The article is part of WhiteHat Magazine’s winter 2017 edition, “Welcome to the Code War”. This is an unlocked preview. If you enjoy our work or want to access the entire edition, become a member today!
Putin’s Code War
“The main reason for the crisis is that Vladimir Putin started this insane policy of war with Ukraine… We need political reform in this country. When all the political power is concentrated in the hands of one person and when that person rules eternally, it all ends with an absolute catastrophe. The main question people ask us is: ‘You are inviting us to join the march. If we come, what will change?’ I answer: ‘If a lot of people come, something will change.’ I don’t want to lie. Putin is our expert in lying. He is a pathological liar. I don’t want to lie to you. I want to tell you the truth. That march can sober up the Kremlin. Gradually, not with the help of just a single march. We can change the political course.”
Boris Nemtsov, Russian opposition leader, called out for political reform in the face of an undeclared war Russia had waged against Ukraine since the Euromaidan protests forced pro-Russia President Viktor Yanukovych to flee Kyiv, in an interview with Ekho Moskvy radio station on February 27, 2015. Hours later, he would be dead, shot down on a bridge within meters of the Kremlin’s Red Square. It is widely believed his death was ordered directly by Russian President Vladimir Putin.
As ugly as Russia’s campaign to influence the 2016 U.S. election was, the United States was not the first to fall victim to Russia’s willingness to use cyberspace as a battleground. The 2016 election demonstrated a more aggressive shift in Russia’s cyber exploitation tactics to a more confrontational and aggressive strategy, but this was in part due to a willingness by Putin’s preferred candidate to take advantage of the international support for his campaign. If we want to see the full potential of Russia’s ability and willingness to use cyberattacks as a weapon of war, we should look to Eastern Europe, particularly Putin’s undeclared war with Ukraine.
Putin’s Grand Strategy
In 2011, Putin discussed his foreign policy aspirations for what he deemed a “Eurasian Union” to the Russian daily, Izvestia. In this article, he makes it clear that his Eurasian Union should not be viewed as a revival of the Soviet Union, but rather “a powerful supranational association capable of becoming one of the poles in the modern world”. Specifically, it would be meant to compete with the United States and the European Union, and a return to Russia’s imperialist heyday.
The 2008 financial crisis financial crisis and austerity policies in many European states energized the far-left, which opposed austerity, as well as the far-right, which played on xenophobia; soon, both groups began to see electoral success in European parliaments.
The far-right found ideological common cause with Putin’s authoritarian model, and the politicians and parties who embraced anti-communist and ultra-nationalist policies reportedly began taking money to finance their political campaigns by mid-2008. Meanwhile, under Putin’s Eurasian Doctrine, Russia provides support to these friendly political groups, through the exporting of non-governmental organizations, think tanks, friendly media outlets, and political expertise and networks.
A 2014 report by the Political Capital Institute stated: “Russian influence may not only be effective due to its direct relations with specific parties, but also because these parties as of late, thanks to their resurgence, have become influential in their respective party families within the EU. In short, there is reason to believe that Russian diplomacy seeks to build party families in Europe.”
The far-left’s connections with Putin’s Russia are more likely to be due to pre-existing networks, “the remnants of historic ‘comrade’ networks between communist parties and the Soviet Union,” as well as the notion that “the enemy of my enemy is my friend.” In this case, “the enemy” is a number of issues that Russian disinformation campaigns have convinced leftists Russia is their ally on: limiting ‘big capital’; stopping Western aggression — particularly from the United States — in Ukraine and Syria; and putting limits on globalization and “the establishment.”
This trend has not been limited to European nations either. In the United States, the far-left was embodied in the presidential aspirations of Green Party candidate, Jill Stein. During her campaign, she presented herself as such a dogged opponent of U.S. foreign policy that she dismissed Russia’s aggression in Ukraine (excusing it when she said, “Russia used to own Ukraine”) and parroted their propaganda; called the downing of Flight MH17, which was almost certainly caused by Russian separatist forces using weapons supplied by Russia, a “false flag”; and had her party’s presidential debate hosted by Russia Today.
