Inside Cyber Warfare

Chapter 14, the 2011 Middle East revolutions, and the prominent role of social media attributed to their success, only increase those concerns.

The 27th CRI also provided the Russian MOD"s initial Internet access. According to Russian press, prior to 2004 the 27th CRI formed the Strategiya Agency as an experimental Internet program for connecting the MOD. The connections provided service for a variety of MOD components, including the General Staff Main Operations Directorate and Electronic Warfare Directorate. The connections provided access to global information resources for research purposes. The 27th CRI works closely with Vch 49456, a MOD center for automation listed on MOD computer contracts. Vch 49456 might be directly subordinate to the 27th CRI; however, we cannot be certain.

The 27th CRI employed at least 1,700 personnel in 2010. Vch 49456 employed at least another 700.

[84] There is an unstated tension between the FSB and MOD on IO responsibility. Russian law a.s.signs the FSB lead information security responsibility. The MOD, however, sees IO as a military responsibility. MOD and government structures related to IO are usually filled by former FSB/KGB officers. During the 2008 Russia-Georgia conflict, the MOD Press Officer was transferred from the FSB. It seems that the FSB is making sure MOD plans don"t hinder FSB prerogatives.

[85] Noncontact Wars was published in January 2000 while the Security Council was working on the new doctrine.

[86] Russian military commentators, including Ivanov, have speculated since 2005 that the EW Troops would become a separate combat arm. This had not occurred as of July 2011. Ivanov, whose last rank was Major-General, and who as a 2006 General Staff Academy Honors Graduate was seen as a rising star, was one of three General Staff officers who requested retirement in July 2011 for as-yet unspecified reasons.

[87] Dr. h.o.r.ev"s web page also states he received an award from FSTEC in 2003 while serving in this position.

[88] Moscow Military University"s distinguished alumni include arms dealer Viktor Bout and "former" FSB officers Andrey Lugovoy and Dmitriy Kovtun, implicated in the Alexander Litvinenko a.s.sa.s.sination.

[89] FSTEC states that responsibilities include only "key" networks. However, the definition of key is broad enough to allow FSTEC to operate anywhere.

[90] The same postings normally list VAIU and VAIU predecessors under education.

[91] The English translation is approximate. The Cyrillic name is eepaH ocyapcTBeHH HayHo-cceoBaTec cTaTeH eHTp paoeTpoHHo op oeH eTBHocT cHeH aMeTHocT (H ).

[92] It seems the ambiguity was designed to avoid drawing attention to the merger between VAIU and the 5th TSNIII.

[93] A former Vch 11135 employee is now a prominent Russian IT security expert who writes frequently on SCADA security. FSTEC doc.u.ments show its role in SCADA security.

[94] The FSTEC list tries to obfuscate by listing the 18th CRI as the organization requesting certification and Vch 11135 as the testing laboratory. However, the Russian tax identification number is the same for both, showing that they are the same organization. In short, the 18th CRI is certifying itself.

Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)

Russia"s Information Security Doctrine shows a tension between the government"s a.s.sessment that the Internet drives technical progress while spreading ideas threatening "Russia"s spiritual revival." As a result, the FSB and the MVD have developed Internet-oriented components. These components are direct first at the internal threat to domestic stability. However, they also have offensive potential.

Federal Security Service Information Security Center (FSB ISC)-Military Unit (Vch) 64829

The FSB"s Information Security Center (FSB ISC) is the FSB"s component for counterintelligence operations involving Russia"s Internet (RuNET). FSB ISC operations include monitoring RuNET and a.n.a.lyzing Internet content. However, FSB ISC also plays a role in offensive IO.

The FSB"s Information Security Center was formed in 2002 when FSB Director Nikolay Patrushev reorganized the Department of Computer and Information Security. The reorganization transferred some administrative and developmental functions to other FSB components-including the Center for Communications Security; the Center for Licensing, Certification, and Protection of State Secrets; and the Scientific Technical Center-while focusing FSB ISC on counterintelligence operations on RuNET. FSB ISC is also designated as an FSB expert investigative center, performing forensic investigations for criminal prosecution. Russian law authorizes FSB ISC to conduct legal investigations and take action against Russian citizens. FSB ISC works closely with the Russian Ministry of the Interior Directorate K-the cyber crime directorate-headed by Lieutenant-General Boris Nikolayevich Miroshnikov, who transferred to the MVD after heading FSB ISC.

FSB ISC First Deputy Director Dmitri Frolov speaks frequently, stressing FSB ISC"s role in preventing terrorist and criminal activity on RuNET. Frolov also speaks on the FSB"s need for improved technical capabilities and increased legal authority to counter cyber terrorism and cyber crime.

