Hacking group claims control of Belarusian railroads in move to ‘disrupt’ Russian troops heading near Ukraine A group of pro-democracy hackers known as the “Cyber Partisans” said that they infiltrated the Belarusian rail network in an effort to “disrupt” the movement of Russian troops into the country. On the 24th of January the hackers “said that they had encrypted some of the railroad’s ‘servers, databases and workstations’ because it facilitates the movement of ‘occupying troops to enter our land.’ The group said it would return the network to ‘normal mode’ if 50 political prisoners in need of medical care were released and Russian military personnel were barred from Belarus”. An informative Arstechnica article (“Hactivists say they hacked Belarus rail system to stop Russian military buildup”) is here.
Courtesy Belarus Cyber Partisans
Since becoming president of Belarus in 1994, Alexander Lukashenko has built Europe’s most repressive police state and ruthlessly used his power to stay in office as a dictator. Now hackers are trying to turn the extensive surveillance state against Lukashenko to end his reign—and to do it, they claim to have pulled off one of the most comprehensive hacks of a country in history. The hackers, known as the Belarus Cyber Partisans, have been regularly leaking information they say has been obtained by breaching dozens of sensitive police and government databases. So far they have published what they say is evidence of crimes by police, information showing that the regime covered up the country’s true covid-19 mortality rate, and recordings of illegal orders to violently crack down on peaceful protests. The partisans also say that they have successfully hacked almost every part of the Lukashenko administration and that the information released so far is just a fraction of the data they have. “What we want is to stop the violence and repression from the terroristic regime in Belarus and to bring the country back to democratic principles and rule of law,” an anonymous spokesperson for the hackers told MIT Technology Review. Founded at the Massachusetts Institute of Technology in 1899, MIT Technology Review is a world-renowned, independent media company whose insight, analysis, reviews, interviews and live events explain the newest technologies and their commercial, social and political impacts. MIT Technology Review derives authority from its relationship to the world’s foremost technology institution and from its editors’ deep technical knowledge, capacity to see technologies in their broadest context, and unequaled access to leading innovators and researchers.
More information in the January 26, 2022 issue of BelarusAlert as well. The Atlantic Council’s BelarusAlert is a comprehensive online publication that provides regular news, commentary, and analysis on developments on Belarus’ politics, economy, civil society, and culture. The weekly column is complemented by articles from thought-leaders, experts, and activists on a regular basis.
But the Partisans are not operating alone. According to interviews, the hackers benefit from a partnership with a key group of Belarusian law enforcement and intelligence officers. A group called BYPOL, which includes current and former regime officials, has been offering close guidance for many months. Some of them are providing help from outside the country, having defected after Lukashenko’s fraudulent claims of victory in the 2020 presidential election and the brutal crackdown that followed.
This board is chaired by none other than Gerhard Schroeder, the former German chancellor who is paid six hundred thousand dollars a year for the privilege. He is not the only former European chancellor with a Russian connection; former Austrian Chancellor Christian Kern is also on the supervisory board of Russian Railways. While none of these individuals has broken any laws in assuming these positions, their roles highlight a systemic threat for Europe.
From the outright criminality of Luca Volontè, a former Italian deputy and member of the Parliamentary Assembly of the Council of Europe, who was sentenced last January to four years in jail for taking bribes from Azerbaijani officials, to the large-scale laundering of Russian and other kleptocratic cash in the City of London, something has gone deeply wrong in Europe’s economic defenses.
These are not isolated cases, but products of a strategy by kleptocratic regimes in Russia and beyond to peel off well-connected European elites, businesses, and entire sectors into their service. Instead of serving their countries, European elites with extensive networks are now serving interests that fuel authoritarian forces seeking to undermine the West. The scale of this kleptocratic entanglement is vast: Shortly before Kazakhstan’s leadership issued a shoot-to-kill order against protesters, Chatham House identified more than $720 million in property purchased by the country’s elite in the United Kingdom. More in the New Atlanticist of January 14, 2022.
- More Russian equipment arrives along Ukraine’s northern border
- Russian narratives of “junk” weapons supplied by the West
- Russian outlets claim Ukraine is preparing military offensive
- Russian Duma member claims Ukrainian is a Russian dialect spoken in a artificially created nation
- Old biolab conspiracy resurfaces
- The military inspection that never happened
- Baltic states targeted by inauthentic Twitter accounts
- Russian media spotlight anti-NATO politicians
- Facebook ads push Kremlin narratives in Georgia
Russia’s Economy Set to Face Old Problems in New Year Just how healthy is Russia’s economy? Amid ongoing tensions with the West over their government’s military buildup vis-a-vis Ukraine, Russian officials have waxed optimistic about their country’s economic prospects, and minimized the potential impact of any sanctions that might be levied by the United States or Europe. The true state of affairs, however, appears to be considerably grimmer. This year, notes The Moscow Times, Russia is on track to resume “its pre-coronavirus pattern of sluggish growth, weak investment and underwhelming living standards in 2022… as the Kremlin re-embraces austerity after the initial impact of the Covid-19 pandemic.” The reason, experts say, has to do with the fiscal strategy adopted by the Russian government over the past two years – an approach that has colloquially been termed “Fortress Russia.” While other countries have adapted their economies by overhauling policies, shifting priorities or launching new projects, Russia has attempted to go back to a “business-as-usual” approach that prioritizes stability over growth. “The authorities learned that their policy has worked — as far as they’re concerned,” explains the Deputy Chief Economist of the IFF (the Institute of International Finance, headquartered in Washington, DC, is a global association of the financial industry, with more than 450 members from more than 70 countries). . “Now, they are very focused on the macroeconomic situation, stability and their conservative policies. In turn, they’ve somewhat given up on regional policies and the policies of providing better quality services to people.”
