Source: HRO.org (info), 23/09/11 


· Freedom of Speech · The Police · Sverdlovsk Region 

A draft United Nations Convention “on ensuring international information security”, drawn up by the Russian Security Council and the Russian Ministry of Foreign Affairs, forbids the use of Internet for military purposes and with the aim of overthrowing political regimes. 

Kommersant reported on this development on 23 September, citing a document it had obtained. 

According to Rosbalt News Agency, the draft convention was first presented on 22 September at a closed meeting of heads of intelligence and security agencies of 52 countries in Ekaterinburg organized by the Russian Security Council. 

Among the chief threats that the authors of the document propose should be fought, are the use of information technology for the subversion of political, economic, and social systems; the manipulation of the flow of information within foreign countries; and also mass brainwashing of a population for the purposes of destabilizing society and government. [Read more]

Source: HRO.org (info), 07/07/11 

· Security Services  · Moscow City and Moscow Region 

Lately it has become a tradition and “the done thing” for Russia's siloviki to take any opportunity to lash out at the Internet and present it as a grave threat. Most recently, FSB Director Aleksandr Bortnikov declared that international terrorism has been making active use of media and the Internet. 

“For some time now the majority of international terrorist organisations have been carrying out their activities independently of al-Qaida and bin Laden. Their leaders have been making active use of media and the Internet in order to raise their profile,” Aleksandr Bortnikov, director of the FSB, said, opening a meeting of the heads of the FSB and other security services and law enforcement agencies. 

"That is where the real war for the hearts and minds of ordinary citizens, especially young people, is going on. The Internet has turned into a universal instrument for terrorists, which they use to attract, recruit and train new members, and to plan and coordinate terrorist activities. International terrorist organisations are making use of the latest advances in technology, particularly information and communication technologies. That is why the question of how to counter the radicalization of the population and the use of the Internet for terrorist purposes has been on the agenda of our meetings for the past three years,” he added. [Read more]

Source: hro.org (info), 14/04/11

· Freedom of expression · Public Prosecutor’s Office

Novaya gazeta has formally requested that the Investigative Committee open a criminal case with regard to the DDoS attack on its website. Today a lawyer from Agora Interregional Human Rights Association, Ilnur Sharapov, representing the interests of the publication, sent the necessary declaration about the crime to the head of the Russian Investigative Committee for Moscow’s South-East Administrative District, Sergei Yarosh.

According to Agora, administrative staff at the Investigative Committee for Moscow’s South-East Administrative District, without giving their names, refused to accept the declaration from the lawyer Ilnur Sharapov and suggested that he drop it into the post box or wait for their boss, who at that time was not in his office. As a result, the lawyer Ilnur Sharapov was obliged to send the declaration concerning the crime to the Investigative Committee by post by recorded delivery.

In its declaration, Novaya gazeta has requested that an investigation be conducted into the DDoS attack, and that on the basis of the results a criminal case be opened under two articles of the Penal Code of the Russian Federation: hindering the lawful professional work of journalists (Article 144) and creation of computer software wittingly resulting in unsanctioned blocking of information and the violation of the work of a computer network (Article 237).

The declaration states that on 7 April at 15.00 the website of Novaya gazeta ceased to respond to users’ requests. Ten minutes later a specialist of the Kaspersky Laboratories telephoned to say that a DDoS attack on the website had started. He added that the attack was by an Optima-Botnet that had previously been used to attack Livejournal.

The editorial board of Novaya gazeta agreed to accept the assistance of the Kaspersky Laboratories in defending itself from the attack. Within days of the start of the attack the specialists reported that the activity of the harmful programme had significantly decreased. At 19.30 on 8 April a decision was taken to renew the work of the website. However, in the course of several minutes the attack on the website also began afresh. Specialists concluded that the Optima-Botnet had switched over to a ‘waiting regime’, having been programmed to respond with an attack to any renewal of activity on the Novaya gazeta website. Only on 9 April, two days later, was it possible to resolve the problem.

The editorial board was sure that the actions of the unknown persons who blocked access to the site were criminal in nature and consequently on 14 April the declaration was submitted to the Investigative Committee.

