Context

Kremlin Watch Briefing: Russia watchers targeted by a sophisticated cyber-attack

2019-08-15, 15:02

Topics of the Week

The phishing attack on Russia-watchers was more successful than initially believed. European Values Think-Tank was among those targeted.

US Senate is negligent to pass election defence bills that could help against malign foreign interference.

Finite State’s investigation shows the cybersecurity risks and flaws of Huawei technologies.

Good Old Soviet Joke

One day, Gustáv Husák, the communist president of Czechoslovakia, suddenly comes out of his office, wanders around, collects stones, examines them and puts them into his bag. He keeps doing that for several hours until his assistant gets worried about his mental state and calls to Moscow, asking what he should do.

“Oh no, not again!” Brezhnev sighs. “We got the channels to Prague and to the Lunokhod mixed up!”

Policy & Research News

Kremlin phishing attack partially successful

The attempt to phish ProtonMail login credentials of Russia-watchers was more successful than initially believed, according to a recent investigation by Bellingcat. The phishing campaign also turned out to be more extensive in scope and time.

Contrary to original assessments, the attack was not exclusively directed against the email accounts belonging to Bellingcat investigators. Among the targeted individuals were also journalists from the BBC, the Guardian, Russian investigative media as well as academics studying Russian foreign policy. Likewise, the campaign attacked NGOs engaged in research on Russia, European Values Think-Tank being among those targeted. You can read our full press release on the incident here.

Overall, more than 30 ProtonMail users were attacked, all focusing on Russia in their work. The operation also lasted longer than originally believed, the earliest attack occurring on April 24, 2019. It was discontinued after the case became public on July 24, when Christo Grozev, an investigator at Bellingcat, urged other targeted professionals to contact him. What is most important, in some cases the perpetrators did manage to gain access to the researchers’ emails, albeit for a short time.

ThreatConnect, one of the cyber-security companies assisting Bellingcat in the investigation, and ProtonMail have concluded that the attack was likely of Russian origin, as was originally assumed. Still, it remains for the law enforcement agencies which can access raw technical data to make the final verdict.

Russian trolls harass Dutch pilots’ partners

In 2017, the Netherlands participated in the Baltic Air Policing mission protecting the airspace of Estonia, Latvia, and Lithuania. NATO fighter jets participating in the mission are regularly scrambled to escort Russian military aircraft above the Baltic Sea. During the Dutch rotation, wives and girlfriends of the pilots were harassed by Russian trolls, according to the Dutch media. They started receiving phone calls from men speaking Russian-accented English who questioned their partners’ actions on the mission. Dick Zandee, a defence specialist from Clingendael Institute, a Dutch think-tank, told the media that it was a well-known phenomenon which was not previously reported. He also added that Dutch troops stationed in Lithuania as part of the NATO enhanced Forward Presence Battlegroup were often trolled as well.

Russophobia in the Baltics worsens economic growth, Russian media claim

Brought to you by the Vilnius Institute for Policy Analysis

What is Lithuania’s, Latvia’s and Estonia’s biggest economic problem? According to Russian media, “prevailing Russophobia” is the culprit. As stated in several articles, published by gazeta.ru, baltnews.lt, rubaltic.ru and baltnews.ee, the Baltics are facing an economic downfall that “will result in a region-wide die-off”. Moreover, all three republics are being described as “failed states” and “colonies” of cheap work-force that “have nothing to offer” neither to Russia nor the West.

However, pro-Kremlin outlets have the solution! According to them, the supposed downfall could be fully prevented if the Baltic States were to improve their economic and political ties with Russia. For instance, Alexey Korenev, Analyst at Finam, in an interview to Gazeta.ru claimed that if the Baltics were to eradicate “their Russophobic ideology”, even a short-term increase in trade between Russia and the Baltics could result in a “highly improved economy” and even “lower rates of emigration”.

Moreover, as stated by Vyacheslav Abramov, Director of Sales at BKS Broker, the overall economic situation in the Baltic States is supposedly becoming stagnant and that EU officials are “tired of catering for the Baltics” and not seeing “any signs of economic growth”. Therefore, all three nations should strive towards improving extensive trade linkages with Russia and “dare to put economic well-being before Russophobic principles”. On top of that, the Baltic States are advised to take quick actions as Russia “will soon redirect its energy and domestic trade to Asian markets” and it might be “too late for Vilnius, Riga and Tallinn to improve bilateral relations with Moscow”.

Vulnerabilities towards Russian influence in the Western Balkans

Rufin Zamphir’s study of Balkan resilience to disinformation published with Global Focus found the failures of North Macedonia, Albania, Serbia, Bosnia and Herzegovina, Montenegro and Kosovo to ensure fair societies and access to justice have made the region vulnerable to profuse and damaging disinformation. With the analysis of constantly evolving misinformation campaigns, Zamphir’s study aims to deconstruct the modus operandi of malicious disruptors in Balkan society and consequently empower policymakers in the region to fight illicit interference with targeted policy solutions.

