Inside Cyber Warfare

Jeffrey Carr

Part 25

Report Chapter

The 27th CRI also provided the Russian MOD's initial Internet access. According to Russian press, prior to 2004 the 27th CRI formed the Strategiya Agency as an experimental Internet program for connecting the MOD. The connections provided service for a variety of MOD components, including the General Staff Main Operations Directorate and Electronic Warfare Directorate. The connections provided access to global information resources for research purposes. The 27th CRI works closely with Vch 49456, a MOD center for automation listed on MOD computer contracts. Vch 49456 might be directly subordinate to the 27th CRI; however, we cannot be certain.

The 27th CRI employed at least 1,700 personnel in 2010. Vch 49456 employed at least another 700.

[84] There is an unstated tension between the FSB and MOD on IO responsibility. Russian law a.s.signs the FSB lead information security responsibility. The MOD, however, sees IO as a military responsibility. MOD and government structures related to IO are usually filled by former FSB/KGB officers. During the 2008 Russia-Georgia conflict, the MOD Press Officer was transferred from the FSB. It seems that the FSB is making sure MOD plans don't hinder FSB prerogatives.

[85] Noncontact Wars was published in January 2000 while the Security Council was working on the new doctrine.

[86] Russian military commentators, including Ivanov, have speculated since 2005 that the EW Troops would become a separate combat arm. This had not occurred as of July 2011. Ivanov, whose last rank was Major-General, and who as a 2006 General Staff Academy Honors Graduate was seen as a rising star, was one of three General Staff officers who requested retirement in July 2011 for as-yet unspecified reasons.

[87] Dr. h.o.r.ev's web page also states he received an award from FSTEC in 2003 while serving in this position.

[88] Moscow Military University's distinguished alumni include arms dealer Viktor Bout and "former" FSB officers Andrey Lugovoy and Dmitriy Kovtun, implicated in the Alexander Litvinenko

[89] FSTEC states that responsibilities include only "key" networks. However, the definition of key is broad enough to allow FSTEC to operate anywhere.

[90] The same postings normally list VAIU and VAIU predecessors under education.

[91] The English translation is approximate. The Cyrillic name is eepaH ocyapcTBeHH HayHo-cceoBaTec cTaTeH eHTp paoeTpoHHo op oeH eTBHocT cHeH aMeTHocT (H ).

[92] It seems the ambiguity was designed to avoid drawing attention to the merger between VAIU and the 5th TSNIII.

[93] A former Vch 11135 employee is now a prominent Russian IT security expert who writes frequently on SCADA security. FSTEC doc.u.ments show its role in SCADA security.

[94] The FSTEC list tries to obfuscate by listing the 18th CRI as the organization requesting certification and Vch 11135 as the testing laboratory. However, the Russian tax identification number is the same for both, showing that they are the same organization. In short, the 18th CRI is certifying itself.

Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)

Russia's Information Security Doctrine shows a tension between the government's a.s.sessment that the Internet drives technical progress while spreading ideas threatening "Russia's spiritual revival." As a result, the FSB and the MVD have developed Internet-oriented components. These components are direct first at the internal threat to domestic stability. However, they also have offensive potential.

Federal Security Service Information Security Center (FSB ISC)-Military Unit (Vch) 64829

The FSB's Information Security Center (FSB ISC) is the FSB's component for counterintelligence operations involving Russia's Internet (RuNET). FSB ISC operations include monitoring RuNET and a.n.a.lyzing Internet content. However, FSB ISC also plays a role in offensive IO.

The FSB's Information Security Center was formed in 2002 when FSB Director Nikolay Patrushev reorganized the Department of Computer and Information Security. The reorganization transferred some administrative and developmental functions to other FSB components-including the Center for Communications Security; the Center for Licensing, Certification, and Protection of State Secrets; and the Scientific Technical Center-while focusing FSB ISC on counterintelligence operations on RuNET. FSB ISC is also designated as an FSB expert investigative center, performing forensic investigations for criminal prosecution. Russian law authorizes FSB ISC to conduct legal investigations and take action against Russian citizens. FSB ISC works closely with the Russian Ministry of the Interior Directorate K-the cyber crime directorate-headed by Lieutenant-General Boris Nikolayevich Miroshnikov, who transferred to the MVD after heading FSB ISC.

FSB ISC First Deputy Director Dmitri Frolov speaks frequently, stressing FSB ISC's role in preventing terrorist and criminal activity on RuNET. Frolov also speaks on the FSB's need for improved technical capabilities and increased legal authority to counter cyber terrorism and cyber crime.

