from the perpetrators.
Soon independent hackers, encouraged by the Kremlin, expanded their attacks far beyond Chechen Web sites; the same hackers’ groups began to target the Web sites of opposition media and political groups. They targeted extremist groups like the National Bolshevik Party, opposition groups like that of Garry Kasparov, and mainstream media outlets like the newspaper
Kommersant
and Echo Moskvy radio.
The authors believe it possible that certain groups of these hackers were guided not by the security services but by the administration of the president. Other youth movement groups had been organized by the Kremlin administration, so the hackers might well have been, too. The Kremlin openly showed interest in non-traditional methods on the Internet, including mobilization of youth for spreading propaganda. In May 2009, the “Kremlin school of bloggers” was launched. A forum for teaching bloggers how to disseminate their views, it was headed by political technologist Alexei Chadayev, an associate of Gleb Pavlovsky, who had orchestrated numerous Internet propaganda projects at the request of the Kremlin in Putin’s time.
16
The school’s personnel consisted of eighty people drawn from all Russian regions, each mentoring several other activists. Upon graduating, its students would be deployed to organize information campaigns on the Internet.
17
In all these cases, the Kremlin did not have to use FSB resources to attack objectionable Web sites; it could simply steer the growing community of “hacker-patriots” in the right direction.
After a major terrorist attack in Nalchik on October 13, 2005, the Russian Foreign Ministry complained that the Chechen Web site was still going strong on a Swedish server. “Unfortunately,” the ministry’s site said, “the Swedish authorities up to now have not taken any concrete steps to block the dissemination” of the Chechen Web site, which had now become Kavkaz- Tsentr.
18
The official statement appears to have unleashed the unofficial hackers. Within twenty-four hours, the Russian Web site Mediaactivist.ru launched an attack against Kavkaz-Tsentr as well as Echo Moskvy radio,
Novaya Gazeta
, and Radio Liberty. The campaign was openly declared and had as its slogan “Let’s shut the mouths of the helpers of Kavkaz-Tsentr!” It resembled a spam-provoking campaign: Mediaactivist.ru posted a list of email addresses that hackers could attack with their letters.
19