Russia as a rogue network state

Global diplomacy has become hack or be hacked

Health update: Feeling better, but also decided to start the process of further diagnostics and action. This will involve different drugs and invasive tests/procedures over the coming weeks and months. You’ll know I’m alive if I keep publishing, but expect coherence and style to vary greatly. There won’t be any asks, this week, but we’ll return to that set of exercises next week.


Following up on an issue from a couple of weeks ago, that argued cyber crime is a post-national activity, let’s briefly delve into the larger argument, or frame, that Russia is emerging as a rogue network state.

This is ironic given how nationalistic the current Russian regime is, and yet both the SolarWinds incident as well as the recent DarkSide episode, depict a growing Russian capacity that is both post-national and relatively decentralized.

Post-national as it doesn’t really recognize or respect national boundaries. Decentralized, as it is not all within the direct control of the Russian state.

The obvious hypocrisy of the western media is to demonize Russia while assuming that the US and allies are not engaged in similar tactics. Similarly there are others who argue that the demonization of Russia exaggerates their capability and influence.

While both of these points may be fair, there is good reason to recognize and understand Russia’s growing prowess and proficiency in the network era. Signifying their possible emergence as a post-national “network” state.

Russian intelligence capabilities date back to the era of the Tsars, and have always demonstrated both persistence and innovation. While the fall of the Soviet Union disempowered a lot of Russian society, the intelligence apparatchiks were arguably among the largest beneficiaries of the chaos of the fall, the looting that came with it, and the kleptocracy that emerged afterwards.

As a result, Russia has become a kind of hollowed out society, a series of Russian dolls, with tremendous intelligence, but little internal opportunity. Especially for people who understand technology and the Internet. As the Pet Shop Boys once said, “Go West!”. Which is easy to do via the Internet.

A generation later, it’s interesting to see the kind of talent, and extra-national organizations that are starting to emerge out of the former Soviet republics:

The reasons for this situation go back to the collapse of the Soviet Union, in the nineteen-nineties, when highly competent engineers, programmers, and technicians were suddenly left adrift. Decades later, the story hasn’t changed much: younger generations of Russians have access to specialized educations in physics, computer science, and mathematics, but have few outlets to realize those talents, at least not for the kinds of salaries available to programmers in, say, Silicon Valley. “And what do they see when they go online? That it’s possible with their knowledge and skills to earn millions of dollars, just like that,” Sergey Golovanov, the chief security expert at Kaspersky Lab, a cybersecurity company based in Moscow, said. “A certain percentage of these people decide it’s worth breaking the law.”

Such a career can look all the more attractive given that the risks seem rather small, at least if you focus on Western targets. Although Russian law-enforcement bodies periodically mount operations aimed at domestic cybercriminals, they generally turn a blind eye to those who use Russia as a base for infiltrating foreign networks. That is partly a function of legal jurisdiction and investigative wherewithal. If there’s no victim on Russian territory who can show up in person to file a police report and offer evidence for a criminal trial, then there isn’t much for the authorities to pursue. “Even if Russia law enforcement was so inclined, there would be nothing to investigate,” Alexey Lukatsky, a noted cybersecurity consultant in Moscow, said.

To insure that they don’t run into trouble on their home turf, most ransomware-as-a-service sites prohibit the targeting of companies or institutions in Russia or within the territory of the former Soviet Union. “Hackers have a rule: don’t work on the .ru domain,” Golovanov said. In DarkSide’s case, part of its malware code scanned for languages installed on the target workstation; if it detected Russian or another language common to post-Soviet countries, it did not deploy, and erased itself from the machine.

Worth repeating, that in many cases, just having a Russian language library installed on your machine, which is free as part of Windows, Linux, and I assume Apple products, is enough to protect you from many of these attacks.

Show some digital allegiance to this network state, regardless of where you live, and receive modest amnesty?!

But there is also one further, very important reason why cybercriminals may feel relatively free to operate from inside of Russia. Russia’s security services are tempted to see hackers who target Western corporations, governments, and individuals less as a threat than as a resource. In 2014, the F.B.I. indicted a Russian hacker named Evgeniy Bogachev on charges of allegedly stealing hundreds of millions of dollars from bank accounts across the globe; American prosecutors asked their Russian counterparts for coöperation. Rather than arrest Bogachev, however, Russian authorities used his breaches to hunt for files and e-mails on devices belonging to government employees and contractors in the United States, Georgia, and Turkey. As the Times wrote, the Russian state was, in effect, “grafting an intelligence operation onto a far-reaching cybercriminal scheme, sparing themselves the hard work of hacking into the computers themselves.”

Sounds like a smart strategy. Intelligence agencies have always used proxies, agents, and stooges. Why would that not include the cyber crime industry?

