: The Red Web: The Struggle Between Russia

CHAPTER 16 The Red Web Comes to the United States

CHAPTER 16

The Red Web Comes to the United States

Despite the gloomy and depressing mood that swept the country after the Russian government defeated the Moscow protests and the patriotic hysteria generated by its annexation of Crimea, uncensored debates and unrestricted exchange of opinions still remain possible on the Russian Internet. The Kremlin certainly didnt emerge a winner from its first serious collision with the global network.

Since then we have seen two major developments. Inside Russia the Kremlin, worried about the disastrous consequences of its efforts to control the Internet, turned to China for guidance and technical support. The ramifications of this turn could be very serious. Outside Russia most Kremlin offensives now include an aggressive cyber component, such as the hacking operation in the United States in 2016, which produced surprisingly successful results. Whether it affected the outcome of the presidential election result is questionable, but it certainly propelled Russia right into the heart of the election process and made Putin look like the third playerperhaps even the kingmakerin the most powerful country of the world.

So how did the Kremlin, once so fearful of the power of the Internet and understanding so little about the nature of the global network, find a way to use it in the United States, the birthplace of the Internet and still its innovative powerhouse? The first stage of the story required Russia to align its interests with a onetime online antagonist. So began the uncomfortable liaison between the Kremlin and WikiLeaks.

In January 2016 thirty-five-year-old Mika Velikovsky, a shrewd, jovial reporter with a habit of wearing an Indiana Jones hat everywhere he went, was invited to join an international team of investigative journalists.

Velikovsky was thrilled. He had been in and out of work for several years, ever since the Kremlin began its purge of the media following the Moscow protests in 20112012. In media circles this purge was referred to as a fing chain of events, an expression coined by its first victim, the editor of the liberal journal Bolshoi Gorod (The Big City), who was fired because his publication had been supportive of the protests. Four years later the Moscow media landscape was distinctly depressing, rife with stories about bad editors and which team of journalists had just been fired.

Velikovsky accepted the job right away. After all, he had plenty of experience working on investigations involving international partners. In the late 2000s he worked for the Russky Reporter (Russian Reporter), WikiLeaks media partner in Moscow.[1] In 2010 Velikovsky traveled to Sweden and spent a few days conferring with WikiLeaks founder Julian Assange. After that, he became Russian Reporters contact for interacting with Assanges team, working on US State Department diplomatic cables and the leaked emails from the private security company Stratfor. Velikovsky valued his connection with WikiLeaks and took pains to maintain it after the joint project ended, speaking occasionally on Skype with Assange and Sarah Harrison, head of the WikiLeaks investigative team. (It was not easy: Assange had a habit of cutting partners off completely once a project was done.) The effort was fruitful: when Velikovsky visited Assange in London the Russian journalist agreed to work on a film based on the WikiLeaks cables. He spent four months traveling across Central Asia for a documentary that was to show how the regions authoritarian regimes reacted to the WikiLeaks expos?s.[2] When Edward Snowden flew to Moscow, Velikovsky tried to use his contacts at WikiLeaks to get in touch with the American. He even met with the WikiLeaks people in Moscow, but the only result of this effort was surveillance by the Russian security services. The surveillance was so easy to spotthe same men followed Velikovsky on foot and in a carthat it was clearly intended to be a warning.[3] The state seemed to be telling him to mind his own business.

In 2016 Velikovsky was invited to join a large-scale investigation being conducted by the Organized Crime and Corruption Reporting Project (OCCRP), which consists of reporters based all over Europe and the former Soviet Union, from Azerbaijan to Romania to Ukraine to Russia. The project had gotten their hands on an extensive trove of documents detailing offshore Panamanian companies that government officials and oligarchs all over the worldRussians includedused for illegal purposes, including fraud, tax evasion, and evading international sanctions. When the journalists findings were eventually published, the Panama Papers made headlines all over the world.

Before that, though, the internationl team spent months digging into the documents and connecting the dots. Each national team was given data on their compatriots. Using this data, each group tried to zero in on the financial activities of their countrys high-placed government officials and their personal friends. The Russian team consisted of reporters from Novaya Gazeta, one of the most respected independent outlets still operating in Russia. The publication exists under constant government pressure, and its journalists risk their lives for their work: contract killers assassinated Anna Politkovskaya, critical of the war in Chechnya, in October 2006. Now Velikovsky joined the team.

The OCCRP broke its first story on April 3, 2016. Velikovsky was proud to be part of it, especially as it turned out that his team unearthed the biggest news contained in the Panama Papers. The Russian journalists identified multi-million-dollar accounts owned by Sergei Roldugin, a personal friend of President Putin. Roldugin was a cellist, and although he had some business dealings, including oil and the media, he was no oligarch. And yet it appeared he had been put in charge of Putins private money.[4]

These findings quickly developed into a major news story when Putins spokesperson, Dmitry Peskov, commented on them.[5] This was highly unusual: Russian officials generally do not comment on sensitive stories in order to prevent them from gaining traction. To the team of Russian journalists, this looked like an endorsement of their findings.

But then Velikovsky was confronted with something totally unexpected. WikiLeaks launched a vicious attack on the OCCRP report on Twitter. On April 5 WikiLeaks posted:

#PanamaPapers Putin attack was produced by OCCRP which targets Russia & former USSR and was funded by USAID & Soros.

