The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries

CHAPTER 10 The Snowden Affair

In the 1990s the global nature of the Internet meant wires. When a user got connected, he could send his e-mail or visit a website anywhere in the world. In the 2000s the Internet meant the rise of global platforms that allowed users to share the same social networks, e-mail services, search engines, and clouds. The Internet became more of a common ground for people from Argentina to Russia—they used the same Facebook, the same Twitter. That also meant that the information users exchanged was stored inside systems located far from the users—systems that could not be readily controlled by nations, their leaders, or their secret services. Most of the servers were located in the United States.

For Putin this was intolerable. In his mind the solution was simple: force the platforms—Facebook, Google, Twitter, and Apple among them—to locate their servers on Russian soil so Russian authorities could control them.

The challenge was how to do it.

Since November 2012 Russia had censored and controlled the Internet extensively by using a nationwide system of filtering, but it was primitive. Rather than being based on key words, as in China, it was based on a blacklist of Internet sites in various forms. The blacklist could block Internet protocol or IP addresses, a set of numbers, such as 213.239.219.172; URLs, an address of a particular page, like www.agentura.ru/english; or domain names, such as google.com. The Federal Agency for Supervision of Communications, or Roskomnadzor, maintained the blacklist, was instrumental in dealing with the digital companies in Russia, and was in charge of implementing the filtering.

The head of the agency was Alexander Zharov, forty-eight, a soft-mannered but ambitious man. A physician by training who had worked as an anesthesiologist and doctor in Chelyabinsk, he wrote articles for Family Doctor magazine in the 1990s and moved to Moscow to become the magazine’s deputy editor. He then went into public relations, working for different government agencies, rising to become spokesman for a colorless Russian premier, Mikhail Fradkov, from 2004 to 2006. Along the way Zharov built important alliances with people in power, including Igor Shchegolev, a one-time TASS correspondent in Paris who, in 2008, was put in charge of a combined ministry of communications and the media under Putin. Shchegolev invited Zharov to be his deputy and put him in charge of the news media. Shchegolev and Zharov were roughly the same age and had both come into government from public relations; Shchegolev had also been spokesman for a prime minister, Yevgeny Primakov in 1998, and held prominent positions in the presidential administration in the years since. Most importantly, Shchegolev enjoyed direct access to Putin. Both he and Zharov settled into their ministry offices on Tverskaya Street in central Moscow.

When Putin returned to the Kremlin for a third term in May 2012, he took Shchegolev out of the ministry and appointed him presidential assistant in charge of the Internet. On May 3, 2012, Zharov was appointed chief of Roskomnadzor. He was considered Shchegolev’s man, and he made the agency a powerful and semi-independent body, with three thousand employees and branches across the country. In the long back-and-forth between Putin and Medvedev, Zharov always carefully sided with Putin’s people—a wise decision. Zharov’s agency effectively took over governing the Internet in Russia, which by 2012 meant controlling it. The reins of power were held by him and Shchegolev, who mostly worked behind the scenes.

Zharov dreamed of becoming the minister, but he also was well aware that it would be risky for his career—and not so good for his chances to become minister—if he was seen as the chief Internet censor. Three weeks after Internet filtering was started in Russia, Zharov appeared on TV Dozhd and was interviewed for an hour. In response to tough questions from journalists about the blacklist, he insisted it was for combating pornography and narcotics and said he was only implementing the law. Near the end of the interview he said the blacklist was updated every hour and at that moment included 591 banned sites. He managed to navigate the interview smoothly and, with a good sense of public relations, realized that the issue of Internet censorship could be a dark spot on his image.[1]

He turned to a new deputy, Maxim Ksenzov, and handed over to him the task of dealing with filtering and censorship. Ksenzov, thirty-nine years old, was stiff and tense. A military engineer by training, he started his career at a research center of the Defense Ministry, then worked in information technology and communications, and by 2004 was in the ministry’s licensing department for mass media. In July 2012 he was appointed deputy to Zharov at Roskomnadzor. In his public comments on Twitter, Ksenzov loyally expressed the agency’s line that it only implemented the law. Ksenzov also made some efforts to explain to worried ISPs the techniques of filtration; he gave a number of informative question-and-answer sessions on web platforms.

