CHAPTER 11 Putin’s Overseas Offensive
Putin’s Overseas Offensive
Vladimir Putin was certain that all things in the world—including the Internet—existed with a hierarchical, vertical structure. He was also certain that the Internet must have someone controlling it at the top. He viewed the United States with suspicion, thinking the Americans ruled the web and that it was a CIA project. Putin wanted to end that supremacy. Just as he attempted to change the rules inside Russia, so too did he attempt to change them for the world. The goal was to make other countries, especially the United States, accept Russia’s right to control the Internet within its borders, to censor or suppress it completely if the information circulated online in any way threatened Putin’s hold on power.
Andrey Krutskikh devoted his entire career in the Russian Foreign Ministry to arms control. He joined the diplomatic service in 1973, right after university, and served in the ministry for the final eighteen years of the Soviet Union’s existence. He admired the diplomatic style of the stolid and uncompromising foreign minister, Andrei Gromyko, known informally in the West as Mr. Nyet. Krutskikh often called Gromyko “great.”
From the very beginning of his service Krutskikh’s work centered on disarmament, nuclear weapons, and the so-called main adversaries, the United States and Canada. When he was twenty-four years old, in 1975, he was sent to Salt Lake City as a member of the Soviet delegation to negotiate strategic nuclear arms control. Krutskikh’s experience at the negotiations in Salt Lake City left a strong impression on him. It was a time when Soviet diplomats had stature; they decided the fate of the world and spoke on equal terms with the Americans. After the Soviet collapse and into the late 1990s Krutskikh continued to focus on arms-control issues and rose through the ranks of the ministry. He was not a smooth or slick diplomat; he had a rather agitated manner—expressive, his hands always in motion. Krutskikh soon wondered whether arms control could be useful in the emerging realm of cyber conflict.
Among a particular group of Russian generals who represented FAPSI, the powerful electronic intelligence agency that had grown out of the KGB, a similar mindset was developing. The agency’s headquarters was located in a stark, modern terraced building with giant antenna globes on the roof not far from the KGB headquarters. Like the US NSA, FAPSI was responsible for information security, signals, and electronic intelligence. For many years their generals watched the growth of the Internet with suspicion, thinking it was a threat to Russia’s national security, because in the early days the Russian Internet was built with Western technology, and they were obsessed with the fear that it would be thoroughly penetrated by the Americans.
The leader of this group of suspicious generals was Vladislav Sherstyuk, a colonel-general in the intelligence wing of the agency and a KGB officer since 1966. By the 1990s he became head of the very mysterious and powerful Third Department of FAPSI, in charge of spying on foreign telecommunications. All Russian centers of electronic espionage abroad were subordinated to this department, including the radio interception center at Lourdes in Cuba, which was in charge of monitoring and intercepting radio communications from the United States. Sherstyuk was a spymaster, determined to exploit communications to steal US secrets and protect Russia against espionage of the same kind. This naturally made him wary of the Internet, where so much was beyond his control.
When the war in Chechnya began, Sherstyuk was put in charge of FAPSI’s group there, and he organized the interception of Chechens’ communications. In December 1998 he was appointed director of FAPSI, a mighty intelligence service in its own right that competed head-to-head with the FSB. Among other things, they had a very special role in controlling the government’s most sensitive communications networks.
Krutskikh and the FAPSI generals spoke the same language of suspicion—a language of threats posed by the Internet. In early 1999 Krutskikh was helping to draft a resolution for the UN General Assembly that reflected these views and warned that information—the Internet—could be misused for “criminal or terrorist purposes” and could undermine “the security of States.” In other words, information technologies had to be controlled because they could be dangerous. The resolution was adopted without a vote.
Krutskikh and the generals viewed the Internet as a battleground for information warfare. (This term should not be mixed with cyberwarfare, which is mostly about protecting a nation’s critical digital networks from hackers.) For Krutskikh and the generals, information warfare encompasses something political and menacing, including “disinformation and tendentious information” that is spread to incite psychological warfare, used for altering how people make decisions and how societies see the world. In contrast to those who celebrate free media and the Internet as a glorious information superhighway that opens limitless possibilities for discovery, Krutskikh and the generals worried that it could become the front lines of conflict between nations and hostile groups.