Where a country like the US would develop such capabilities inside of the state, there are limits to what is permissible in the private sector. The US is certainly at the forefront of said industry, but largely as cats, in a cat and mouse game.

Russia meanwhile gets to play all the roles and positions. That offers a huge advantage, and gives glimpses as to why a network state is more powerful and positioned to harness the Internet and the emerging network era.

One of our more popular Metaviews issues explores Facebook as a shadow government, anticipating the company’s transition from corporation to network state. Perhaps that’s why Facebook continues to see Russia as a threat?

A Facebook report released Wednesday says that Russia is still the largest producer of disinformation, a notable finding just five years after Russian operatives launched a far-reaching campaign to infiltrate social media during the 2016 presidential election campaign.

Facebook says it has uncovered disinformation campaigns in more than 50 countries since 2017, when it began the cat-and-mouse game of cracking down on political actors seeking to manipulate public debate on its platform. The report, which summarizes 150 disinformation operations the company says it has disrupted in that period, highlights how such coordinated efforts have become more sophisticated and costly to run in recent years — even as these operatorsstruggle to influence large numbers of people as they once did.

Meanwhile, more players have learned from the Russian example and have started disinformation operations in their own countries, Facebook says. That includes networks of shadowy public relations firms that sometimes do work for both sides within a country, as well as politicians, fringe political groups, and governments themselves, said Nathaniel Gleicher, Facebook’s head of security policy, in a media call.

The Internet is an open classroom, and while Russia may be leading the class in network based intelligence, there are many other students eager to experiment on their own.

“It started out as an elite sport, but now we see more and more people getting into the game,” said Gleicher, who added that such efforts increasingly resemble influence operations that were conducted before social media, “narrower, more targeted, expensive, time-consuming, and with a lower success rate.”

In 2017, Facebook discovered a vast influence operation, in which the Russian Internet Research Agency had subjected 126 million of the platform’s users to political disinformation ahead of the previous year’s election. Since then, the social network has invested resources in policing its service — including hiring more than 10,000 third-party content moderators and subject matter experts — and building algorithms to scan for unwanted content.

The big caveatto the report is that Facebook and other social media platforms see only the nefarious operations that they uncover — and do not know about the broader universe of disinformation that goes undetected.

I do have to wonder if that last caveat is a cover for why we don’t hear more about the five eyes, i.e. anglo intelligence agencies, engaged in this kind of activity. Or conversely, if they’re not, then why not? Are they sitting this game out and not developing the necessary tactics and methods? Doubt it.

Meanwhile the global regulatory debate about Big Tech is paving the way for governments to intervene and attempt to control how social media operates in their jurisdiction.

Russia is increasingly pressuring Google, Twitter and Facebook to fall in line with Kremlin internet crackdown orders or risk restrictions inside the country, as more governments around the world challenge the companies’ principles on online freedom.

Russia’s internet regulator, Roskomnadzor, recently ramped up its demands for the Silicon Valley companies to remove online content that it deems illegal or restore pro-Kremlin material that had been blocked. The warnings have come at least weekly since services from Facebook, Twitter and Google were used as tools for anti-Kremlin protests in January. If the companies do not comply, the regulator has said, they face fines or access to their products may be throttled.

The latest clashes flared up this week, when Roskomnadzor told Google on Monday to block thousands of unspecified pieces of illegal content or it would slow access to the company’s services. On Tuesday, a Russian court fined Google 6 million rubles, or about $81,000, for not taking down another piece of content.

On Wednesday, the government ordered Facebook and Twitter to store all data on Russian users within the country by July 1 or face fines. In March, the authorities had made it harder for people to see and send posts on Twitter after the company did not take down content that the government considered illegal. Twitter has since removed roughly 6,000 posts to comply with the orders, according to Roskomnadzor. The regulator has threatened similar penalties against Facebook.

Also worth noting that Russia is not just doing this at home, but everywhere and anywhere. That’s why we may be saying a post-national strategy rather than just a nation state pursuing it’s collective self-interest.

Similarly, in our social media era, there’s no need to recruit agents, when you can just (try to) buy influencers.

Not to digress, but the Russian proxy state of Belorussia may also provide another example of Russia as network state rather than nation state.

Not that Russia was in anyway involved in this state based paranoid hijacking of an airplane. However they will inevitably be drawn into what is becoming a significant international incident.

Twitter avatar for @henryfarrellHenry Farrell @henryfarrell
ft.com/content/ac60d3… I’m not a regional expert, but this Lukashenka statement seems to me aimed more at shoring up possibly shaky support from Russia by appealing to Putin etc’s paranoia about planned color revolutions than justifying things or even spreading confusion. Image

Nation states have a different set of relationships than network states.

While Russia already enjoys near-rogue status, embracing the power and potential of networks, could enable the soon to be former nation state to find tremendous success by focusing it’s influence and intelligence deeper into the fabric and infrastructure of the network of networks.