It was not long before Zharov and Ksenzov realized the incredible power of the instrument they possessed.

In September 2012, weeks before the blacklist was put in place, the agency tried to block Internet access to the video “Innocence of Muslims”—the General Prosecutor’s Office deemed it extremist. A court was to rule on it in October, but before the ruling, on September 17, Roskomnadzor “recommended” that Internet operators and media not disseminate the video. In a few days three major Russian telecom operators—VimpelCom, MegaFon, and MTS—all blocked access to the video on YouTube in the southern, mostly Muslim-populated region of the North Caucasus. Only MTS was able to block access to the specific page where the video was available; the first two operators blocked the entire YouTube service.[2]

This prompted not only Russian ISPs but also global platforms like Google to rush to Roskomnadzor for consultations. They were frightened that the primitive Russian system of filtering could end up blocking their entire service. Three days after Zharov’s interview on TV Dozhd, on November 24, Roskomnadzor added the Internet protocol address of the entire Google Blogspot, a blogging platform, to the blacklist. Although it was soon removed, in that time Google users complained about the loss of some Gmail, Google Drive, and Google Play functionality. However crude an instrument, the power of the blacklist was becoming more visible.

Eugene Kaspersky, who had been so dismissive of attacks on news media websites just two years before and had denied that cyber assaults even occurred, quietly changed his tune in March 2013. He came to the rescue of the troubled opposition newspaper, Novaya Gazeta, definitely not his most profitable client, when a tsunami of hacker traffic endangered it.

The newspaper was getting ready to celebrate its twentieth anniversary and had earned a reputation for critical coverage of the Kremlin and for thorough investigations—it expected some kind of electronic attack. The newspaper turned to Alexey Afanasyev, chief of the team working on preventing DDOS attacks at Kaspersky Lab. They had invented a traffic filtering system to counter the DDOS attacks used by pro-Kremlin hackers.[3] Novaya Gazeta had never been an easy client of Kaspersky’s, but Afanasyev grew up during Gorbachev’s perestroika years and loved the newspaper, which had Gorbachev on its board. Afanasyev admired the paper’s brave journalists and was ready to defend them.

In the late evening of March 31 Afanasyev was on his way home when a colleague called with the news that the website of Novaya Gazeta was under DDOS attack. The attack expanded after a few hours, but the newspaper’s website remained online thanks to Afanasyev and his team’s efforts, using the technology Kaspersky had developed to fight off bad traffic.

The next day, however, it got worse. The traffic from hackers exploded, and the attackers changed tactics. They launched a new type of assault called DNS amplification, a popular form of DDOS in which attackers use publicly accessible open DNS servers to flood a target system. Over two days it swamped Novaya Gazeta at a rate of more than one thousand times normal traffic.[4] “That broke down two big data centers with our equipment, which filters incoming traffic,” Afanasyev recalled. He was in a shop buying some computer stuff when a colleague called, expressing fear that the attack could cause the entire Internet in Moscow to collapse under the weight of the assault. The situation was critical, and Afanasyev decided to cut off all foreign traffic so that only users in Moscow could access Novaya Gazeta. By April 3 the attack reached a peak of sixty gigabits per second, an unheard of volume.

Kaspersky Lab asked two big telecom firms to help organize a special pathway for Novaya Gazeta in the Moscow Internet. They did, and it worked to isolate the newspaper from the digital chaos aimed at its website. At the attack’s peak the website of Novaya Gazeta was out of service only for three hours—thanks largely to Kaspersky, who played an unlikely role. He believed that malware was evil and was ready to fight it, even if it meant defending a scrappy, critical newspaper like Novaya Gazeta.[5]

In March 2013 Roskomnadzor made its first direct assault on global social networks. The agency sent a warning to Twitter when it asked the social media site to block access to five tweets and close an account, saying the offending messages were advertising narcotics and promoting suicide. On March 15 Twitter reported that the company agreed to block the tweets and deleted the account.[6] Roskomnadzor issued a special statement, expressing satisfaction with Twitter’s “constructive position.”[7] Then, on March 28, Roskomnadzor notified Facebook that it would be blocked unless it removed a page called “Suicide School,” which contained mostly humorous information about suicide. The site was added to Russia’s blacklist. Facebook took down the offending page.[8]