What Role Should Criminal Justice Play in Foreign Relations? What is the function of criminal justice in foreign relations? Consider the federal criminal case against Venezuelan President Nicolás Maduro. In March 2020, the U.S. Department of Justice publicly unveiled federal international drug trafficking charges against Maduro, just a month after President Trump had met with Juan Guaidó, the head of the Venezuelan National Assembly. The case played an ambiguous role in broader U.S.-Venezuela foreign policy. Some commentators believed that indictments were an integral part of the Trump administration’s “maximum pressure” campaign to cabin Maduro, a campaign that included sanctions and political recognition of Guaidó as Venezuelan president. At the same time, the criminal investigation clearly began during the Obama administration and thus potentially represented the natural culmination of years of prosecutorial efforts. How much control did the White House have over the case? How much should it have had?
As Tensions Over Ukraine Rise, Baku Signals Support for Kyiv, Worrying Moscow As tensions between Russia and Ukraine continued to rise, Azerbaijani President Ilham Aliyev flew to Kyiv ten days ago (January 14, 2022) to meet with his Ukrainian counterpart, Volodymyr Zelenskyy. After their talks, the two leaders called for expanded cooperation in all spheres, including economics, transportation and national security (President.gov.ua, Kp.ua, January 14, 2022). This Azerbaijani tilt to Ukraine at a time of crisis raised alarm bells in Moscow for a variety of reasons; but Russian concerns were somewhat mollified by the fact that immediately after visiting Kyiv, the Azerbaijani president telephoned Russian President Vladimir Putin to discuss Ukraine (Kremlin.ru, January 18, 2022; Osnmedia.ru, January 25, 2022). That call suggested Baku clearly does not want to increase its own problems with Russia by going too far in supporting Ukrainian sovereignty.
Still, the fact that Aliyev went to Kyiv at this point, even though he and Zelenskyy met as recently as at the end of last year in Brussels, underscores how resolutely Baku backs Kyiv on the issue of Ukrainian sovereignty over Crimea. Aliyev’s recent visit, thus, underscored that military and economic cooperation between Ukraine and Azerbaijan endure—Ukraine has long been a key weapons supplier to Azerbaijan and is also a major supplier of foodstuffs to that South Caucasus country, while Azerbaijan provides an important share of Ukraine’s energy needs. But additionally, the bilateral summit signaled Azerbaijani unease about the projection of Russian power beyond its borders. For Baku, this is an issue not only in the South Caucasus, where the presence of Russian “peacekeepers” in Karabakh and along Armenian-Azerbaijani borders is an increasing irritant. Azerbaijan’s government has also expressed concerns about Russian actions in the Black Sea region and, most recently, in Central Asia. It is illustrative that Azerbaijan did not openly express support for the Moscow-led deployment of CSTO troops in Kazakhstan earlier this month.
Moscow has long tolerated Baku’s position on Crimea, recognizing that Azerbaijan can hardly agree to border changes elsewhere when it is defending against any changes in its border with Armenia. And the Kremlin at least rationally understands—even if it does not welcome—the ongoing trade between Azerbaijan and Ukraine, with oil and natural gas going in one direction, and food and weaponry going in the other. Instead, Russia is more worried about three other issues that generated much Russian media discussion in the wake of the meeting between Aliyev and Zelenskyy. More in Jamestown’s Eurasia Daily Monitor of January 25, 2022.
Turkey’s Response to the Russia-Ukraine Crisis On October 26, 2021, Ukraine’s Ministry of Defense released video of a TB2 unmanned combat aerial vehicle (UCAV) striking a separatist D-30 howitzer in Russian-occupied Donbas. The strike was Ukraine’s first confirmed use of the now ubiquitous TB2, the Bayraktar-manufactured drone that the Turkish military has used to great tactical effect in Syria, Libya, and Nagorno-Karabakh. The Turkish-Ukrainian defense relationship is understudied, but it could become an important factor in how Russian elites view North Atlantic Treaty Organization (NATO) support for non-member Ukraine, and be used to justify an invasion to assuage Moscow’s concerns about a US-allied military presence along its borders. The Turkish support for Ukraine is not the main driver of Russian discomfort about the future of Ukraine. The TB2 is also not a decisive game changer, and the use of UCAVs is almost certain to have little impact on how Russian leadership weighs risk during debates about the efficacy of armed conflict in a neighboring state. Nevertheless, Turkish-Ukrainian defense ties are worthy of deeper study, precisely because Ankara’s relationships with Kyiv and Moscow have a secondary impact on American interests in Eastern Europe.
Turkey and Ukraine
The Turkish-Russian relationship is marred by bureaucratic distrust, which is papered over by a very functional leader-to-leader dynamic that enables the two Black Sea neighbors to cooperate and manage numerous regional conflicts. The Turkish-Ukrainian dynamic, in turn, is part of a broader Turkish effort to establish itself as an independent actor, committed to pursuing a foreign policy that often clashes with much of the NATO alliance. This FPRI paper will explore Turkish-Russian and Turkish-Ukrainian relations; the reasons for Turkey’s efforts to “fence sit” and establish itself as a neutral political actor in the Black Sea; and what these efforts portend for US interests in the region.”