This most recent DDoS attack on Novaya gazeta is not the first. There had been an earlier attack on 26-27 November 2010 when the website was blocked for more than one week. On 4 February President Dmitry Medvedev issued an order to the head of the FSB, Aleksandr Bortnikov, to investigate this incident, drawing on independent computer specialists if necessary. However no such investigation was carried out.

‘A permissive attitude by law enforcement agencies and the ignoring of orders issued by the President resulted in new DDoS attacks on the websites of Novaya gazeta and Livejournal, since those carrying out the illegal attacks on these websites and those behind them enjoy a sense of impunity and, possibly, because law enforcement agencies are powerless to prevent DDoS attacks and to discover the identities of the immediate perpetrators and those who ordered the attacks,’ the declaration by Novaya gazeta to the Investigative Committee points out.

The order issued by Dmitry Medvedev to the head of the FSB can be read here.

Background Information
Novaya gazeta’s website was registered as a media outlet on 8 June 2007 by the Federal Agency for Legal Oversight of Mass Communications & Protection of the Cultural Heritage. The domain name http://www.google.com/url?q=http%3A%2F%2Fwww.novayagazeta.ru%2F&sa=D&sntz=1&usg=AFrqEzdLMBh1kSOPmPGS0WgmxGW5viOwLQ was registered by the National Domain Registrar, Ru-Centre, on 11 November 2004.
Novaya gazeta’s website was registered as a media outlet on 8 June 2007 by the Federal Agency for Legal Oversight of Mass Communications & Protection of the Cultural Heritage. The domain name http://www.google.com/url?q=http%3A%2F%2Fwww.novayagazeta.ru%2F&sa=D&sntz=1&usg=AFrqEzdLMBh1kSOPmPGS0WgmxGW5viOwLQ was registered by the National Domain Registrar, Ru-Centre, on 11 November 2004.

Source: hro.org (info), 11/04/11

· Freedom of expression

The website of the independent newspaper Novaya Gazeta is up and running again following a powerful cyber attack last week. HRO.org has prepared the following briefing, collating expert views on what happened, why, with what aim and who may have been behind the attack.

The publication's Internet site crashed on 7 April 2011 at 3:00 pm Moscow Time. At 3:10 pm the editorial office received a phone call from the Kaspersky Labs computer company, Russia's leading producer of firewalls and other software protection against viruses, spam and hacker attacks.

Experts at Kaspersky Labs established a connection between the DDoS attack on http://www.google.com/url?q=http%3A%2F%2Fwww.novayagazeta.ru%2F&sa=D&sntz=1&usg=AFrqEzdLMBh1kSOPmPGS0WgmxGW5viOwLQ and an earlier attack that had brought down the social networking site LiveJournal ("Живой журнал"). They explained to Novaya Gazeta journalists that this was not a virus specifically created to launch a DDoS attack against their site, but rather one of a number of Optima-Botnets the experts had been aware of for some time, Lenta.ru reports.

Kaspersky Labs offered Novaya Gazeta its Kaspersky DDoS Prevention system to help repel the attack.

To illustrate the intensity of the attack, Novaya Gazeta said that on Thursday 7 April within a mere 14 seconds the site registered 70 thousand unique visitors – normally the number visiting the site over a 24 hour period.

For this reason the content of the Friday (8 April) edition could not be posted on the newspaper's site exactly at midnight. The newspaper was forced to publish its content in PDF format on its LiveJournal blog and ask readers to help distribute the issue.

It is worth noting that LiveJournal users responded to this appeal with great enthusiasm. By 4:00 pm Friday the issue had been reprinted 106 times in blogs. “If every user has an average of 300 'friends' the issue will have reached 30,000 people. And that's through LiveJournal alone,” Novaya Gazeta stated.

On 8 April at around 3:00 pm technical experts informed Novaya Gazeta that the intensity of the assault on its site had diminished noticeably. By 4:00 pm the DDoS attack stopped almost completely. The editors decided to try restarting the portal on its previously used Russian hosting platform. The site was launched at 7:30 pm but the attack was renewed within a minute.

This has led Novaya Gazeta to conclude that rather than disappearing, the Botnet had only switched into “waiting mode” and that it was programmed to be activated by any sign of activity on the part of the site's owners.

In the early morning hours of 9 April the publication was able to re-launch the site through a backup platform but it soon transpired that this lacked sufficient capacity.

