How Russia wages its cyberwar today is very different from what it looked like a decade ago. Starting with its attack against Estonia all the way to interfering with the US presidential elections, Russia today has become a world leader in cyber meddling.

By Zsófia Baumann

With upcoming elections in a number of European countries it is important to learn from the lessons of Russia’s meddling in the US presidential race. France and Germany were prepared for a Russian cyber invasion, but will preparation be enough to keep Russia out of the domestic affairs of European countries?

February 16, the United States’ Department of Justice announced that special counsel Robert Mueller indicted 13 Russian nationals and three entities for allegedly interfering with the 2016 presidential elections. They were charged with conspiracy to defraud the United States. Three defendants were also accused with conspiracy to commit wire fraud and bank fraud, and five defendants with aggravated identity theft. The announcement comes as no surprise, as it confirmed the US intelligence community’s longstanding conclusions about Russia’s involvement in the presidential race, the biggest hit so far in Russia’s history of information warfare.

Two decades of cyberwars

Russia’s interference in other countries’ domestic affairs via information campaigns is not new, neither is it a phenomenon exclusively Russian. The instruments of manipulation, propaganda and subversion (or so-called “active measures”) attributed to Russia date back to the Cold War era. The difference today, however, is that while most Western countries have stopped acting like it was the Cold War, Russia, on the other hand, has improved its instruments and upgraded it with modern technology. Hence Russia is now several steps ahead of the United States and European countries.

As early as 1998, Sergei P. Rastorguev, a Russian military analyst, described the bases of what later became the Russian information warfare strategy. The methods Rastorguev described  in Philosophy of Information Warfare were applied in Russia’s first major cyber-campaign against Estonia less than a decade later.

The digital attack against Estonia in 2007 was one of the first instances of Russia waging its information war against a European country. Estonia’s government system is one of the most technologically advanced: Estonians can vote, file their taxes, check medical records, access the national health care system online and predominantly use online banking. The Baltic country is also home to a significant Russian speaking minority (25% of the population) and thus became an ideal target for Russia. The Estonian incident shed light on the vast array of cyber instruments the Russians had up their sleeves:

  • Russian hackers used “botnets” (networks of captured and linked computers) to bring down computer systems in DDoS (distributed denial-of-service) attacks,
  • by so-called “mail-bombing” – a series of status and location queries – they overloaded servers nation-wide, halting crucial parts of the Internet in Estonia,
  • some websites were “defaced,” redirecting users to “images of Soviet soldiers and quotations from Martin Luther King Jr about resisting evil,”
  • with the use of “war dialing” – a series of automated phone calls – they placed a virtual blockade on phone numbers for government offices and the parliament.

The cyber-attack on Estonia lasted for approximately three weeks, until the Baltic country was forced to “pull the plug”: it severed its international electronic connections and the country largely disappeared from the internet, bringing the conflict to an end.

Just a year later, Russia stepped up its game and used its experiences from Estonia to supplement its military campaign in Georgia. The Russian invasion of South Ossetia provided Russia with the first instance of synchronized cyber actions as an intelligence indicator for strategic, operational, and tactical level military operations. Contrary to the Estonian conflict, the cyber-means used against Georgia only provided supplementary tools to a full-on military invasion. The attacks were mainly DDoS attacks to disrupt communications, information exfiltration activities to gather military and political intelligence and website defacement activities to spread Russian propaganda.

21st century warfare

In a 2013 speech, the chief of the Russian General Staff Valery Geramisov described the new rules of 21st century warfare, stating that political goals are to be obtained by the “widespread use of disinformation… deployed in connection with the protest potential of the population.” Since then, Russia has claimed that it is merely using the same tools the West is employing to spread democracy in post-Soviet states and within Russia itself: soft policy instruments and techniques such as supporting certain independent media outlets and actors of civil society. From Russia’s point of view, it is merely pushing back, and since it is militarily weaker (than NATO), and economically and technologically less developed (than the US and the European Union), it has to resort to information warfare.

