CHAPTER 12 Watch Your Back
Watch Your Back
In the center of Toronto, on Bloor Street, on a cold day in March 2013 we walked up the steps of a two-story English-style mansion with a tall round tower attached to it. During World War II the building was used to train pilots to identify weather patterns, but now it is part of the University of Toronto. Inside we found a bunch of geeks and researchers who worked to identify surveillance and filtering equipment on communications around the world.
We were met by Professor Ron Deibert, forty-nine years old, who, as a scholar, was deeply interested in the impact of the Internet on world politics. In the mid-1990s he moved to the University of Toronto because it had been the home of Canadian communications theorists Harold Innis and Marshall McLuhan. In 2001 the Ford Foundation offered him a $250,000 grant to conduct research on the Internet and international security, giving rise to a research center known as the Citizen Lab. Deibert recruited ex-hackers, programmers, and researchers in an effort to discover hidden surveillance and content filtering on global networks.
In a few years Citizen Lab emerged as a primary source of data on repressive regimes’ Internet intrusions and attacks on their critics and opponents. In 2009 they identified a massive intrusion into the computers of the Tibetan leader, the Dalai Lama, and on computers in 103 countries. The intrusion was called “GhostNet” and was believed to have emanated from China. Citizen Lab also revealed malware campaigns against Syrian activists and exposed how a remote intrusion and surveillance software called FinFisher was used against protesters in Bahrain and political dissidents in Malaysia and Ethiopia.
We met that day in the tower on Bloor Street. The group also included Masashi Nishihata and Sarah McKune from Citizen Lab as well as Eric King of Privacy International, the British organization concerned with privacy issues. Deibert showed us into the turret room under the ceiling of the tower, known to the staff as the Jedi Council. We joined the group to plan an investigation into Russian surveillance in the upcoming Olympic Games, scheduled for February 2014 at Sochi on the Black Sea.
The games were a showcase for Vladimir Putin. In 2007 he had personally presented, in English, Russia’s bid to the International Olympic Committee, and Russia won. In the years before the games Putin put the FSB in charge of providing security for the Olympics. In 2010 an FSB general, Oleg Syromolotov, was appointed as the chairman of the Russian group that would oversee security at the games. We described to the others at the meeting how Syromolotov, inside the FSB, was not in charge of counterterrorism operations, as might be expected; rather, he was a top counterintelligence officer at Lubyanka since 2000. He spent his entire career in the KGB and then the FSB, and for thirteen years he had directed FSB efforts to hunt down foreign spies. Now he was put in charge of providing security for a major international gathering that would host athletes, journalists, and political leaders from around the world. We told the group that Syromolotov’s appointment was significant. It could mean that Russia viewed the games as an opportunity to collect intelligence.
We obtained a PowerPoint presentation about security at the games that was primarily concerned with the communications challenges, and we found something revealing on its final pages, which we shared with our colleagues. The slides revealed how SORM—the black boxes of the FSB that were placed on all kind of communications connections—were being deployed to Sochi to cover all communications at the games. The next to last slide gave a list of the black boxes’ basic requirements, including that they should be able to “intercept all segments of the network,” that the fact of SORM’s presence there should be completely secret, that there should be an iron-clad system to avoid anyone discovering that they were being intercepted, and that they should be hidden from the personnel of phone companies and ISPs. We suggested to our colleagues that Russia was preparing to use surveillance of the same intensity that China had in the 2008 Summer Games in Beijing.
King, of Privacy International and a world-renowned expert in spotting the presence of surveillance equipment suppliers, had made it his passion to attend every expo on surveillance throughout the globe. He knew what SORM was about—he had come across this technology in Central Asia. He asked us, “What does it mean that it is being upgraded for the Olympics? Does that mean that SORM will be combined with deep packet inspection [the system of infiltrating the content of communications]? If they were used together, would that transform the targeted surveillance into mass surveillance? In other words, would it help to identify and track, say, activists by words they use?”
