Posts Tagged ‘FSB’

Putin’s Plan

December 17, 2019

The title of this book is identical to the title of a chapter in Messing with the Enemy an excellent book by Clint Watts. In the fall of 2015 Russia’s dedicated hacking campaign proved to be unique in history. Unlike the hacking of criminals, Russia didn’t pursue indiscriminate breaches for financial gain. It sought information from politicians, government officials, journalists, media personalities, and foreign policy experts numbering in the thousands, according to government and media estimates.

The Russians had perpetrated cyberattacks as part of its military campaigns prior to invading Georgia in 2008, when it defaced and disabled Georgian government websites as part of a psychological warfare campaign. In 2014, a pro-Russian group called CyberBerkut surfaced alongside Kremlin hackers and penetrated Ukraine’s Central Election Commission, altering the nation-wide presidential vote in favor of Russia’s preferred candidate, Dmytro Yarosh. Fortnately, the Ukrainian caught the manipulation before the results were aired. Throughout 2015 and 2016, Ukrainian businesses and government agencies suffered endless cyber assaults. The Blackenergy attack struck power grids of the Ivano-Frankivsk region of Ukraine, disabling electricity during one of the country’s coldest periods. Watts writes, “These attacks, though, sought to damage infrastructure and undermine Eastern European countries through humiliation and confusion. The Russian-connected breaches surfacing in America, though, sought something different.

Beginning in the late summer of 2015 and extending through the fall, Russia undertook the largest, most sophisticated, most targeted hacking campaign in world history, breaking into the email accounts of thousands of American citizens and institutions. Analysts believe that the cyber offensive was perpetrated by two of Russia’s intelligence agencies: The Main Intelligence Directorate, known as GRU, and the Federal Security Service, known as FSB, which is primarily an internal intelligence arm, but is particularly sophisticated in cyber operations.

The GRU and FSB operatives act as Advanced Persistent Threats (APTs), a reference to their dedicated targeting and a wide array of cyber-hacking techniques. APTs have sufficient resourcing to stay on their targets until they penetrate the systems they want to access. They use a range of techniques, from the simple to the complex, employing all forms of social engineering and specifically tailored malware known as “zero days.”

These Russian APTs were known as APT28 (Fancy Bear) and APT29 (Cozy Bear). They represented competing Russian hacker groups seeking access and compromising information from democratically elected officials adversarial to Russia, media personalities (particularly reporters who interfaced with anonymous sources), military leaders, academic researches, and policy think tanks studying Russia. In other words, anyone and everyone opposing Russia was targeted in hopes that their private communications, if revealed, would undermine the credibility of a Russian adversary and/or sow divisions and mistrust between the targeted individuala and those they maligned in private.

“Spearphishing” is the most useful and common technique for gaining access to users’ accounts. Messages made to appear legitimate would tell them they needed to sign in to change their username, and users often complied.

In the fall of 2015 the Kremlin election hacking wave began. In September 2015, the Democratic National Committee (DNC) was breached. Both Fancy Bear and Cozy Bear breached the DNC in separate attacks. Separately, hackers penetrated the Democratic Congressional Campaign sometime around March or April 2016.

By 2016, Russia had advanced from spearphising of political parties to “whalephishing” of key political operatives and government officials. Whalephishing targets prominent individuals within organizations or governments whose private communications likely provide a wealth of insight and troves of secrets to propel conspiracies. The campaign manager of Hillary Clinton, John Podesta, proved to be the biggest whale hacked in 2016.

The troll army’s interest in the U.S. presidential collection gained steam toward the end of 2015. The following article in Sputnik caught Watt’s eye, “Is Donald Trump a Man to Mend US Relations with Russia?” At the time Trump’s campaign seemed more a celebrity stunt than a deliberate effort to lead the nation, but the post was curious, given that Russian disdain for both parties and their leaders had historically been a constant.

Watts writes, “From then on, the social media war in America surrounding the election prove unprecedented, and the Russians were there laying the groundwork for their information nuclear strike. Russian state-sponsored media, the English-speaking type, was quite clear: Putin did not want Hillary Clinton to become president. Aggressive anti-Clinton rhetoric from state-sponsored outlets, amplified by their social media trolls, framed Clinton as a globalist, pushing democratic agendas against Russia—an aggressor who could possibly bring about war between the two countries. The trolls anti-Clinton drumbeat increased each month toward the end of 2015 and going into 2016.”

Continuing, “Trump’s brash barbs against his opponents were working unexpectedly well. Kicking off 2016, the troll army began promoting candidate Donald Trump with increasing intensity, so much so that their computational propaganda began to distort organic support for Trump, making his social media appeal appear larger than it truly was.”

