Site Archive‎ > ‎Reports‎ > ‎

Report by Agora: Cyber Attacks as an Instrument of Political Struggle

9 December 2011 

Cyber wars have come to Russian politics. This obvious fact demonstrates, on the one hand, the ideological bankruptcy of the authorities; and on the other, the colossal role of the Internet and new media in conditions of monopoly government control of the majority of traditional media. We publish a report by the Agora Human Rights Association


Attacks by hackers on independent Internet resources have taken place before. In the period from 2008 to the autumn of 2011, 17 instances were recorded of “Distributed Denial-of-Service” (DDoS) attacks on social and political websites, including those of Novaya gazeta, Vedomosti, Kommersant, the radio station FINAM FM and blogs on LiveJournal. Nonetheless, current monitoring of violations of freedom of the Internet shows that the most widespread forms of repression, to which independent Internet resources and their authors are subject, are administrative and criminal prosecution, and civil law suits. However, these methods, suitable as they are for long-term intimidation and pressure, are of no use in situations when a quick decision is needed, and an immediate effect required. What can deliver these outcomes are attacks by hackers. 

Why go through all the complications of opening criminal investigations, bringing civil lawsuits and making complaints, if one can simply ‘switch off’ an Internet site of which one disapproves? It goes without saying that on election days, hackers attacked the leading alternative sources of information about the electoral fraud, and independent regional sites. According to information collected by Agora, on election day and preceding days, 25 federal and regional Internet sites were attacked, including sites of electoral commissions:,,,,,,,,,,,,,,,,,,,,,,,, The total audience of these websites in November this year was more than seven million. 

The editor of the website of the Echo of Moscow radio station appealed to the General Prosecutor’s Office and Department ‘K’ of the Ministry of Internal Affairs (which deals with computer crime) to open a criminal investigation into the attacks. He pointed out that as a result of the attack ‘Echo of Moscow was not able to function in a professional and effective manner’ and requested that ‘immediate steps be taken to ensure our protection...and also that future crimes of this nature be prevented.’ 

On-Line and Off-Line 

However, it is not all so simple. In all this history a key moment has been the attack on the website of Golos Association and its project, ‘A Map of Election Violations’. In fact Golos’ problems began several days before the elections, and not only online. The attack developed along a number of lines — (1) the discrediting of the organization in state-controlled news media; (2) an official demand made to the Prosecutor General by several deputies of the State Duma that Golos be investigated; (3) fines for breaching regulations on the publication of information about the elections; (4) the detention by customs officials of the executive director of Golos and the seizure of her laptop containing personal and work-related information; (5) the hacker attack on 4 December on the websites and Simultaneously, the e-mail addresses of Golos staff members were blocked and their phones were targeted by automated calls. 

This clearly shows that the pressure on independent media, NGOs and individual activists has been raised to a qualitatively new level. If earlier as a rule it was possible to distinguish between hackers’ attacks and administrative persecution, now it is possible to talk about the existence of an organized mechanism of total repression of civic activism and dissemination of publicly important information. Such a mechanism cannot work without a single coordinating centre. 

It would seem that the organizer of the persecution of Golos must have been able to influence the major state-controlled media, State Duma deputies, prosecutors, the courts, customs officials and the border agency. At the same time, this influence enabled a whole series of targeted and synchronized actions to be carried out in a short period of time. The answers to the questions “Who is capable of doing this?” and “Who gains from this?” in our opinion, concur. This can only mean that the order for all these attacks came from the federal authorities, and the implementer is the security agencies. 

Using DDoS attacks as a method of domestic political struggle is primarily a Russian invention. In the rest of the world they are usually used in commercial wars, or as an element in inter-government relations (for example, in 2007 Chinese hackers attacked a Pentagon server). The effectiveness of attacks of this kind as an instrument is also determined by the practically total absence of legal means to combat them, unlike persecution through the abuse of criminal, administrative or civil law. Identification and prosecution of those who order attacks is possible only in the framework of the criminal law, and this is only possible in close cooperation with the law enforcement agencies of other countries, since specialists believe that most attacks are, technically, carried out from abroad. 

Investigation of Hackers’ Attacks 

However, in recent years the state has taken steps to destroy even the slightest chance of securing prosecutions of those guilty of hackers’ attacks. In 2008 Vladimir Putin withdrew Russia’s signature from the Council of Europe’s Convention on Cyber Crime that establishes the basis for international cooperation in this area. Law enforcement agencies consistently refuse not only to conduct investigations of crimes of this nature, but often even to open criminal cases into attacks. All this also speaks in favour of the supposition that government structures are complicit in the suppression of citizens’ Internet activity. It should be noted that the sole instance of an effective investigation under Article 272 of the Criminal Code of the Russian Federation has been, according to our information, with regard to the blocking of Aeroflot’ website, but this was commercial in nature and not related to politics or civil society activism. 