Biden Signs Memo on Cybersecurity President Biden signed a national security memorandum on Jan. 19 to bolster the cybersecurity of the National Security, Department of Defense and Intelligence Community systems. The memo directs national security agencies to adopt the same cybersecurity standards that earlier executive order 14028 imposed upon certain federal civilian agencies. The memo further authorizes the National Security Agency to issue binding operational directives requiring agencies to both identify their national security systems and take action to protect or mitigate against cyber threats targeting those systems. And the memo also requires agencies to “secure cross domain solutions–tools that transfer data between classified and unclassified systems.” You can read the memo here.
The authors of the open letter provide a number of specific examples. For instance, they claim that the Nord Stream I pipeline “prepared the way for Russia’s invasion of Ukraine” in 2014. That attack was the “logical consequence” of Germany’s 20 years of “policy passivity with respect to Russian neo-imperialism.” As a result, argue the signatories, Germany needs to abandon its “East European special path” or “Sonderweg,” a loaded term linked to past German experience of imperialism and authoritarianism. The authors of the letter clearly state that Nazi Germany’s WWII-era crimes in Russia do not justify Berlin’s reluctance to respond to the Putin regime’s “revanchism” and “nihilism” with respect to international law. This is all the more true as a fresh Russian invasion of Ukraine would target a nation that also suffered catastrophically as a victim of Hitler’s Germany. “The Federal Republic’s Russia policy must be corrected fundamentally,” conclude the experts. Continued inaction will only induce Russia to engage in “further escapades.” As a “key land” in the EU, NATO, and Western community of values, Germany must close the “gap between its public rhetoric and real practice” by adopting a variety of “parallel and concrete political, legal, diplomatic, and civil society-oriented technical and economic measures.” In sum, the letter stresses that Germany needs to do much more with respect to “containing and sanctioning Russia” as well as “supporting those states that have been dismembered and oppressed by Moscow.” More in the UkraineAlert (Atlantic Council) of January 16, 2022.
The Defending Ukraine Sovereignty Act of 2022 U.S. Senator Bob Menendez (D-N.J.), Chairman of the Senate Foreign Relations Committee, today led 38 of his Senate Democratic colleagues in introducing the Defending Ukraine Sovereignty Act of 2022, critical legislation to impose steep costs in the event of a renewed Kremlin invasion of Ukraine. As the Kremlin continues to engage in an unjustified military build-up along Ukraine’s border, the proposal by Senate Democrats to deter a military escalation sends a clear message that the United States is prepared to impose devastating consequences for Putin and the Russian economy if he goes down the path of re-invading Ukraine.
The Defending Ukraine Sovereignty Act of 2022 would impose crippling sanctions on the Russian banking sector and senior military and government officials if President Putin escalates hostile action in or against Ukraine. The bill would also prohibit transactions on Russia’s primary and secondary sovereign debt and authorize sanctions on Russia’s extractive industries as well as on providers of specialized financial messaging services (e.g., SWIFT). To help meet urgent defense needs, the legislation calls upon the Departments of Defense and State to expedite transfer of defense articles to bolster Ukraine’s defense capabilities and authorizes $500 million in supplemental emergency security assistance to Ukraine in the event of a re-invasion by Russia. Lastly, the bill also expands U.S. efforts to counter Kremlin disinformation and strengthen ties with key regional partners facing Kremlin aggression.
This year, Russia’s internet crackdown will be even worse When Russian President Vladimir Putin signed a law in 2019 allowing the state to isolate the internet within Russia in the event of a security incident, international media outlets extensively covered the development, with many (incorrectly) likening it to China’s Great Firewall. The spotlight quickly swiveled back to Beijing’s grip on online content and data—even though a Kremlin campaign continues to ratchet up pressure on US technology giants, and could soon create a disruptive playbook for other states. While Moscow made headlines after throttling Twitter, and coercing Google and Apple into censoring opposition leader Alexei Navalny’s election app last year, Western media coverage of internet repression and security threats still tends to focus on China.
Timeline of Twitter throttling in Russia (Source Censored Planet)
This penchant persists despite Russian developments that impinge on both the internet ecosystem and human rights in the country—and which constitute broader cyber threats and efforts to undermine the global internet.
In no small part, this pattern stems from the fact that Russian state control of the internet differs from that in China: It relies less on technical measures and more on traditional, offline mechanisms of coercion such as harassment, intimidation, and vague and inconsistently enforced speech laws. Notably, Russia’s domestic efforts to control the internet quite closely parallel its efforts overseas to shape information and to both weaponize the internet and undermine its global nature. As the world watches Putin’s moves in and around Ukraine, these developments—while of course not comparable to the possibility of large-scale armed conflict—are worthy of attention, given their impact on the Russian cyber and internet landscape more broadly. The more the Kremlin cements its control over the internet, the more it can potentially suppress dissent and control information and data flows at home. And the more it slowly works on implementing the domestic internet law, the more it centralizes its control of the architecture of the internet in Russia—which could also affect Russian cyber behavior abroad, such as by encouraging more assertive operations against global internet infrastructure. Though US policy debates often separate Russian internet governance and technology policy at home from Russian cyber behavior abroad, there is actually great interdependence and entanglement between the two. As the Kremlin demonstrates and further develops a model of internet and information control that appeals to states without China’s technical capacity, Moscow’s techniques may portend the future of internet repression elsewhere. Several recent, but largely overlooked, developments signal that the Kremlin may crack down on the internet more than ever in 2022—while US tech companies and the US government increasingly have little room to push back.