In another tweet they developed the accusation:

US govt funded #PanamaPapers attack story on Putin via USAID. Some good journalists but no model for integrity.

The tweet implied that the journalists had been used, either as paid agents or as dupes of the US government. USAID and George Soros are conspiracy theorists totems. For years the Kremlin has seen the United States Agency for International Development, USAID, as a CIA front that is plotting to undermine the Russian political regime. Meanwhile George Soros, along with his foundation, Open Society, have been accused of sponsoring color revolutions in Russias neighboring countries. Russia expelled USAID in September 2012 and listed Soross Open Society Foundation as an undesirable organization in November 2015 after the General Prosecutors Office said it threatened Russias constitutional order and security.[6]

Mika Velikovsky was outraged. His friends at WikiLeakspeople he worked alongside for yearshad turned against him. It was personal, and it was unfair. In Velikovskys eyes Assange betrayed the very principles he had explained to him during their conversations: Assange told me many times that its not important what the leakers motivations are or who he works for. The only important thing is the authenticity of the documents. If you have doubts, you can start thinking about why and where and how. But if you dont have any doubts [about the documents authenticity], then it doesnt matter who leaked. Thats why it was so disgusting to see this coming from WikiLeaks![7]

Days went by, and the Roldugin story didnt die. Instead, with each passing day it gained more media coverage all over the world. On April 7 Vladimir Putin attended a media forum in St. Petersburg where he personally commented on the Panama Papers. He immediately attacked journalists: What did they do? They manufactured an information product. They found some of my friends and acquaintancesI will talk about that shortlyand they fiddled around and knocked something together. I saw these pictures. There are many, many people in the backgroundit is impossible to understand who they are, and there is a close-up photo of your humble servant in the foreground. Now, this is being spread!

He was clearly personally affronted. Putin could barely hold himself together: There is a certain friend of the Russian president, and they say he has done something, so probably something corruption-related. What exactly? There is no corruption involved at all![8]

And then Putin did something unexpected: he tried to debunk the findings by citing WikiLeaks claim that the whole thing was an American conspiracy: Besides, we now know from WikiLeaks that officials and state agencies in the United States are behind all this!

The next day we were both at the Journalism Festival in Perugia. Sarah Harrison, the head of WikiLeaks investigative team who had spent forty days alongside Snowden in Moscows airport in 2013, was there too. She was giving a talk about WikiLeaks and Snowden.

During the question-and-answer session Andrei asked Harrison about WikiLeaks response to the Panama Papers. Andrei also pointed out that, to Russian journalists, WikiLeaks conspiracy claim sounded strange: after all, the journalists who took part in the Panama Papers investigation worked for Novaya Gazeta, a newspaper whose commitment to exposing corruption has led to the high-profile murders of several of its journalists. Yet just the day before, Andrei continued, Putin had quoted the WikiLeaks tweet about US funding to publicly call into question the Panama Papers investigation findings.

Referring to bias and spin, Harrison immediately deflected responsibility: Please, do not make me responsible for what Putin says! What Putin says and does has nothing to do with me!

Then she went on the offensive. The fact that a Russian story was the first to make headlines was, in her eyes, enough to justify WikiLeaks attack. It is very clear, from the reporting that came out, that its being used as basically an attack on Putin, she said. Then, echoing the longstanding Kremlin line, she added, And the funding of this organization as a whole does come from the USAID![9]

Her response shocked us: we have known both the OCCRP project and its leader, the Sarajevo-based veteran journalist Drew Sullivan, since 2008. Sullivan was well respected in investigative journalism circles; for years he and his reporters have been exposing corruption in regions not particularly safe for journalists. Sullivan is also known for his integrityjust a year earlier, in the summer 2015, he stated that his organization would stay away from a $500,000 US government grant to combat Russian propaganda: The problem starts with the grant title, Investigative Journalism Training to Counter Russian Messaging in the Baltics. He continued, The title implies the grant seeks journalists to actively counter a Russian message which, at best, is not a mission for journalism and, at worst, is propaganda itself.[10]

We were dismayed to hear WikiLeaks using the same line of argument as the Kremlin. We felt that this kind of logic was not compatible with the ideals of the free flow of information we believe in and that WikiLeaks itself had, in the past, professed. WikiLeaks appeared to take the Kremlins side, and we didnt understand why.

The very same day, April 8, Putin summoned an urgent meeting of his Security Council in the Kremlin. These meetings are held in high secrecyeven official photographers are rarely admitted. This time the long, marble-covered hall on the second floor of the domed Kremlin Senate building was almost emptyat the grand table only eight of the twenty-one seats were occupied. Of these eight people, six were former KGB officers: Putin himself; his chief of staff Sergei Ivanov; Sergei Naryshkin, the speaker of the Duma; Nikolai Patrushev, the secretary of the Security Council; Alexander Bortnikov, the FSB director; and Mikhail Fradkov, chief of the Foreign Intelligence Service, the SVR. Neither the minister of defense nor the chief of military intelligence were present.[11] The transcript of the meeting was never made public. The relatively small number of participants and their known backgrounds leads us to think it was about a very sensitive matter, such as the need for a retaliatory response to the Panama Papers expos?s.

