Connect with us

Hi, what are you looking for?



Political Activism Gives Way to Hacktivism in Russia

Russia’s political season is heating up. Here in America, we have Super PACs, skewed election coverage, and scandals. As it turns out, Russia has some of that too — perhaps politics and fighting among party lines is somewhat universal. The difference however, is that we’re not seeing the types of Internet-based activism in America that exists in Russia. Furthermore, when political powers enforce their might in America, it’s a bit more subtle.

Russia’s political season is heating up. Here in America, we have Super PACs, skewed election coverage, and scandals. As it turns out, Russia has some of that too — perhaps politics and fighting among party lines is somewhat universal. The difference however, is that we’re not seeing the types of Internet-based activism in America that exists in Russia. Furthermore, when political powers enforce their might in America, it’s a bit more subtle.

Since December, as political giants vie for seats of authority, the Internet has entered the political process in Russia, with a mix of protest and activism. All of this comes with the bonus, if you could call it that, of hacktivism, in the form of account compromises and DDoS attacks.

DDoS Russian ElectionsThe protesting and anti-Putin sentiment came to a head in November (perhaps earlier depending on the sources) when President Dmitry Medvedev endorsed Putin as his replacement for the 2012 presidency.

Effectively trading Putin places, Medvedev would become Prime Minister. Moscow’s liberals viewed this as electoral fraud, and given that Putin controls the political system – and some critics say that he never fully handed over any power to Medvedev – most protestors demand that Putin and others resign from office.

“There is little doubt that Vladimir Putin will win next year’s presidential poll. Not only is he the most popular politician in Russia, he also controls the entire political system, one which keeps any potential rivals from appearing and attracting support,” commented the BBC’s Moscow correspondent Steve Rosenberg, last September when the power switch was proposed.

Early in December 2011, websites reporting on parliamentary electoral violations in Russia were downed by sustained DDoS attacks. From the time the polls opened, until their close late in the evening on December 4, various opposition news sites were unable to report or discuss the day’s events.

“The attack on the website on election day is clearly an attempt to inhibit publication of information about violations,” Alexei Venediktov, the editor-in-chief of Moscow Echo (Ekho Moskvy or Echo of Moscow) said on Twitter.

A similar site, Golos, made the same claim, reporting that a DDoS attack against its servers lasted the entire time the polls were open. Sites like Golos and New Times (a Russian publication that investigates noted political officials), have been denounced by Prime Minister Vladimir Putin’s United Russia party, and compared to the disciple Judas, charged with being backstabbers of the Russian people.

Advertisement. Scroll to continue reading.

An opinion piece in the Moscow Times in December said that Golos has faced an “unprecedented harassment and intimidation campaign” that started in late November. “In Belgorod, a Communist Party Regional Deputy was beaten up by the police. In Perm, the campaign manager for an oppositional party was beaten by unidentified men using baseball bats…,” the article explains.

“Unfortunately, all signs suggest that after Putin physically returns to the Kremlin, the country can expect nothing but a continuation of the status quo. The essence of this status quo in Putin-speak is “stability” – the preservation of an absolute monopoly on power in the hands of a very small circle of people.”

In November, as Putin addressed the nation during a speech, he suggested that Golos (partly funded by the U.S. and Europe), was an American vehicle for influencing Russia’s elections. Since that speech, Golos has been removed from its Moscow office and is facing a tax audit, which could shut the operation down should it not end in their favor.

Those watching the Golos situation point out that the tax audit itself is run by those who are pro-Putin and pro-government as things stand, and that the ousting from the Moscow HQ came as no shock considering that it is the hub of the government’s media machine. But even now, as the March 4 presidential elections draw near, opposition to Putin is growing, and there is talk that the powers that be are attempting to limit their voice.

Moscow Echo, for example, has had some internal changes. These changes, alleges Venediktov, are a direct result of management’s attempts at silencing Moscow’s liberal voice. Echo, owned in part by Gazprom – a natural gas company controlled by the state with a two-thirds stake in the media outlet – is planning to remove two of the directors from the board.

This would allow the state -run gas giant more of a say in the day-to-day electoral coverage. For the curious, Gazprom gained the majority control over Echo in 2000, after Putin imposed state control over all national television stations.

Venediktov and his deputy were naturally outraged over the board changes, and plan to resign their own seats in protest. Gazprom’s actions are one recent example of the state controlling Putin’s image in the media. “I consider [Gazprom’s actions] a clear attempt to change editorial policies,” Venediktov told the AP in an interview.

Echo has been one of the few state controlled media operations that gives a decent amount of coverage to anti-Putin pundits, and has covered the recent anti-Putin protests extensively. Along with being called a Judas, Echo has allegedly been promoting American foreign policy interests with their coverage, according to Putin supporters and the United Russia party itself.