The Impact of Sanctions on Commercial Arbitration The Russian Arbitration Association (RAA) has published a report on “The Impact of Sanctions on Commercial Arbitration”, which presents the results of a 2022 RAA survey and compares the results with the 2016 RAA survey. The Arbitration Association was founded in April 2013 in Moscow to unite legal practitioners, law firms and academics. The Association represents broad interests of the business, legal and education communities involved in the alternative dispute resolution in Russia and the CIS. The main objective of the Association is cooperation in the development of arbitration in the Russian Federation and the CIS countries, popularizing Russia as a venue for arbitration, promotion of Russian arbitrators at national and international levels within the arbitration context, as well as the promotion of foreign arbitrators interested in arbitral proceedings, directly or indirectly relating to Russia and the CIS countries.
Russia and Iran’s show of unity against the U.S. Iran’s president visited Russia this week on a visit Iranian officials called a “turning point” in their relations, as officials also announced a planned joint naval exercise that includes China for later this week. The visit by President Ebrahim Raisi to Moscow comes amid rising tensions between Russia and Western countries over Moscow’s troop buildup on Ukraine’s border, broadly seen as preparation for a possible invasion. Russia claims it has no plans to invade. In a speech (January 20, 2022) before Russia’s parliament, the Duma, Raisi accused NATO of expanding into “various geographical areas with new coverings that threaten the common interests of independent states.” Raisi and Russian President Vladimir Putin met at the Kremlin on Wednesday, but despite the red-carpet welcome, there were no substantial country-to-country agreements announced. “The significance of the trip at the moment is still mostly symbolic,” Alex Vatanka, director of the Middle East Institute’s Iran Program, told VOA. “There’s talk of closer military cooperation. There’s talk of strategic cooperation in the energy sector. We’ve heard this before. Time will show if any tangible deals can be reached.”
Credit: Pavel Bednyakov/Sputnik
In his only tweet about Raisi’s trip to Russia, Iran’s foreign minister, Hossein Amirabdollahian, was cryptic. “The presidents of the two countries agreed on a long-term roadmap,” he wrote, without clarifying what the map was about or whether an agreement was signed. During Raisi’s travels, Iranian state-run media reported planned joint naval exercises among Iranian, Russian and Chinese forces in the north of the Indian Ocean on Friday. Iran’s armed forces and Islamic Revolutionary Guards Corps will take part in the drills, an Iranian military official said. Iran became a full member of the Shanghai Cooperation Organization in September 2021, thanks to strong Russian support. You can read the VOA article (“Iran, Russia Tout Closer Ties Amid Tensions With Europe, US”) here.
What Putin Learned From the Soviet Collapse When the Soviet Union dissolved 30 years ago this month, on December 25, 1991, its end followed decades of economic dysfunction. Soviet leader Mikhail Gorbachev, hoping to implement reforms, referred to the 1970s and 1980s as zastoi, the era of stagnation. Yet though he recognized the problem, Gorbachev couldn’t save the ailing socialist system. Indeed, his failed attempt at systematic reform ultimately led to the Soviet Union’s collapse. On the surface, Russia’s economy appears similarly dysfunctional today. Per capita incomes have not improved over the past decade. Russia’s share of global output has declined since 2008. And large sectors of the economy remain technologically backward or in desperate need of modernization. The general economic state could once again be described as “stagnation.” Yet Russian President Vladimir Putin and his government are unlikely to suffer the same fate as their Soviet forebears.
They have learned the lessons of failed Soviet attempts to reverse decline in the 1970s and 1980s, and many key attributes of the Russian economy and Russian economic policy reflect a desire to avoid repeating the Soviet experience under Gorbachev. As the Russian economist Sergei Guriev recently remarked, “Russia’s macroeconomic policy is much more conservative, inflation is under control, there are large reserves, a balanced budget and no external debt,” and as a market economy Russia is “much more efficient and resilient” than the Soviet Union. Read the full article from Foreign Affairs (subscription needed).
Ukraine hit by ‘massive’ cyber-attack on government websites Ukraine has been hit by a “massive” cyber-attack, with the websites of several government departments including the ministry of foreign affairs the MOD, and the education ministry knocked out on January 14, 2022. Officials said it was too early to draw any conclusions but they pointed to a “long record” of Russian cyber assaults against Ukraine, with the attack coming after security talks between Moscow and the US and its allies this week ended in a stalemate. Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land”.
Several Ukrainian government websites down due to a major a cyberattack. Above is the @MFA_Ukraine website on January 14, 2022. It reads in part: “Ukrainians!…All information about you has become public, be afraid and expect worse.”
Kiev, the Ukrainian capital city, is enveloped in a mid-winter atmosphere of fatalistic calm.