In the United States the presidential campaign was in full swing, and the Kremlin was watching as Hillary Clinton seemed headed toward an almost-certain victory. Putin had strong feelings about her: he believed she had been a driving force behind the Moscow protests. He also believed that she and her people at the US State Department were behind most of the Western anti-Russian movesfrom the US sanctions, to the activities of the Russian opposition, to journalistic investigations exposing corruption in Russia. Putins circle was certain that the Obama administration was working to get Clinton elected. In their conspiratorial eyes this meant that the result of the US elections had already been decided.

A week passed, and on April 14 Putin held his annual television phone-in show. The Direct Line is broadcast live by Russian television channels and major radio stations. At this show Putin again brought up the Panama Papers and felt the need to further defend his friend Roldugin. He also renewed his accusations against the United States: Who is engaged in these provocations? We know that there are employees of official US agencies.

Next he said something very strange: An article was writtenI asked [my] press secretary Peskov where it first appearedin the S?ddeutsche Zeitung. The S?ddeutsche Zeitung is part of a media holding that belongs to the US financial corporation Goldman Sachs. In other words, the ears of masterminds are sticking out everywhere [a Russian expression, meaning their fingerprints are all over it]![12]

It was a baffling connection, and it was wrong. Why on earth had the Russian president mentioned Goldman Sachs? Goldman Sachs does not own the German S?ddeutsche Zeitungand the respected newspaper immediately issued a statement to that effect. The next day the Kremlin responded with a rare apology: It is more the error of those who prepared the briefing documents [than Putins], its my error, Kremlin spokesperson Dmitry Peskov told reporters.

So why bring up Goldman Sachs at all?

By mid-April, including when Putin made his strange remark, a hacking grouplater identified as APT29, or Cozy Bearhad for months been inside the Democratic National Committees (DNC) computer system. In March a second team, known as APT28, or Fancy Bear, had joined in and launched its own attack on the DNC. On March 19 Fancy Bear hackers had made a breakthrough: a Clinton campaign chairman, John Podesta, was lured into re-entering his Gmail password on a specially designed phishing web page, and hackers began pumping his emails off it.[13]

In the fall of the election year of 2016 one of the biggest news stories that came out of the hacking operation was the publication of Hillary Clintons transcripts of three paid speeches at Goldman Sachs. In these speeches she was embarassingly uncritical of Wall Street as she discussed the causes of and responses to the 2008 financial crisis.[14] The hackers stole these transcripts from John Podestas email account in the springright around the time of Putins comments about the cellist Roldugin and his false statement about S?ddeutsche Zeitungs connection to Goldman Sachs. WikiLeaks published the documents in October 2016. But in mid-April, when Putin gave his press conference, nobody except the hackers and those who had directed them knew that the hackers possessed Hillary Clintons Goldman Sachs transcripts.

If someone had briefed Vladimir Putin about the hackers Podesta findings, he may have been encouraged to believe in a conspiracy theory whereby Clinton had prompted a Goldman Sachs connection to publish the Panama Papers. Its difficult to see how the bank got into his head otherwise.

Four days later, on April 19, the domain DCleaks.com was registered.

In the summer DCleaks.com would become one of the two websites used for publishing emails from hacked accounts of American officials. Another would be WikiLeaks.

On June 14 Ellen Nakashima, the national security reporter at the Washington Post, broke a story: Russian government hackers had penetrated the network of the US Democratic National Committee. Ellen had been briefed by DNC officials and Shawn Henry, a former head of the FBIs cyber division, now president of CrowdStrike, the private information security company hired to handle the DNC breach.[15] Nakashimas story was met with furious denials from the Kremlin: I completely rule out a possibility that the [Russian] government or the government bodies were involved in this, said Putins spokesperson, Dmitry Peskov.[16]

The next day CrowdStrike published the report along with technical details of the hacking attack.[17] The author of the report was Dmitri Alperovitch, cofounder and chief technology officer of CrowdStrike. Alperovitch, a blonde, solidly built thirty-six-year-old cyber expert, left Russia in 1994 and had never since set foot back in his native land. (My Moscow is long gone, he told Andrei.) In the 2000s Alperovitch became a prominent American cyber expert, having made his reputation investigating Chinese hackers operations in the United States.[18] In his report on the DNC hacking Alperovitch made a bold claim about the hackers identity and their sponsors: the activity of Fancy Bear may indicate affiliation with Glavnoye Razvedivatelnoye Upravlenie (Main Intelligence Department) or GRU, Russias premier military intelligence service. He was not so certain about the second team, Cozy Bear, but most experts, including Alperovitch, were inclined to think Cozy Bear was the work of the FSB.

This posed a serious problem for the US government. The Kremlin had been outsourcing its hacking activities, making attribution difficultwhich was no accident. The Kremlin had used outsourced groups elsewhere to create plausible deniability and lower the costs and risks of controversial overseas operations. For example, for years Moscow denied its military presence in the east of Ukraine, insisting it was some local guerrillas.