The FSB monitors Internet traffic using hardware and software installed at Russian Internet Service Providers (ISPs), Internet access points, and Internet exchanges. The Internet monitoring system-known as SORM-was first established in the 1990s. The existing system began a major upgrade with contracts let during 2007 and 2008. The upgrade will enhance FSB ISC"s ability to remotely task the Internet monitoring system and a.n.a.lyze collected information offline in a dedicated center located at the FSB ISC building. The upgrade also enhances FSB ISC nonattributable Internet operations.

FSB ISC capabilities can be used for offensive purposes. In 2008 Cnews.ru quoted deputy head of the Russian Armed Force General Staff Major-General Aleksandr Burutin on Russian Information Operations. General Burutin stated that the FSB, along with the Ministry of Defense, was developing "special methods of conducting information warfare." Websites named by FSB ISC First Deputy Director Frolov as supporting terrorist and extremist activity-such as Chechen-oriented Kavkazcenter.org-have suffered disruptive attacks. Russian press attributes the attacks to patriotic hackers, although they note FSB"s tacit approval.[95] After Wikileaks threatened to publish embarra.s.sing information on Russia, including possible Russian intelligence service operations, a November 2010 article by Aleksey Mukhin stated that the FSB ISC had informed Russian leadership that Wikileaks could be rendered inaccessible forever "given the appropriate command."

Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)-Military Unit (Vch) 71330

The FSB Center for Electronic Surveillance of Communications (FSB TSRRSS) is responsible for the interception, decryption, and processing of electronic communications. The center-also known as the 16th Center (Directorate) FSB-is directly subordinate to the FSB Director.

In 1991 Russian President Yeltsin broke up the KGB, transferring the 16th Directorate to the Federal Agency of Government Communications and Information (FAPSI). The 16th Directorate became FAPSI"s Main Directorate for Communications Systems Signals Intelligence (GURRSS). The KGB"s 8th Main Directorate-responsible for communications security-also went to FAPSI. In 2003 Russian President Putin disestablished FAPSI, with many communications security and intercept functions going to the FSB. Responsibility for government communication networks went to the Federal Security Organization (FSO).

The internal structure and size of the FSB 16th Center is uncertain. However, an uncla.s.sified history states that in 2003 FAPSI had 38,500 servicemen and 14,900 civilian employees. A 2003 Kommersant article estimated that most would transfer to the FSB, with the rest going to the FSO and Ministry of Defense.

Vch 71330 registered a small block of IP numbers with the European Internet authority, RIPE. The block is on Autonomous System Number 12695 (AS12695) registered to a Russian Closed Joint Stock Company (JSC) Digital Network (www.di-net.ru/). According to the RIPE database, JSC Digital Network is a major service provider hosting networks for government and private ent.i.ties. JSC Digital Network also maintains a small block of IP numbers for Vch 43753, the FSB Communications Security Center.

FSB Administrative Centers for Information Security

The FSB oversees Russian government and private ent.i.ties handling sensitive technologies and information, including financial transactions. The FSB executes administrative oversight through two centers directly subordinate to the FSB Director: The Center for Licensing, Certification, and Protection of State Secrets, and The Communications Security Center. Both centers are at the main FSB Lubyanka headquarters building.

FSB"s Center for Licensing, Certification, and Protection of State Secrets (FSB TSLSZ) is the lead Russian department for licensing enterprises, inst.i.tutions, and organizations for work with state-secret information. FSB TSLSZ, along with the Federal Service for Technical and Export Control (FSTEC), also regulates the import and export of cryptographic technology and technical surveillance equipment.[96]

The FSB exercises tight control over encryption technology. By Russian law and presidential decree, no public organization or private enterprise can use encryption technology without an FSB license. The FSB publishes a list of FSB approved testing laboratories that TSLSZ recognizes. The FSB list includes government organizations-including three directly subordinate to the FSB-one military unit, and private companies.

The FSB Communications Security Center (CBS FSB)-Military Unit (Vch) 43753 or 8th Directorate FSB-ensures that government communication systems use approved products. The center also ensures government communication projects meet security standards. While TSLSZ licenses a company for work with state-secret information, the Communications Security Center approves specific products developed by the company. Russian advertis.e.m.e.nts for software products frequently list their CBS FSB license so customers know they can be used in secure systems. Russian contracts for government communication projects are subject to CBS FSB approval if they involve state-secret information or financial transactions. The Russian press frequently quote CBS FSB personnel on information security topics. CBS FSB personnel also attend and give presentations at information security conferences; by contrast, TSLSZ personnel are less visible.

Russian Interior Ministry Center E (MVD Center E)

Government Decree N-1316 reorganized the Russian Interior Ministry (MVD), establishing the Department for Combating Extremism (Center E, or DPE). In a 2009 Vremya Novostey interview, MVD Major-General Valery Kozhokar-Chief of the Main Administration Directorate-detailed the new department"s mission: As for Center "E," it works in several fields: suppressing extremist organizations and a.s.sociations, including youth groups, and counteracting religious extremism and ethnic extremism. In short, it fights terrorism.