In December 1999 Sherstyuk moved out of FAPSI to the Russian Security Council, an advisory group to the president on security. Once there, he supervised a department for information security, which included the Internet, and brought his ideas with him. The Security Council normally is made up of top officials, including the president, and meets periodically, but it also has an influential staff, which Sherstyuk joined. In 2000 his team composed the “Doctrine of the Information Security of the Russian Federation,” which included an unusually broad list of threats, ranging from “compromising of keys and cryptographic protection of information” to “devaluation of spiritual values,” “reduction of spiritual, moral and creative potential of the Russian population,” as well as “manipulation of information (disinformation, concealment or misrepresentation).” Quite ominously, it identified one source of the threats as “the desire of some countries to dominate and infringe the interests of Russia in the global information space.” Putin approved the doctrine on December 9, 2000.
In 2003 FAPSI was disbanded, but not the ideas of the suspicious generals. Sherstyuk remained at the Security Council, and some of his views were reinforced when a like-minded top official from the FSB, Nikolai Klimashin, was moved to the Security Council. Sherstyuk founded and headed the Information Security Institute at Moscow State University, which he built into a major think tank to define Russian foreign policy on information security. Meanwhile, Krutskikh rose to become deputy chief of the Department for Security and Disarmament Issues at the ministry.
For years at international meetings Krutskikh had been driving home that Russia wanted to govern its own space on the Internet. Whereas others, including the United States, saw the Internet as a wide-open expanse of freedom for the whole world, Krutskikh insisted that Russia should be able to control what was said online within its borders. He expressed fear that, without such control, hostile forces might use the Internet to harm Russia and its people. “If through the Internet we would be forced to forget our mighty great Russian language, and speak only using curse words, we should not agree with that,” he told us, echoing Putin’s deep suspicions about the Internet and who was behind it. Krutskikh repeatedly proposed some kind of international agreement or treaty that would give Russia the control it sought over the Internet. Influenced by his own career in arms-control negotiations, he was convinced that such an agreement must be between Russia and the United States. He wasn’t anti-American, but he grew emotionally attached to the idea that the two former Cold War superpowers could somehow make a pact that would give Russia control over its digital space. The United States, however, never warmed to the idea—the US government never attempted to control content on the Internet, and many of the first Internet pioneers in America were very open about the Internet as a symbol of how information should roam free—but what Krutskikh wanted most was to be taken seriously and to have his views treated with respect, as they were during the Cold War.
But he didn’t get much respect. At a bilateral meeting in March 2009 in Vienna, Krutskikh delivered a long monologue arguing that Russia and the United States—and perhaps other nations—should collaborate to regulate the Internet as nations and governments. He expressed fear that the Internet was building beyond their control, that there could be an arms race in cyber space, and it was time for governments to take charge.
Russian generals felt they were losing the global cyber arms race and wanted to put some limits on the United States’ offensive capabilities. But Krutskikh’s speech fell on deaf ears. An American diplomat cabled back an account of the meeting, saying, “There was little change, if any, between U.S. and Russian long-held views” on the subject. Krutskikh desperately wanted some sort of joint statement with the United States, but the US administration was reluctant to sign anything.
But he didn’t give up. In 2010 Kaspersky Lab investigated Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges. Krutskikh seized on the incident—with its destructive malware, designed in part by the United States—as a justification for a ban on cyber weapons. In 2011 Kaspersky, who was highly regarded in Russia as an Internet entrepreneur, added his voice to the idea of a ban on cyber weapons, and in November he wrote on his blog, “Considering the fact that peace and world stability strongly relies on the internet, an international organization needs to be created in order to control cyber-weapons. A kind of International Atomic Energy Agency but dedicated to the cyberspace.”