In the United States’ far-right, Russia has nourished an ascendant white supremacist movement. Aleksandr Dugin, the philosopher nicknamed “Putin’s brain”, has been key to this, cultivating relationships with leaders such as Richard Spencer, the white supremacist who coined the term “alt-right”, views Russia as the “sole white power in the world”, and has been profiled by major media outlets for making Nazis looking normal again. Dugin sits on the supervisory board of Russian think tank, Katehon, that published a post-election report titled, “The Donald Trump Factor.” This report discusses what Trump’s election means to the world in ecstatic terms: “’The Swamp’ is to become the new name for the globalist sect, the open society adepts LGBT maniacs, Soros’ army, the post-humanists, and so on. […] We need to purge our societies of the Swamp’s influence. […] Putin’s Greater Russia and America liberating itself under Trump. The 21st century has finally begun. So all we need now is the Fire.”
Peter Kreko, director of the Political Capital Institute, argued in a 2014 speech at The Wilson Center that despite skillful propaganda that has convinced far-left groups otherwise, Putin’s Eurasian Union traces its roots back to pre-1917 Tsarist Russia, with an imperialist nationalism that embodies principles borrowed from fascism, Bolshevism, and Soviet expansionism.
Through this building of a network of party families, Putin is “becoming the front man of an anti-human rights movement”; and investing in a network of political parties that not only “sabotage democracy,” but also weaken American influence abroad, destabilize the European Union, and look to break up NATO.
In the face of all this, Western governments have been slow to act. For the West, the Cold War ended 25 years ago, and with it, the United States’ involvement in political warfare. Max Boot argues in a piece for Foreign Policy that the Obama Administration did far too little to counter Putin’s moves and allowed the United States’ skills in political warfare to atrophy. Although it seems unlikely Trump, as the beneficiary of Russia’s disinformation campaigns, will do anything about Putin, it is time for the West to fight back.
Welcome to the Code War.
The Testing Grounds
Eastern Europe has been Russia’s testing ground for this strategy of Putin’s Eurasian Doctrine. Cyberwarfare was an obvious tool for a country that needs to turn to reverse asymmetrical warfare in order to convey strength that is not there; Mark Galeotti described it as “Russia trying to play a great power game without a great power’s resources.”
In April 2007, Estonia fell under siege, as the websites of Estonian organizations, including parliament, ministries, political parties, banks, newspapers, and broadcasters were subjected to distributed denial of service type attacks and, in some cases, spamming and defacement. Estonia is one of the world’s most connected nations, and its integration with online applications in every day life is far ahead of the U.S. The attacks are believed to have been in response to the removal of a WWII-era Soviety statue from the center of Tallinn to a suburban cemetery on April 27; attacks began almost immediately after.
Online message boards began calling for a coordinated attack on May 9th, the day Russia celebrates its WWII victory. No evidence has been uncovered that the two-week long coordinated attack was directed by the Russian government, but it certainly benefitted from it. According to an article from Wired in 2007 that documented the attack and its aftermath, “There was plenty of evidence suggesting a clear Russian agenda in the attacks: Russian-language bulletin boards exhorted readers to defend the motherland, and on at least one Estonian site, attackers replaced the homepage with the phrase ‘Hacked from Russian hackers.’ But the Russian government showed little interest in tracking down the culprits.”
It is possible elements of Russia’s government took advantage of the statue controversy to whip patriotic Russians into acting on their own; in fact, after the statue was moved, Russian security services encouraged domestic media outlets to whip up nationalistic sentiment against Estonia. But according to Richard Clarke and Robert Knake, authors of Cyber War: The Next Threat to National Security and What to Do About It, “the most adept hackers in Russia, apart from those who are actual government employees, are usually in the service of organized crime. Organized crime is allowed to flourish because of its unacknowledged connection to the security services. Indeed, the distinction between organized criminal networks and the security services that control most Russian ministries and local governments is often blurry. Many close observers of Russia think that some senior government officials permit organized crime activity for a slice of the profits, or, as in the case of Estonia, for help with messy tasks. Think of Marlon Brando as the Godfather saying, ‘Someday…I will call upon you to do a service for me…’”
Estonia requested assistance from Moscow in tracking down the culprits, as per a bilateral treaty between the two countries; Russian authorities consistently denied Estonian authorities cooperation in any investigation. The attack led NATO, of which Estonia is a member, to bolster its cyber defenses, but if multiple NATO countries were attacked in a more sustained manner, it could be a bloodless, but crippling, act.
