Under siege from Putin’s private hackers

Andrei Soldatov on an unresolved threat from the cyber-spooks

In the summer of 2009, the UK’s deputy consul-general in Yekaterinburg, 37-year-old James Hudson, was forced to resign days after a video purportedly showing him having sex with two prostitutes appeared on the obscure Russian website

The video, titled ‘The Adventures of Mr Hudson in Russia’, was immediately picked up by the popular tabloid Komsomolskaya Pravda and the scandal-mongering website In Britain The Sun tabloid published a story on the day Hudson stepped down.

The collecting of compromising materials – known as kompromat in Russian – on diplomats has been common practice since the days of the KGB, but it was highly unusual to make the information public, let alone post it online.

A month later it was the Americans’ turn. A US diplomat, Kyle Hatcher, was featured in another sensitive video. And it was also published on In Hatcher’s case, the diplomat was not forced to leave: The US embassy stood up for its employee. The FBI conducted an investigation and declared the footage fake, while the State Department called the video a fabricated montage that included some real footage. ‘Mr Hatcher has been the subject of a smear campaign in the Russian press and on the internet to discredit him and his work,’ said a State Department spokesman.

The website was already known for two things. First, for its ties to the secret services: the prominent Soviet dissident Sergei Grigoryants told me that he was surprised to see that his biography published on the site contained details unavailable from open sources.

Second, the website was known to have been set up by a community of pro-Kremlin computer activists. As early as in 2005, these ‘hacktivists’ hired someone for $500 to write a program that would launch what is known as a distributed denial of service attack – a simple but effective way to disrupt a website, at least temporarily, by swamping it with outside requests or messages. Then the community became engaged in a series of D-DoS attacks. ‘The main target of our community is the complete destruction of websites that propagate terror and violence, distort facts, and lie to their readers,’ they claimed in a statement.

That seems to be the very first instance when the three elements came together – the secret services as a guiding and protecting force, the publishing of kompromat as method, and hacktivists as rank and file, but not directly connected to the state, thus helping the Kremlin maintain plausible deniability.

Since then this combination has been regularly used against the Russian opposition and political activists. For instance, in the summer of 2012 a Gmail account of one of the leaders of the Moscow protests, Alexei Navalny, was hacked and his emails published by a blogger with the nom-de-guerre ‘Hacker Hell’, who styles himself as head of an online community called the ‘FSB brigade for stifling democracy’.

Hacker Hell was not part of any government organization, and the Kremlin insisted it had nothing to do with hacking. The Kremlin’s disowning of Hacker Hell did not help him, however. In 2015, Sergei Maksimov, resident in Germany since 1997, was identified by a German court as Hacker Hell, and found guilty of hacking Navalny’s account. He was given 17 months’ probation.

Outsourcing, originally a tactic to create deniability, has been increasingly used by the Kremlin in sensitive operations to lower the costs. Though the perpetrators enjoy direct access to the Russian authorities, the arm’s length relationship makes them much more enterprising and flexible.

In March 2014, the tactic was tried for the first time on foreign soil: hacktivist supporters of the Ukraine’s former president Viktor Yanukovych, who had fled to Russia the previous month, claimed to have hacked the email accounts of some Ukrainian NGOs. A trove of emails was published that purported to prove that they were in touch with the US embassy and received funding from American foundations. The goal was to portray the Maidan activists whose protests drove Yanukovych from power as traitors and paid agents of the United States.

‘Outsourcing, originally a tactic to create deniability, has been increasingly used by the Kremlin to lower costs’

It was only a matter of time before the same tactics would be tried in western countries. Curiously enough, the perpetrators turned out to be pretty inflexible – over and over again they launched obscure websites to publish kompromat. Hackers launched

CyberBerkut to smear the Kremlin’s opponents in Ukraine, and in April 2016 the website DC leaks was launched to publish information purported to compromise Hillary Clinton, later followed by Guccifer 2.0.

It took until late 2016 for Moscow to realize that Julian Assange’s WikiLeaks, a well-established resource with a large following, would be happy to publish stolen documents, no questions asked.

It was through WikiLeaks that hacked documents from the Democratic National Committee and John Podesta, chairman of Clinton’s presidential campaign, were published, proving that the Democratic establishment had inappropriately favoured her. Thus the final element was added to the scheme – the element that helps the Kremlin to distance itself from the medium of publication and thus define how the hacked information is perceived by the public.

What made it more effective is that the offensive seems to have taken the western powers by surprise. Cyber-experts all over the world have spent years arguing whether it is appropriate to consider a cyber-attack a military offensive and how to respond. Apparently no definitive answer has been found.  

The debates were held against the background of Chinese cyber-operations against the US, such as the data breach in 2015 at the US Office of Personnel Management that compromised the data of 21 million of people. Not only did state actors, most of them in uniform, carry out these operations, the information stolen was never intended to go public.

The operation against Clinton was a success in that it harmed her campaign and the information was gobbled up with relish by the US media. But the intention, if indeed that was it, to hide Russian involvement in the hack did not succeed. So does that mean that Russia will end such operations?

That seems unlikely. It could even provoke an escalation, not only in Russia but around the world.  This is in part due to the very confusing message from the US about the hacking. It was hoped that the Obama administration would provide a response to the question of whether such hacking is a hostile act, which could then be used by other governments in similar situation.

But that definitive response never came. Washington became paralysed by the transition to the Trump administration which faces accusations of being helped to power by the Russians, leading to a public row between Trump and the intelligence services.

It seems that the West was not ready to respond to a confusing, murky, multifaceted and adventurous world of the Russian offensive hacking operations where nothing is what it seems.

For the moment, there is nothing to stop some adventurous countries to trying their hand at state-sponsored hacktivism, as the costs and risks for such operations remain relatively low.