Cyber & Technology

An Important Russian Hacking Story

By Susan Landau
Friday, June 2, 2017, 12:30 PM

Since January there's been a steady drumbeat on the connections between the Trump campaign and the Russian hacking. Lost in the noise—and there's been plenty of it—is the serious threat that such hacks pose to civil society. In the January report on Russian hacking, ODNI reported that civic organizations—think tanks, research institutes, and the like—were also likely targets of Russian hacking during the 2016 election. These were groups "viewed as likely to shape future U.S. policies." That some had actually been hacked by the Russians was later confirmed, which iswhat makes the University of Toronto's Citizen Lab report, “Tainted Leaks: Disinformation and Phishing with a Russian Nexus,” so important.

For almost two decades, Citizen Lab has been investigating cyberspying networks examining policy and technical aspects. In 2008, for example, Citizen Lab uncovered the Chinese government's hacking into the Dalai Lama's network, while in 2016, the lab traced Israeli malware tools sold to Mid-Eastern repressive regimes that were being used to target activists and journalists.

This new report details the way theft of documents using the standard methods of spearphishing was combined with the age-old Russian tricks of disinformatzia—disinformation—and masikirovka—deception—to undermine the trust of the Russian public in their civil society. The short version is that hackers broke into the email account of U.S. journalist David Satter, stole his unpublished report on Radio Liberty's Russia investigative reporting effort, "modified" the document, and published it on a Russian hacking site. A bit of background: the U.S. stations Radio Free Europe/Radio Liberty, set up during the early years of the Cold War, to provide the news in parts of the world where a free press doesn't exist. The stations have long been a thorn in the side of the Soviet Union and Russia.

The crucial part of that attack is not the data theft, but what happened next. The hackers modified the document and published the doctored version—Citizen Lab calls them "tainted leaks"—on CyberBerkut, a site belonging to a pro-Russian hacktivist group. Russian state-owned media then played up the story, claiming the report showed a CIA-based plot to start an anti-government revolution in Russia. In the echo chamber of the Internet, such tainted leaks can quickly become truths.

The more detailed version of the story is in the Citizen Lab report, which provides two sets of excerpts from the stolen report. This is very interesting reading. The first set of excerpts are from Satter's actual report. The second are the doctored, "leaked" versions that appeared on the Internet. The tainted version shifted language, making the investigative project look vastly bigger than it was. The project appeared to be funding many Russian activists and organizations (it was not). Thus the edits made it seem as if the activists were working for a foreign government. Such modifications to the report made it seem that the U.S. was funding Russian anti-corruption activists to produce work discrediting the Russian regime. This undermines the activists, making them appear to be working for a foreign state seeking to slander Russia.

Disinformatzia diminishes trust in the targeted reporters, activists, and organizations. No surprise that these are the targets happened to be investigating illegal activities within Russia, including government corruption. Don't make the investigators stop writing, just diminish trust in what they are saying. Does such a playbook sound familiar?

Citizen Lab also discovered that the same spearphishing emails targeted many other parties of interest to the Russian government. These included government officials in nations of interest (Afghanistan, Armenia, Austria, Cambodia, Egypt, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Peru, Russia, Slovakia, Slovenia, Sudan, Thailand, Turkey, Ukraine, Uzbekistan and Vietnam), diplomatic personnel and their families, civil society members, and also the usual economic and military targets (e.g., senior members of the oil, gas, mining, and finance industries of the former Soviet states, and military personnel from Albania, Armenia, Azerbaijan, Georgia, Greece, Latvia, Montenegro, Mozambique, Pakistan, Saudi Arabia, Sweden, Turkey, Ukraine, and the United States, as well as NATO officials).

Now, the Citizen Lab report does not provide a "smoking gun" that definitively proves Russian government involvement in this affair.The organization works in the unclassified setting and is, after all, no government SIGINT organization. So it should be no surprise that Citizen Lab did not find final conclusive evidence tying the Russian government to the hacks. But the Tainted Leaks report presents clear and strong signs of Russian government involvement in this attack. There's little doubt that Citizen Lab reached the correct conclusions as to who was responsible.

Right now such Russian efforts seem to have been focused on situations of direct interest to Russia. But the hacking in the U.S. and French elections makes clear that Russia has much broader ambitions, and it is this aspect of the story that has me particularly worried. Politicians lead nations, but underneath democratic societies' political organizations lie civic groups. Whether about school choice, public transit, immigration policy, or on standing with Standing Rock, their rich and complex infrastructure channel the public's voice to legislators. A vigorous civil society leads to a more responsive government and a healthier democracy. Societies that lack a strong civil component have much less responsive government.

For civil society to connect the people with their government, these organizations must have and maintain the people's trust, and that's why the Russians hacking and subsequent tampering of the stolen data is so threatening. Do the same to Sierra Club or the League of Women Voters—steal email and unpublished reports and publish modified, falsified versions—and the trust that citizens give to those organizations dissipates. Such lost trust is very hard, if not impossible, to reinstate. But without such organizations reporting to the people and channeling opinions from them, our democracies badly falter.

That's why the Citizen Lab report is so very important. It's not simply a report of the cyberthreats faced by Russian civil society, but even more importantly, it is a harbinger of threats to come for American civil society as well. Every civic organization should read this report very carefully, map its own risks and dangers, and then start instituting serious cyber protections. This is a new and uncharted territory for many civic organizations, which lack the resources that governments and industry have for protecting themselves. Yet these protections are absolutely critical. I am grateful to Citizen Lab for so graphically demonstrating this crucial issue.