Independent Russian press, however, claim that Center E is focused on political dissent-especially critics of Prime Minister Putin-and vice extremism. The press draws a.n.a.logies between Center E and the Ministry of State Security (KGB) 5th Directorate, targeting ideological crime and dissent.

Russian government opponents and supporters both state that Center E is aggressively using the Internet to identify targets. MVD Lieutenant-General Yuri Kokov currently heads Center E. Kokov"s press spokesman Yevgeniy Artemov detailed the methods available to Center E under Russian law: According to the law On Operational Investigative Activities, the list of operational investigative measures includes: interrogation; making inquires; surveillance; the searching of structures, buildings, facilities, parcels of land and transportation a.s.sets; the control of mail, telegraph and other communications; monitoring of telephone conversations; as well as operational penetration.

General Yuri Kokov stated that Center E maintains an extremist database, which integrates existing databases from the MVD, FSB, and FSO. The existing databases include near real-time information on train and airline ticket purchases. MVD officers can access the database via desktop and handheld devices.

Russian Interior Ministry Cyber Crimes Directorate (MVD Directorate K)

The Directorate for Combating Crimes in the High Technology Sphere (Directorate K) of the Russian Federation Ministry of Internal Affairs (MVD RF) investigates cyber crimes and illegal activity related to information technology in Russia. Directorate K works closely with Russia"s Federal Security Service (FSB) and with foreign law enforcement agencies.

Directorate K"s current responsibilities include: Computer crime Illegal access to computer information Manufacture, distribution, and use of malicious software Fraudulent use of the electronic payment system Child p.o.r.nography Telecommunications and Internet crime Illegal use of either cellular or wired telecommunications networks Fraud executed through either telecommunications networks or Internet Illegal access to commercial satellite and cable television Illegal sale of electronic and special technical equipment (monitoring equipment) Copyright violations and pirating of equipment and software International crime in the information technology sector Cooperation with foreign law enforcement agencies International cooperation against any crime committed with information technology Russian press, however, states that Directorate K works with the FSB and MVD Center E to suppress domestic political dissent. In December 2007 Novaya Gazeta stated that major Russian hosting service Masterhost blocked access to opposition websites after receiving a letter from Directorate K. Sergey Kopylov, head of Masterhost"s legal department, acknowledged that Masterhost had received an MVD communication about suspending service. Novaya Gazeta wrote to Directorate K"s press service-normally eager to place stories concerning Directorate K activity-without receiving a reply.

Opposition party leaders also detailed DDoS attacks on their websites and disruptions in cell phone service. They complained that the authorities displayed little interest in their problems, stating Internet activity would probably move to foreign servers. In March 2010 Solidarity member Olga Kurnosova told Ekho Moskvy Radio that Directorate K shut down the 20March website for being extremist. According to Ms. Kurnosova, opposition activists used the site for communication and coordination of protests.

Russian officials are concerned that opposition forces will use foreign social networking sites to coordinate activity. Since 2005, the major Russian social networking sites VKontakte and Odnokla.s.sniki have come under financial control of pro-Kremlin oligarchs, including DST Global"s Yuri Milner.[97] According to Moscow Vedomosti Online, in November 2010 Russian social networking activity was shifting to Facebook and Twitter. As a result, Russian telecommunication companies MTS and Vympelkom reached agreements with Facebook, providing free Facebook access for subscribers. Antic.i.p.ating continued growth in Russia, Facebook is developing a Russian interface. The Russian search engine Yandex-monitored by FSB ISC-is also indexing Facebook internal pages.

The growing links between Russian companies and Facebook helps the FSB and MVD Directorate K monitor possible opposition group Facebook activities. The FSB can monitor Internet activity originating in Russia because all outbound traffic pa.s.ses through gateways controlled by government ent.i.ties. MVD Directorate K can exercise authority over Russian telecommunications companies and instruct them to cut off access during internal disturbances. Day-to-day monitoring allows both the FSB and MVD Directorate K to identify possible "extremists" for inclusion in MVD Center E"s extremist database.[98]

Implications

Russian internal security concerns create potential problems for Western companies and law enforcement. The Russian government is concerned that the Internet provides dissident movements a way to organize anti-government actions and reach a worldwide audience. The government is particularly concerned about a Russian equivalent of the Ukrainian and Georgian "color revolutions," which helped topple their governments. The Russian government sees social networking sites as especially threatening. As a result, major Russian social networking sites are now controlled by Russian businesses, which are controlled by pro-government figures. As discussed in Chapter 14, the 2011 Middle East revolutions, and the prominent role of social media attributed to their success, only increase those concerns.