The Kremlins tactics were opposite of Chinas, where the regime directly oversees cyber attacks and it is possible to identify the chain of command. In Russia all kinds of informal actorsfrom patriotic hackers, to Kremlin-funded youth movement activists, to employees of cybersecurity companies forced into cooperation by government officialshave been involved in operations targeting the Kremlins enemies both within the country and in former Soviet states.[19]

This heterogeneous group had developed an impressively efficient set of tactics. In general there were three common features. The first was the use of rank-and-file hacktivists not directly connected to the state in order to help the Kremlin maintain plausible deniability. The second was guidance and protection from criminal prosecution, provided by the presidents administration alongside the secret services. Finally, hacked information was published as kompromat (i.e., compromising materials) online as a way of smearing an opponent.

The Russian government used this approach regularly against their opposition and activists. For instance, in the summer of 2012 hackers penetrated a Gmail account belonging to Alexei Navalny, one of the leaders of the Moscow protests, and then a blogger who went by the nickname Hacker Hell published Navalnys emails. Hacker Hell was not part of any government organization, and the Kremlin insisted it had nothing to do with hacking. (When the Kremlin disowned Hacker Hell, however, it did not help him. In 2015 a German court identified Sergei Maksimov, a Russian national who had been a German resident since 1997, as Hacker Hell and found him guilty of hacking Navalnys account. The German court gave him seventeen months probation.[20])

In March 2014 Ukraine found itself in the crosshairs. The hacktivist group CyberBerkutwhich consisted of supporters of the countrys former president Viktor Yanukovych, who had fled to Russia the previous monthclaimed to have hacked the email accounts of Ukrainian NGOs. A trove of emails was published on the website of CyberBerkut. These emails purported to prove that the targeted NGOs were not only in touch with the US Embassy but also received funding from American foundations. CyberBerkuts goal was obvious: portray the Ukrainian NGO activists as thoroughly corrupt, American puppets engaged in betraying their country.[21] In January 2015 the same group of hackers attacked German government websites, including Chancellor Angela Merkels page, demanding that Berlin end support for the Ukrainian government.[22]

In April 2015 hackers also worked their way into the French television network TV5Monde. Pretending to be ISIS, the hackers breached the system and overrode the broadcast programming of the companys eleven channels for over three hours. The French governments cyber agency ANSSI (Agence nationale de la s?curit? des syst?mes dinformation) attributed the attack to Russian hackers, a group known later as Fancy Bear.[23]

In 2016 it was the United States turn to come under attack. Putins spokespersons first reaction to the DNC hackingin which Peskov emphasized the fact that no Russian government, and no Russian government bodies were involvedseemed to suggest that the Kremlin was recycling tactics that had worked against Russian dissidents, Ukrainian activists, and French television. There was even an obscure hacker to blame: the day Alperovitch published his report, a hacker who styled himself as Guccifer 2.0 announced on his blog that he had hacked the DNC. As proof, Guccifer provided eleven documents from the DNC.[24]

The Kremlins denial tactics had worked relatively well in the past mostly because the governments of countries that had been attacked were hesitant or unable to pursue the accusation as far as the Kremlin. But in the spring of 2016 this changed. In May our contacts in Western cyber circles told us that the cyber expert community had just reached a new consensus: currently available technical evidence was advanced enough both to trace and attribute cyber attacks.

If an attack could be attributed to a hacking group with a known history of attacking similar targets and this groups attacks consistently worked to benefit one particular country, this constituted enough evidence to determine that the attacks were backed and directed by the state of that beneficiary country.[25]

The attack on the DNC was the first offensive investigated with this new approach in mind. Both CrowdStrikes Alperovitch and the US intelligence community concluded that all evidence pointed to a Russian governmentbacked attack. In fact, Alperovitch was certain he had caught identifiable Russian military intelligence operatives red-handed, right in the middle of executing the DNC operation. Andrei, all of them are in uniform! he exclaimed to Soldatov during a meeting in Washington. The US intelligence community shared Alperovitchs convictions.[26]

Although Alperovitch and his team expelled the hackers from the DNC computer system, that didnt stop the hackers operation. They simply moved to the next stage: publishing kompromat.

On July 1 DCLeaks.com released a series of private emails written by the former NATO commander in Europe, four-star general Philip Breedlove. This leak was meant to show the Obamas administration weakness toward Russia, using emails that allegedly show Breedlove trying to overcome Obamas reluctance to escalate military tensions with Russia in response to the conflict in Ukraine.[27]

On July 22 WikiLeaks published a massive collection of internal DNC emails. It was a large haul, with 19,252 emails and 8,034 attachments from the inboxes of seven key staffers of the DNC, including communications director Luis Miranda and national finance director Jordan Kaplan. The same day Guccifer 2.0 claimed on Twitter that he had leaked the DNC emails to WikiLeaks.[28]

In mid-August DCLleaks.com released personal informationincluding mobile phone numbersbelonging to more than two hundred Democratic Party lawmakers.

The data hemorrhage seemed unstoppable.

The US government had to respond and respond swiftly, and it had a playbook ready. This set of rules was called cyber CBMs, or confidence building measures. The author of the cyber CBMs concept was Michele Markoff, a seasoned American diplomat who had spent half her career in strategic nuclear arms control negotiations. In 1998 she went into cyber and became a key figure at the Office of Cyber Affairs in the State Department. The career of her Russian counterpart, Andrey Krutskikh, had followed a similar trajectoryfrom nuclear arms control to cyber. In the 2010s Markoff and Krutskikh represented their respective countries at most of the talks between Russia and the United States on cyber space.

