And finally, you can view your Pressimus profile by clicking on your profile image, and selecting your profile, and you can customize your Pressimus settings by selecting settings.
Watch quick explainer video

Request Invitation

Stream by
The Interpreter
Russian-to-English translation journal, with original analysis and commentary on Russia's foreign & domestic policy.
Who Is Hacking Russians?

Publication: Analysis
Readability View
Press View
Show oldest first
The Interpreter
Russian-to-English translation journal, with original analysis and commentary on Russia's foreign & domestic policy.
Who is Hacking the Russian Opposition and State Media Officials -- and How?

In recent weeks, public figures from both the Russian opposition as well as the Russia state and pro-Kremlin media have been attacked by hackers who spilled their private communications out to social media or paralyzed their sites. Dmitry Kisilyev, the Kremlin’s chief propagandist and head of the state holding company Rossiya Segodnya [Russia Today] who hosts the program Vesti [News], found his private e-mail and Whatsapp messages on the pages of a blog run by a Russian hacking collective called Shaltay-Boltay (@b0ltai), the Russian expression for “Humpty Dumpty”.

The hackers, also known sometimes as Anonymous International, published a provocative selection of messages from Kisilyev and his wife that revealed, among other things that he had bought an expensive apartment worth $2.5 million and she had bought herself a dissertation. More – some 11 gigabytes’ worth – was promised to the highest bidders at a related auction site  where the opening bid was set at 33 BitCoin (BTC) which was worth some $15,000. Two days remain before the bid closes with the highest offer currently only at 38 BTC ($17,146). 

Two opposition activists, Georgy Alburov, a staff member of Navalny’s Anti-Corruption Fund (FBK), and Oleg Kozlovsky, an opposition blogger, were also hacked and their messages on the popular messaging app Telegram were accessed. They mounted vocal protests on social media, and Alburov called on the readers of his Facebook and Twitter feeds to boycott the Russian phone company MTS. Alburov blamed MTS for caving to the demand of the Federal Security Service (FSB) to send a fake authorization code to access his Telegram messages. Even the state media covered his complaints, and MTS lost share value, possibly related to his boycott.

A third victim of hacking was the pro-Kremlin ANNA News, which covers wars in Ukraine, Syria and elsewhere; a Ukrainian hackers’ group uploaded a YouTube in which they claimed to have demolished the ANNA site and all its files and even its back-ups. ANNA was down for several days but is now working again.

Devastation for the Opposition 

Last month, two other opposition leaders, Mikhail Kasyanov, chair of the Parnas party, and Natalya Pelevina, a member of Parnas’ federal council, were both videotaped clandestinely having an affair and their web site and personal Whatsapp messages hacked. The state NTV ran a vicious expose of Kasyanov and his colleagues, "Kasyan's Day." Their privacy in ruins, the Parnas members had to face their colleagues, led by deputy Parnas chair Ilya Yasin, who demanded that Kasyanov step down from the party’s top spot on the list for the elections or run in the primaries to see if voters would continue to support him. He refused to do so, believing he should not cave to the secret police in an engineered humiliation. Pelevina stepped down from the federal council, but announced she would run in the elections.

Kasyanov continued his campaign but the scandal triggered the break-up of the opposition’s carefully-constructed Democratic Coalition; by that time Navalny demanded that Kasyanov face the primaries, as did other members. Navalny’s group then left the coalition and are now in talks with Yabloko, a non-parliamentary party subsidized like all recognized parties by the government. Navalny is unfased by his own hacks – they have grown routine for him.

All of these exposes occurred at the same time and involved the same apps – is it possible that the same forces are behind them? It seems unlikely, given that not only the mode of hacking appears to be different, the range is wide, from a figure like Kiselyev trusted by the Kremlin with their main messaging tasks and a critic like Kasyanov who was vilified on state TV to ANNA, which publishes videos that go further even than Russian state TV in promoting the “Novorossiya” movement of pro-Russian separatists in Ukraine and Assad’s forces in Syria.

Hackers' Agenda 

It’s also hard to know the true agenda of the most infamous hackers, Shaltay-Boltay, because in the past their hacks have seemed to be less about criticizing President Vladimir Putin or the oppression of the Russian government system than they appear to be about possibly one faction in the Kremlin fighting against another. Perhaps such factions used hired hackers or perhaps there are forces within or around the FSB and its technical experts interested in curbing not just the anti-Kremlin opposition but extremism in the Kremlin itself which ultimately hurts Russia’s image, as Kiselyev does with his notorious provocations such as the threat to “reduce America to nuclear ash” or “burn the hearts of gays.”

In the past, when Boltay leaked the correspondence of Timur Prokopenko, the head of information policy for the Kremlin after he left his job, and other officials, the point of the disclosure seemed to be that -- shock – such officials give orders to a supine state press about how to cover the opposition and even try to pressure the independent press. The main scandal of the hack was evidence that the Kremlin supported Marine Le Pen's far-right Front National in France, more of an embarrassment for a Western country than the Kremlin. Blogger Oleg Kashin commented that Boltay seemed to blame journalists who caved to censorship more than the censors themselves.

Buzzfeed raised the question of whether the Boltay hackers were related to the Kremlin’s “grey cardinal” Vladislav Surkov because a target of one hack was Vyacheslav Volodin, Surkov’s rival who replaced him in a position at the Kremlin. Boltay denies that they are related to government officials, however and claim they don’t share Surkov’s views – even if the sharing of his methods continue to raise eyebrows.

Nothing leaked about Kiselyev so far seems so shocking – with so much corruption in Russia, even even more disclosed by the Panama Papers recently regarding Putin’s closest associates, Kiselyev’s fancy apartment seems almost like a footnote; so many officials plagiarize or buy their dissertations that an entire industry has sprung up in Russia exposing it, and Kiselyev’s wife is in a throng of thousands.