According to the 2016 research paper Isolation and Propaganda, the policy of promoting lies, half-truths, and conspiracy theories in the media” is a strategy Russia took from its domestic policy and implemented it in its foreign policy. Initially targeted towards Europe’s periphery (Estonia, Ukraine, Georgia), this strategy has been aimed at the center of the European project itself in recent years, by attacking its most prominent members: France and Germany. According to German think tanks, Russia turned its attention towards Western Europe, including German social media sites, roughly around the same time it annexed Crimea and got involved in Eastern Ukraine, drawing a parallel between its geographical and cyber expansion.

The information war has both external and internal benefits. Abroad, it helps voices favorable to Russia be heard or at least mitigate anti-Putin opinions (e.g. with the election of Donald Trump against runner-up Hillary Clinton, although it is unclear as to what extent the Russian interference helped him get elected). Domestically, it is aimed at  conveying a message for Russian citizens. According to Constanze Stelzenmüller’s testimony before the US Senate Select Committee on Intelligence regarding Russia’s attempts at interfering in the German federal elections of 2017, this whole cyber campaign is a message directed at a domestic audience. By targeting the US, European countries and the European project as a whole, Russia seeks to undermine the legitimacy of the Western alliance and show that it is no alternative to Putin’s Russia. According to Stelzenmüller, the message is that although Russia is far from perfect, at least it is stable.

The age of social media

One of the main pillars of Russia’s information war is its network of media outlets, which has, in recent years, seen a major expansion into foreign markets. The aim of this expansion was to create a Russian network for distributing news similar to that of CNN and the BBC. The most influential players in the network are the television broadcaster RT (formerly known as Russia Today), the radio station Voice of Russia and the media platform Sputnik. While in recent years, to keep up with the growing importance of social media, Sputnik has evolved into a state-funded network of media platforms that produces radio, social media and news content in 34 languages. Naturally, all these outlets are sponsored and controlled by the Kremlin.

Another interesting, and somewhat unusual, player is the state-sponsored Internet Research Agency (IRA), or the so-called “troll factory” that stands at the center of last week’s indictment. The IRA’s “American department” was made up of paid bloggers who created false accounts to produce and spread fake news in the months leading up to the US elections. Their tactics were varied and ranged from creating fake email accounts, to buying ads on social media and stealing the identities of real American people. According to the indictment, the Russians created a fake Yahoo account that was used to send out press releases for a “March for Trump” rally to New York media outlets. They also used fake Facebook accounts posing as real US citizens to recruit others for these rallies and buy advertisements on the social media site. These ads were aimed both at supporting Trump, and rallying people against Hillary Clinton. The defendants also stole the identity of a real US citizen to email grassroots groups in Florida, one of the key purple states in the elections.

Countermeasures: the French and German elections

Anticipating similar interference to that of the US elections, France was prepared to counter Russia’s meddling in its own presidential race in 2017. The French Network and Information Security Agency (ANSSI), the government body responsible for protecting government and key industries from cyberattacks, organized awareness-raising seminars for political parties, while then president, François Hollande ordered a “mobilization of all the means necessary” to counter such attacks. The French polling commission also issued a warning against polls deemed illegitimate after Sputnik pushed out “results” based on false pre-election polls. RT was also accused of spreading fake news on the internet with the aim of swinging public opinion against candidate Emmanuel Macron, who held critical views towards Russian intervention in Ukraine. His campaign later suffered a major cyberattack just 48 hours before the elections when tens of thousands of internal emails and documents were released by a Russian group linked to the Kremlin. Prominent newspapers, such as Le Monde also stepped up efforts and launched a platform called Décodex that readers could use to verify the reliability of a source or information.

Despite the fact that Germany has been more vocal about attributing cyber hacks and other forms of interference to Russia than other European countries, the German federal elections saw less Russian meddling than France did a couple of months before. This could be due to several factors. First, in Germany the overall process is also more difficult to manipulate, as they do not use voting machines and people cast their votes on paper. Although the Federal Statistical Office does employ computers to process the data from the paper ballots, it uses an encrypted network that is not connected to the internet, making it externally far less accessible.