Markoff believed that the Internet needed a set of measures similar to the ones established to prevent a nuclear war. These controls, she thought, could prevent a cyber conflict from escalating. She found a good listener in Krutskikh. In June 2013 she secured the US-Russia bilateral agreement on confidence building in cyber space.

As part of the agreement the White House and the Kremlin established the Direct Communications Line. Essentially a secure communication line, it ran between the US Cybersecurity coordinator and a deputy head of the Russian Security Council and could be used should there be a need to directly manage a crisis situation arising from an ICT [information and communications technology] security incident.[29] It was the digital eras equivalent of the mythical Cold War red telephone, the hotline that connected the presidents of the Soviet Union and the United States in emergencies.

The new hotline was integrated into the existing infrastructure of the Nuclear Risk Reduction Center, located in the Harry S Truman Building, the headquarters of the US State Deparment. It was from there at the end of September that Michael Daniel, Obamas cyber czar who had a background in national security, passed a message to Sergei Buravlyov, a deputy secretary of the Russian Security Council and colonel-general of the FSB. It was used the first time since it was established, said Daniel, whose mission was to communicate the US governments serious concerns about the Russian information operation to attempt to influence the election. The line was built to pass a message, and only if there is further escalation does it provide an option to communicate by voice. We didnt get to that, recalled Daniel. He declined to comment how his Russian counterpart received the message, but it obviously was not a diplomatic success.[30]

There was, it turned out, a fundamental flaw in Michele Markoffs logic. Modern cyber conflict is simply not comparable with conventional armed or nuclear conflict. When there is a missile launch or preparation for a missile launch, there is no way for the government to deny responsibility. However, all kinds of informal actors who are not easily detected can launch cyber attacks. This is called the problem of attribution, and it means a government can disown responsibility. The Kremlin saw this flaw and exploited it to the fullest. They had a different playbook. The message to Buravlyov was a dead end.

Vladimir Putin was clearly enjoying himself when, on September 1, a Bloomberg reporter asked him about the DNC hack. He laughed and said, There are a lot of hackers today, you know, and they perform their work in such a filigreed and delicate manner that they can show their tracks anywhere and anytime. It may not even be a track; they can cover their activity so that it looks like hackers are operating from other territories, from other countries. It is hard to check this activity, maybe not even possible.

The president was apparently under the impression that hackers could not be identified and thus the attack could not be attributed. Putin clearly had not been briefed about the major shift in digital forensic and attribution policy that had taken place within the cybersecurity community in the spring and didnt expect the US government to accuse Russia of running the hacking operation. But just in case, he carefully repeated the line of defense his spokesperson Peskov had previously used: Anyway, we do not do that at the government level.

Putin didnt leave it there; he made a point of adding, Besides, does it really matter who hacked Mrs. Clintons election campaign team database? Does it? What really matters is the content.[31]

This exactly echoed Julian Assange, who had said in a July interview with NBC that commentators should be focusing on what the documents say, that the real story is what these emails contain.[32] (A hardly consistent claim given WikiLeaks April attack on Mika Velikovsky and his friends.)

Putin gave the Bloomberg interview in Vladivostok, on his way to the G20 Summit in China. There he met US president Barack Obama. There was no proper conversation between themObama just pulled Putin aside and told him to cut it out and there were going to be serious consequences if he didnt.[33] Putin responded that the United States had long funded media outlets and civil-society groups that meddled in Russian affairs.[34]

The sticky question of attribution remained unresolved despite the cyber communitys new guidelines. Although several cybersecurity companies confirmed CrowdStrikes findings and US intelligence supported the thesis that two Russian intelligence agencies conducted the DNC hack, the Kremlin continued to deny any responsibility. Meanwhile informal actors, like Guccifer 2.0, kept claiming they were behind the hack.

Inside Russia, Kremlin propaganda mocked US hacking claims while private Russian cyber companies were busy briefing journalists, apparently with one objective: to destroy the credibility of the CrowdStrike June report. The media were trying to figure out whether the Russian military intelligence cyber capabilities were up to the task of hacking the DNC servers. Cyberwarfare had been an FSB monopoly for more than two decades, and the Russian Ministry of Defence set to form its own so-called cyber troops relatively late, only in 2014.[35] Although the military immediately joined the FSB in actively recruiting at Russian technical universities, spotting the best and brightest, this didnt quite support the claims that Fancy Bear was a military intelligence frontmost cybersecurity experts thought Fancy Bear had been operational since at least 2007, long before the Russian military had joined the cyberwar scene.

On September 26, 2016, we were in Moscow when we got a message on WhatsApp from a friend at an American TV network: Let me know if you have a few mins to chat. He then sent us a collection of scraps from what appeared to be intelligence briefings on Trumps connection with the Kremlin. Three days later another journalist from a top US newspaper contacted us with something that looked like it was coming from the same source. This information gave some insight into the Kremlins thoughts about the US election.

The documentthe now-famous dossier prepared by Christopher Steeleread like a series of reports and included prurient details of an alleged assignation during Trumps stay in the Ritz hotel in Moscow, among other things. It also made strong allegations about Trumps closeness to Putins people. The American journalists were hesitant and wanted us to check the facts in the report. Its starting to smell like BS. It seems like a smear campaign, one of them told us.