Sanctions by the Numbers: 2021 Year in Review The first year of President Joe Biden’s administration witnessed major developments in U.S. sanctions strategy, including a general review of all sanctions programs under the auspices of the U.S. Department of the Treasury. Most notably, the Treasury has revised and expanded its sanctioning authorities to align with the broader foreign policy objectives of the Biden administration and to respond to global developments. This CNAS edition of Sanctions by the Numbers provides a snapshot of overall sanctioning trends, an overview of the most heavily used country-specific and thematic sanctions programs, and the global distribution of sanctions designations during the first year of the Biden administration.
Russia-related Sanctions (Excerpt)
The Treasury imposed the largest number of sanction designations on Russia-related individuals and entities (95) in response to Moscow poisoning anti-corruption and political activist Alexei Navalny, attempting to influence the U.S. election, authorizing the illegal occupation of Crimea, developing chemical weapon capabilities, and conducting malicious cyber activities against the United States and its allies. After consulting with European allies, the Treasury imposed its first round of sanctions in March 2021 on seven Russian government officials and three government research institutes in connection with the poisoning of Navalny. Later that year, the Treasury imposed additional sanctions against associated Russian targets alongside the European Union (EU). In April, the Treasury continued to coordinate with allies through joint sanctioning efforts involving the EU, the UK, Canada, and Australia, and imposed a total of 32 sanction designations against Russian government officials responsible for the occupation of Crimea. Beyond targeting government officials involved in the occupation, these designations also included individuals and construction companies involved in creating the Kerch Strait Bridge to connect mainland Russia to Crimea, which hastened the occupation process. The Treasury issued its first-ever designation on a virtual currency exchange, SUEX, based in Russia for facilitating transactions related to ransomware payments. In addition to this designation, the Treasury also imposed CYBER2 sanctions on two ransomware operators, Ukrainian national Yaroslav Vasinskyi and Russian national Yevgeniy Polyanin, for their involvement in ransomware attacks against nine U.S. companies, including the July 2021 Kaseya ransomware attack. As previously mentioned, the Treasury has issued 35 PEESA-related sanctions designations on Russian targets involved in threatening European energy security.
The FSB takes aim at hackers In a rare episode of U.S.-Russian cooperation, Russia’s main security service, the FSB, has successfully dismantled REvil, a prominent criminal hacker group, at Washington’s request. The collective had previously launched a series of ransomware attacks against foreign individuals and businesses, emerging as one of the world’s most notorious cyber crime gangs. The FSB operation reportedly resulted in the seizure of some 426 million rubles-worth ($5.5 million) of ill-gotten currency, the detention of multiple REvil members, and the confiscation of twenty luxury automobiles. The BBC had described the operation as a “monumental moment” in cyber-cooperation between the U.S. and Russia. “For years, Russia has ignored and denied accusations that Russian ransomware hackers are allowed safe harbour in the country to attack western targets,” it notes. “In their Geneva Summit last summer, Russia’s President Putin and US President Biden agreed to open discussions about how to combat the scourge of ransomware, but even the most optimistic experts had given up on seeing the talks bear fruit.” And while Russia and the West remain at loggerheads over security in Eastern Europe, the operation “may point to a thawing of relations, which is already being widely celebrated in the cyber-security world.” Russian source: the article in Lenta.ru of January 14, 2022.
Lithuania Is the ‘Canary’ of World Order Lithuania, a Baltic state of 2.8 million with an outsize role in promoting human rights and democracy, is in the crosshairs of Russia and China. Neither Russian President Vladimir Putin nor Chinese leader Xi Jinping has been shy about going after Lithuania. But their recent moves have broader significance, namely testing American and European commitments to allies.
Mr. Putin is raising the temperature on Lithuania by absorbing neighboring Belarus into his security sphere and militarizing Kaliningrad, Russia’s territorial exclave on the Baltic Sea. Mr. Xi is waging a campaign of political and economic retaliation. The integration of the Baltic states into the North Atlantic Treaty Organization and the European Union in 2004 was a crowning achievement of post-Cold War politics. Lithuania helped lead Europe’s response to the depredations of the dictatorial regime of Alexander Lukashenko in Belarus by sheltering opposition leaders and staking out hawkish positions. This is the latest way in which Vilnius has irritated Mr. Putin, who would like to reclaim Russia’s near abroad as a sphere of influence. In Mr. Putin’s fanciful telling, Lithuania is a major source of Russia’s historical insecurity. That places it high on the list of neighboring states he would like to control. Lithuania drew China’s fury this year for its decision to leave the 17+1 format—the Beijing-designed framework for dealing with Europe—and by allowing the government of Taiwan to open an office for its representation in Vilnius. Beijing declared an import ban on products with goods made in Lithuania—a move damaging to European companies with factories or supply-chain sources in Lithuania. Continental, a Germany-based automotive supplier, is the latest multinational under Chinese pressure to close operations in Lithuania. Read the full article, written by two Hudson Senior Fellows in the Wall Street Journal (subscription needed).
Lithuania’s Importance to NATO Lithuania, a Baltic state of 2.8 million with an outsize role in promoting human rights and democracy, is in the crosshairs of Russia and China. Neither Putin nor Xi have been shy about going after Lithuania. But their recent moves have broader significance, namely testing American and European commitments to allies. Mr. Putin is raising the temperature on Lithuania by absorbing neighboring Belarus into his security sphere and militarizing Kaliningrad, Russia’s territorial exclave on the Baltic Sea. Mr. Xi is waging a campaign of political and economic retaliation.
