Russia’s Digital Iron Curtain

Episode Notes

Transcript

Sharon Nelson:  Before we get started, I’d like to thank our sponsors; Clio, CaseFleet and PI.now.com.  

[Music]

Intro:  Welcome to Digital Detectives, reports from the battlefront. We’ll discuss computer forensics, electronic discovery and information security issues in which really happening in the trenches, not theory but practical information that you can use in your law practice, right here on the Legal Talk Network.  

Sharon Nelson:  Welcome to the 136th edition of Digital Detectives.  We are glad to have you with us.  I’m Sharon Nelson, President of Sensei Enterprises, a digital forensics, manage cybersecurity and manage information technology firm in Fairfax, Virginia. 

John Simek:  And I’m John Simek, Vice President of Sensei Enterprises.  Today on Digital Detectives, our topic is Russia’s Digital Iron Curtain.  Our Guest today is Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation.  She spent the last 15 years working on tracking APTs, making digital security training materials for vulnerable populations and working directly with journalists and activists all over the world.  It’s super to have you with us today Eva.  

Eva Galperin:  Thanks for having me.  

Sharon Nelson:  Eva in mid-March, I read a story that quoted you and this was the first time I had ever heard the phrase about Russia’s Digital Iron Curtain in that story, which said that Russia had banned Instagram which affected some 90 million Russian users.  Can you tell us what that was all about?  

Eva Galperin:  Shortly after the Russian invasion of Ukraine, Russia started to very seriously crank up its control over social media and the internet.  The Russian Civil Society space on the internet has been slowly closing over the last decade or so, but in the last two or three months, we’ve really seen it move from sort of contested space into fully authoritarian space.  There are at this time, very few sources of independent news media located inside of Russia or available to Russians right now. 

John Simek:  Eva, I understand the Russia, they previously banned Facebook and restricted use of Twitter.  How did that come about?  And why did the Russian government do that?

Eva Galperin:  Well, the Russian government has an internet censorship body called Roskomnadzor and it issues a block list to all Russian ISPs and requires them to block certain domains and that changes over time.  The law in Russia is such that the Russian government can essentially decide to block whatever content at once and especially social media platforms because it’s banned at certain types of speech, including what they call sort of the promotion of drug use, the promotion of suicide, talking about LGBTQ issues and also calling the war in Ukraine a war.  

Sharon Nelson:  God forbid, we should be told the truth.  The point of these restrictions I assume is to drive Russians to other communication outlets which are more pro-Russian, the equivalence of Fox Television for instance and is it now a crime in Russia to criticize the actions in the Ukraine?

Eva Galperin:  It is a crime in Russia right now to call the special operation in Ukraine a war, not even to have criticism of it, to point out that it is going badly or to say that perhaps Russia should not be doing it but merely to point out that it is in fact a war.

John Simek:  Talk to us a little bit about the messaging app, Telegram.  I know we’re very familiar with it since we do, you know, forensics work, but I’m sure a lot of our listeners are not familiar with it, but talk to us about why that program is so popular in Russia and why is the government permitting its use? 

Eva Galperin:  There are a lot of social media platforms, and also end-to-end encrypted secure and insecure messaging apps in use throughout Russia and indeed outside of Russia and in the United States.  We are familiar with many of the more popular social media platforms such as Twitter, Facebook, Instagramm, TikTok and also with many of the more commonly used messaging apps, WhatsApp, for example has more than a billion users.  I imagine most of your listeners have used WhatsApp at one point or another or iMessage, if they are particularly technical, they might use Signal, these are all sort of an in constant use both inside and outside of Russia, but there is sort of what is referred to until recently as the Rue-Net which is sort of the Russian-Speaking Internet.  

(00:05:06)

The internet of Russian apps and platforms and communication back in the early 2010’s that included sites, like LiveJournal, it had originally started out as a US company and then was purchased by a Russian owner and became a really interesting platform for civil society and discussion in Russian for some time until kind of the first wave of like 2012 censorship laws really came into place.  It suffered sort of the same fate as I would say, Tumblr now after Tumblr’s porn ban, only instead of banning porn, what they banned was essentially political speech.  There are platforms like that.  There is also a Russian version of Facebook called VKontakte which looks almost exactly like Facebook and whose feature list and look is copied almost verbatim from Facebook.  There’s a site called Odnoklassniki which essentially does the same thing, it is sort of the equivalent of classmates.  There is in addition to all of that, there is sort of combined social media platforms/messaging app called Telegram.  

