Critical Infrastructure Security , Cybercrime , Cybercrime as a service
Reports: Files Show Censorship Efforts Around Perception of War
Dan Gunderman (dagun127) •
March 11, 2022
International hacking collective Anonymously announced on Thursday that it has hacked the Russian censorship agency known as Roskomnadzor. The group released 364,000 files it says show intensified censorship around the perception of the Ukraine invasion, which began in late February.
See So: On Demand | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries
The files were published by DDoSecrets, the nonprofit whistleblower site for news leaks. The files are reportedly from dates as recent as March 5 and reportedly show that the Kremlin censored content around its military operation.
Roskomnadzor activity follows a provision signed into law by Russian President Vladimir Putin on March 4 making it illegal to express dissent against Moscow’s campaign. In the wake of the announcement, global media organizations initiated an exodus from Russia – including CNN ceasing its live broadcasts, the news service UPI notes.
Also on March 4, Russian access to Facebook was reportedly blocked – although the same news wire report indicates that Russians are increasingly relying on VPNs to skirt the government’s digital clampdown.
In the related post to its site, DDoSecrets contributors Lorax B. Horne and Emma Best say the whistleblower group has hundreds of thousands of files from the Russian censorship agency.
They say: “Roskomnadzor has given instructions about what can be said and ordered media outlets to delete stories that call Russia’s invasion of Ukraine an Invasion. … [The agency] also threatened to block access to Russian Wikipedia over their article about the Russian invasion of Ukraine. This follows an established history of similar actions in the past.”
DDoSecrets says the Anonymous-affiliated hacker “urgently felt the Russian people should have access to information about their government [and] expressed their opposition to the Russian people being cut off from independent media and the outside world.”
The report indicates that 360,000 files allegedly obtained from the agency are in more than 43,000 directories.
Declaration of (cyber) war
While US and EU officials have, to date, suggested that Russia has not used all of its cyber military might, perhaps to avoid escalation with NATO members, others say that escalation could still come – especially as the Biden administration continues to hobble the Russian economy with sanctions. Such moves have already devalued the Russian ruble to all-time lows.
Meanwhile, the conflict also devolved into the underground, with anonymous declaring a full cyberwar on Russia late last month. Almost immediately, the group claimed to have hacked websites connected to the Russian government, state media and banks (see: Anonymous Extends Its Russian Cyberwar to State-Run Media).
The decentralized collective also reportedly hit the government website for Chechnya, a Russian republic that has vowed military support for Russia.
Anonymous also targeted several Russia state-run media agencies, including TASS, Izvestia, Fontaka, RBC and Kommersant and left antiwar messages on their websites.
The decentralized group – characterized by the Guy Fawkes-based character in the graphic novel “V for Vendetta” – has branded its efforts under the hashtags #OpCyberBullyPutin, #OppRussia and #OpKremlin.
The group also reportedly leaked over 200GB of emails from the Belarusian weapons manufacturer Tetraedr and claimed credit for hacking Russian ISPs.
Another hacktivist group based in Belarus – the Cyber Partisans – has leveled offensives at the Russian war effort too, reportedly initiating cyberattacks on railways carrying Russian troops through Belarus, which has pledged support for Moscow (see: Update: Cyber Hacktivists Target Belarus for Supporting Russia).
As the Kremlin reels from international sanctions – targeting oligarchs, its banking system, its oil exports and more – homeland security and cybersecurity experts suggest that targeted attacks against the West are not off the table.
In anticipation of the cyberthreat escalation, US lawmakers passed an omnibus spending bill – with nearly $14 billion in funds for Ukrainian aid – and a requirement for critical infrastructure operators to report significant cyberattacks within 72 hours and any ransom payments within 24 hours (see: US Congress Passes Cyber Incident Reporting Mandates).
And in a Senate Select Committee on Intelligence hearing this week, Gen. Paul Nakasone, director of the National Security Agency and commander of US Cyber Command, said of the threats: “We are only 15 days in. And so, much can still occur [on the cyber front] and we’re very vigilant to make sure nothing does occur.”
Nakasone also touted US efforts to bolster Ukrainian cyber defenses in the wake of attacks on the nation’s electric grid starting in 2015.
Some cybersecurity experts acknowledge that the number of attacks targeting Ukrainian websites, specifically, has no doubt climbed since the start of the war – and DDoS attacks may continue there.
“A spike in DDoS, malware and phishing attacks is usually the first salvo in any hostile cyber operations,” says Rajiv Pimplaskar, CEO of the firm Dispersive Holdings Inc. “Historically, Russia has demonstrated an ability to successfully and maliciously utilize DDoS in conjunction with other cyber operations against former Soviet republics.”