China’s Economic Pressure Campaign Against Lithuania Lithuania drew China’s fury this year for its decision to leave the 17+1 format—the Beijing-designed framework for dealing with Europe—and by allowing the government of Taiwan to open an office for its representation in Vilnius. Beijing declared an import ban on products with goods made in Lithuania—a move damaging to European companies with factories or supply-chain sources in Lithuania.
Lithuania Needs US Support Against Gray-Zone Aggression If Xi and Putin successfully detach Vilnius from NATO and the EU, there would be immediate ramifications in Asia, where China wants to push the U.S. out and establish regional hegemony. Most military strategists identify Taiwan as China’s best first target for confrontation—and thus the essential test of U.S. resolve. But an indirect opening move in the “gray zone” of conflict aimed at Lithuania might have advantages. If the U.S. and Europe fail to back Lithuania fully, America’s allies and partners in Asia will doubt U.S. commitment. Rather than working closely with Washington, they might become more friendly with China.
Significant Cyber Incidents (CSIS) Below is a summary of incidents from the Center for Strategic and International Studies over the last year. For the full list, click here.
December 2021. A Russian group took responsivity for a ransomware attack on Australian utility company CS energy. This announcement came after Australian media outlets blamed Chinese government hackers for the attack.
November 2021. A Russian-speaking group targeted the personal information of around 3,500 individuals, including government officials, journalists, and human rights activists. The group obtained access to private email accounts and financial details, and operated malware on Android and Windows devices.
October 2021. An American company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
September 2021. The EU formally blamed Russia for its involvement in the ‘Ghostwriter’ cybercampaign, which targeted the elections and political systems of several member states. Since 2017, Russian operators hacked the social media accounts of government officials and news websites, with the goal of creating distrust in U.S. and NATO forces.
August 2021. 1) A cyber-espionage group linked to one of Russia’s intelligence forces targeted the Slovak government from February to July 2021 through spear-fishing attempts. 2) Russia targeted and blocked content on “smart voting” app created by Kremlin critic Alexei Navalny and his allies intended to organize voting against the Kremlin in next month’s parliamentary elections.
July 2021. 1) Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment. 2) The Ukranian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills.
June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government.June 2021. 1) The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services. 2) United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base. 3) A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists. 4) Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil. 5) Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.
May 2021. 1) The world’s largest meat processing company, Brazilian-based JBS, was the victim of a ransomware attack. The attack shut down facilities in the United States, Canada and Australia. The attack was attributed to the Russian speaking cybercrime group, REvil. 2) On May 14, Ireland’s national health service, the Health Service Executive (HSE), was the victim of a ransomware attack. Upon discovering the attack, government authorities shut down the HSE system. The attackers utilized the Conti ransomware-as-a-service (RaaS), which is reported to be operated by a Russia-based cybercrime group. 3) On May 6, the Colonial Pipeline, the largest fuel pipeline in the United States, was the target of a ransomware attack. The energy company shut down the pipeline and later paid a $5 million ransom. The attack is attributed to DarkSide, a Russian speaking hacking group.
April 2021. 1) Russian hackers targeted Ukrainian government officials with spearphishing attempts as tensions between the two nations rose during early 2021. 2) Swedish officials disclosed that the Swedish Sports Confederation was hacked by Russian military intelligence in late 2017 and early 2018 in response to accusations of Russian government-sponsored doping of Russian athletes.
March 2021. 1) Suspected Russian hackers stole thousands of emails after breaching the email server of the U.S. State Department. 2) Suspected Russian hackers attempted to gain access to the personal email accounts of German parliamentarians in the run-up to Germany’s national elections. 3) Polish security services announced that suspected Russian hackers briefly took over the websites of Poland’s National Atomic Energy Agency and Health Ministry to spread false alerts of a nonexistent radioactive threat. 4) Both Russian and Chinese intelligence services targeted the European Medicines Agency in 2020 in unrelated campaigns, stealing documents relating to COVID-19 vaccines and medicines. 5) Ukraine’s State Security Service announced it had prevented a large-scale attack by Russian FSB hackers attempting to gain access to classified government data. 6) Lithuania’s State Security Department declared that Russian hackers had targeted top Lithuanian officials in 2020 and used the country’s IT infrastructure to carry out attacks against organizations involved in developing a COVID-19 vaccine.
February 2021. 1) Russian hackers compromised a Ukrainian government file-sharing system and attempted to disseminate malicious documents that would install malware on computers that downloaded the planted files. 2) Ukrainian officials reported that a multi-day distributed denial-of-service attack against the website of the Security Service of Ukraine was part of Russia’s hybrid warfare operations in the country. 3) The French national cybersecurity agency announced that a four-year campaign against French IT providers was the work of a Russian hacking group.
U.S. Catches Kremlin Insider Who May Have Secrets of 2016 Hack U.S. Catches Kremlin Insider Who May Have Secrets of 2016 Hack[/vision_highlight] In the days before Christmas, U.S. officials in Boston unveiled insider trading charges against a Russian tech tycoon they had been pursuing for months. They accused Vladislav Klyushin, who’d been extradited from Switzerland on Dec. 18, of illegally making tens of millions of dollars trading on hacked corporate-earnings information.