We just didn’t know. We thought there might be clues if we could find out what hardware and equipment was being used, but that would take some digging.
One thing we did know was that the FSB and Interior Ministry officials spoke openly and increasingly about their experiences in the 1980 Moscow Olympics more than three decades earlier. Officials had learned certain lessons about both surveillance and physical security of the Games. The lesson for surveillance was to monitor as much as possible; the lesson for physical security was to isolate the Games as much as possible.
In 1980 the Olympic Games were secured in a way that was only possible in the totalitarian Soviet state—Moscow was ruthlessly cleansed of any possible troublemakers, who were sent out of the capital, and the city stood empty for the two weeks of the competitions, surrounded by troops and with KGB officers at every corner. When some of the sporting events were underattended, the authorities just sent troops to fill the stands. The Moscow Olympics was surrounded by paranoia; the KGB prepared dozens of reports of foreign intelligence services’ “hostile intentions” to undermine the games.
We underscored to the group in Toronto that the appointment of Syromolotov, a top counterintelligence officer in the FSB, seemed to echo this Soviet-style approach. It was clear that in Sochi the authorities wanted to combine the KGB’s traditional methods with cutting-edge surveillance technologies.
Those who gathered in Citizen Lab’s tower that day knew how quickly the pace of electronic surveillance was growing in Russia. The FSB’s supervision of the Olympics security meant that all measures were to be carried out under a veil of secrecy. For years it had been impossible to obtain comments from the FSB; the press office was effectively shut off from journalists’ requests. Not only officials but also companies contracted by the authorities to provide security solutions were reluctant to talk.
Under the turret that day we acknowledged with the others that there were many unknowns. We felt that Russia was preparing something large and menacing in surveillance, but we didn’t know how it would be actually used, how it would work, and what was the goal for the FSB: to gather intelligence using interception and surveillance, to stop protesters from reaching the site of the games, or maybe to use the surveillance measures as a big stick to intimidate and frighten possible troublemakers?
We also wondered about the future of SORM and what the Russian authorities wanted to do after the games ended. Was Sochi intended to be a laboratory to be replicated all over the country? After all, many security measures, first tested in Moscow in 1980, were then introduced on the national level. Even the antiriot police units known as OMON, which had beaten protesters during the demonstrations in 2011–2012, were formed because of the Moscow Olympics. What kind of legacy would Sochi leave in terms of surveillance and control of information?
The information games were afoot.
Once we got back to Moscow we decided to make a point of examining all kinds of open sources, including technical documents published on the government’s procurement agency website, zakupki.gov.ru; Russian law requires all government agencies, including the secret services, to buy their equipment through this site. We also scrutinized presentations and public statements made by government officials and top managers of firms involved with the Olympics and security for the city of Sochi. We reviewed public records of government oversight agencies such as the telecoms watchdog Roskomnadzor. Soon we found out that our suspicions about upgrading SORM were correct.
The Russian Supreme Court keeps statistics about court orders issued for interception, but they are held deeply inside the court’s filing system and are not in the open. For years finding such information was impossible; members of parliament told us they could not get it. Then a lawyer gave us a hint on how to mine the data out of the computers. We followed the lawyer’s advice and discovered what we were looking for—the court’s statistics. We found that in six years Russia’s use of SORM had skyrocketed: the number of intercepted phone conversations and e-mail messages doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These figures do not include counterintelligence eavesdropping on Russian citizens and foreigners, the area of Syromolotov’s department.
It was hard to find specific details about SORM deployment in Sochi, so we turned to the data of Roskomnadzor, the communications watchdog that was very busy making sure SORM equipment was properly installed in the Sochi region. We discovered that several local ISPs were fined for having failed to install Omega, the SORM black box recommended by the FSB. One document from Roskomnadzor showed that in November 2012 the ISP Sochi-Online was officially warned for “failing to introduce the required technical equipment to ensure the functioning of SORM.”