And the way that Telegram works in this particularly interesting hybrid way is that Telegram has channels, and those channels are not really limited in terms of their size.  So there are sometimes very large channels with hundreds and thousands of people subscribe to them which are essentially used in much the same way as Twitter.  Somebody just so, you know, puts out their content on this channel and people talk to each other on the channel.  There are also groups which tend to be smaller, people frequently communicate in private groups, groups that are, you know, sort of not listed and also not enjoyable by people who do not have a specific invitation to join the group and people have one-to-one communications, which is sort of the equivalent of your standard messaging app like WhatsApp.  However, Telegram is much like the social media platforms and that all of the communications over these platforms are encrypted in transit, which is the equivalent of when you go to Facebook and you look up at the top of your browser and you see the URL and it starts with the letters HTTPS, the S at the end of this word or this phrase is hypertext transfer protocol and the S stands for secure and what this S means is that the stuff that you type in to Facebook is visible to Facebook but is not visible to everybody that controls the networks between you and Facebook, for example, the network administrator on your local network, the person who runs your local ISP, they can see that you are going to Facebook, but they can’t see what you’re doing there.  The internet used to not be encrypted and it used to be possible to intercept that kind of content all the time, it was a very serious privacy and security problem that have spent many years working to solve.  So good news there, there’s certain types of spying that Telegram communications are secure against.  However, most of the communications on Telegram are not end-to-end encrypted which is usually what we think of when we say that something is encrypted online these days, especially when we talk about messengers.  For example, your communications in WhatsApp are end-to-end encrypted under all circumstances.  Your messages on Signal are end-to-end encrypted under all circumstances.  And what end-to-end encryption means is that when you communicate with someone else, the communication is only visible to you and to the person that you are talking to and everybody who is in the middle including the people running the platform that you’re using cannot see what you are saying and therefore cannot say turn it over to a government, and one of the problems with Telegram is that the communications are encrypted in transit but they are not end-to-end encrypted.  And so in the end, you need to trust Telegram with the contents of your communications unless there is one circumstance under which you could turn on end-to-end encrypted communications in Telegram and it is in one-to-one communications where you specifically have turned on secret chat, which is a very, very small subset of communications on Telegram.  

And that means that a lot of anti-war organizing, a lot of information about what is happening in Ukraine being made available to Russians, all of that is on Telegram.  Telegram knows who is seeing what for the most part which puts them in a very sensitive position.  

(00:10:00)

Now Telegram has a long history of standing up to the Russian government.  The owner of Telegram is a guy named Pavel Durov, who also started the Facebook rip-off of VKontakte and when he was essentially pushed out by Putin’s oligarchs and forced to sell the company, he fled or was allowed to leave Russia and started Telegram.  However, even though he has a history of standing up to Putin, the fact that you need to trust him in order to have these communications is extremely problematic because the technology exists to make that trust unnecessary and he has not implemented it and I find that extremely suspicious.  Furthermore, even if you trust Pavel Durov personally, you say this guy has stood up to Putin therefore, he would surely not stab Russians in the back, you also have to trust everybody else who works at the company and also every hacker who could possibly break into the company, that’s not a risk that I would take if I was a Russian right now.  

Sharon Nelson:  I can’t believe that and that was truly an encyclopedic answer.  

Eva Galperin:  I’m so sorry I provided, the whole answer.  

Sharon Nelson:  No, but it was great.  I mean, I was just riveted, that was a terrific explanation and far more than I knew before.  

John Simek:  Just to summarize that Eva, you kind of say that there’s a potential of a wiretap if you will in that stream, right, when you use Telegram?   

Eva Galperin:  Absolutely.  

John Simek:  Okay, that I think our listeners can understand.  But before we move on to our next segment, let’s take a quick commercial break.  

[Music]

Sharon Nelson:  What could be more important than knowing the facts of your case inside and out?  CaseFleet’s powerful software makes it easy to create a chronology of each case and track the evidence for each fed.  With an intuitive interface, full text search and built-in document review, CaseFleet makes fed management easy, signup for a 14-day free trial at casefleet.com/digitaldetectives and get 10% off your first subscription.  