Photographer: Fabrice Coffrini/AFP/Getty Images
Yet as authorities laid out their securities fraud case, a striking portrait of the detainee emerged: Klyushin was not only an accused insider trader, but a Kremlin insider. He ran an information technology company that works with the Russian government’s top echelons. Just 18 months earlier, Klyushin received a medal of honor from Russian President Vladimir Putin. The U.S. had, in its custody, the highest-level Kremlin insider handed to U.S. law enforcement in recent memory. Klyushin’s cybersecurity work and Kremlin ties could make him a useful source of information for U.S. officials, according to several people familiar with Russian intelligence matters. Most critically, these people said, if he chooses to cooperate, he could provide Americans with their closest view yet of 2016 election manipulation. According to people in Moscow who are close to the Kremlin and security services, Russian intelligence has concluded that Klyushin, 41, has access to documents relating to a Russian campaign to hack Democratic Party servers during the 2016 U.S. election. These documents, they say, establish the hacking was led by a team in Russia’s GRU military intelligence that U.S. cybersecurity companies have dubbed “Fancy Bear” or APT28. Such a cache would provide the U.S. for the first time with detailed documentary evidence of the alleged Russian efforts to influence the election, according to these people.
Klyushin’s path to the U.S. — his flight from Moscow via private jet, his arrest in Switzerland, and his wait in jail as Russia and the U.S. competed to win his extradition — is described in U.S., European and Swiss legal filings, as well as in accounts of more than a half-dozen people with knowledge of the matter who requested anonymity to speak about Moscow’s efforts and its causes for concern.According to these accounts, Klyushin was approached by U.S. and U.K. spy agencies in the two years before his exit from Russia and received heightened levels of security in Switzerland. He also missed a final chance to appeal his extradition, an omission that baffled many observers in Moscow. His transfer to the U.S. represents a serious intelligence blow to the Kremlin, several of the people said, one that would deepen if Klyushin decides to seek leniency from U.S. prosecutors by providing information about Moscow’s inner workings. Three of the people added that they believe that Klyushin has access to secret records of other high-level GRU operations abroad. Russian military intelligence agents in recent years have been linked to a series of hacking attacks as well as the attempted chemical poisoning assassination of dissident ex-GRU colonel Sergei Skripal and his daughter in the U.K. in 2018. Russia has denied involvement.
Indications of Klyushin’s vantage point are peppered throughout U.S. filings. His IT firm, M-13, worked for the Russian presidency, government and ministries, according to his insider trading indictment. Among his subordinates was a former military intelligence official named Ivan Yermakov, who is charged alongside Klyushin in the indictment. Yermakov is also a defendant in a 2018 indictment from U.S. Special Counsel Robert Mueller’s team that accuses him and 11 other Russians of hacking into Democrats’ computers systems. That case has yet to be resolved because its defendants remain outside the U.S., but prosecutors could pursue and expand that case if new information presents itself. Klyushin’s attorney in Switzerland, Oliver Ciric, said he doesn’t know anything about what, if any, documents his client may have. Ciric said in an interview that his client was sought by U.S. authorities because they believe he has inside information on Russia’s 2016 election hacking that he may provide to avoid decades behind bars on the insider trading charges. Ciric added that Klyushin says he is innocent of insider trading and of “hypothetical election meddling.” Klyushin’s U.S.-based lawyer Maksim Nemtsev, writing in a bail application, said his client “intends to challenge the government’s case in a lawful, professional and principled manner.” Klyushin appeared for his arraignment in Boston federal court on Monday via video link from lockup, wearing a white T-shirt and speaking through an interpreter. The judge postponed the matter until Wednesday, however, asking Klyushin’s lawyer to file additional paperwork. Nemtsev didn’t respond to a request for additional comment.
Any exposure of Russian hostile behavior by law-enforcement officials risks inflaming relations just as President Joe Biden’s administration is engaged in delicate efforts to dial back tensions with Putin. The latest unease is sparked by Russia’s massive military buildup near Ukraine, as U.S. intelligence indicates the threat of a Russian invasion of its ex-Soviet neighbor. U.S. and Russian negotiators are due to meet Jan. 9 in Geneva to discuss the Kremlin’s demands for legally binding guarantees of a halt to NATO eastward expansion. Klyushin’s extradition suggests that federal law enforcers haven’t dropped their pursuit of “the radical violation of U.S. sovereignty during the 2016 elections that involved criminal behavior,” according to Michael McFaul, who was a U.S. ambassador to Russia during the Obama administration. “You may be seeing the signs that they are continuing to pursue this case, with real big implications for exposing in even greater detail what the Russians did to influence the outcome of our election,” McFaul said. He added that Klyushin’s extradition is a “serious concern” for the Russian government. “It underscores the risk that anybody, billionaires or others close to the Russian state, face when they break American laws if they travel abroad,” he said.
Kremlin spokesman Dmitry Peskov didn’t respond to a request for comment. Russia’s Foreign Ministry declined to comment.Klyushin’s M-13 promised a range of information tech services, including social media monitoring and cybersecurity, according to U.S. filings that cited the company’s website. It offered to probe its clients for cyber weaknesses by simulating attacks — known as penetration testing — and also by mounting targeted ongoing attacks known as advanced persistent threats, or APT. The company provided a media-monitoring system, Katyusha, to the Kremlin and Defense Ministry, as well as services to other government institutions such as the Prosecutor General’s Office, National Guard and Moscow city hall, according to Russian state contract records. More in this Bloomberg article.