Our suspicions about SORM deepened on April 8 when Gus Hosein, director of Privacy International, forwarded us a US State Department warning for Americans wanting to attend the Olympics in Sochi. The document, issued by the department’s Bureau of Diplomatic Security, carried the title, “Russian SORM Factsheet, Winter Olympics; Surveillance; Cyber,” and it warned that when traveling to Russia, people “should be aware that their telephone and electronic communications may be subject to surveillance, potentially compromising sensitive information.” The warning then went into details describing SORM, stating that the system “permits the monitoring, retention and analysis of all data that traverses Russian communications networks.” The document warned people heading to Sochi to be extremely careful:
Consider traveling with “clean” electronic devices—if you do not need the device, do not take it. Otherwise, essential devices should have all personal identifying information and sensitive files removed or “sanitized.” Devices with wireless connection capabilities should have the Wi-Fi turned off at all times. Do not check business or personal electronic devices with your luggage at the airport…. Do not connect to local ISPs at cafes, coffee shops, hotels, airports, or other local venues…. Change all your passwords before and after your trip…. Be sure to remove the battery from your Smartphone when not in use. Technology is commercially available that can geo-track your location and activate the microphone on your phone. Assume any electronic device you take can be exploited…. If you must utilize a phone during travel consider using a “burn phone” that uses a SIM card purchased locally with cash. Sanitize sensitive conversations as necessary.
When we read this, we wondered what the Americans knew about SORM that we didn’t.
A year before, in August 2012, the Americans were the most numerous spectators at the London Olympics, with over sixty-six thousand Americans attending the games. It was clear that Americans would come by the thousands to Russia in February 2014.
Although we worried about the use of surveillance and interception in Sochi, it had a legitimate purpose in fighting terrorism. The threat and the reality of terrorism cast a long shadow over Sochi, and then it happened.
On April 15, 2013, Boston hosted its annual marathon, and 23,000 runners took part. About two hours after the winner crossed the finish line but with more than 5,700 runners yet to finish, two bombs detonated on Boylston Street. Three people were killed and more than 250 injured. The same day, using surveillance cameras, police identified two brothers as suspects, Tamerlan and Dzhokhar Tsarnaev. After a manhunt, the older brother, Tamerlan, was killed, and Dzhokhar captured. It was soon discovered that over a decade before the attack, their parents, ethnic Chechens, had moved the family to the United States from Dagestan, a Russian internal republic in the North Caucasus.
The terrorist attack had a lasting impact on the way the terrorist threat to the Sochi Olympics was viewed in the United States and around the world. It was long assumed that the militants in the North Caucasus were not interested in attacking Western targets. Since the 1990s the Chechen movement shifted from a nationalist agenda to make Chechnya independent, to one embracing radical Islam. The Chechen’s top commander, Dokku Umarov, proclaimed an Islamic state in the North Caucasus, the Caucasus Emirate, in October 2007, and since then militants spread across the republics of the North Caucasus, but primarily in Dagestan. They continued to attack Russians—developing a clear terrorist strategy, attacking civilians on the Russian mainland, including in Moscow, and killing law enforcement personnel in the North Caucasus. But foreigners were not in their crosshairs.
The Boston bombing raised questions about whether that had changed. To make things worse, in a few months thousands of Americans would fly close to the Islamists’ stronghold; Sochi, one of the most beautiful places in South Russia, on the coast of the Black Sea, is geographically located at the foot of the Caucasus Mountains.
Soon it became known that the Russian FSB had sent messages in 2011 to the FBI and CIA about Tamerlan Tsarnaev. Though these letters were not real warnings—rather, the FSB asked for information on Tsarnaev, fearing he could join the militants in Dagestan—this information inflamed public opinion in the United States, and there were calls for more cooperation between Russian and American security services. Putin and Obama spoke twice by phone in the wake of the marathon bombing. A White House statement said Obama praised the “close cooperation” Washington received on counterterrorism from Moscow, stating, “Both sides underlined their interest in deepening the close cooperation of the Russian and US special services in the fight against international terrorism.” On May 11 British prime minister David Cameron said that the Russian and British security services would cooperate in the build-up to the Winter Olympics in Sochi after his talks with Putin, adding that Britain would be providing “limited” security support at the Olympic Games. “We both want the Sochi Games to be a safe and secure Games,” he said.
