The Premiere: How Dmitry Medvedev Was Found in Yandex.Mail and How It Threatens the Runet

Dull and boring hack

“Preved Medved!” This is how Shaltay Boltay [the Russian name for Humpty Dumpty], the spokesman for the group “Anonymous International” (AI), greeted the Russian Prime Minister Dmitry Medvedev in one of their publications. This reference to the popular Internet meme became the title of AI’s blog post which provided the contents of a smartphone and several e-mail accounts belonging to the second most important person in the government. At the same time the hacktivists took control of the politician’s Twitter account for almost an hour. Inter alia, on Medvedev’s behalf they expressed his regret about the annexation of Crimea by Russia, his disapproval of the recent policy of the Kremlin regarding the Internet, his interest in Alexei Navalny’s activity, as well as Medvedev’s desire to become a freelance photographer and to announce finally his resignation.

Two subsequent blog posts, “Buying iPhone” and “PM’s Last Call”, completed the trilogy of publications of the contents of Medvedev’s phone and his correspondence under the title “DAM and Gadgets” [DAM – “Dmitry Anatolyevich Medvedev”]. It is worth mentioning that there is nothing notable in the leaked materials. “Everything is rather dull and boring”, admitted the representatives of “Anonymous International”. Indeed, there are no government secrets and big politics in these files (400 Mb in total): they are mainly “light” business correspondence, purchases in international online shops, photos and even poems written by Medvedev.

Leaks: from Putin to Shlegel

The blog “Shaltay Boltay”, blocked by Russia’s censor Roskomnadzor upon a civilian’s request at the end of July, received wide publicity on 31 December 2013 when its authors leaked Vladimir Putin’s New Year’s speech several hours before its going on the air. The nature of the leak immediately gave rise to speculations about the connection of the project with somebody from the President’s administration. The post was ended with a promise to “entertain readers with miracles and jokes” in the forthcoming year, and Shaltay Boltay has kept its word.

In March 2014 a number of journalists received a letter from the group. It contained the leaked scripts of rallies in support of the Crimea, instructions for the state media concerning the coverage of events in Ukraine, as well as a closed poll which indicated the negative reaction of the Crimean Tartars to the peninsula’s becoming part of Russia. The plot thickens: information about the centralised supervision of pro-Kremlin Internet trolls, correspondence of the military leader of the Donetsk People’s Republic Igor Strelkov «Girkin», a letter of the First Deputy Prime Minister Arkady Dvorkovich to his immediate superior Dmitry Medvedev about the depressing state of the budget, proofs of Robert Shlegel’s (a Duma deputy from the United Russia party) involvement in organising the online support of the Kremlin and many others.

Found in a “file-dump”

Even considering the amount and confidentiality of information posted by Shaltay Boltay, AI’s access to the Prime Minister’s data is worth special attention. Never before has a politician of such high standing become a direct victim of their hack. As usual, the authors of Shaltay Boltay assured their readers that Medvedev’s leaked data had been found on the Internet “entirely by chance”. Funnily enough, this chance could actually play the key role there: the famous media-manager and blogger Anton Nosik in many ways confirmed AI’s words about a chance, giving a detailed analysis of the situation in his post “How to Hack the Russian Government”.

Nosik supposes that passwords to the premier’s accounts, along with passwords of ordinary Internet users, were obtained during a “trivial phishing attack”. Then, having realised the scale of this accidental discovery, the hacker passed the information to like-minded fellows from the “Anonymous International”. How could it happen to such a high-ranking official? It is quite probable that the blame rests with the notoriously disorganised system of communication between Medvedev and his subordinates. The authors of letters use public services such as Mail, Yandex and Gmail, instead of communicating via one system with the clearly prescribed security rules. Besides, files, including draft speeches and other state documents, are stored in public “file-dumps”, as Nosik calls file-sharing services. In such conditions the interception of information is not a big deal.

Paying for “silly initiatives”

On the other hand, the time for the information attack on Medvedev was not chosen randomly: it was a way for Shaltay Boltay to show their reaction to “silly initiatives designed to tighten control of the Internet”. A case in point is a plethora of laws and statements made by the authorities within the last six months and aimed at limiting freedom on the Internet. One of the examples is the law on bloggers, according to which bloggers with more than 3,000 readers must register as the mass media and conform to all restrictions that govern media outlets. As from 1 September 2016, another initiative bans the storage of personal data of Russian citizens on servers located abroad. If one follows the law to the letter, such companies as Facebook or Google must either place their servers in Russia or terminate their activity in the country. Finally, according to amendments to the Law “On information, information technologies and protection of information”, citizens must provide their ID details when accessing public Wi-Fi networks.