The FSB monitors Internet traffic using hardware and software installed at Russian Internet Service Providers (ISPs), Internet access points, and Internet exchanges. The Internet monitoring system-known as SORM-was first established in the 1990s. The existing system began a major upgrade with contracts let during 2007 and 2008. The upgrade will enhance FSB ISC's ability to remotely task the Internet monitoring system and a.n.a.lyze collected information offline in a dedicated center located at the FSB ISC building. The upgrade also enhances FSB ISC nonattributable Internet operations.

FSB ISC capabilities can be used for offensive purposes. In 2008 quoted deputy head of the Russian Armed Force General Staff Major-General Aleksandr Burutin on Russian Information Operations. General Burutin stated that the FSB, along with the Ministry of Defense, was developing "special methods of conducting information warfare." Websites named by FSB ISC First Deputy Director Frolov as supporting terrorist and extremist activity-such as Chechen-oriented suffered disruptive attacks. Russian press attributes the attacks to patriotic hackers, although they note FSB's tacit approval.[95] After Wikileaks threatened to publish embarra.s.sing information on Russia, including possible Russian intelligence service operations, a November 2010 article by Aleksey Mukhin stated that the FSB ISC had informed Russian leadership that Wikileaks could be rendered inaccessible forever "given the appropriate command."

Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)-Military Unit (Vch) 71330

The FSB Center for Electronic Surveillance of Communications (FSB TSRRSS) is responsible for the interception, decryption, and processing of electronic communications. The center-also known as the 16th Center (Directorate) FSB-is directly subordinate to the FSB Director.

In 1991 Russian President Yeltsin broke up the KGB, transferring the 16th Directorate to the Federal Agency of Government Communications and Information (FAPSI). The 16th Directorate became FAPSI's Main Directorate for Communications Systems Signals Intelligence (GURRSS). The KGB's 8th Main Directorate-responsible for communications security-also went to FAPSI. In 2003 Russian President Putin disestablished FAPSI, with many communications security and intercept functions going to the FSB. Responsibility for government communication networks went to the Federal Security Organization (FSO).

The internal structure and size of the FSB 16th Center is uncertain. However, an uncla.s.sified history states that in 2003 FAPSI had 38,500 servicemen and 14,900 civilian employees. A 2003 Kommersant article estimated that most would transfer to the FSB, with the rest going to the FSO and Ministry of Defense.

Vch 71330 registered a small block of IP numbers with the European Internet authority, RIPE. The block is on Autonomous System Number 12695 (AS12695) registered to a Russian Closed Joint Stock Company (JSC) Digital Network ( According to the RIPE database, JSC Digital Network is a major service provider hosting networks for government and private ent.i.ties. JSC Digital Network also maintains a small block of IP numbers for Vch 43753, the FSB Communications Security Center.

FSB Administrative Centers for Information Security

The FSB oversees Russian government and private ent.i.ties handling sensitive technologies and information, including financial transactions. The FSB executes administrative oversight through two centers directly subordinate to the FSB Director: The Center for Licensing, Certification, and Protection of State Secrets, and The Communications Security Center. Both centers are at the main FSB Lubyanka headquarters building.

FSB's Center for Licensing, Certification, and Protection of State Secrets (FSB TSLSZ) is the lead Russian department for licensing enterprises, inst.i.tutions, and organizations for work with state-secret information. FSB TSLSZ, along with the Federal Service for Technical and Export Control (FSTEC), also regulates the import and export of cryptographic technology and technical surveillance equipment.[96]

The FSB exercises tight control over encryption technology. By Russian law and presidential decree, no public organization or private enterprise can use encryption technology without an FSB license. The FSB publishes a list of FSB approved testing laboratories that TSLSZ recognizes. The FSB list includes government organizations-including three directly subordinate to the FSB-one military unit, and private companies.

The FSB Communications Security Center (CBS FSB)-Military Unit (Vch) 43753 or 8th Directorate FSB-ensures that government communication systems use approved products. The center also ensures government communication projects meet security standards. While TSLSZ licenses a company for work with state-secret information, the Communications Security Center approves specific products developed by the company. Russian advertis.e.m.e.nts for software products frequently list their CBS FSB license so customers know they can be used in secure systems. Russian contracts for government communication projects are subject to CBS FSB approval if they involve state-secret information or financial transactions. The Russian press frequently quote CBS FSB personnel on information security topics. CBS FSB personnel also attend and give presentations at information security conferences; by contrast, TSLSZ personnel are less visible.

