The Real Russia. Today. An indicted ‘troll’ finally speaks, DNS attacks on Yandex, and eight Russian women writers you ought to know
Thursday, March 14, 2019
This day in history: 24 years ago, on March 14, 1995, Norman Thagard became the first American to ride to space on board a Russian vehicle, technically making him the first American cosmonaut. The mission culminated in a landing at the Kennedy Space Center in the Space Shuttle Atlantis that July.
- BBC scores first interview with one of 13 ‘Russian trolls’ indicted by Robert Mueller last year
- As Russians protested ‘Internet isolation’ last weekend, hackers launched DNS attacks against Yandex, exploiting flaws in the government’s censorship system
- Journalist Mikhail Shevchuk says Putin's latest lifeline to Alexander Bastrykin is business as usual
- Eight Russian women writers you should know
It’s been more than a year since the U.S. Justice Department indicted 13 “Russian trolls” for interfering in America’s 2016 presidential election. Despite this publicity and the passage of time, the entrepreneurs, translators, analysts, and office managers whom Special Counsel Robert Mueller’s investigation linked to the “Internet Research Agency” (IRA) have remained largely out of reach to journalists in Russia. With the publication of Mueller’s long-awaited report now imminent, one of the “trolls” has suddenly agreed to an interview with the BBC Russian Service.
A 31-year-old Web designer, Sergey Polozov is suspected of serving as the IT manager for the Internet Research Agency, in which capacity he allegedly rented servers in the United States to help mask the organization’s activities in America. That’s not how he tells it, though. Polozov says he did typical IT work for a loose collection of enterprises that he’s reluctant to describe as a single entity. He told the BBC that his contracted duties included the creation of websites and different automated processes, and he insists that the work was never in English and never had any apparent overarching aims, let alone geopolitical designs.
Given the nature of the technical assignments and communications he encountered on the job, Polozov says the IRA resembled a “pool of organizations,” not a unified, single structure. He says he visited multiple facilities during his IT work for these groups, including the IRA’s best known address at 55 Savushkina Street in St. Petersburg, but he says he encountered a business center for multiple enterprises, not a single operation.
Shut up, Robert, and thanks
Though he agreed to speak to the BBC over Skype, Polozov flatly rules out remotely testifying for the Mueller investigation, calling the special counsel a “fool” who rushes to accusations. He told the BBC that he would be proud to have played a role in Russia’s U.S. election meddling, if he believed it had actually happened. He says he no longer travels abroad, fearing arrest and extradition to the U.S., but he credits the indictment with forcing him to explore Russia instead, describing his new travel itinerary as a patriotic victory.
Throughout the interview, Polozov simultaneously denies and celebrates the IRA’s exploits in American cyberspace. He says he doesn’t believe the IRA ever existed as a coherent project with explicit goals, but he welcomes the idea of a “troll factory” dedicated to Russia’s geopolitical agenda, “broadcasting positivity, not negativity.” When the BBC asked Polozov about the IRA’s alleged creation of an online blacklist used to dox oppositionists and independent journalists (resulting in several violent attacks), he insisted that no one he ever worked with was involved in anything so negative or political.
More than he lets on
While maintaining the IRA’s scattered, virtually nonexistent structure, Polozov also acknowledges that he worked closely with Mikhail Burchik, whom U.S. officials have identified as a senior executive at the IRA who participated directly in its interference efforts. Polozov also verifies the authenticity of emails leaked in 2014 by the “Anonymous International” group, which mention multiple IRA-linked figures later indicted by the U.S. Justice Department. These records indicate that Polozov was helping the agency automate comments posted on LiveJournal by reversing similarity-detection algorithms created to recognize plagiarism. On Twitter, the IRA used a similar technology to amplify content posted by human staff (“trolls”) using tens of thousands of automated accounts (“bots”). Polozov also worked briefly on the IRA’s corporate website and forwarded several resumes posted on IT recruiting portals.
The BBC also casts doubt on Polozov’s claim that he’s just an honest independent contractor. According to trade registers, his IT company “Morkov” (Carrot) averages just 900,000 rubles ($13,735) in annual business, earning measly profits that maxed out at 78,000 rubles ($1,190) in 2017. The company’s website, moreover, is defunct, and its social-media account on VKontakte hasn’t been updated since 2015.