The auction could be a sign that the hackers really are unrelated to the government and need funds to survive – or be a red herring.

The larger issues not only for Russians but those in the West is whether Telegram and Whatsapp have been compromised given their wide popularity in Russia, especially for circumventing the censor. Both purport to provide a chat service encrypted “end-to-end” so that not even the company’s technicians can break into your communications. The recent debacle with the FBI seeking a court order to force Apple to open up a terrorists’ phone seemed indicative of a new era of invincible encryption where governments, whether benign ones chasing terrorists with a warrant, or malign ones trying to thwart and expose critics, won’t be able to get at their private chat.

Mobile Phone Operations Cooperation with Intelligence 

But as both Alburov and Kozlovsky indicated, and Pavel Durov, founder of Telegram, explained, the hack was achieved not by breaking encryption but by obtaining unauthorized access to the device itself through a forced demand for an access code – the notification of which never reached the activists because the SMS system itself was turned off for a time. This would require cooperation with the Russian cell phone company MTS which is why Alburov is so mad and calling for a mass exodus from this company.

Durov said flatly that the Russian secret police were involved in this hack, and that Alburov should have used two-factor authentication (2FA) and “secret chats,” a feature of Telegram with encryption in the cloud. These are not the default options, as critics have pointed out, but require user education; Durov has responded by doing an email blast to his users urging them to turn on 2FA and a feature called “secret chats” but also noted that he himself doesn’t use Russian-manufactured sim cards – because of the additional problem of the FSB obtaining duplicate sim cards to use to hack targets.

Vladislav Zdolnikov, a technical specialist for FBK who works at Newscaster, reviewed the issue and concurred with Kozlovsky that the hack was achieved by first suspending SMS notices then generating a code to access the same account from another device.

Alburov could tell his phone had been hacked after the SMS were turned back on because he got an automatic message from the company "We detected a login into your account from a new device...If this wasn't you, you can go to settings -- privacy and security -- sessions and terminate that session."

Novaya Gazeta investigator journalist Roman Anin said last year that his email was hacked through the FSB's duplication of his sim card -- which the intelligence officers could only obtain by compliant cell phone operators willing to provide one. In Anin's case, unknown persons called the company pretending to be his friend and asked to help Amin restore his supposedly lost sim card; they cited Anin's passport information to obtain it, then hacked into his Google account through SMS. Anin believes they also used the circumvention software program Tor to hide their tracks; a notice from Google showing the break-in has an IP address in Germany and then a second one from Switzerland that was in fact blocked as suspicious.

MTS denied at the time that they had helped enabled Amin's hack because they said a courier would have had to demand not only passport information but a power of attorney from the subscriber to obtain another sim card and promised to investigate the situation.

Russian Intelligence Monitoring of Communications 

Commenting on the recent opposition hacks in a post titled "Durov 'Forgot' About Wiretapping of Communications (SORM) and Alburov About Who's to Blame for 'Hack'" of His Telegram , the site noted that Andrei Soldatov, author of the Red Web, said that FSB agents didn't need to pressure mobile operators; they need only obtain a warrant but they are not required to show it to the operator and indeed such surveillance is considered a state secret.

The FSB remotely monitors conversations and the operator is not informed. For that reason, explains, selecting MTS as a target of ire alone among operators isn't logical; all Russian communications companies are required to cooperate with the FSB and SORM, the government’s filtration system. also blamed Alburov for not using passwords on the chat itself.

But a reader with the nick-name "saahov" rightly asks the question -- if the FSB has SORM and that's enough, why all the fussing with fake SMS codes and the cooperation of MTS for this? Likely the answer is this: Telegram, even though it was founded by a Russian developer, is located overseas and is not a Russian company and hasn't agreed to cooperate with the FSB.

Russia Demands Cooperation with ISPs 

Russia significantly raised the ante last year by demanding that all Internet service providers with Russian subscribers maintain servers on Russian soil, ostensibly to protect customer data. The threat is that otherwise, services like Twitter or Facebook will be banned and blocked. In fact, the measure is widely seen as even further encroachment on people’s privacy and freedom of expression.

It is not clear how this situation will unfold as there have been a number of skirmishes already between Twitter and Roskomnadzor, the state censor. It’s also uncertain how the Russian government will deal with chat apps; an effort that got started to ban Telegram because it was used by the Paris terrorists did not get off the ground in the Russian parliament. Perhaps the FSB appreciates how popular these apps are and are happy to let companies gather all the customer communications for them and hack them at will. Maybe their preferred method will be simply to pressure mobile phone companies to cooperate as seems to be indicated in Alburov's case.

As for efforts to circumvent website blocks with Tor and other anonymizers – or to use them to commit hacks undetected as they were in the past weeks’ breaches – periodically officials call for banning Tor. The prosecutor's office of Murmansk demanded May 4 that 13 anonymizer sites be closed, reported. Given how easy it is to make new sites, this is probably a losing battle.

Virtually every day, Russian news carries a story about somebody who was hacked; on May 4 was Anton Inyutsyn, Russia's deputy minister of energy was the latest victim, Interfax reported. All of his email from 2008 to date was taken.

So that suggests that these recent high-profile hacks are just a slice of life, not necessarily related or coordinated, but an increasing feature of life in Putin’s Russia. If they are not willing to master more complex software routines, the opposition as well as corrupt officials may soon have to return to what was known in the Soviet era as the “Russian-Russian dictionary” method of undetected communication – meeting in person to point to words in an old hard-copy dictionary or rubbing a piece of soap or lard on a table to write words on a table, then quickly washing them off.