Russian Interior Ministry Center E (MVD Center E)

*** You are reading on ***

Government Decree N-1316 reorganized the Russian Interior Ministry (MVD), establishing the Department for Combating Extremism (Center E, or DPE). In a 2009 Vremya Novostey interview, MVD Major-General Valery Kozhokar-Chief of the Main Administration Directorate-detailed the new department's mission: As for Center "E," it works in several fields: suppressing extremist organizations and a.s.sociations, including youth groups, and counteracting religious extremism and ethnic extremism. In short, it fights terrorism.

The Russian law a.s.signs the FSO responsibility for organizing and running secure communications for state structures, and protecting them from foreign intelligence services. The FSO exercises these responsibilities through the Special Communications and Information Service. The Special Communications and Information Service runs the network of situation centers, which serves the president and state structures.[101] As noted earlier, in 2008 President Putin tasked the FSO with developing secure Internet connections for state structures working with cla.s.sified information. The FSB retains overall state authority for cryptography; however, the FSO runs the cryptographic system on its networks and retains the keys.[102] Russian contracts show that the FSO works closely with Vch 43753-8th Directorate FSB-and the FSTEC.

The Special Communications and Information Service situation centers, shown in Figure 15-3, also provide the Russian leadership a.n.a.lytic support. General of the Army Aleksandr Starovoytov, former FAPSI director, stated in a 2010 interview that the a.n.a.lytic support included cutting-edge work on decision support systems, as well as information retrieval from large doc.u.mentary databases, including "grey" literature on research and development projects.

Figure 15-3. Special Communications and Information Service Moscow headquarters ( General Starovoytov now heads the Center for Information Technologies and Systems of Executive Agencies (FGNU TsITiS) under the Ministry of Education and Science and the International Center of Informatics and Electronics (InterEVM). According to Starovoytov, TsITiS transferred from FAPSI to the Ministry of Education and Science. It continues to work on decision support systems and new technologies, including voice-recognition software. The FSB, according to contract data, is also interested in voice-recognition software. Given General Starovoytov's intelligence background and writings on IO, TsITiS and InterEVM[103] may be covers for intelligence activities.

The FSO Academy,[104] shown in Figure 15-4, is in Orel. According to its website, the FSO Academy commissions new officers through a university-level program and does continuing training and research (which probably include signals intelligence training, long done in Orel). The five-year commissioning program leads to degrees in network technology, communications, information systems, information security in telecommunications, and law. According to Russian press, the FSO Academy commissioned more than 400 officers in 2009. The FSO Academy also trains FSB officers.

Figure 15-4. FSO Academy academic training and student residence (Yandex Maps) *

[95] One Chechen site stated it traced attacks to the IP addresses registered to Vch 71330.

[96] The FSB, FSTEC, MOD, and the Russian Foreign Intelligence Service (SVR) are authorized to undertake projects involving state-secret information-including those involving information security systems-using licensed ent.i.ties. The FSB and FSTEC publish lists of approved ent.i.ties (the lists include government and private enterprises), with the FSTEC list covering work for the MOD.

[97] DST Global owns approximately 10 percent of Facebook.

[98] Syrian security services used Facebook to identify and detain activists during Syria's internal disturbances. Russian security service capability is vastly greater.

[99] The Cyrillic name is frequently translated as Federal Protection Service. They are the same organization.

[100] The KGB 9th Directorate was complicit in the August 1991 coup attempt against Gorbachev. President Yeltsin sought to minimize future threats by creating a protection service subordinate only to the president. The name was officially changed to FSO in 1996.

[101] The FSO provides presidential communications during foreign trips.

[102] In short, the FSB certifies the cryptographic technology used by the FSO but cannot read traffic on FSO networks. The FSO, however, can read the traffic. The division of responsibilities is another legacy of KGB involvement in past coups. The 1993 film The Grey Wolves about the 1964 coup against Khrushchev is ill.u.s.trative. The film, co-written by Krushchev's son, strives for historical accuracy.

[103] InterEVM's website ( states it is an international organization working on the development of advanced information and communication systems. According to Russian press, InterEVM attended a Cuban trade fair in 2009.

[104] The FSO Academy was founded as the KGB Military Technical School, transitioning from the KGB to the FAPSI to the FSO.

Russian Federation Ministry of Communications and Ma.s.s Communications (Minsvyaz)

*** You are reading on ***

Popular Novel