Klyushin’s Russian Medal of Honor, a photo presented in a U.S. bail filing. Source: Memo on pretrial detention filed in U.S. federal court in Massachusetts
The hacker-for-hire industry is now too big to fail The spotlight is on the “hackers for hire” industry as never before, after a series of public scandals engulfed the billion-dollar Israeli company NSO Group, which sells hacking tools to governments. Last month, Facebook reported that seven hacker-for-hire firms from around the world had targeted around 50,000 people on the company’s platforms. The fact the investigation didn’t even mention NSO Group shows how vast the industry and its targeting are. While NSO Group’s future is uncertain, governments are more likely than ever to buy cyber capabilities from the industry it helped define. Business is booming for “hackers for hire” firms. In the last decade, the industry has grown from a novelty into a key instrument of power for nations around the world. While the industry’s earliest customers were a small set of countries eager to project power around the world through the internet, the situation is far more complex today. Billions of dollars are at play, but there’s very little transparency and even less accountability. The result is a growing crowd of countries willing to spend large sums to develop sophisticated hacking operations. Read the full story, written cybersecurity senior editor for MIT Technology Review, here. See also the March 2021 article “Inside Israel’s lucrative – and secretive – cybersurveillance industry”, published by Rest of the World
The Top 10 Global Risks of 2022 According to this article in Time, a domestic focus for both the U.S. and Chinese governments lowers the odds of a big international conflict in 2022, but it leaves less potential leadership and coordination to respond to emerging crises. That’s bad news in a year that will be dominated by the COVID-19 pandemic, climate change, and a number of regional geopolitical crises.
1. No zero COVID
2. Technopolar world (The world’s biggest tech firms decide much of what we see and hear. They determine our economic opportunities and shape our opinions on important subjects. E.U., U.S., and Chinese policymakers will all tighten tech regulation this year, but they won’t limit their ability to invest in the digital sphere where they, not governments, remain the primary architects, actors, and enforcers. Tech giants can’t yet (and don’t want to) effectively govern the digital space or the tools they’re creating. Disinformation will further undermine public faith in democracy, particularly in the U.S. As tech firms and governments fail to agree on how to protect data privacy, cyber-security, and the safe and ethical use of artificial intelligence, U.S.-China (and, to a lesser degree, U.S.-Europe) tensions on these issues will grow.)
3. U.S. midterms
4. China at home
5. Russia (A buildup of Russian troops near Ukraine has opened a broader confrontation over Europe’s security architecture. President Vladimir Putin could send in troops and annex the occupied Donbas, but his current demand is for major NATO security concessions and a promise of no further eastward expansion. But a grand bargain is unlikely, and close encounters between NATO and Russian ships and planes will become more frequent and more dangerous, increasing chances of an accident. Add ongoing concerns about Russian cyber-attacks and interference in U.S. elections. Possible U.S. sanctions that target the secondary market trading of Russian sovereign debt would end any hopes of more stable U.S.-Russian relations.)
7. Two steps greener, one step back
8. Empty lands
9. Corporates losing the culture wars
The West needs a new security policy position to induce Moscow in Ukraine – Current sanctions will not create a real threat to Russia The Russia-Ukraine War is now entering its eighth year. Year 2021 managed to somewhat shake up Russia’s leverage in the Donbas region, which has spurred Russia to prepare for a pre-emptive war of aggression. Meanwhile the West is pursuing a two-track approach consisting of direct security negotiations with Russia, and joint US-EU preparations of economic sanctions. However, the current plans are unlikely to lead to crucial effects. This is dangerous if the sanctions are to be West’s significant component in deterring Russia from war.
In the latest FIIA Comment, a Senior Research Fellow of the Institute’s Geoeconomics research programme analyses the Western approach to the Russia-Ukraine War. According to the author, Western leaders need a new security policy position to induce Moscow to de-escalate. The author lists three additional considerations that are needed for a more effective package of measures: 1) positive economic inducements towards Ukraine, 2) placing limits on military activities of the US in Ukraine, and above all, 3) a clear threat of decoupling that would require Russia to restructure its energy transportation system as well as technological and industrial base. “Politically, it would be the overdue end of the dream of transforming Russia through trade and investment”, the author writes. FIIA, the Finnish Institute of International Affairs is a research institute whose mission is to produce high quality, topical information on international relations and the EU. The Institute realizes its aims by conducting research as well as by organizing domestic and international seminars and publishing reports on its research and current international issues. The Institute also publishes a journal, Ulkopolitiikka (Finnish Journal of Foreign Affairs), and maintains a specialized library.
Germany and Russia Against the backdrop of deepening tensions over Ukraine, a new diplomatic crisis has erupted between Berlin and Moscow. The German government is expelling two Russian diplomats from its territory following a court verdict surrounding the 2019 death of a former Chechen rebel military commander. The killing, which was perpetrated by a Russian national in the German capital, was found to have been carried out “on the order of state agencies of the Russian Federation” in what authorities in Berlin have termed a “serious violation” of national sovereignty. The victim, Zelimkhan Khangoshvili, had been a commander of separatist forces in the restive Russian region between 2000 and 2004, when Chechnya sought once more to separate from the Russian Federation. He had been an asylum seeker in Germany since 2016. Click here for the BBC article “Germany expels Russian diplomats after hitman sentenced in Berlin” and related stories.
The Reichstag is a historic building in Berlin in which houses the Bundestag, the lower house of Germany’s parliament.