Wikileaks released Clinton’s emails. Five days after the WikiLeaks’ dump of DNC emails, Trump announced, “Russia, if you’re listening, I hope you’re able to find the thirty thousand emails that are missing…I think you will probably be rewarded mightily by our press.” Watts writes, “I watched the clip several times, and a sick feeling settled in my stomach. I’d watched the Russian system push for Trump and tear down Clinton, but up to that point, I hadn’t believed the Trump campaign might be working with the Russians to win the presidency. I’d given briefs on the Russian active measure system in many government briefings, academic conferences and think tank sessions for more than a year. But nothing seemed to register. Americans just weren’t interested; all national security discussions focused narrowly on the Islamic State’s recent wave of terrorism in Europe. I did what most Americans do when frustrated by politics. I suffered a Facebook meltdown, noting my disbelief that a U.S. presidential candidate would call on a foreign country one already pushing for his victory, to target and discredit a former first lady, U.S. senator, and secretary of state.”

Watts writes, “By Election Day, allegations of voter fraud and the election being rigged created such anxiety that I worried that some antigovernment and domestic extremists might undertake violence.” But there was no need to worry. Putin’s candidate had won.

Cyberwar

October 31, 2018

“Kiselev called information war the most important kind of war. At the receiving end, the chairwoman of the Democratic Party wrote of ‘a war, clearly, but edged on a different kind of battlefield.’ The term was to be taken literally. Carl von Clausewitz, the most famous student of war, defined it as ‘an act of force to compel our enemy to do our will.’ What if, as the Russian military doctrine of the 2010s posited, technology made it possible to engage the enemy’s will directly, without the medium of violence? It should be possible as a Russian military planning document of 2013 proposed, to mobilize the ‘protest potential of the population’ against its own interests, or, as the Izborsk Club specified in 2014, to generate in the United States a ‘destructive paranoid reflection. Those are concise and precise descriptions of Trump’s candidacy. The fictional character won, thanks to votes meant as a protest against the system, and thanks to voters who believed paranoid fantasies that simply were not true… The aim of Russian cyberwar was to bring Trump to the Oval Office through what seemed to be normal procedures. Trump did not need need to understand this, any more than an electrical grid has to know when it is disconnected. All that matters is that the lights go out.”

“The Russian FSB and Russian military intelligence (the GRU) both took part in the cyberwar against the United States. The dedicated Russian cyberwar center known as the Internet Research Agency was expanded to include an American Department when in June 2015 Trump announced his candidacy. About ninety new employees went to work on-site in St. Petersburg. The Internet Research Agency also engaged about a hundred American political activists who did not know for whom they were working. The Internet Research Agency worked alongside Russian secret services to move Trump into the Oval Office.”

“It was clear in 2016 that Russians were excited about these new possibilities. That February, Putin’s cyber advisor Andrey Krutskikh boasted: ‘We are on the verge of having something in the information arena that will allow us to talk to the Americans as equals.’ In May, an officer of the GRU bragged that his organization was going to take revenge on Hillary Clinton on behalf of Vladimir Putin. In October, a month before the elections, Pervyi Kanal published a long and interesting meditation on the forthcoming collapse of the United States. In June 2017, after Russia’s victory, Putin spoke for himself, saying that he had never denied that Russian volunteers had made cyber war against the United States.”

“In a cyberwar, an ‘attack surface’ is the set of points in a computer program that allow hackers access. If the target of a cyberwar is not a computer program but a society, then the attack surface is something broader: software that allows the attacker contact with the mind of the enemy. For Russian in 2015 and 2016, the American attack surface was the entirety of Facebook, Instagram, Twitter, and Google.”

“In all likelihood, most American voters were exposed to Russian Propaganda. It is telling that Facebook shut down 5.8 million fake accounts right before the election of November 2016. These had been used to promote political messages. In 2016, about a million sites on Facebook were using a tool that allowed them to artificially generate tens of millions of ‘likes,’ thereby pushing certain items, often fictions, into the newsfeed of unwitting Americans. One of the most obvious Russian interventions was the 470 Facebook sites placed by Russia’s Internet Research Agency, but purported to be those of American political organizations or movements. Six of these had 340 million shares each of content on Facebook, which would suggest that all of them taken together had billions of shares. The Russian campaign also included at least 129 event pages, which reached at least 336,300 people. Right before the election, Russia placed three thousand advertisements on Facebook, and promoted them as memes across at least 180 accounts on Instagram. Russia could do so without including any disclaimers about who had paid for the ads, leaving Americans with the impression that foreign propaganda was an American discussion. As researchers began to calculate the extent of American exposure to Russian propaganda, Facebook deleted more data. This suggests that the Russian campaign was embarrassingly effective. Later, the company told investors that as many as sixty million accounts were fake.”