Some public statements made by Vladimir Putin could also cause concern among the freedom-loving web community. Speaking at the media forum, organised by the All-Russia People’s Front at the end of April 2014, Putin claimed that the Internet was originally a “CIA project and is still developing as such”. Referring to Yandex, a Russian IT-giant, Putin pointed out the Western influence on the company during the first years of its existence. In June, at the forum “Internet Entrepreneurship in Russia” Putin again hinted at some foreign influence on the main players in the Internet-market. He promised to help Russian companies to become independent if not of the Russian authorities, then at least of outside influence, because when the development takes place “on a national basis, this always benefits the state in the end”.

Shaltay Boltay timed the publication of Medvedev’s files to a “senseless”, in their opinion, speech given by Putin in Yalta. However, many popular bloggers found some deep meaning or even conspiracy in it. Obviously, “Anonymous International” has connections with some public officers who occasionally share confidential information and documents with the group. Hacking accounts of such a high-ranking official as the Prime Minister (even Shaltay Boltay called this possibility a bit depressing) is the perfect pretext for a new wave of discussion about information sovereignty, the use of social networks by public officers, as well as for the further “tightening of the screws” on the Internet. Following this logic, confederates of Shaltay Boltay in the government might share Medvedev’s data specially to implement more restrictions on Internet use. So far the only factual argument for this slightly conspiratorial theory has been President Putin’s official spokesman Dmitry Peskov’s words that “[the hack of Dmitry Medvedev’s accounts]once again shows the necessity to ensure cyber security”. Given the current political context in Russia, assumptions of bloggers about the forthcoming campaign aimed at restricting Internet freedom do not look so improbable.

Hide-and-seek with Federal Security Service

In view of this hack another crucial question is why an official of such high standing as Medvedev used a public communications service which did not have the proper level of security – especially after Edward Snowden exposed the American National Security Agency’s practice of collecting electronic data, including information on US allies. For information security reasons, even President Barack Obama was forbidden from using his iPhone by the American intelligence service in December last year. In Moscow the authorities also took precautionary measures, having recently forbidden city officials from using external mail services for work-related purposes. The State Duma is even planning to subject federal officials to similar restrictions by equating the transfer of internal information via external services to a criminal offence of “disclosure of a state secret”.

The reason behind the technological choice of Medvedev and his milieu can be surprisingly simple. Firstly, software used by the machinery of government and protected from unauthorised persons may not be suited to smartphones and other gadgets, which, as we know, Medvedev is very fond of. Unlike in-house programs, the majority of popular communications services are easily available as downloadable applications or via in-app browsers. So, it is simply about convenience and versatility for a user, who in this case happened to be the Prime Minister of Russia. Secondly, considering the nature of the leaked information, among which there are purchases of watches on Amazon using somebody else’s credit card and data from his private Twitter account, Medvedev might not want his online activity to be tracked by his security service. By the nature of their work, the Federal Guard Service   and the Federal Security Service   would immediately have had complete access to the premier’s rather personal information, if he had used only the in-house software.

This hack once again shows that the use of public communications services among officials (even of the highest level) and their immediate colleagues is almost a universal rule, not its exception. This gives rise to a number of more global questions concerning the information culture of the government, the worth of the Establishment’s rhetoric about state security, relations between different power structures and informal pressure groups.

Playing tag in the digital world              

The relations between the government and the community of hackers are similar to a tag game. However, here the chaser and the runner constantly change their roles: as a rule, the authorities are consistently trying to limit hackers’ opportunities and increase the information and electronic security of their own activities, however, quite often the government itself becomes a victim of hacker attacks. In the digital confrontation between “Anonymous International” and Dmitry Medvedev the score is not in favour of the official. However, it is hard to say who is going to be the winner in the long term: soon after the accident, in his interview to the newspaper “Vedomosti”, the Prime Minister brought up the need for “global regulation of the Internet”.

Meanwhile, Shaltay Boltay is promising new political revelations after returning from their holiday in September. According to the representatives of the collective blog, they have got information about much more influential statesmen than Medvedev, only formally the second most important person in the country. They claim that there is “something which can drastically change the political landscape”. For nine months of their vigorous activity, the authors of Shaltay Boltay have not given any reason to doubt their promises. Perhaps, soon we should expect something more substantial than the premier’s verses.