The investigation is reportedly mean to be retaliation for Sen. Jeanne Shaheen's (D-N.H.) bill that would authorize the Justice Department to probe possible violations of the Foreign Agents Registration Act by RT, a Russian state-funded media company that has grown its U.S. operations.
The Office of the Director of National intelligence suggested in a report in January that RT may be complicit in Russian efforts to meddle in the 2016 U.S. election to help President Trump. The Kremlin-backed news outlet has been largely supportive of the real estate mogul since he was a candidate.
Among the U.S. media organizations that could be investigated by Russia's Duma are CNN, Voice of America and Radio Liberty.
Tensions between the U.S. and Russia have escalated in recent months amid revelations of the Kremlin's efforts to influence the election in Trump's favor.
Questions have also resurfaced about Trump and his aides' potential ties to Moscow, after a slew of news reports in recent weeks detailing contacts between current and former Trump associates and Russian officials.
|© Getty Images|
The Yahoo hack is the clearest sign yet that Russia has merged criminal hacking with a larger mission
Two Russian Federal Security Service (FSB) officers were indicted Wednesday for what the Justice Department said amounted to directing and facilitating a massive hack on Yahoo in 2014 that compromised roughly 500 million accounts using a relatively simple method of attack.
The indictment was the first time the US had charged Russian government officials with cyber crimes, offering the clearest sign yet that Russian intelligence officials are recruiting people to engage in criminal hacking — both for personal financial gain and to spy on targets ranging from Russian journalists to private-sector employees in the American financial and transportation sectors.
From the Department of Justice indictment:
“The defendants [Dmitry Dokuchaev and Igor Anatolyevich Sushchin, of the FSB, and Alexsey Alexseyevich Belan and Karim Baratov] used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.”
The Soufan Group, a strategic security firm that specializes in intelligence, law enforcement, and policy analysis, wrote Thursday that, while the targets of intelligence agencies and cyber criminal networks “are usually very different,” Russia has “increasingly blurred the lines between cyber-espionage and cyber crime in an unprecedented manner.”
“Examples of the convergence of malicious cyber activity by Russia include the hacking of Western political parties and groups, the curiously selective and well-timed releases by WikiLeaks — which is widely believed to be a Russian proxy — and theft from purely commercial entities such as Yahoo,” the firm wrote. “The US is hoping that the high-profile [indictments] will serve as notice to the Russian government that it has overstepped the long-accepted boundaries of espionage by purposefully veering into criminality.”
Experts aren’t surprised by this convergence. They say hiring elite criminal hackers has allowed Russian intelligence agencies like the FSB and the GRU (Russia’s military intelligence arm) both to improve their foreign espionage capabilities and keep potentially rogue hackers under government control.
Brandon Valeriano, a researcher at Cardiff University specializing in international relations and cyber coercion, said the Russians “want to maintain their control over the hackers, but they are also willing to take advantage of whatever capabilities these hackers might have.”
Ian Bremmer, president of the political risk firm Eurasia Group, largely agreed.
“Cyber crime and state espionage go hand in hand in this system,” Bremmer said in an email. “Russia has employed cyber criminals for state ends for as long as they have been hacking. This is the case for the most visible incidents like taking down government websites, but it’s also true for corporate espionage and private information theft.”
“Private hackers are a source of talent, for one thing, as well as a degree of separation and deniability between state organs and end users,” Bremmer added.
The New York Times’ Andrew Kramer reported on this phenomenon in December, writing that “for more than three years, rather than rely on military officers working out of isolated bunkers, Russian government recruiters have scouted a wide range of programmers, placing prominent ads on social media sites, offering jobs to college students and professional coders, and even speaking openly about looking in Russia’s criminal underworld for potential talent.”
“If you graduated from college, if you are a technical specialist, if you are ready to use your knowledge, we give you an opportunity,” one of these ads read, according to the Times.
As Leonid Bershidsky, founding editor of the Russian business daily publication Vedomosti, wrote in January, the dramatic arrests of two high-level FSB officers — Sergei Mikhailov, the deputy head of the FSB’s Information Security Center, and Major Dmitry Dokuchaev, a highly skilled hacker who had been recruited by the FSB — on treason charges in December offers a glimpse into “how security agencies generally operate in Putin’s Russia.”
At the time of their arrest, Dokuchaev (who was one of the Russian officials indicted for the Yahoo breach) and Mikhailov had been trying to cultivate a Russian hacking group known as “Shaltai Boltai” — or “Humpty Dumpty” — that had been publishing stolen emails from Russian officials’ inboxes, according to Russian media reports.
“The FSB team reportedly uncovered the identities of the group’s members — but, instead of arresting and indicting them, Mikhailov’s team tried to run the group, apparently for profit or political gain,” Bershidsky wrote. Shaltai Boltai complied, Bershidsky wrote, because it wanted to stay afloat, and didn’t mind taking orders from “government structures.”