In the Bavarian Alps a small mountain resort town, Garmisch-Partenkirchen, is famous for its spectacular views and NATO’s Marshall Center for Security Studies, which is based there. Nearby is a pretty hotel, Atlas, with a traditional Bavarian three-story lodge that is a twenty-minute walk from the Marshall Center. Founded in the early sixteenth century as a tavern, the hotel proudly lists among its previous guests Duke Ludwig from Bavaria, the Prince of Wales, and the King of Jordan. Every April, for almost a week, the hotel hangs a Russian flag from its balcony, hung personally by Sherstyuk, who, since 2007, has been bringing to the lodge a group of Russian and American generals and high-placed officials to talk quietly about information security and cyber conflict. The first two days are always reserved for general discussions, mostly on cyber security and what kind of research is required. Russians gathered in one part of the hotel, and non-Russians gathered in another, partly because many Russians didn’t speak English, and most Americans didn’t speak Russian. The third day was devoted to individual meetings. The real business was conducted in closed rooms with only a few participants. Klimashin was among the guests, as well as Krutskikh, who never tired of making speeches and arguing for agreement on “terms and definitions” in cyberspace and for greater UN involvement in Internet governance. He favored the United Nations because it was filled with governments, not companies, and many of them were sympathetic to Russia’s desire to control the Internet within their borders.
The US government took the gatherings in Garmisch very seriously every year. High-level officials were sent; in 2010 the US delegation included Christopher Painter, the second-ranking White House official on cyber security, and Judith Strotz, the director of the State Department’s Office of Cyber Affairs.
Russian officials in charge of information security often spoke bitterly of US domination of the Internet, believing all the tools and mechanisms for technical control were in US hands. Their main target was the Internet Corporation for Assigned Names and Numbers, known as ICANN, a nonprofit organization headquartered in California. In 1997 President Clinton directed the secretary of commerce to privatize the management of the domain name system, a critical part of the Internet that serves as a giant warehouse of web addresses looked up every time a user wants to go somewhere online. The Defense Advanced Research Projects Agency, the National Science Foundation, and other US research agencies had previously performed this task. On September 18, 1998, ICANN was created and given a contract with the US Department of Commerce to oversee a number of Internet-related tasks, but the most important among them was to manage the distribution of domain names worldwide. In the 2000s other nations campaigned to have a greater role in ICANN, but the Kremlin’s idea was more radical: to strip ICANN of its powers.
The president of ICANN, Paul Twomey, hastened to the second gathering in Garmisch in 2008. He and other high-ranking ICANN representatives tried to keep open channels of communications with the Russians. One of the top US ICANN representatives who made sure always to attend was George Sadowsky. Looking always professorial, he taught mathematics at Harvard and was a technical adviser to the United Nations in the 1970s. In 2001 Sadowsky became executive director of the Global Internet Policy Initiative, which promoted Internet freedoms in the former Soviet Union and Central Asia. In 2009 he was selected to the board of directors of ICANN. Sadowsky had a great deal of experience in dealing with Russian officials. He found the endless discussions to be frustrating, as both sides saw the world differently and had trouble even agreeing to a common language about the Internet; there were very basic divisions over definitions regarding the Internet. “Is it a communications service or is it an information service?” he recalled. “And this went on, and on, and on.” In Garmisch both Russians and Americans tried to be pleasant and friendly, but they were at a stalemate. And with each passing year the discussions became increasingly difficult—after the conference in 2010 Sadowsky admitted, “The Russians have a dramatically different definition of information security than we do; it’s a broader notion, and they really mean state security.”
When the Russian officials failed to get an agreement with the United States about ICANN, they shifted strategy, looking for a new way to assert more sovereignty over the Internet. This new approach led them to the International Telecommunications Union, or ITU. With headquarters in Geneva, the organization was originally established in 1895 to regulate the telephone and telegraph. It is a specialized UN agency, and as such, it is dependent on the member states.
The ITU was not involved in Internet governance until late 2006, when Hamadoun I. Tour? was elected its secretary general. Tour? made the Internet a central issue for the ITU from the start of his tenure. A citizen of Mali, he speaks fluent Russian and studied at the Communications Institute in Leningrad, the same institute where Boris Goldstein, one of the main Russian experts on SORM, studied and has been working for decades. Tour? was well known in and maintained close ties with Russia—he was first elected and then, in 2010, reelected with the full support of Russia. As secretary general of ITU, he became very critical of ICANN, and in August 2010 he even refused Rod Beckstrom, then chief executive and president of ICANN, permission to attend an ITU conference.
