Vladimir Putin's Cyber Warriors
The Kremlin's Ham-handed Effort to Squelch Online DissentAndrei Soldatov
ANDREI SOLDATOV is the co-founder of the Web site Agentura.ru . He is the author, with Irina Borogan, ofThe New Nobility: The Restoration of Russia’s Security State and the Enduring Legacy of the KGB .
Early on Tuesday morning, my Web site, Agentura.ru, which covers the activities of Russia's secret services, was shut down by a distributed denial of service (DDoS) attack. My technical staff and I were forced to reset the site's server every 15 minutes, but it didn't help: the site was down for the most of the day.
This came later than I expected: many independent Russian news and analysis Web sites faced attacks and disruptions on Sunday, the day of Russia's parliamentary elections, in which the party favored by Prime Minister Vladimir Putin, United Russia, suffered an embarrassing setback at the polls, even after engaging in widespread voting fraud.
In total, 14 sites were victims of DDoS attacks, including those of the radio station Ekho Moskvy, the newspaperKommersant, and Golos, the country's only independent election watchdog. Those Web sites were attacked as early as 6:40 on Sunday morning, according to Alexei Venediktov, Ekho Moskvy's editor-in-chief, and remained offline for the entire day. According to information-security experts at Yandex, Russia's largest search portal, more than 200,000 computers were turned into "slaves" for the DDoS attack, in which a targeted site receives so many requests for access that it simply shuts down. It is a simple, cheap, and effective way to disrupt a Web site, at least temporarily.
The attacked sites responded by migrating elsewhere. For example, the news portal Slon.ru and the Web site of the newspaper Bolshoi Gorod moved their content to the Web site of the television channel Dozhd. For their part, Ekho Moskvy and Golos used blogs on LiveJournal.com; when LiveJournal later came under attack, Golos switched to Google Docs to publish its data on electoral violations.
Putin's announcement in September that he, and not Dmitry Medvedev, would run for president in March prompted a backlash of renewed political activism among the Russian middle class. Many everyday citizens, along with journalists and activists, joined the ranks of volunteer election observers from the country's political parties for Sunday's parliamentary elections. They tried to prevent ballot stuffing, and documented violations with cell-phone cameras. The large-scale hacking attacks were clearly intended to prevent the news of these violations from getting out. Almost all the Web sites attacked on Sunday intended to publish Golos' data, which included video footage of ballot stuffing and photographs of banners for United Russia, forbidden on the day of elections.
The disabling of my Web site was part of the second wave of attacks. This phase had a different objective: instead of suppressing information about election fraud, the goal was to eliminate reporting about street protests against the election violations. On Monday, the small Web site Epic-hero.ru was attacked, apparently for announcing the first large-scale demonstration, at Chystie Prudi, a square in the center of Moscow. On Tuesday came an attack against Agentura.Ru, and on Thursday, an attack temporarily crippled the Web site of Novaya Gazeta, the newspaper that published Anna Politkovskaya, the journalist who was murdered in 2006 after years of reporting about Russian abuses in Chechnya.
Of course, DDoS attacks against Russian Web sites deemed to be hostile to the Kremlin are nothing new. This tactic first appeared in January 2002, when Russian hackers brought down for a day Kavkaz.org, the Web site of Chechen separatist fighters. It turned out that the perpetrators were students in Tomsk, a city in central Russia; the local department of the Federal Security Service was fully aware of the attack, putting out a press release that defended the actions of the students as a legitimate "expression of their position as citizens, one worthy of respect." Since then, what the Russian press calls "hacker patriots" have launched a series of DDoS attacks aimed at the Web sites of independent media sources in Russia, as well as at government agencies in Estonia, Georgia, and Lithuania. (The Russian state always denies responsibility for these attacks.)
What was new in the latest attacks, however, was that the DDoS campaign was combined with open government pressure. This was especially true in the case of Golos: a few days before its Web site was taken down, the organization was charged with violating Article 5.5 of the Russian Federation Administrative Code, which forbids the publication of voter polls less than five days before elections; its head, Liliya Shibanova, had her laptop confiscated at the Moscow airport by the customs service.
The very nature of the DDoS attack can make it extremely difficult to establish who is behind it. In May 2007, Estonia's foreign minister, Urmas Paet, accused the Kremlin of direct involvement in cyberattacks against the country, but the Estonian government failed to present proof, and in September 2007, Estonian Defense Minister Jaak Aaviksoo admitted that he had no evidence linking the attacks to Russian authorities.
Published at Foreign Affairs 9.12.2011