It was not until Saturday 10 April that the Novaya Gazeta website was able to resume normal activity.

So who was behind the attack on Novaya Gazeta?

The initiators of the cyber attack have not yet been identified. Meanwhile the publication's editor-in-chief Dmitry Muratov has given his opinion as to the attack’s purpose. He believes that it was quite obviously an attack with pre-planned timing.

The specific target of the attack might have been the publication's new project, the Runet Web Parliament.

The term "Web" is used not in the sense of “virtual” but to indicate how the project works. Any Internet user may propose any candidate – including him- or herself – to this alternative legislative body. As Novaya gazeta’s editor-in-chief Dmitry Muratov said in an interview with RIA Novosti, “a vast number of people responded to this idea. It suddenly proved an overwhelming success.”

Following this success certain Web Parliament candidates started receiving large numbers of votes at night.

"This has been clearly a conscious attempt at sowing national discord and generating chauvinism by means of Botnets and those who are behind them and control them. We have, of course, discarded these votes using technologies that had been developed in advance, and we made public the methodology we used to do that,” stressed Dmitri Muratov.

When the second round of voting for the Web Parliament got underway, the attacks started again, he added.

As a result the voting had to be halted. Incidentally, the editors of Novaya Gazeta emphasize: “We have certainly not given up the idea of carrying through this project. Only now, after the DDoS attack against us, we have decided to change the rules.”

Besides, Dmitri Muratov thinks the assault may also have targeted the newspaper's investigative journalism.

Head of Novaya Gazeta's press office Nadezhda Prusenkova said that the paper was planning to ask law enforcement officials for help. However, she said, judging by the experience of recent years it is unlikely the organizers of the cyber attack would be found; the only option would be to move the paper's servers abroad.

“We are discussing whether it is worth trying to start criminal proceedings,” the paper’s chief issue-editor Sergei Sokolov said.

A spokesman for the Department K, the police ministry’s subdivision responsible for combating computer crime, explained in a BBC interview that all investigations into cybercrime involve close international cooperation. “We are cooperating actively not just with the US but also with many other countries,” a press office representative stressed.

Russian law enforcement agencies have some experience of solving information technology crimes. For example, it did not take them long to identify the hacker from Novorossiisk who displayed video porn at a stand in the centre of Moscow.

However, when it comes to fighting international cybercrime the efforts of the special services of a single country often prove inadequate. It is technically very difficult to deal with the perpetrators, whoever gives the order.

Usually the organizers of cyber attacks, the criminals' accounts, their equipment and the objects of their attacks are scattered around the world. For example, in the case of Novaya Gazeta, the attack was launched from servers located in south Asia and other regions.

Experts on combating cybercrime agree that the best way to ensure Internet security is through even closer cooperation between governments, providers and companies, said the BBC.

Russian President Dmitri Medvedev was outraged at the attacks on LiveJournal. However, many commentators believe that the perpetrators behind the attacks on LiveJournal and Novaya Gazeta's site were acting on the orders of the Russian authorities.

Commentators believe it possible that the attack against LiveJournal and the voting for the Runet Web Parliament has been part of a bigger ploy against free discussion platforms. The methods tested in this attack could later be used for other purposes, for example during Russia's parliamentary and presidential elections.

A New Times source within the Russian FSB poured further oil on the flames. The journal reported that Roman K., a senior officer in the FSB Information Protection Department told them his security service had the technical capability to paralyse Internet across the entire country, if the situation demanded it.

“If, in an emergency, we are officially asked to bring down the Internet, we can certainly do this. Although, not completely. We cannot quite access the satellite part of the traffic, carried by servers that cannot be controlled from Russian territory,” said Roman K.

In this context the former State Duma deputy and currently opposition politician Vladimir Ryzhkov stated in an interview with a New Times correspondent: “I've been told that a special subsection for controlling the Internet has existed in the Lubyanka for several years now, and is capable of dealing with any task. It is quite possible that what we are seeing are just test runs with the elections in mind. It is possible that as we speak technologies are being developed that will make it possible, when necessary, to block all basic social networks in order to prevent the dissemination of information and the organization of protest actions.”

Compiled by Vera Vasilieva, HRO.org