“We get orders from government structures and from private individuals,” Shaltai Boltai’s alleged leader said in a 2015 interview. “But we say we are an independent team. It’s just that often it’s impossible to tell who the client is. Sometimes we get information for intermediaries, without knowing who the end client is.”
It appears that Dokuchaev and Mikhailov got caught running this side project with Shaltai Boltai — which was still targeting high-level Russian officials — when the FSB began surveilling Mikhailov. Officials targeted Mikhailov after receiving a tip that he might have been leaking information about Russian cyber activities to the FBI, according to the Novaya Gazeta.
Short of working against Russian interests, hackers “can pursue whatever projects they want, as long as their targets are outside of Russia and they follow orders from the top when needed,” said Bremmer, of Eurasia Group. The same goes for FSB officers, who are tactically allowed to “run private security operations involving blackmail and protection,” according to Bershidsky.
US intelligence agencies have concluded that the hack on the Democratic National Committee during the 2016 election was likely one such “order from the top” — a directive issued by Russian President Vladimir Putin and carried out by hackers hired by the GRU and the FSB.
It is still unclear if the Yahoo breach was directed by FSB officials at the instruction of the Kremlin, like the DNC hack, or if it was one of those “private security operations” Bershidsky alluded to that some Russian intelligence officers do on the side.
Bremmer said that it’s possible the Yahoo breach was not done for state ends, especially given the involvement of Dokuchaev, who was already caught up in Shaltai Baltai’s operations to steal and sell information for personal financial gain.
“The FSB had sought to acquire [Shaltai Boltai] as much to control a valuable commodity as to control the hackers’ activities,” Bremmer said. It is possible, and likely, however, that the FSB targeted certain accounts in the data breach in the name of collecting valuable intelligence.
“It could still be a commercial operation with FSB ties,” Bremmer said, referring to the Yahoo breach. “With the caveat that any sensitive information would be retained by security officials.”
In any case, as internet governance consultant Maria Farrell wrote late last year, “In [Putin's] world, power is vertical. Someone is always pulling the strings.”
Russia orders check of American media in the country in retaliation for U.S. bill
The Russian parliament has ordered a check of U.S. media outlets operating in the country, in retaliation for what it said was an attack on Russian media in the United States.
The parliament's lower house, the State Duma, called for its information and telecoms committee to examine whether the activity of CNN, Voice of America, Radio Free Europe, and other U.S. outlets is "in accordance with Russian legislation," a press release published on the body's website read.
The announcement didn't specify which other outlets could be targeted. Voice of America is a federal government broadcaster, while Radio Free Europe/Radio Liberty is a private non-profit, funded by a Congressional grant. Both were set up to combat Soviet propaganda during the Cold War.
The lawmaker who instigated the order, Konstantin Zatulin, from the country's ruling party, United Russia, said the check was a response to calls from American politicians for a probe into Russian state outlets accused of interfering in the U.S. presidential elections, in particular the Kremlin-funded broadcaster, RT.
Zatulin pointed specifically to Sen. Jeanne Shaheen, D-New Hampshire, who this week introduced a bill to Congress that would grant the Department of Justice new authority to investigate RT, for possible violations of the Foreign Agents Registration Act.
RT, previously known as Russia Today, is Russia’s main international broadcaster and has been accused of being at the center of Kremlin propaganda efforts in the U.S. and Europe.
A declassified U.S. intelligence report on Russian efforts to influence the U.S. presidential election released in December described RT as playing a key role in a disinformation campaign meant to harm Democratic candidate Hillary Clinton and to sow doubts about the election's fairness. During the elections, RT focused heavily on negative stories around Clinton, often pushing reports that had been repeatedly discredited.
"We have good reason to believe that RT News is coordinating with the Russian government to spread misinformation and undermine our democratic process," Shaheen said in a statement unveiling the bill.
The Foreign Agents Registrations Act that Shaheen suggested RT may be violating requires individuals or entities hired to act in a "political or quasi-political capacity" on behalf of foreign governments to register.
The Kremlin makes no attempt to conceal that RT's funding is from Russia's state budget, which is published openly, but RT argues it is not directly funded because the money come through a separate company.
"RT News has made public statements boasting that it can dodge our laws with shell corporations, and it's time for the Department of Justice to investigate," Shaheen said.
Zatulin, the Russian lawmaker, called the move "repressive." Russia's foreign ministry has accused the U.S. of succumbing to anti-Russian hysteria, resembling the McCarthy era.
"Times are being reborn in the U.S. when Donald Duck and Mickey Mouse are considered agents of the Kremlin," Zatulin said.
The U.S. intelligence report was criticized by many U.S. observers for disproportionately focusing on RT: The largest part of the report was taken up with an annex describing the broadcaster's work.
RT's actual influence in the U.S. is debatable. An RT spokesperson claimed to the Washington Post in January, the channel had 8 million viewers weekly in America. But documents allegedly leaked from Russia’s state-media holding, Ria Novosti, said RT's daily programming in 2015 did not get more than 30,000 viewers. RT is not in the top 100 cable networks.