It should also be noted that Russia, as a member of the Council of Europe, recognizes the jurisdiction of the European Court of Human Rights that demands public authorities ensure effective protection of freedom of speech. However, at the present time no effective mechanism for such protection exists. Neither the law enforcement agencies nor the Federal Communications Agency have done anything to protect the rights of citizens to express their opinions on the Internet. On the contrary, they have engaged in precisely the opposite: searching out extremists where there are none and issuing warnings to non-profit organizations about the publication of private data – data that is available on compact discs at almost any market in the country. 

In 2010 leading media editors appealed to President Medvedev to ensure effective investigation of hackers’ attacks on Internet media. Dmitry Medvedev wrote on the letter in his own hand an instruction to the director of the FSB: “To A. V. Bortnikov. Investigate, get the right specialists involved. 4.02.2010”. But no reaction followed. This year a request made by Novaya gazeta to law enforcement agencies to open a criminal investigation into DDoS attacks against it was turned down. Regarding attacks on LiveJournal in the spring of 2011, representatives of Department ‘K’ of the Ministry of Internal Affairs stated: “LiveJournal comes under the jurisdiction of the law enforcement agencies of the USA and the question of opening an investigation will be decided in the framework of international co-operation.” There is evidently here a confusion between the words ‘will’ and ‘must’. 

Therefore it is senseless to wait for help from the state in cases of this kind. Victims can only hope that an independent non-governmental investigation might be conducted to have at least some arguments in the debate with the law enforcement agencies that have refused to recognize these crimes. It should be noted that lawyers here are powerless without the active support of specialists in the area of computer technologies. 

Evgeny Kaspersky (co-founder of Kaspersky Lab, a privately-owned company that produces antivirus and other computer security products) has expressed a readiness to assist. However, some bloggers have already accused him of being involved in the attacks that took place on 4 December. Kaspersky himself said in his blog that, first, the attacks really did happen, and secondly that the investigation of the blocking and taking down of sites was technically possible. However, the blogosphere is sceptical about Kaspersky’s sincerity, suspecting him of excessively close collaboration with the authorities. Kaspersky is, after all, a graduate of an institute that is now part of the Academy of the FSB of Russia. These suspicions have been strengthened by the fact that Kaspersky is the only well-known Runet expert to have publicly cast doubt on the ‘political explanation’ for the attacks. Websites, he wrote in his blog, ‘could really become victims of their own popularity and simply not withstand the tens (or hundreds) of thousands of simultaneous requests from the politically active part of the population.’ 

Algorithm of victims’ behaviour 

Despite the absence of investigative and judicial practice in cases of blocked sites and DDoS attacks, the best way to respond to them is by making a complaint to the local police department under Article 272 of the Criminal Code of the Russian Federation. If the issue concerns an attack on a media website, the application should be submitted to the nearest subdivision of the Investigative Committee of Russia, citing both Article 272 and Article 144 (hindering the work of a journalist). The complaint must contain a demand that the law enforcement authorities open a criminal investigation against unidentified persons. 

A complaint of this kind must include a description of the attack itself using as much technical language as possible. It is best if this description can be supplied by the host ISP in a signed document. If that is not possible, then the name and contact details of the ISP company should be provided. Additional documents could also be provided, such as copies of the hosting contract, the contact details of technical assistants, information about advertising on the site, and the scale of losses resulting from the site being down. 

Most likely, the result will be a refusal to open a criminal investigation. An appeal must then be lodged against this refusal in accordance with legal procedure. Only a critical mass of such complaints – and subsequent appeals - will indicate to the authorities the increased public danger presented by crimes of this type, and force them to react. 


Since at present there is no hope of effective investigation of these crimes within Russia, in 2012 it can be expected that a series of applications related to DDoS attacks will be made to the European Court of Human Rights. This means that the issue of political cyber wars will enter the international arena, no matter how much the Russian authorities would like to prevent this from happening. Meanwhile, the use of the tried instrument of cyber attacks, combined with administrative pressure, can be expected to be put into action in relation to a whole range of significant events, whether the presidential elections, the Sochi Olympics, an Asia-Pacific Economic Cooperation summit, or any other. 

Damir Gainutdinov, PhD in law,
Legal analyst, Agora 

Pavel Chikov, PhD in law,
Chair, Agora
Rights in Russia,
13 Dec 2011, 11:27