This was a bad time to be asking questions about surveillance at the Olympics. The bombings in Boston made many people more tolerant of surveillance because of tangible fears of terrorism.
Six months before the Olympics were to open, on August 19, 2013, Putin signed an executive order, No. 686, that effectively turned the Olympics venue into a fortress. It banned the entry of all vehicles and cars apart from those specially registered to Sochi from January 7 to March 21, 2014. Putin’s order also prohibited any protests in the area of the Games during this period. But some of the fortress wasn’t visible.
All those who wanted to visit the Olympics were required to pass through advance screening by the security services. The Russian authorities introduced a new security measure, a spectator pass that all visitors of the Games would need to have. To get it, a visitor was required to post his or her passport data and photo on a special website and wait for the FSB to check their information. If there were no suspicions, an applicant could receive a spectator pass, which bore his or her photo and name. Only with the spectator pass in hand could a visitor buy tickets to the Olympic competitions. The procedure was clearly aimed at gathering data on tens of thousands of people from across the globe.
In August 2013 Irina decided to get a spectator pass, so she went on the official Olympic website. Because the procedure required taking a photo, Irina clicked the function to do this. Her computer then warned her that the site “is requesting access to your camera and microphone. If you click ‘Allow,’ you may be recorded.” This seemed a bit odd, so we asked Citizen Lab’s researcher Byron Sonne to look at the site more closely. “This image, where the Flash entity on the site is asking for access to your camera and microphone, does indeed appear pretty intrusive and downright creepy,” he responded. We wondered whether this procedure was intended to collect legitimate information or to send a message that everybody was being watched.
We analyzed dozens of open-source technical documents published on the government procurement agency website as well as public records of government oversight agencies and presentations of companies contracted by the government. We confirmed that SORM had been greatly strengthened in Sochi for the Olympics.
In November 2012 it was announced that there would be free WiFi access at all the competition venues “for the first time in Olympic history” as well as in the media centers and media hotels. But all users were required to login and provide their spectator pass details—the FSB wanted to make sure nobody went unrecognized.
Conventional security measures would be high at Sochi, with more than forty thousand police on duty and more than five thousand surveillance cameras installed across the city. To gather data from cameras, in 2009–2011 Sochi had a federal program called “Safe Sochi,” and a centralized command and control center was built in the city. The cost of the program was more than 1.5 billion rubles (over $48 million), and 1.2 billion of that was provided by MegaFon, one of three national mobile operators. We also discovered that Sochi was to be the first Olympics that would use surveillance drones, with both the FSB and the Interior Ministry acquiring drones. The FSB also purchased sonar systems to detect submarines so as to prevent a sea-launched terror attack.
We wanted our investigation to come out before the Olympics, as we hoped that the international and national media attention to Sochi could help prompt the conversation about out-of-control surveillance throughout Russia. But where could we publish the story? When dealing with sensitive stories, Russian media preferred not to be the initial source. In our investigation project “Russia’s Surveillance State,” most of our stories were first published in Wired and only then translated and picked up by Russian media.
The Guardian seemed to us the obvious choice. The British newspaper put a great deal of effort into covering surveillance issues. In these months the Guardian had been running Snowden’s revelations almost on a weekly basis, and the Guardian’s Luke Harding had been our friend since his days as a Moscow correspondent.
We wrote to Luke in early September, describing what we had. “Sochi is a terrific story,” he answered. He forwarded our e-mail to the Guardian’s foreign editor and put us in touch with their new Moscow correspondent, Shaun Walker, whom we met at a Moscow caf? to discuss the story and possible repercussions. It was a very sensitive story, and we didn’t know how the Kremlin might react to such an account in a Western newspaper; the Games were Putin’s personal project, guarded by the FSB. The decision was not easy for Shaun either; though he had been living for years in Moscow, it was his very first week as the Guardian Moscow’s correspondent, and the FSB had expelled his predecessor, Luke Harding, from Russia two years before.