So what was it? Was it a smear campaign? The answer was not immediately clear. Kremlin outsiders had no way of verifying most of the claims in the document. Some details, including names, were clearly erroneousmisspelled or misattributed. For instance, the name of the Russian diplomat withdrawn from the embassy in DC was Kalugin, not Kulagin, and the FSB unit named as responsible for gathering compromising material on Hillary Clinton, Department K, has nothing to do with eavesdropping or cyber operations. (Apparently, it was a confusionthere is another Department K in the Interior Ministry, and this is what oversaw cyber investigations.)

But the dossier was accurate in one thing: it correctly described the decision-making process in the Kremlin, and this suggested human sources in high places in Moscow.

The dossier also included some information about the DNC hacking, and it was strikingly different from the story told by CrowdStrike and repeated by the US intelligence. It implied that it was not the GRU or FSB but rather Sergei Ivanov who was ultimately responsible for the operation, though he was not entirely happy with the outcome. Dmitry Peskov, Putins spokesperson, remained a key player in the operation and played the crucial role in handling and the exploitation of intelligence by his PR team. And Ivanov was one of the six KGB officers present at the April meeting of the Security Council in the Kremlin Senate. In terms of foreign intelligence Ivanov was the most experienced person at the meeting. On August 12 he had been removed from his position of chief of Putins administration, but he maintained access to the marble-covered hall of the Kremlin SenatePutin preserved his seat on the Security Council.

The dossier also asserted that the hacking operation had been organized through informal channels and used informal actorshackers groups and companies. The FSB, not military intelligence GRU, was named as the lead organization within the Russian state apparatus for cyber operationssomething that meshed better with what we had been finding when we investigated CrowdStrikes report. The report further claimed that the FSB often uses coercion and blackmail to recruit the most capable cyber operatives in Russia for its state-sponsored programmes with the goal to carry out its, ideally deniable, offensive cyber operations. Further, the dossier said that Putin knew about the hacking and was generally satisfied with the progress of the anti-Clinton operation up to date.

Still, it was full of unverified claims and mistakes. Nobody knew what to do about it, and despite its wide circulation among reporters, it wasnt made public until January 2017, when Buzzfeed posted it online and it became known as the Trump Dossier.[36]

In early October 2016 the US government took an unprecendented step: they officially accused Russia of a hacking operation, apparently trying to force the Kremlin to stop. The denunciation, made by the Department of Homeland Security and Office of the Director of National Intelligence, stated that the U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. The statement went on to say, We believe, based on the scope and sensitivity of these efforts, that only Russias senior-most officials could have authorized these activities.[37] Washington just raised the stakes for the Kremlin.

This step, however, had no immediate consequences. The hacking operation seemed to be suspended, but not the publication of kompromat: on October 2 Roger Stone, a longtime unofficial adviser to Donald Trump, tweeted cheerfully:

Wednesday @HillaryClinton is done. #Wikileaks.[38]

He was mistaken: the WikiLeaks publication came out not on Wednesday but had been postponed until Friday, October 7, when WikiLeaks published thousands of emails from John Podestas Gmail account.[39] The emails had excerpts from Clintons paid speeches, including the speeches at Goldman Sachs. Three days later, on Monday, Trump was at a campaign rally in Wilkes-Barre, Pennsylvania. This just came out. I love WikiLeaks! he told the crowd. Trump then read aloud quotes from Clintons speeches revealed by WikiLeaks.[40] In his hand Trump also had an email he said had been sent by Clinton adviser Sidney Blumenthal, in which Blumenthal appeared to admit that the killing of a US ambassador in Benghazi had had been almost certainly preventable. Next Trump read, Clinton was in charge of the State Department and it failed to protect US personnel at an American consulate in Libya. Trump said this email had come from the WikiLeaks trove. But it hadnt. In fact, the Russian pro-Kremlin agency Sputnik had fabricated this quote. A Newsweek journalist had actually originated the quote in an article, and Blumenthal had copied and pasted it to Clinton. Sputnik, however, reported the comment as having been written by Blumenthal.[41]

By then the WikiLeaks website was hosted at least partially on the premises of the Russian hosting company HostKey on Barabanny Lane in the east of MoscowWikiLeaks had moved its hosting to Russia in August.[42]

On November 6, on the eve of the election, WikiLeaks released a second collections of DNC emails, more than 8,263 in total.

On the US election day of November 8, at 3:45 p.m. Moscow time, when the polling stations in the United States just opened, Putin summoned his Security Council. This time the marble-covered hall in the Kremlin palace was more crowded. Along with the April group, Putin invited Prime Minister Dmitri Medvedev; Foreign Minister Sergei Lavrov; Minister of Defence Sergei Shoigu; the new head of the Administration of the President, Anton Vaino; and Vyacheslav Volodin, the Speaker of the Duma.

Officially Putin convened the meeting to talk about the pension system and how reform could affect servicemen. But this could hardly explain the presence in the room of Sergei Ivanov. And it didnt explain the presence of Sergei Lavrov either, who was evidently nervous and drummed his fingers during Putins opening remarks, the only part of the meeting the Kremlin press office allowed to record.[43]

The next morning when the results of the election became known, Trumps victory was met with jubilation in Moscow. Parties were given and, in the State Duma, champagne bottles were popped.