If Estonia was meant as a test of NATO’s defenses, Ukraine was a test of NATO’s tolerance for expansionist aggression. In late November 2013, a wave of demonstrations and protests demanding closer integration with the European Union began in Kyiv. The Euromaidan protests, as they came to be called, swelled rapidly in the face of state opposition, with 10,000 people occupying Maidan Nezalezhnosti (“Independence Square”) in central Kyiv within a matter of weeks, setting up camps and barricades in winter weather that reaced -13C (+9F) at night.
Pro-Russian President Viktor Yanukovich met with Putin as the protests worsened and became more violent. By February, when the protests had grown to 50,000 people, propaganda efforts and covert Russian support of anti-protest actors began kicking into gear. Provacatuers who attacked protestors were seen in photos wearing Russian St. George ribbons, a widely recognized military symbol. Starting on February 20th, the protests say 48 bloody, murderous hours, as snipers took to the rooftops, and protestors were kidnapped and later found tortured. Russia Today, along with other pro-Russia media outlets in both Ukraine and Russia, began decrying U.S. meddling in the country; this switched into accusations of the U.S. organizing a coup after Yanukovich was impeached on February 22nd and fled.
The night Yanukovich was impeached, Putin convened an all-night meeting with his security chiefs to extract the deposed Yanukovich. Putin has told reporters that he closed the meeting by saying, “We must start working on returning Crimea to Russia.” (This is, unsurprisingly, historical revisionism: Russian medals of honor date the Crimean operation as beginning February 20th, which opens up questions about the identity of the snipers and kidnappers in Kyiv.) Days later, unmarked and masked soldiers took control of the main road to the capital city of Crimea, then the Crimean parliament and Council of Ministers buildings. Russia would deny this was their doing for months, saying the heavily armed professionals were just volunteers, passionate about returning Crimea to Russia.
While all this was happening, Russia Today was doing its best to whitewash and cover up Russia’s actions — presenting Crimea as wishing to break away, while a fascist junta rose to power in Kyiv. According to a report by the Institute for the Study of War, some Russian media claimed, “they committed atrocities that never happened, the most notorious being the alleged crucifixion of a boy in the city of Slovyansk. Some pro-Kremlin journalists went so far as to allege that Ukrainian forces were mailing residents of separatist-held Donetsk the severed heads of their relatives.” This rhetoric even made its way into respected U.S. media.
This is Russia’s strategy in the digital side of a hybrid war: distract, distort, and present false information. This weakens alliances, puts the enemy on the defensive in an area that distracts from the true objective, presents strengths as weaknesses that should be ignored, and creates a display of force that covers up weaknesses.
On March 16, 2014, Crimea was scheduled to hold a referendum on whether to leave Ukraine and join Russia. In the days before the referendum, propaganda targeting the election reached such a fever pitch, broadcast authorities ordered the suspension of the signal for Russian state-controlled television stations, which were reporting vague and unsourced threats of reprisals against ethnic Russians and Jews as well as out-of-proportion fears of foreign plots. NTV, owned by Russian gas-giant Gazprom, aired a report about a hacked email correspondence between U.S. and Ukrainian authorities that they claimed proved the U.S. was meddling in order to create an excuse for military action against Russia. Orthodox communities were especially pressured to stay faithful to Moscow.
Crimea voted to merge with Russia, in an election that most Western states do not view as legitimate. Voters were surrounded by Russian troops, and international monitors were not allowed to keep tabs on the process.
At the same time this disinformation campaign was ramping up, Ukrainian government networks were targeted by an aggressive virus called Ouroboros (or “Snake”). Years earlier, computers in Ukrainian government networks were infested with this virus, which was designed to covertly install a back door, hide its presence, steal data, and communicate back to a command and control server. As tensions mounted between Ukraine and Russia, Ouroboros began to spring to life, with malware causing chaos in the Ukrainian government.