Looking for secure legal software to help manage your firm’s matters in the cloud?  With Clio’s cloud-based legal software, you can safely manage everything.  From client intake to billing, from one secure platform so that attorneys can spend more time doing what they do, best practicing all, to learn why over 150,000 attorneys, firm staff and IT leaders trust Clio, visit clio.com today, that’s Clio spelled C-L-I-O.com.  

Sharon Nelson:  Welcome back to Digital Detectives on the Legal Talk Network.  Today, our topic is Russia’s Digital Iron Curtain.  Our guest today is Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation.  She has spent the last 15 years working on tracking APTs, making digital security training materials for vulnerable populations, and working directly with journalists and activists all over the world.  

So Eva, I’m still trying to absorb everything you said in the answer to the last question, but let me just start a new train here.  Please tell us what exactly is VK, because you were quoted as saying you can assume that anything that happens on VK is absolutely not safe from the Kremlin.  So, tell us why that is?  

Eva Galperin:  VK is short for VKontakte which I had been talking about earlier as sort of the Facebook clone that is based in Russia and the reason why Russians can assume that the Russian government has full access to everything which is happening on VKontakte, is that VKontakte is based in Russia and therefore is not only required to turn over any information that the Russian government asks for but is also vulnerable to certain kinds of pressures that would simply not be possible if VKontakte was not located inside of Russia.  

John Simek:  Are there ways to make VK or Telegram more secure to use?  

Eva Galperin:  The only way to use Telegram securely is for one-on-one chats with secret chat turned on and even then Telegram has information about who you are and who you’re talking to.  And you can draw a lot of conclusions about a conversation without ever actually seeing the content of the communications.  This is what is known as metadata, all of the data about the data.  So I would be very careful when using Telegram.  As for VKontakte, I would not trust anything that happens there.  

John Simek:  I think we heard that loud and clear.  

Sharon Nelson:  Reports from mid-March Eva said that Russia is planning to further centralized control over the country’s internet access with its sovereign internet project Rue-Net which is what you refer to before and as I understand it and I understand very little of it because John is the technologist and I am the lawyer but this would effectively relocate key internet, if infrastructure including parts of the domain name system otherwise known as DNS to servers on Russian soil.  Could you please help us understand what that means and why it’s so significant?  

(00:15:24)

Eva Galperin:  So for more than a decade, the Russian government has been working to centralize its control over the Russian internet and their model has been China this entire time.  What they’re trying to do is they’re trying to duplicate the great firewall of China.  Part of that control can only be possible if they control DNS if they have a wide capability for filtering communications, for spying on communications, for intercepting communications, for turning communications off at will and also for compelling companies to hand over data.  That’s really what they’ve been working for all of this time and what we’ve really seen in the last few months as we’ve seen all of these efforts really ramp up.  

Sharon Nelson:  Well that we certainly have.  

John Simek:  Yes for sure.  Eva, I want to get a little bit into the weeds here but since Sharon said I’m the technologist here, I know Russia’s they’ve made some moves to kind of bypass the sanctions by creating their own certificate authority and that you know, the entities that actually issues those digital certificates to secure the web traffic.  I see that as kind of problematic without — I’m not going to get into the whole TLS, you know, pinning issue and all that stuff, but essentially making it more vulnerable to man in the middle attacks.  But can you talk a little bit about this whole thing of Russia, creating their own certificate authority, what that might mean, what the impacts could be around all that?  

Eva Galperin:  Well first, it’s probably worth pointing out that when I was talking earlier about having your communications encrypted in transit, the way that that is done is over TLS and it depends on certificates which are issued by certificate authorities.  There are a bunch of different organizations that issue these certificates that show that your data is encrypted and it is trusted by these organizations and the Russians have essentially decided to issue their own certificate which they can easily back door which would allow them to see all of the traffic, which is encrypted in transit.  

This is not the first attempt by a government to issue its own certificate authority that it controls in order to allow it to spy on internet traffic which would otherwise be encrypted within its borders.  In fact, even countries like Kazakhstan have gone so far as to require its citizens to install a certificate issued by its own authority if they wanted to use any of the government websites, which was on one hand kind of laughable, but on the other hand, surprisingly effective in some cases.  So, this is this is not the first time.  We’ve also seen governments seek to undermine existing authorities, such as the DigitNotar Scandal I think back in like 2014 or 2015 where I think there was — was it the Dutch government, I can’t remember off the top of my head.  This was a big European scandal with a certificate authority that was behaving in an untrustworthy way on behalf of a government.  So this is not the first time that we’ve seen this, this is absolutely expected behavior.  No one is surprised but everyone is very disappointed.  