We spent three weeks editing and repackaging our investigation. Meanwhile Shaun worked on getting comments. But it was slow and painful. Finally Shaun said that the Guardian had decided to run the story on October 1. Then it was delayed. And then, a surprising development: on the morning of October 2 the authorities announced that there was to be a press conference about security measures at the Olympics, that day at 2:00 p.m. Shaun rushed to the RIA Novosti building, where the press conference was to take place. FSB official Alexey Lavrishchev was listed among the participants and stated, “No, the city of Sochi will not be like a concentration camp.” He then recalled the London Olympics: “Video surveillance cameras were mounted everywhere, even, excuse me, in the toilets. None of this will happen in Sochi!” He stressed that security in Sochi will be “invisible and unnoticeable.” Shaun sent us a quick message, “Amazing press conference! He read off a sheet of paper for 15 minutes, then they had questions, but only Russian outlets.” He added, “He scuttled off like a crab at the end.”
The Guardian ran our investigation on Sunday, October 6, placing it on the front page and headlined, “Russia to Monitor ‘All Communications’ at Winter Olympics in Sochi.” It added, “Exclusive: Investigation Uncovers FSB Surveillance System—Branded ‘PRISM on Steroids’—to Listen to all Athletes and Visitors.” The term “PRISM on Steroids” was coined by Ron Deibert, with PRISM referring to the especially intrusive NSA program designed to intercept communications without the knowledge of communications services providers, exposed by Snowden.
Three days after the Guardian piece was published, the major English-language Russian government propaganda outlet, the Voice of Russia, ran an interview with a pro-Kremlin expert about the story, full of personal attacks against us and Shaun Walker. We had expected as much. But the next day the position was changed: the same Voice of Russia published a story that seemed to come clean about what we were reporting. We were stunned at the admissions, particularly the headline that admitted that the authorities were tapping the phones. “Don’t Be Scared of Phone Tapping During Sochi-2014, It’s for Your Own Safety—Experts.” We were further surprised when these experts talked openly about the equipment installed. They admitted that “technological equipment of special services provides for eavesdropping on telephone conversations, as well as for analyzing social network and e-mail correspondence” and said that “this kind of control is the best way to spot terrorist activity and nip the problem in the bud.”
We began to wonder: Why was this being acknowledged so openly? Were all these sophisticated technologies going to be actually used at Sochi, or was it something else? Was it just the threat of surveillance being used to intimidate and deter? What really puzzled us was that the story was not met with the usual denials and silence; instead, the authorities were talking about it.
Even as the acknowledgment of the surveillance plans surprised us, we did a double-take on November 8, 2013, when Prime Minister Dmitry Medvedev signed an instruction listing all the parties who would be subject to FSB surveillance, including the organizers of the Games, all the athletes from around the world, judges for the competitions, and the thousands of journalists who would converge on Sochi. The decree provided for the creation of a database for the users of all types of communication, including Internet services at public WiFi locations “in a volume equal to the volume of information contained in the Olympic and Paralympic identity and accreditation cards”; that is, the database contained not only each subscriber’s full name but also detailed information guaranteed to establish his or her identity. The database contained “data on payments for communications services rendered, including connections, traffic, and subscriber payment,” meaning it contained all information on who called whom or sent messages during the Games as well as the location of each call. In the language of intelligence agencies this is called “gathering metadata,” the same kind of data-harvesting that the US NSA carried out and Snowden exposed.
It was the openness of Medvedev’s instruction that shocked us—it was posted on the government’s website. What’s more, it seemed to us that the authorities were trying, somehow, to signal that at the Olympics, watch your back, because we are watching you.
Medvedev’s instruction required the government to store the data collected during the Games for three years and said the FSB must be provided “round-the-clock remote access to the subscriber database.” That means the FSB, operating from a remote location, will have three years to explore by whom, when, and how often athletes, judges, and journalists attending the Games were contacted.