Krutskikh spotted all this jockeying and, frustrated by the failures to change ICANN, moved to promote a larger role for the ITU. This was a surprising development for Sadowsky. When he met Krutskikh at a Moscow conference in 2008, the Russian official was pleasant and restrained. But it was another story two years later when they met again at the same conference. Sadowsky said something unfavorable about the ITU, and Krutskikh responded emotionally and forcefully, interrupting the American midremarks.
For Sadowsky, it seemed like Krutskikh—and Russia—had wagered a big bet on the ITU.
The tumultuous uprisings of the Arab Spring that threw out long-serving authoritarian leaders—uprisings that Internet communications accelerated—suddenly made the issue of Internet governance more urgent for Putin. In June 2011 Putin went to Geneva to talk to Tour?. They met at the large hall at the UN Office, and Putin reminded Tour? that Russia cofounded the ITU and went on to say that Russia intended to actively participate in “establishing international control over the internet” by using the capabilities of the ITU. It was an audacious idea: to control the Internet using a century-old UN agency.
Krutskikh, in preparation for the new effort, moved in August 2011 to another department inside the foreign ministry. The department was closely tied to the security services and had once been supervised by a former first deputy director of the FSB. Then in March of the following year he was made a special coordinator for issues regarding political use of information and telecommunication technologies—the Internet—and given a rank of ambassador. He was to be Putin’s point man on a campaign to wrest more control of the Internet from the United States.
The next major ITU conference was scheduled for December 2012 in Dubai. The top ITU officials intended to use the gathering to change the rules for the Internet globally through a review of an existing global treaty, which was last updated in 1988, before the digital era. The ITU intended to amend the treaty to include the Internet and, thus, make it subject to ITU regulation. And the Kremlin decided to make the conference in Dubai the launch pad for a general offensive against US domination of the Internet.
Krutskikh went to work recruiting other countries to support Russia. He won nods of agreement from China, where the Internet is rigidly and widely censored, and from Central Asian nations that were former Soviet republics and also largely authoritarian. In May 2012 Krutskikh won backing directly from the Kremlin. The former minister of communications Igor Shchegolev moved to the administration as Putin’s adviser on the Internet, and he fully shared Krutskikh’s ideas about the ITU and ICANN. Shchegolev had accompanied Putin in June 2011 to Geneva and took part in the meeting with Tour?. The new communications minister, Nikolai Nikiforov, twenty-nine, was technically savvy but inexperienced. He was appointed to his position from Kazan, Tatarstan, where he had served as Tatarstan’s minister of communications. He was far from being an independent political figure.
Krutskikh plotted his strategy for the Dubai meeting in an office near the foreign ministry’s twenty-seven-story tower in central Moscow. His office building next door looked like a giant, seven-story cube with an oblique angle. From there, on the fourth floor, with an Andreevsky Flag (two blue stripes crossed diagonally on white, the insignia of the Russian fleet) on the wall and a spaceship model on his desk, with his papers always carefully sorted, Krutskikh laid out the battle plan, drafting dozens of proposals for the ITU summit.
Google launched a campaign against the Russian offensive. In May 2012 Vint Cerf, “chief Internet evangelist” at Google and widely recognized as one of the fathers of the Internet, published an op-ed in the New York Times headlined “Keep the Internet Open.” He referred to Putin’s remark at the meeting with Tour? in 2011 and criticized a proposal submitted by China, Russia, Tajikistan, and Uzbekistan to the UN General Assembly that sought to establish government-led “international norms and rules” in cyberspace. Cerf proclaimed, “The decisions taken in Dubai in December have the potential to put government handcuffs on the Net.” He appealed for action against it.