Several major Russian Internet companies, including Yandex and the news outlet RBC, suffered massive network attacks this week that were made possible by vulnerabilities in the system the federal government uses to block websites. Sources told RBC that the perpetrators carried out DNS attacks, hijacking domain name system servers and domain registrars to direct traffic away from legal websites, like Yandex, to IP addresses that have been blacklisted by Roskomnadzor, Russia’s state censor.
During the attacks, several small Internet service providers blocked access to a few of Yandex’s IP addresses, sources told RBC. Major ISPs utilized more sophisticated censorship methods, filtering the traffic to Yandex’s servers using deep packet inspection, which caused the website to load more slowly than normal.
Yandex told Meduza that it doesn’t consider the DNS hijacking to constitute a cyberattack. “This isn’t an attack, but an exploitation of existing flaws in the mechanism for administering the block list,” spokespeople said, pointing out that any website could fall victim to these defects in Roskomnadzor’s procedures.
The start of the DNS attacks on Yandex and other companies coincided with a protest in Moscow on March 10 against Russia’s “Internet isolation.” Sources told RBC that the attacks against Yandex's IP addresses continued for several more days. Yandex, meanwhile, says it sees “no correlation between any events.” Kirill Titov, RBC’s business-to-consumer desk digital director, confirms that the company was hit with a DNS attack on March 11. Like Yandex’s spokespeople, Titov links the incident to vulnerabilities in Roskomnadzor’s block-list system.
The first “holes” in Roskomnadzor’s system were exploited in June 2017, when hackers used vulnerabilities to block access to popular websites for several days, including Wikipedia, Meduza, and major banks. Market insiders say Roskomnadzor still hasn't resolved this problem. Currently, lists of domain names that have been added to the agency’s Internet block-list are sold on the Darknet, where hackers can acquire the information to carry out DNS attacks, Alexander Lyamin, the head of DDoS mitigation service provider “Qrator Labs” told RBC. Spokespeople for the cybersecurity firm “Group-IB” confirm that demand has been high for these banned-domain lists since 2017.
To guard websites not on its block list against accidental access disruptions, Roskomnadzor started prohibiting ISPs from computing IP addresses independently, after the first DNS attacks in 2017. The agency has also advised service providers to adopt deep-packet-inspection filtration, or block only the IP addresses provided directly by Roskomnadzor. Officials have also developed “whitelists,” identifying websites that should not be blocked. Activists from “Roskomsvoboda” say Russia’s federal censor has extended this special protection to more than 2,000 government websites, as well as several popular private resources, including Yandex, Facebook, VKontakte, Google, Instagram, and Twitter.
Yandex supports the introduction of whitelists, but argues that the measure doesn’t go far enough. “All ISPs must be required to use ‘whitelists’ when compiling their block lists,” a company spokesperson said.
In an article for Republic, journalist Mikhail Shevchuk addresses draft legislation that would endow the Federal Investigative Committee with new powers, allowing the agency to carry out its own expert examinations, ranging from molecular genetic analysis to fingerprinting. The bill is based on an executive order from Vladimir Putin, who Shevchuk says is dragging his feet on reforming Russian law enforcement in what is ostensibly his last term as president. For example, rather than mitigate the police and regulatory pressures on private enterprise or talk openly about prison torture, Putin has kept most of his top “cop” personnel in place, ignoring the chance to make major reforms. Shevchuk says Putin is instead devoted to preserving the system’s stability, no matter its “inefficiencies” and “constant excesses.”
The bill is a major victory for Bastrykin, Shevchuk says, who was written off by many observers amid speculation that his agency would soon be dissolved or gutted. Last year, even Federation Council Speaker Valentina Matviyenko misread the tea leaves, advocating the restoration of several investigatory powers to the Attorney General, which has been the Federal Investigative Committee’s main institutional rival since the latter split off from the former in 2011.
Incidentally, there’s a separate Duma bill currently stalled in committee that would expand the Attorney General’s oversight authority, granting it the right to audit state officials’ foreign bank accounts through Russia’s Central Bank. Written by Communist Party deputies, this legislation nevertheless lacks a presidential endorsement.
Click here to find out more about Galina Rymbu, Alisa Ganieva, Anna Starobinets, Nariné Abgaryan, Linor Goralik, Maria Stepanova, Alexandra Petrova, and Guzel Yakhina