Window on Eurasia: FSB Encourages, Guides Russia’s ‘Hacker-Patriots’

Paul Goble

Vienna, May 31 – The FSB and quite possibly elements within the Kremlin itself have been encouraging Russian “hacker-patriots” to launch denial of service attacks on websites that official Moscow does not like, according to a leading Russian investigative reporter who specializes on security issues.
In an article in today’s “Novaya gazeta,” Andrei Soldatov draws on a variety of sources -- including information from the Agentura.Ru intelligence portal -- to show the ways in which Russian security services have urged or even guided individual hackers to do what the agencies want (http://www.novayagazeta.ru/data/2007/40/18.html).
Such arrangements provide the Russian government with plausible deniability while achieving the ends that its officials quite publicly indicate they seek.
In 2002, Soldatov notes, Tomsk students launched a denial of service attack at the “Kavkaz-Tsentr” portal, a site whose reports about Chechnya angered Russian officials. The FSB office in Tomsk put out a special press release saying that what the students had done was a legitimate “expression of their position as citizens, one worthy of respect.”
Over the next several years, Russian hackers attacked a variety of other sites, often making them inaccessible until their owners or editors shifted to ISPs based not in Russia but abroad. But the next indication of FSB involvement in what officials plausibly described as popular anger came only in the fall of 2005
On October 14 of that year, one day after the clashes in Nalchik, the Russian foreign ministry virtually invited “hacker-patriots” to go on the offensive. “Unfortunately,” the ministry’s site said, “the Swedish authorities up to now have not taken any concrete steps to block the dissemination of the ‘Kavkaz-Tsentr’ site.”
And within 24 hours, Soldatov writes, “the Russian internet-resource mediaactivist.ru launched denial of service actions not only against “Kavkaz-Tsentr” but also against Ekho Moskvy radio, “Novaya gazeta,” and Radio Liberty. Mediaactivist.ru posted electronic addresses hackers could use in each case.
That action, however, quickly fizzled out: The “Karavan” hosting company on which “Kavkaz-Tsentr” had been operating launched its own spam attack on mediaactivist.ru, putting it off the web but only for a brief time. Indeed, that site is now “completely accessible,” Soldatov says.
Most recently, the Moscow journalist continues, Russian “hacker-patriots” launched the attacks on the websites of Estonian government, economic and media resources to protest Tallinn’s decision to move a Soviet war memorial. Estonia then asked and received NATO’s assistance for responding to this new form of aggression.
But Russia’s “hacker-patriots” have not limited themselves to attacks on websites linked to Chechnya or foreign states. They have also attacked extremist groups like the National Bolshevik Party, moderate opposition groups like “the Marc of Those Who Disagree,” and mainstream media outlets like “Kommersant” and “Ekho Moskvy.”
In all these cases, Soldatov suggests, the FSB with its Center for Information Security as well as the National Anti-Terrorist Committee did not have to use their own in-house resources to attack objectionable websites; they could simply point the growing community of “hacker-patriots” in the right direction.
And he concludes his article with the observation that “it is not excluded” that “certain groups of activists are being guided not by the special services but by the administration of the president,” a possibility Soldatov explored recently in another article (http://www.agentura.ru/experts/atarasov/).
He appends two supporting pieces of evidence to his article: First, Soldatov includes an interview with American Internet specialist Evan Coleman who suggests that actions like those launched by Russia’s “hacker-patriots” are at best short-lived and may even be counter-productive.
On the one hand, Coleman points out, the sites subject to denial of service attacks can quickly reopen for business by shifting providers. And on the other, their responses to such attacks forces the sites “to work better and to increase their activity,” not the reverse as those behind these attacks hope.
And second, Soldatov notes that on March 13, FSB chief Nikolai Patrushev specifically said that terrorists routinely use the Internet and that Russian agencies must be able to respond by closing their sites down, even if that requires a fundamental change in Russian law.
Less than a month later, the Moscow investigative journalist reports, Nikolai Sintsov, an official representative of the National Anti-Terrorist Committee, said that his agency is preparing new legislation, including a proposal that would increase the personal responsibility of ISP operators for the materials sites they host carry.
Soldatov’s article is not definitive. Indeed, in this shadowy world of secret services and private hackers, there is little chance that evidence about links between the two in actions against Internet sites Moscow does not like would ever be beyond the questions of skeptics.
But the Moscow journalist makes a powerful case, one that is in no way undermined by the fact that forces like the “hacker-patriot” community which Russian security agencies are encouraging if not controlling might ultimately threaten precisely those who are currently cheering it on.