John Simek:  Well, before we move on to our next segment, let’s take a quick commercial break.  

Sharon Nelson:  Welcome back to Digital Detectives on the Legal Talk Network.  Today, our topic is Russia’s Digital Iron Curtain.  Our guest today is Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation.  All that we’ve been talking about Eva is causing experts to worry what precedents this might set for the internet and the internet everywhere.  If a country can simply bow out of the global network and funnel people into siloed services and standards during times of conflict, it doesn’t seem to me to bode well for the future of a neutral and decentralized internet, what are your thoughts about this?

Eva Galperin:  I think that this is nothing new.  Again, China has essentially had its great firewall up for decades and has it very effectively maintained control of its own internet.  Iran has been trying to build up a separate internet for many years and Russia again has very consciously modeled its efforts on China from the very beginning.  So this is a very long process.  

(00:20:04)

The only reason why I have been less concerned about the balkanization of the internet, I would say as recently as 10 years ago is it turned out that balkanizing your internet is hard and requires a lot of technical infrastructure, but it also turns out that Russia has been building that technical infrastructure out in the form of SORM-2 for the last decade.  So we had a lot of warning about exactly what it was doing and exactly how they were doing it and who they were bottling it after and what their goals were.  Mind you, a balkanized internet is not a better internet.  It is an Internet that makes it harder for people to communicate with one another across borders and really takes away many of the great advantages of a free and open society, which is precisely what makes it so incredibly appealing to authoritarians everywhere.  

John Simek:  Well if I could sit here and talk with you all afternoon long but we don’t have enough time for all that so, I’m going to boil down to save for questions at the end here for you.  Is there any way that we can get trustworthy information into Russia?  And is that something the EFF is working on?  And what about the government, you know as well and has this really become another kind of a cyber-war?  

Eva Galperin:  There are definitely ways in which Russians can continue to see websites and services that exist outside of Russia or that have been blocked by the Russian government.  I recommend the use of Tor.  Tor is a censorship circumvention technology that was built specifically for this very purpose that is really quite good for it.  The Tor website has of course, been blocked at the DNS level or at the domain for some time in Russia but many mirrors are up and Tor is widely used inside of Russia in order to get around censorship circumvention.  VPNs are also used to get around censorship circumvention.  Even the VPNs that have been banned or blocked, it is sometimes difficult to purchase a new VPN right now in Russia and part of the reason for that is the sanctions make it very hard to buy things which exist abroad and also to download paid apps right now, especially since they can’t get to the Apple Play Store.  So there are definitely some obstacles there.  So information is still getting out and in.  So, censorship circumvention technology is extremely robust and it’s something organizations have been working on for a very long time.  This is not a new problem.  As for cyber-war, we have definitely seen an uptick in cyber-attacks by known Russian actors by actors that are related to or have been known to work with the Russians government, and by actors that are affiliated with Russia’s allies such as Belarus.  We have seen sort of cyber espionage but we have also seen sort of more aggressive attacks such as wipers where ransomware is installed remotely on a device using malware and then it just remotely wipes everything which is on the computer and they’re not particularly interested in ever picking up a ransom.  So, that’s a very common thing that we’re seeing the spike in right now and it’s very important for people who are running critical infrastructure to be aware of this kind of attack and to be particularly alert.  

Sharon Nelson:  Well, I want to thank you so much for being our guest today Eva.  I feel like I have digested more than I could.  I will work it again taking a stab and listening to this again just to try to absorb everything that you taught me that I didn’t know and I’m sure a lot of the listeners will feel exactly the same way and I appreciate how valuable your time is, so thank you for coming in and joining as a guest.  

Eva Galperin:  Thank you so much for having me.  

[Music]

John Simek:  That does it for this Digital Detectives and remember you can subscribe to all of the editions of this podcast at legatalknetwork.com.  We’re an Apple podcast, and if you enjoy our podcast, please rate us on Apple Podcast.  

Sharon Nelson:  And you can find more about Sensei’s digital forensic technology and cybersecurity services in S-E-N-S-E-I E-N-T.com.  We’ll see you next time on Digital Detectives.  

Outro:  Thanks for listening to Digital Detectives on the Legal Talk Network.  Check out some of our other podcasts on Legal Talk Network and in iTunes.