But Russia was undeterred, and preparations became more intense. In June the first draft of the Russian proposals to the ITU conference were leaked to the press. They were couched in jargon, but the point was crystal clear: Russia proposed to give countries the right to control the Internet in cases in which it was used “for the purpose of interfering in the internal affairs or undermining the sovereignty, national security, territorial integrity and public safety of other states, or to divulge information of a sensitive nature.” This would give nations the right to censor on the slimmest of pretexts. Then, just two weeks before the conference started in Dubai, there was another leak of Russian proposals, and then another one. The direction of the drafts was the same, giving nations “the sovereign right… to regulate the national Internet segment.”
The two-week ITU conference started on Monday, December 3, at the Dubai World Trade Center, a thirty-nine-story rectangular tower built in 1978 at the city’s Trade Centre Roundabout. More than nineteen hundred participants from 193 countries attended. Krutskikh hoped this would be his triumphal moment.
The Russian delegation was led by the minister of communications, Nikiforov, with Krutskikh as a member of his team. Tour? at once appointed Nikiforov one of the vice chairs of the conference. Russia’s hopes looked promising: the Russian team had already secured private pledges of support from China and eighty-seven other countries for the draft proposals, and Krutskikh was determined to win over other countries.
Throughout the first week of the conference the participants debated the leaked Russian drafts in the corridors and meeting rooms as they waited anxiously for the official Russian proposal to come. Tensions were high, as the United States opposed talking about Internet regulation at the ITU conference at all. On Thursday, December 6, the head of the US delegation, Ambassador Terry Kramer, convened a special briefing. Kramer was not a career diplomat but rather a top company manager with a twenty-five-year career in the private sector and telecommunications, mostly at Vodafone, and was specifically appointed by President Obama to head the delegation. Kramer didn’t hesitate to use strong words. “Fundamentally, the conference, to us, should not be dealing with the internet sector,” he declared. “That carries significant implications that could open the doors to things such as content censorship.” He dismissed the Russian proposals out of hand. “What can happen is what are seemingly harmless proposals can open the door to censorship, because people can then say, listen, as part of internet security, we see traffic and content that we don’t like.”
On Friday, December 7, a twenty-two-page document was passed to the conference’s organizer, the ITU. It was headed, “Russia, UAE, China, Saudi Arabia, Algeria, Sudan, and Egypt. PROPOSALS FOR THE WORK OF THE CONFERENCE.” The document had the insignia of the ITU globe at the top and was dated December 5, 2012. Although the document was written in English, it had been edited by someone with a computer in Cyrillic. Some of the editing changes were made by Maria Ivankovich, an expert at the Radio Research and Development Institute within the Russian Ministry of Communications, one of three major research centers involved in developing SORM, the Russian system of communications interception.
A day later, on December 8, the website wcitleaks.org made a splash in the media by publishing a link to the latest Russian proposal, which declared that member states have “the sovereign right to establish and implement public policy, including international policy, on matters of Internet governance.” The proposal drew condemnation from around the world, and Krutskikh’s dream began to fall apart; the Egyptian delegation announced that despite the fact that its name was on it, it “never supported the document.” On December 10, without explanation, the Russian delegation withdrew it. It was reported that Tour? talked personally to Nikiforov to persuade Russia to withdraw the proposal following American threats to walk out of the conference if the document was formally submitted. Tour? feared that the proposal could break up the conference completely, and he wanted the new treaty to be signed.
The Russian initiative failed spectacularly—strongly opposed by the United States and other Western governments.
At the last day of the conference, on Friday, December 14, a new treaty was offered for signing, and eighty-nine countries endorsed the document, including Russia. Much of the language of the earlier drafts had been taken out, but the final document still contained Article 5B, which stated, “Member states should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services.”
It sounded rather unobjectionable. But the Western delegations were certain that this clause was intended, among other things, to support actions by governments that want to control content on the Internet, as Russia was striving to do. Kramer said the treaty was “seeking to insert governmental control over Internet governance” and, in a dramatic moment, walked out of the hall, destroying any prospects for a treaty. On the whole, fifty-five countries refused to sign the new treaty, including Western European and Anglo-Saxon nations, and their refusal to sign the new treaty meant that the document simply could not be implemented.