Cyber attacks continued on the Ukrainian government throughout 2014. In May, the Ukrainian Security Service (SBU) announced it foiled an attack by pro-Russian hackers on the Central Election Commission to destroy election results and replace them with fabricated ones. While this attack was being prevented, Russian state-owned Channel One was reporting screenshots of the hacked election website showing far-right candidate Dmitro Yarosh with 37% of the vote when, in reality, he had received less than 1%. Russia Today published an article a few days later where they quote the “hacktivists” as saying they did nothing to influence the election, because the Central Election Commission’s network system was a phony front anyway. When Russia cannot actually hack an election, it instead works to discredit its results, and the democratic process along the way.
By the summer of 2014, Ukraine and Russia were engaged in an active, undeclared war. An intense but underreported aspect of this was the scale of Russia’s artillery attacks against Ukrainian forces. According to an investigative report by Bellingcat, “Artillery units of the Russian Armed Forces fired at least on 149 separate occasions attacks against Ukraine in the summer of 2014… 408 artillery target sites inside Ukraine within range of Russian artillery systems have a trajectory crossing the Ukrainian-Russian border, 127 of them are within 3 km of the Russian border. In total, as evidenced by the number of impact craters, thousands of artillery projectiles were fired by the Russian military on targets inside Ukraine in the summer of 2014.”
These artillery attacks were highly effective, decimating Ukrainian artillery forces. Which, as it turns out, was not a coincidence. In late December 2016, Crowdstrike released a report finding that the X-Agent remote access toolkit that was used in targeted intrusions at the Democratic National Committee by an actor referred to as Fancy Bear has also been used to infiltrate Ukrainian artillery forces. It was found hidden within a legitimate Android application used by Ukrainian artillery forces to more rapidly process targeting data for Soviety era D-30 Howitzers. The program was distributed on Ukrainian military forums, and over 9000 personnel in the Ukrainian military use it.
According to Crowdstrike, “The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them. Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal.”
There is a definable method of operations in Putin’s Code War, but so far the West is doing rather poorly at fighting back. France, Germany, Sweden, and other European Union nations all report operations underway to spread propaganda in their countries. Online sock puppet accounts take fake news reports and begin to share them within targeted communities. (Accounts that obsessively share this sort of news began first as pro-Gamergate, then turned pro-Trump almost overnight when he declared his candidacy; now, with the election over, they have turned anti-Merkel.) Once those communities are primed by the fake news and conspiracies, leaked documents with “explosive” revelations cause such an outcry that reputable press outlets begin to cover the stories as legitimate.
These operations successfully convinced the West to hold back on punishing Russia for their actions in Ukraine, built a coalition of extremist political parties across Europe, re-ignited the white supremacist movement in the United States, and influenced the Brexit campaign enough to push it over the edge. Now, with Trump in the White House, a Republican party willing to let Russian aggression in Ukraine slide, and chaos throughout NATO and the European Union, Putin can look to his Eurasian Union.
How can this be stopped, especially if a Trump Administration is unwilling (or unskilled enough) to begin a campaign to push back?
The one thing that has consistently enraged Putin is transparency. Russia’s anger at the Panama Paper and the Olympic doping scandal leaks shows that this is a sensitive spot, and can be exploited.
Companies must build up their online resilience to cyber attacks, and social media must find a way to push back against troll armies that spread propaganda and hate. News consumers must become more resilient to propaganda and more informed consumers of media.
Media must report hacks more responsibly. Rather than digging through documents for every bit of juicy gossip and breathlessly publishing before thinking, journalists should take some time to examine what the documents are. Rather than becoming an instrument of spreading Russian propaganda, focus on fact checking and verification.
We are entering unprecedented times. Russia’s strategy is based on old Soviet tactics, but with the extra step of exploiting systems we have not gotten a handle of in our normal lives yet. It is vital we all take steps to push back against this, before the Code War turns hot.
A Different Perspective.
In-depth analysis and interviews about the science and technology industries, delivered once per week to your inbox.