Russian Presidential Elections: Cyber Developments

One of the services that my company Taia Global provides is a subscription bi-weekly cyber intelligence report that focuses primarily on the Russian Federation. I normally don't make these reports public however considering the upcoming Russian Presidential election on March 4th, I've made our report for this important event available for free in .pdf format. An introduction follows:


Russian Presidential Elections: Cyber Developments

Russia’s Presidential elections are scheduled for Sunday March 4th, 2012.  The Duma elections held last December were marked by widespread allegations of electoral fraud benefiting President Medvedev’s and Prime Minister Putin’s United Russia Party.  The allegations were documented by videos and first hand reports posted on social media, news sites, and election monitoring sites.

The public perception that United Russia stole the election led to protests coordinated through social media.  Protestors used US based Facebook and Twitter as well as Russian-focused social media.  Many sites were hit by cyber attacks that included massive distributed denial of service (DDoS) attacks that rendered sites unusable.  The DDoS attacks used previously undetected botnets and new malware variants.  Cyber attacks were conducted primarily against Russian-focused social media resources hosted in both Russia and the United States.  Twitter was hit by hashtag spamming.  Facebook was not attacked.

The Russian public assumes the government was behind the Duma election cyber attacks.  In contrast to past cyber attacks, neither patriotic hackers nor Russian youth groups claimed responsibility.  The Russian government did not comment on the attacks and did not initiate investigations to determine responsibility.  Indeed, RU-CERT (www.cert.ru), the Russian member of the Forum of Incident Response and Security Teams, seems completely oblivious to the DDoS attacks even though investigating cyber incidents falls within RU-CERT’s charter.

The DDoS attacks were usually tactically successful in rendering the target unusable.  However, the opposition quickly expanded the target set by moving posted material to additional sites inside and outside Russia.  As a result, the cyber attacks failed in their strategic objective of denying the opposition Internet access and instead became an opposition rallying point.

Since the Duma Elections

The cyber resources used by the opposition, the United Russia Party, and the Russian government have evolved since the Duma elections.  The opposition continued using Facebook and Twitter to organize protests demanding new Duma elections and fair Presidential elections.  Targeted web sites, such as the US hosted Feb26.ru, helped organize the Moscow ring road protest.  The Democratia2.ru web site provided a forum where the opposition organized groups around specific campaign issues and shared information documenting United Russia as “the party of crooks and thieves.”  The Democratia2.ru is hosted in Germany, however, the name servers are located in Russia where the Federal Security Service Information Security Center (FSB ISC) can monitor Russians visiting the site.

Comments