Krutskikh was the only Russian official in Dubai willing to comment. “The Americans are the fathers and mothers of the Internet, and we have to appreciate that,” he said with bitterness. “But words like ‘Internet’ and ‘security’ should not be treated like curse words. They have been treated like curse words by some delegations at this conference.”
The Kremlin had sought to recruit nations from around the world to change the rules of the Internet to give authoritarian countries the ability to censor it. But it didn’t work. The nations involved in building the Internet, chiefly the United States, were dead set against it.
Krutskikh’s dream slipped away.
A few months after the ITU disaster Krutskikh took part in a conference on information security in Russia. He spoke at length about the threats to Russia on the Internet, and when he finished, Irina approached him and asked for a comment about what had happened in Dubai. He was both angry and passionate, stating that the Russian initiative didn’t fail because it was never officially on the table. Then he exclaimed, “We have not lost! Eighty-nine countries support us!” He vowed that Russia would continue to promote its model of global Internet regulation in every possible forum.
Snowden’s revelations of mass surveillance of Internet and telephone metadata in 2013 prompted other countries to start thinking in terms of “national sovereignty” on the Internet, and the United States faced widespread condemnation and criticism. Brazil’s communications minister said that local ISPs could be required to store data on servers within the country, saying local control over data was a “matter of national sovereignty.” Later, Germany’s Deutsche Telekom declared that it wanted to create a national Internet to protect Germany from privacy infringements. In February 2014 German chancellor Angela Merkel, furious at the disclosure that the NSA had monitored her cell phone, raised the prospect with French president Fran?ois Hollande to build a European network so as to avoid data passing through US servers.
In June 2013 Presidents Obama and Putin agreed to establish a new working group within the US-Russia Bilateral Presidential Commission as part of a cyber security confidence-building measure between the two countries. To chair the group from the Russian side Putin appointed deputy secretary of the Security Council Klimashin, and Krutskikh was made the group’s cocoordinator. Putin clearly still trusted Krutskikh and his generals. The new working group gathered for the first time in November in Washington; the participants, our sources told us, consciously left Snowden’s name out of the talks.
Krutskikh got a second chance. In February 2014 Putin appointed him his special representative for international negotiations on Internet regulation. On April 23–24, in S?o Paulo, Brazil, a conference was held, NETmundial. Provoked by Edward Snowden’s revelations, it was a two-day global meeting on the topic of Internet governance. Nikiforov, the Russian minister of communications, noted that the conference delivered a standing ovation after a speaker expressed words of gratitude to Snowden. Nikiforov delivered welcoming remarks prepared by Krutskikh, and they had all his usual hallmarks—attacks on ICANN and calls to hand over all powers to the ITU. But against Nikiforov’s expectations, the speech didn’t go over well—the participants simply ignored Russia’s proposals.
The very next day in Moscow Putin declared that the Internet was a “CIA project” and that Russia needed to be protected from it. His remarks were reported far and wide, overshadowing the Russian presentation at the conference, and Nikiforov’s speech was omitted from the documents of NETmundial. The Russian ministry was outraged and published a protest on its site.
Many countries were unhappy with the way the Internet was governed, but it didn’t mean they would march in lockstep with Russia. They could be very critical of US dominance on the Internet or the way their citizens’ personal data was circulated, but they were not ready to turn the global network into a collection of local Internets under the control of national governments.
The Kremlin’s attempt to change the global rules of the Internet fell flat. But there were other ways Putin could experiment with digital sovereignty—for example, in a small, beautiful town on the Black Sea.
- CHAPTER 11 Putin’s Overseas Offensive
- Chapter 5. Preparations
- Chapter 6. Traversing of tables and chains
- Chapter 7. The state machine
- Chapter 8. Saving and restoring large rule-sets
- Chapter 9. How a rule is built
- Chapter 10. Iptables matches
- Chapter 11. Iptables targets and jumps
- Chapter 12. Debugging your scripts
- Chapter 5 Installing and Configuring VirtualCenter 2.0
- Chapter 13. rc.firewall file
- Chapter 14. Example scripts