Secondly, as experts point out, German politics is not as polarized as they are for instance in the US and in France, where the partisan battle provided a fertile ground for Russian interference. At the same time, the German public still largely trusts its mainstream media and traditional media sources, while being more wary of information on Facebook and Twitter – as opposed to the American people. Lastly, and probably most importantly, there was a heightened awareness towards a possible interference in the months leading up to the elections last fall. This is due to several past high-profile cases of “active measures” in Germany and because of the experiences in the US and France. Thanks to this and the previously mentioned political atmosphere in the country, the campaigns for the major political parties entered into a “gentleman’s agreement” not to exploit any information that might be leaked as a result of a cyberattack. It seems like Russia’s information war mostly work when no one is expecting it, which was definitely not the case in Germany.

From a practical standpoint, as we have seen in Germany last year, being prepared and implementing simple countermeasures seems like the best way to defend against Russian interference. On the other hand, from an ideological perspective, defending a country against another’s cyber meddling is significantly more difficult. As mentioned before, Russia’s information war is not only a means to manipulate Western societies, but to influence its own people as well. Moscow plays on various fears and frustrations that are present in the American and European societies to divide them and to deter Russians from being attracted to these western models. However, it does not provide alternatives to the model it is criticizing. If Western societies would be stronger in promoting their own values and firmer in stepping up against Russian aggression and provocation (both in cyberspace and in the “real world”), it would take the wind out of Russia’s sail.

A crucial difference between Western and Russian information campaigns is that while the US and European countries target primarily the Russian regime and largely ignores the country’s society, Russia manages to bypass governments and reach European people directly via its online propaganda. On top of this, the average European and American lack knowledge on Russian society, making it easier for Russian trolls to manipulate the debate on Russia within European countries. Westerns governments and media have to increase public knowledge about Russia, while at the same time highlight the real nature of Russian propaganda by promoting responsible and transparent media.

The lack of adequate knowledge goes both ways. There is also a significant information deficit about the real nature of Europe and the US in Russian society, which makes it easier for Russia to manipulate its own citizens and offer Cold War era stereotypes as explanatory models. Western countries should reinforce their soft power to counter this propaganda. Not by developing counter-propaganda, but by making sure reliable Russian-language information reaches the country via trusted channels, such as the already existing foreign language services of the BBC. The promotion of reliable information from trustworthy sources is key to countering propaganda and governments must play their part in doing so.

New year, new efforts

European governments have now stepped up their game and proposed different legislations to bring reliable sources into the foreground while suppressing propaganda and fake news. In a January speech French President Macron announced a plan that would counter fake news by enforcing more media transparency and blocking offending sites during election campaigns. Details of the proposed law have not yet been revealed, however it would target social media sites – by forcing them to reveal who is paying for social media content and imposing a cap on how much can be spent – and television channels. The French agency for the protection of audiovisual communication (Conseil Supérieur de l’Audiovisuel, CSA) would be empowered under the proposal to “fight any destabilization attempt by television channels controlled or influenced by foreign states.” Other countries, such as the UK and the Czech Republic, have launched separate government units tasked with combatting disinformation.

In other countries, more emphasis is put on the role private companies, such as Facebook can play in countering fake information on its own platform. In Italy, in preparation for the upcoming general elections in March, Facebook launched a new fact-checking program this month solely for its Italian users that identifies and debunks false information that appears on the site. With the help of an independent fact-checking organization, users who attempt to share false news receive a notification that alerts them that the content is disputed and are encouraged to check out the fact checkers’ feedback. At the same time the Italian government has launched an initiative last fall to make media literacy – including how to recognize false news and conspiracy theories online – part of the country’s high school education curriculum. It seems like European countries are trying to learn from each others’ mistakes and have started addressing the issue. With elections coming up this year in not just Italy, but in other European countries as well, such as Hungary, Slovenia, Sweden, Ireland (and in Russia of course), it has become increasingly pressing to counter online propaganda.

Cover Picture: illustration of a hacker, © medithIT / flickr