As relatively young and imperfect democracies, Zamphir identifies the Balkans as particularly vulnerable to Russia in the renewed geopolitical dispute with the West. Reliance on foreign investment has made these still emerging economies dependent on and vulnerable to the interests of foreign investors. High levels of interpersonal mistrust create an atmosphere of divisiveness in public discourse and therefore, a fertile ground for propaganda. Zamphir’s combined qualitative and quantitative study of society, economics, politics and security in the Balkans describes external and internal disruptors in the region as chipping away at and undermining social and political institutions. Combined expert commentaries and raw data make this unique study a comprehensive and accurate window into a growing and geopolitically crucial region.

US Developments

US Senate Stubborn to Pass Meaningful Election Defence Bills

In a Brookings series on “Cyber Security and Election Interference”, a recent post by authors Darrell M. West and Raj Karan Gambir transparently outline the US Senate’s negligence to pass legislation that could help defend against Russian (or other) interference. The writeup is segmented in three stages, beginning with Senate Majority Leader Mitch McConnell’s consistent blocking of largely bipartisan bills designed to strengthen the US position against malign actors. At this point, McConnell above all, with flimsy excuses in tow appears to be the primary obstacle in the face of substantive election defence.

The second part of the blog lists and articulates the measures and benefits of the four primary election defence bills that have yet to pass. Each piece of legislation has unique language and intentions, but they all centre around defending American election processes and the protection of democratic systems. From updated voting equipment to retaliatory sanctions, the bills waiver on agency involvement, tools and timeliness but still, none has managed to get past McConnell. Lastly, the authors seek justification as to why none of these measures are passing only to arrive at their own befuddlement. With the 2020 election closing in fast, it is difficult to comprehend such indifferent behaviour that will likely make the American vote susceptible to Russian influence once again. West and Gambir aptly conclude that if the US fails to protect its elections, it too has failed to protect the democratic process altogether.

Putin Vows to Spy on US Missile Development in Tit-for-Tat Exchange

A recent Wall Street Journal article broke down Vladimir Putin’s response to the recent devolution of a US-Russian intermediate-range nuclear forces (INF) treaty, highlighting his open desire to spy on the American missile program. In a Kremlin-like tit-for-tat exchange, Moscow’s strong man publicly blamed the United States for pulling out of the treaty and at the same time vowed to replicate any US technological advancement or deployments of evolved missile systems. Even though the INF missile agreement has been trending toward a state of decay for months since the US blamed Russia for violating the 1987-treaty earlier this year, Putin’s highly-public declaration feels like a bold claim to pile on already strained bilateral relations.

The WSJ piece goes on to discuss two current Russian missile systems (the Kalibr and Kinzhal) in violation of the INF treaty and their potential role in retaliatory measures if the US were to develop and deploy similar weapons. As it stands, the US has not completed development of medium-range missiles that would rival the already-tested Russian weapons. US Defense Secretary Mark Esper noted that the States are in the early stages of creating sea and land-based variations of its tomahawk missile with intermediate capabilities that should be field ready by 2023. Lastly, despite Moscow’s brazen claims, the article notes that Russia’s staggering economy could ultimately limit Russia’s ability to produce the aforementioned, or future missile systems.

Kremlin Watch Reading Suggestion

Finite State Supply Chain Assessment: Huawei Technologies

The emerging 5G technology is currently being dominated by one company, Huawei. Based in China, Huawei’s dominance of 5G equipment has led to accusations that it would provide network access to the Chinese government, who could then use this access for espionage or military missions. Finite State, a cyber-security firm, investigated the security of Huawei’s devices and manufacturing supply chain to determine the level of cybersecurity risks. Their report details numerous security flaws and found that Huawei devices were less secure than similar devices produced by other vendors.

Notably, 55% of Huawei devices had at least one potential backdoor access and devices averaged 102 known firmware vulnerabilities. In some cases, Huawei used 10-year-old software without patching well-known security flaws. Finite State even found instances of device security decreasing over time.

Finite State’s assessment concludes: “The Chinese National Intelligence Law of 2016 requires all companies ‘to support, provide assistance, and cooperate in national intelligence work.’ Even if Huawei may be technically correct in saying that Chinese law does not explicitly ‘compel’ the installation of backdoors, China’s intelligence and counter-espionage activities tend to be so expansive that these provisions could be used to justify activities extending well beyond China’s borders.”

Kremlin Watch is a strategic program of the European Values Think-Tank, which aims to expose and confront instruments of Russian influence and disinformation operations focused against liberal-democratic system.