Russian officials openly praised Trump on TV. But the anxiety was also palpableTrump was not expected to win, and nobody thought his victory would go over easily in Washington. Lots of people started asking themselves what the American intelligence services might do now about Trumps Russian connections.

For the Kremlin it was time to cover some tracks.[44]

Unlike in Soviet times, these days Moscow is extremely well lit at night; in fact, the authorities take a special pride in the capitals sparkling lights. Even so, no one driving along Leningradskoe highway toward the city center could possibly miss the two five-story, cube-shaped buildings of Kaspersky Lab: day and night the offices radiate electric light. Thanks to transparent walls, everyone who passes can see Kaspersky Labs employees at their desks at all hours, working on their black Dell computers. However, on the first floor of the main building the glass walls are always shuttered.

This floor houses Kasperskys investigation unit, headed by Ruslan Stoyanov. In Russian, Stoyanovs unit goes by the acronym ORKI (from Otdel Rassledovania Kompruternikh Incidentov), which calls to mind Orcs, a race of creatures in Tolkiens fantasy books who live underground and fight the men of the West. This was not a coincidenceStoyanov has a weakness for symbolic names. The company he had founded before joining Kaspersky was called Indrik, a fabulous beast in Russian folklorea gigantic bull with a head of a horse and an enormous horn, the king of all animals, who also spends his time wandering underground.

Stocky and short cut with a goatee, Stoyanov has always had strong patriotic feelings and likes to spend his holidays off-roading his four-wheel winch-equipped Niva (a Russian version of a Landrover Defender) through the woods.

Stoyanov built his reputation serving in the famous K Department of the Interior Ministry (the same one that, presumably, the Trump Dossier meant to refer to). In the K Department Stoyanov spent six years investigating cybercrimes. In 2006 he left the Ministry. Four years later he launched Indrik, which provided DDoS-protection to the corporate market. Before long, Stoyanovs companys future was all but secured when Kaspersky Lab began providing Indriks services to its customers. In 2012 they joined forces. Working for Kaspersky now, Stoyanov formed his investigation unit, the orcsORKI. Next Stoyanov became the contact point between Kasperskys big clientsbanks and corporations under cyber attack who wanted to find their attackersand the Interior Ministry and the FSB. Stoyanovs role was to provide expertise for criminal investigations, but Kaspersky worried that the influx of requests for help from the FSB and the Interior Ministry were getting out of control. So they decided that Stoyanov should be the companys single entry point for the secret services. Stoyanov cultivated his contacts with his former colleagues in the K Department of the Interior Ministry and with its counterpart in the FSB, the Information Security Center. At the FSB Stoyanov dealt primarily with the Information Security Centers deputy head, Colonel Sergei Mikhailov. Mikhailov had a tarnished reputation outside the Lubyankain 2011 he had tried to force the online media Roem.ru, specializing in web enterprises and social networks, to disclose the identity of one of its journalists. Surprisingly, he failedthe General Prosecutors Office found his interest unlawful.[45] But Mikhailov also served as a handler of companies running crucial parts of the Russian Internet infrastructure.

Stoyanov also took pains to cultivate his contacts with Western counterpartsnot only American but also German, British, and Dutch law enforcement agencies, among others. Russian hackers tended to live in Russia, but their hacking fingerprints existed globally.

Stoyanovs patriotic feelings didnt prevent him from traveling abroad. Travel was important to his sense of self-esteema former major of the Russian police, he could go to the United States and talk with American cyber experts as an equal about fascinating things.

In the fall of 2016 Stoyanov, now in his late thirties, had a special reason to be proud of himself: he had helped collect evidence for Russias biggest-ever crackdown on financial hackers, involving the arrest of fifty members of a cyber crime ring known as Lurk that had stolen more than 3 billion rubles ($45 million) from banks in Russia and abroad. Stoyanovs unit had been investigating the groups activities for years, and a joint operation with the FSB and the Interior Ministry had finally resulted in arrests.[46]

Stoyanov knew just about everyone in the murky world of cyber, and he seemed indispensable for Kaspersky and the secret services. But as the winter of 2016 fell on Moscow, the citys paranoid atmosphere turned Stoyanovs assets into his biggest liability. In short, Stoyanov and his friends knew too much about the Russian digital underground and its intricate and complicated connections with the secret services. They also had contacts in the West. Thus, they were a vulnerability.

On December 4, a Sunday, the operatives of the FSB went after Stoyanov. He was arrested in the airport on his way to China. Stoyanovs wife and colleagues at Kaspersky learned of his arrest only after he failed to get online when his plane landed the next day. Mikhailov and his subordinate, Dmitry Dokuchaev, once known by the hacker alias Forb, were also seized by the FSB. (A few months later it turned out that Dokuchaev was the only confirmed connection between criminal hackers and the Russian secret services engaged in offensive operations in the United Statesin March 2017 the FBI identified Dokuchaev as a member of a group that had hacked Yahoo in 2014.[47])

The FSB charged Stoyanov, Mikhailov, and Dokuchaev with state treason and threw them into the Lefortovo Prison. Lefortovo is Russias closest equivalent to Dumass Ch?teau dIf. It is entirely isolated, with tough and effective guards, and unauthorized contacts are completely impossible. Although there are always ways to communicate with the outside world in other Russian prisons, Lefortovo is an exception. Its guards make every effort to prevent inmates from seeing one another. When escorting prisoners guards use little clackersa circular piece of metalor snap their fingers to make their presence known to the other guards. If two escorts meet, one puts his charge into one of many wooden cabinets lining Lefortovos corridors. This has been the practice since Tsarist times.