If it sees a significant threat, the MVD will approach Western companies and law enforcement to get information on dissident groups that are using Western social networking sites. Indeed, the creation of MVD Center E helps lower the profile by moving inquiries from the intelligence services to the police. Inquiries will almost certainly be supported with evidence linking these groups to extremist activity. The MVD could also approach companies directly.

The FSB, however, could also exploit social networking sites through covert means because Russian law allows for "operational penetration." Russian law also requires Russian companies and organizations-both government and private-to cooperate with the FSB. As a result, the FSB could request a.s.sistance in penetrating "extremist" groups using social networking sites partially owned by Russian companies.

Russian Federal Security Organization (FSO)-Military Unit (Vch) 32152

President Yeltsin established the FSO[99] in 1991-then named the Main Protection Directorate-from the KGB"s 9th Directorate responsible for leadership security.[100] As mentioned previously, President Putin disestablished the Federal Government Communications and Information Agency (FAPSI) in 2003, transferring the Special Communications and Information Service to the FSO, with other FAPSI elements transferred to the FSB. The FSO retained leadership protection responsibilities.

The Russian law a.s.signs the FSO responsibility for organizing and running secure communications for state structures, and protecting them from foreign intelligence services. The FSO exercises these responsibilities through the Special Communications and Information Service. The Special Communications and Information Service runs the network of situation centers, which serves the president and state structures.[101] As noted earlier, in 2008 President Putin tasked the FSO with developing secure Internet connections for state structures working with cla.s.sified information. The FSB retains overall state authority for cryptography; however, the FSO runs the cryptographic system on its networks and retains the keys.[102] Russian contracts show that the FSO works closely with Vch 43753-8th Directorate FSB-and the FSTEC.

The Special Communications and Information Service situation centers, shown in Figure 15-3, also provide the Russian leadership a.n.a.lytic support. General of the Army Aleksandr Starovoytov, former FAPSI director, stated in a 2010 interview that the a.n.a.lytic support included cutting-edge work on decision support systems, as well as information retrieval from large doc.u.mentary databases, including "grey" literature on research and development projects.

Figure 15-3. Special Communications and Information Service Moscow headquarters ( General Starovoytov now heads the Center for Information Technologies and Systems of Executive Agencies (FGNU TsITiS) under the Ministry of Education and Science and the International Center of Informatics and Electronics (InterEVM). According to Starovoytov, TsITiS transferred from FAPSI to the Ministry of Education and Science. It continues to work on decision support systems and new technologies, including voice-recognition software. The FSB, according to contract data, is also interested in voice-recognition software. Given General Starovoytov"s intelligence background and writings on IO, TsITiS and InterEVM[103] may be covers for intelligence activities.

The FSO Academy,[104] shown in Figure 15-4, is in Orel. According to its website, the FSO Academy commissions new officers through a university-level program and does continuing training and research (which probably include signals intelligence training, long done in Orel). The five-year commissioning program leads to degrees in network technology, communications, information systems, information security in telecommunications, and law. According to Russian press, the FSO Academy commissioned more than 400 officers in 2009. The FSO Academy also trains FSB officers.

Figure 15-4. FSO Academy academic training and student residence (Yandex Maps) *

[95] One Chechen site stated it traced attacks to the IP addresses registered to Vch 71330.

[96] The FSB, FSTEC, MOD, and the Russian Foreign Intelligence Service (SVR) are authorized to undertake projects involving state-secret information-including those involving information security systems-using licensed ent.i.ties. The FSB and FSTEC publish lists of approved ent.i.ties (the lists include government and private enterprises), with the FSTEC list covering work for the MOD.

[97] DST Global owns approximately 10 percent of Facebook.

[98] Syrian security services used Facebook to identify and detain activists during Syria"s internal disturbances. Russian security service capability is vastly greater.

[99] The Cyrillic name is frequently translated as Federal Protection Service. They are the same organization.

[100] The KGB 9th Directorate was complicit in the August 1991 coup attempt against Gorbachev. President Yeltsin sought to minimize future threats by creating a protection service subordinate only to the president. The name was officially changed to FSO in 1996.

[101] The FSO provides presidential communications during foreign trips.

[102] In short, the FSB certifies the cryptographic technology used by the FSO but cannot read traffic on FSO networks. The FSO, however, can read the traffic. The division of responsibilities is another legacy of KGB involvement in past coups. The 1993 film The Grey Wolves about the 1964 coup against Khrushchev is ill.u.s.trative. The film, co-written by Krushchev"s son, strives for historical accuracy.

[103] InterEVM"s website (www.inevm.ru) states it is an international organization working on the development of advanced information and communication systems. According to Russian press, InterEVM attended a Cuban trade fair in 2009.

[104] The FSO Academy was founded as the KGB Military Technical School, transitioning from the KGB to the FAPSI to the FSO.

Russian Federation Ministry of Communications and Ma.s.s Communications (Minsvyaz)

© 2024 www.topnovel.cc