“Americans were not exposed to Russian propaganda randomly, but in accordance with their own susceptibility, as revealed by their practices on the internet. People trust what sounds right, and trust permits manipulation. In one variation, people are led towards even more intense outrage about what they already fear or hate. The theme of Muslim terrorism, which Russia had already exploited in France and Germany, was also developed in the United States. In crucial states such as Michigan and Wisconsin, Russia’s ads were targeted at people who could be aroused by anti-Muslim messages. Throughout the United States, likely Trump voters were exposed to pro-Clinton messages on what purported to be American Muslim sites. Russian pro-Trump propaganda associated refugees with rapists. Trump had done the same when announcing his candidacy.”

“Russian attackers used Twitter’s capacity for massive retransmission. Even in normal times on routine subjects, perhaps 10% of Twitter accounts (a conservative estimate) are bots rather than human beings: that is computer programs of greater or lesser sophistication, designed to spread certain messages to a target audience. Though bots are less numerous that humans on Twitter, they are more efficient than humans in sending messages. In the weeks before the election, bots accounted for about 20% of the American conversation about politics. An important scholarly study published the day before the polls opened warned that bots could ‘endanger the integrity of the presidential election.’ It cited three main problems: ‘first, influence can be redistributed across suspicious accounts that may be operated with malicious purposes; second, the political conversation can be further polarized; third, spreading misinformation and unverified information can be enhanced.’ After the election, Twitter identified 2,752 accounts as instruments of Russian political influence. Once Twitter started looking it was able to identify about a million suspicious accounts per day.”

“Bots were initially used for commercial purposes. Twitter has an impressive capacity to influence human behavior by offering deals that seem cheaper or easier than alternatives. Russia took advantage of this. Russian Twitter accounts suppressed the vote by encouraging Americans to ‘text-to-vote,’ which is impossible. The practice was so massive that Twitter, which is very reluctant to intervene in discussions over its platform, finally had to admit its existence in a statement. It seems possible that Russia also digitally suppressed the vote in another way: by making voting impossible in crucial places and times. North Carolina, for example, is a state with a very small Democratic majority, where most Democratic voters are in cities. On Election Day, voting machines in cities ceased to function, thereby reducing the number of votes recorded. The company that produced the machines in question had been hacked by Russian military intelligence, Russia also scanned the electoral websites of at least twenty-one American states, perhaps looking for vulnerabilities, perhaps seeking voter data for influence campaigns. According to the Department of Homeland Security, “Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards.

“Having used its Twitter bots to encourage a Leave vote in the Brexit referendum, Russia now turned them loose in the United States. In several hundred cases (at least), the very same bots that worked against the European Union attacked Hillary Clinton. Most of the foreign bot traffic was negative publicity about her. When she fell ill on September 11, 2016, Russian bots massively amplified the case of the event, creating a trend on Twitter under the hashtag #Hillary Down. Russian trolls and bots also moved to support Donald Trump directly at crucial points. Russian trolls and bots praised Donald Trump and the Republican National Convention over Twitter. When Trump had to debate Clinton, which was a difficult moment for him, Russian trolls and bots filled the ether with claims that he had won or that the debate was somehow rigged against him. In crucial swing states that Trump had won, bot activity intensified in the days before the election. On Election Day Itself, bots were firing with the hashtag #WarAgainstDemocrats. After Trump’s victory, at least 1,600 of the same bots that had been working on his behalf went to work agains Macron and for Le Pen in FRance, and against Merkel and for the AfD in Germany. Even at this most basic technical level, the war against the United States was also the war against the European Union.”

“In the United States in 2016, Russia also penetrated email accounts, and then used proxies on Facebook and Twitter to distribute selection that were deemed useful. The hack began when people were sent an email message that asked them to enter their passwords on a linked website. Hackers then used security credentials to access that person’s email account and steal its contents. Someone with knowledge of the American political system then chose what portions of this material the American public should see, and when.”

The hackings of the Democratic convention and wikileaks are well known. The emails that were made public were carefully selected to ensure strife between supporters of Clinton and her rival for the nomination, Bernie Sanders. Their release created division at the moment when the campaign was meant to coalesce. With his millions of Twitter followers, Trump was among the most important distribution channels of the Russian hacking operation. Trump also aided the Russian endeavor by shielding it from scrutiny, denying repeatedly that Russia was intervening in the campaign.
Since Democratic congressional committees lost control of private data, Democratic candidates for Congress were molested as they ran for Congress. After their private data were released, American citizens who had given money to he Democratic Party were also exposed to harassment and threats. All this mattered at the highest levels of politics, since it affected one major political party and not the other. “More fundamentally, it was a foretaste of modern totalitarianism is like: no one can act in politics without fear, since anything done now can be revealed later, with personal consequences.”

None who released emails over the internet has anything say about the relationship of the Trump campaign to Russia. “This was a telling omission, since no American presidential campaign was ever so closely bound to a foreign power. The connections were perfectly clear from the open sources. One success of Russia’s cyberwar was the seductiveness of the secret and the trivial drew America away from the obvious and the important: that the sovereignty of the United States was under attack.”

Quotes are taken directly from “The Road to Unfreedom: Russia, Europe, America” by Timothy Snyder