Most cells house two people, and as a rule a newcomer is placed with an undercover FSB agent as his inmate for several monthsto spy on him constantly inside the cell.

Stoyanov, Mikhailov, and Dokuchaev were locked up and safely secured. The FSB also worked on their relatives and colleaguesthe information about the arrests remained secret to the public until the next year.

In January Sergey Buravlyov, the FSB general at the Russian end of the cyber hotline with the Americans in 2016, was quietly removed from the Security Council. Contrary to all Kremlin rules, no public announcement was made about his resignation.

With that, all the doors to the information about the Russian cyber operations were shut and sealed.

Or were they?

In April 2017 Stoyanov managed to smuggle a letter out of Lefortovo. In the first sentence Stoyanov asks the question on everyones mind: Why me? He explains that he is one of the people who fought cybercrime for the last 17 years but the paradigm in cybercrime has changed. Now cybercrime is closely connected with geopolitics. Thats why [cybercriminals] could unleash the full power of the government against an expert like me. And thats why I was prosecuted. Stoyanov clearly believes that there is a connection between the Kremlin and hackers.

Vladimir Putin built a fortress out of the Russian governmentimpenetrable and suspicious, with dead-ends and trap pits to trick the enemy and protected by thousands of guards and secret agents. Here decisions are made for unclear reasons, and there is almost no way for outsiders to understand whats going on. The officials behind the Kremlin walls accept by definition that the environment outside is hostile, so why tell the truth when its more practical to lie and thus surprise the enemy? The Kremlin adopted this logic years ago. This is why understanding what actually happened in 2016 is so tricky.

The Russian hackers did not compromise polling stations, nor did they affect the critical infrastructure of the United States during the presidential campaign. Donald Trump found himself in the White House for a number of very serious reasons, most of them originating in the United States, not from abroad.

Yet there was something the Kremlin did foster in the political culture of America, something that was all too familiar to Russianand, before them, Sovietcitizens. The Soviet officials never trusted the people. They strongly believed that any Russian citizen at any moment could spontaneously go mad or get drunk, crush the equipment in the workplace or come into contact with a suspicious foreigner and expose state secrets. In short, the authorities wholeheartedly despised the people they governed. The people are unreliable and, thus, needed to be managed and kept under control. Thats why every Soviet citizen was limited in his or her travels and contacts and entangled in hundreds of instructions, all with the goal of preventing him or her from doing anything unauthorized. And there was always someone behind the next doora party official or a KGB officerto be asked for permission.

The KGB believed in the same theory, but it went deeper. They were trained to think that every person was driven only by baser, inferior motives. When confronting Soviet dissidents, they looked for money, dirty family secrets, or madness, as they couldnt accept for a second that someone could challenge the political system simply because they believed in their cause.

Putin is a product of this thinking. He doesnt believe in mankind, nor does he believe in a benign societythe concept that people could voluntarily come together to do something for the common good. Those who tried to do something not directed by the government were either spiespaid agents of foreign hostile forcesor corrupti.e. paid agents of corporations. Any public debate with them about important issues was thus meaningless and dangerous. For Putin the serious business of governance should be left to professionalshis government officials.

This message was spread inside the country and was used to attack the political opposition; it also targeted all sorts of activists, from enviromentalists to feminists, using all the tools of propaganda available, from TV channels to social networks. Political or civic activity is a dirty business by definition, and nobody could be trustedthat was the main message. In the fragmented, confused post-Soviet society, it worked pretty well.

This cynicism was Putins gift to America.

In 2016 this message was widely propagated through social media in the United States, to a great extent supported by the publication of leaks, most of which were the result of Russian hacking operations. Conspiracy theories about Hillary Clinton, supplied by the evidence provided by WikiLeaks, were picked up by the pro-Kremlin English-speaking media like Sputnik, then promoted by trolls on Facebook, Twitter, and YouTube. Donald Trump was keen to exploit them, as the Blumenthal fake email story proved.

But this alone was not the reason Trump won the presidency. Large sections of American society had already lost their trust in political institutionsand particularly in the media. The process had started long ago and is also apparent in many other Western countries. The Russian hackers and their bosses did not create a wholly new narrative in America but instead sought to exploit the weaknesses that already existed.

This dark concept of total distrust was mostly spread via the Internet because it was what the Internet was built forsharing ideas. Although the Internet is the most democratic means of communicating, it can be used by governments and groups that understand nothing about its nature. Creating disruption on the Internet doesnt need advanced technologyNorth Korea very quickly developed cyber capabilities strong enough to hack Sony servers, and for years ISIS has outmaneuvered the West in online propaganda. Russia simply combined hacking, the public use of stolen information, and the momentacting during the election period.

Does this mean we should accept the concept that the Internet carries more threats than benefits?

The creators of the Internet supported the opposite concept. Unlike Putin, they believed in people and built the global network under the assumption that it would be used for sharing something good. They may look na?ve these days, but we got our modern linked-up technological world thanks to their concepts, not Putins. The Internetand the concepts behind itare still full of potential.


: 0.442. /Cache: 3 / 1