From Activism to Hacktivism:

As you can see, most of the political back and forth in Russia is a mix of activism (protesting, editorials, countless blog posts, and other media) directed against the state and the political power that it wields. However, there is another side to this, and it lives purely online.

Just over a week ago, Symantec reported that the Waledec botnet was sending political spam exclusively to email addresses in Russia, promoting a website that promises news and a collection of information on crime, corruption, and political leaders. It’s an index of information and blog posts, citing internal sources, and global sources such as the AFP and AP.

“While it is not clear whether the intent of this Waledac spam campaign has been to promote the site or to smear the election campaign of any individual, it does question the exact motivation of the malware gang controlling the W32.Waledac.C variant,” Symantec said.

Spam aside, there have been other examples of hacktivism in the political realm. “2011, and now 2012, appear to be years of major populist protests regarding political processes around the world. Russia is no different. News reports of protests in the streets of Moscow have been increasing, with protesters demanding election reforms and fairness. It is in this backdrop that we’re seeing DDoS attacks against some websites,” commented Arbor Network’s Jose Nazario.

According to Arbor, political DDoS attacks in Russia seem to repeat themselves. In 2009, anti-Putin hacktivists targeted several websites during the run-up to elections. This year, it’s the same thing. Four news sites, each reporting on the protests and political reform (though three of them are the same company), and one candidate ( are being subjected to an ongoing DDoS campaign. One site, the Journal of UFA, was knocked offline by a DDoS attack within hours of a published report criticizing Putin.

Perhaps the largest example of political hacktivism however, comes from a known entity that’s no stranger to political struggles. Anonymous has started to show an interest in Russia’s political climate, focusing their efforts on pro-government supporters. In an address to the public, supporters of Anonymous’ Op_Russia explained that it was time for the pro-Kremlin group Nashi and the Federal Agency for Youth Affairs to go away.

“We have obtained a correspondence of the criminal syndicate which has seized power in the country. Now everyone can learn about the crimes committed by Federal Agency for Youth Affairs and pro-Kremlin group ‘Nashi’,” the group said in a Russian-language message.

From there they outline the contents of several emails, compromised by the Op_Russia’s supporters, which detail several questionable acts taken by the leaders of Nashi and Youth Affairs organizations. Included in the leaked messages are discussions on coordinating DDoS attacks against anti-government blogs and news sites, in addition to discussions of payments made to bloggers and journalists, who would later write supportive articles and posts.

For example, several emails sent to Kristina Potupchik, the spokesperson for the Federal Agency for Youth Affairs, show what appear to be the current price schedules. The money is to be paid to bloggers and sock puppets, who then write pro-Putin articles and flood negative stories with comments that are supportive to the government as well. A pricelist, seen here, shows payments as high as $600,000 RUB ($20,000 USD) for such tasks, equating to a strong PR program and a nice payday for those involved.

“That is how the illusion of the support for the working government is created,” Anonymous’ video, outlining the payments, explains.

In addition to emails outlining the vast sums of money spent by the youth movement to popularize Putin, Anonymous also said they are sitting on communications that will expose the shady dealings of the United Russian party.

“Also we have received proof that representatives of the pro-Kremlin organizations were after escalation of the conflict between Russia and Estonia; interfered domestic policy in Ukraine; and were discussing plans on revolution in Serbia,” Anonymous claimed.

“In order to hide this sensitive information, pro-Kremlin institutions have organized hacker attacks on the web resources that have been distributing this data. These DDoS-attacks cost Russian taxpayers millions of rubles. And that wasn’t a new method of aggression for the Russian government – they used it before, attacking web sites of the “Echo Moskvy” radio station and other informational sources that have refused to be loyal to this regime.”

Several sites that were hosting the stolen emails were taken offline via crushing DDoS attacks. While there was speculation that the government was responsible, they’ve obviously refrained from commenting on the issue.

Moreover, last Tuesday, Russian media reported that Nashi and the Federal Youth Agency were closing-up shop, and an insider told the reasoning was directly related to Anonymous’ actions. That said, no one from the Kremlin would speak to the matter officially, reported Russia Today.

It isn’t known if Anonymous will release data pertaining to the United Russian party, but what is certain is that March 4 is quickly approaching, and the anti-Putin mood among some isn’t going away. It’s likely that the rhetoric and hacktivism efforts will only get larger and more sustained.

Here in the U.S., the political climate is more focused on words and advertising budgets, but some wonder how long it will take before some form of hacktivism rears its head. If that happens, then the national elections in November will be interesting to say the least.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...