On November 13 three members of the European parliament tabled written questions that raised concerns about surveillance at the Sochi Olympics, referring in particular to our investigation. “Given that everybody seems to be spying on everyone else these days, it seems legitimate to ask questions not only about the EU and the United States but about Russia as well,” said Sophie in ‘t Veld, a Dutch member of the European parliament and the author of the questions. “Russia is a particular problem because of the Olympics, which it is using as a pretext for stepping up surveillance, with no court oversight.” She added, “I hope this will act as a wake-up call.”
On December 29, at 12:45 a.m., a suicide bomber walked in the hall of the railway station in Volgograd, about six hundred miles from the venue of the Olympics, and blew himself up. Eighteen people were killed. The next day around 8:30 a.m., a trolleybus that connects a suburb to Volgograd’s downtown area was hit by a suicide bomber, killing sixteen people. Volgograd is a large city located in the South Federal District of Russia, the same district as Sochi. Militants from Dagestan organized the bombings, which raised fears that the Russian authorities would be unable to secure the Games and that the “ring of steel” Putin had declared was built around Sochi would not stop terrorists. The stakes were high, and Western leaders hastened to offer Putin more help in providing security. Privacy concerns were set aside.
On Sunday, January 19, the Islamic militants in Dagestan claimed responsibility for the bombings. They also delivered a direct threat to the Olympics. In a video posted online two men addressed Putin, “If you hold these Olympics, we will give you a present for the innocent Muslim blood being spilled all around the world: in Afghanistan, in Somalia, in Syria.” One of them added, “For the tourists who come, there will be a present, too.”
A few days before the video was posted, Dokku Umarov, a leader of Islamist extremists on the North Caucasus, was reported to have been killed by Russian forces, but it didn’t eliminate the threat. The Olympics presented a tempting target for militants. In the 2000s strong censorship in the Russian media had deprived the militants of attention, and the movement was in decline. But for the Olympics the eyes of all major global news organizations were to be focused on Sochi.
At the time journalists spotted wanted posters with the images of three women who were suspected suicide bombers, so-called black widows, at the airport and in the Sochi hotels. Police launched an urgent search for possible suicide bombers and distributed the posters further. For months the Russian media had been under pressure to report everything around the Olympics in positive way, and now they were hesitant to report the news that black widows were being sought inside the “ring of steel.” Then a local blog, blogsochi.ru, posted information about these suicide bombers. When NBC reported the news, the Russian media picked up the story. The authorities felt clearly uncomfortable; they had failed to prevent the news from spreading.
Meanwhile, after the publication of our investigation in the Guardian, dozens of Western journalists came to us, asking anxious questions about their communications before traveling to Sochi. Some of them were on their way back from Sochi to Moscow and told us stories of odd happenings with their phones and laptops in Sochi. Wacek Radziwiniwicz from the Polish newspaper Gazeta Wyborcza could not connect with the server in Warsaw, and his phone received wrong SMSs. “Our technicians told us not to use public Wi-Fi,” said Nataliya Vasilyeva, Moscow correspondent for the Associated Press. “But sometimes we used it, and every time the system required to provide all details for identification. It was like enter and say, ‘Hello, it’s me.’” Andrei opted not to bring his laptop to Sochi when he traveled to the city with an NBC crew in early January.
Boris Nemtsov, an opposition leader in Moscow and a former deputy prime minister, had written a report, published in 2013 and prepared with help from Nikolai Levshits, a civil activist, that documented some of the corruption surrounding contracts for the Olympics. He suggested that more than half of the $50 billion spent on the Games had disappeared. Just before the Games, in January 2014, Levshits applied for a spectator pass to the Olympics. He tried twice, but every time the website sent him the same message: “Your application is rejected.” He also noticed that the website tried to take control of his laptop.
On February 5, two days before the opening ceremonies, Dmitry Kozak, the deputy prime minister responsible for the Olympic preparations, made a tour with foreign journalists around Sochi. Kozak had a surprising response to some criticism expressed by journalists about the conditions in the hotel rooms: “We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall, and then leave the room for the whole day,” he said. His statement was bizarre but also struck us as containing a fascinating warning: we are watching you, even in the shower.
The Games opened on February 7, and the grand opening ceremony at the Fisht Olympic Stadium lasted for three hours. Forty thousand spectators came to watch the event, and Putin personally greeted the athletes. The official theme of the ceremony was “Dreams of Russia,” and the mood was festive.
On February 19, four days before the Games ended, the protest band Pussy Riot made a trip to Sochi to perform and planned to record a new video clip. They knew it could be difficult: after the group performed a punk prayer, “Mother of God, Chase Putin Away,” in Moscow’s Cathedral of Christ the Savior, they were considered an enemy of the state, and three of them were imprisoned. Anastasia Kirilenko, a journalist for Radio Liberty, was to accompany Pussy Riot in Sochi. They were well aware of surveillance and had talked details of the coming trip via ChatSecure, an encrypted smartphone messenger. One of the group’s supporters gave them new cell phones that, in Sochi, they used exclusively. But it did not help Pussy Riot avoid surveillance. Video cameras spotted their car, and the police detained them a few times under false pretexts.
Nevertheless, Pussy Riot managed to perform in Sochi twice. Five girls in colorful balaclavas started to shout out “Putin will teach you to love the Motherland” in front of the Sochi-2014 banner and were immediately attacked by a group of Cossacks, who beat them with whips, ripped their masks off, and threw the group’s guitar away. Journalists recorded the group’s performance and the Cossacks’ intrusion. A bit later the group held another performance in central Sochi next to the Olympic rings in front of the city hall. Although police watched the event, they did not intervene. The video of the clip went viral.
The Russian secret services have had a long tradition of using spying techniques not merely to spy on people but to intimidate them. The KGB had a method of “overt surveillance” in which they followed a target without concealing themselves. It was used against dissidents. After all of the evidence we found of investments in cutting-edge surveillance technologies, the FSB primarily used them for intimidation; they wanted to showcase their surveillance and did not hide it, like the “overt surveillance” of the KGB. The authorities didn’t deny our investigation—in fact, it was confirmed by the Voice of Russia, and Medvedev’s decree, openly posted, also sent a strong signal. Even Kozak’s comment, though extremely bizarre, seems to make the same point—in Sochi we are watching you everywhere.
But the intimidation didn’t work. Committed bloggers, foreign journalists, Pussy Riot, and activists all managed to do their thing without much restraint. If the surveillance was built to prevent protests or bottle up information, then the surveillance state built in Sochi was a paper tiger. Still, publicly Sochi became a great personal success for Putin; he got support domestically and around the world. After all, nobody wanted to question the enormous $50 billion cost of the Games. It was all justified by success: Russia was back. The games went off largely without a hitch—there was no terrorism and a great deal of national pride on display.
We don’t know with any degree of detail how much interception or surveillance was carried out at Sochi using such things as SORM and other technology. But we think there is another possibility, equally disturbing: the Russian secret services gathered large amounts of personal data on all visitors to the Games, including diplomats, journalists, and all kinds of officials. And these efforts were planned and conducted under guidance of the top counterintelligence official in the country, and counterintelligence officers tend to play a long game. It cannot be ruled out that someday, long after the closing ceremony of the Olympic Games, any one of these people could be approached with the information collected in February 2014 in Sochi.
- CHAPTER 12 Watch Your Back
- Chapter 5. Preparations
- Chapter 6. Traversing of tables and chains
- Chapter 7. The state machine
- Chapter 8. Saving and restoring large rule-sets
- Chapter 9. How a rule is built
- Chapter 10. Iptables matches
- Chapter 11. Iptables targets and jumps
- Chapter 12. Debugging your scripts
- Chapter 5 Installing and Configuring VirtualCenter 2.0
- Chapter 13. rc.firewall file
- Chapter 14. Example scripts