Gradually the Russian authorities were exerting control over the Internet; Putin’s people were moving in a coordinated way. Zharov and Ksenzov at Roskomnadzor issued warnings. Meanwhile the presidential administration, a separate government body directly under Putin, held private discussions with the leaders of the digital companies, like the one that Irina Levova had been invited to earlier. Also in attendance at those discussions were Russian lawmakers who were in charge of writing repressive laws for controlling the Internet.

On May 15, 2013, Ksenzov presented to Roskomnadzor a report outlining the activities of the previous year, making it clear that he felt the government was gaining ground in its efforts to impose its will. There had been little resistance from ISPs or users. At the same time, Ksenzov expressed a worry—what if people figured out how to bypass the censorship? What if they could fool the filtering? There were methods to do this, he said, “that are relatively easy to use…. But the fact that it’s technically possible to bypass the blocking does not mean that in practice it will be done by everybody and everywhere.”[9] Trying to be helpful, Ksenzov recommended the agency be further targeted by blacklisting both the Internet protocol number and the URL of those websites to be blocked.

Zharov was even more cheerful. “Despite the loud and sometimes shocking attacks against these laws, in general, the laws and working with them can be evaluated positively,” he said. He noted that “among the thousands of owners of the blocked sites,” only a “very few” spoke out in public against the blacklisting. There was only one court appeal, he boasted, adding that public opinion polls showed that 82 percent of those questioned in Russia supported the law that permitted the blacklisting.[10]

Zharov and Ksenzov had found a way to put pressure on the Internet companies, and the companies did not fight back. The Internet providers’ silence, first seen in Levenchuk’s experience with SORM years earlier, repeated itself. Back then the issue had been the black boxes. This time the companies did not protest government censorship.

An army of volunteers boosted the agency. Since 2012 a group calling itself Cyberguards of the Safe Internet League were patrolling the Internet, hunting down the sites with “prohibited information.” The League was launched by a group of Orthodox businessmen to promote Internet censorship under the pretext of protecting children from harmful content, with the blessing of Shchegolev, the minister of communications and media.[11] In 2014 the leader of the League proudly reported that they processed 37,400 complaints.[12] But that was not enough, and the Russian authorities appealed to pro-Kremlin youth organizations for help with Internet censoring, echoing the tactics used with patriotic-hackers and trolls. In February 2013 Molodaya Gvardiya, or Youth Guard, the youth wing of Putin’s United Russia party, launched a special unit called Media Gvardiya, or Media Guard.[13] In March 2015 this volunteer army consisted of 3,699 members who worked to identify sites with prohibited content. Due to their efforts, 2,475 pages were taken down. The site organized a competition among the members to see who could find the most sites to report to Roskomnadzor. The main goal of this effort was not to protect children but to hunt down the sites with “extremist content,” including any content unpleasant to the Kremlin.

As Putin turned the screws into Internet freedom, an event occurred in Russia he could not have predicted.

On June 23, 2013, Edward Snowden flew into Moscow’s Sheremetyevo Airport. Snowden, a former contractor for the US National Security Agency, or NSA, who had once worked in information technology for the CIA, had at this point exposed the bulk of telephone and Internet metadata of millions of Americans and people around the world, obtained by the NSA. Snowden said he leaked documents about the surveillance because the US government had obtained capabilities “without any warrant to search for, seize, and read your communications. Anyone’s communications at any time. That is the power to change people’s fates.”[14]

Snowden’s revelations had a huge impact. Today the Internet is ubiquitous, connecting everything from dating to purchases to the exchange of the most sensitive and personal information. Many people have questioned whether there is such a thing as privacy anymore. Human rights organizations around the world supported Snowden as a way to push back against the surveillance state, to reclaim some privacy, and to allow information to flow freely without the threat of being monitored by the state. Snowden’s revelations touched off a campaign around the globe to reexamine the issues of digital freedoms and surveillance.

But just as he made the disclosures, Snowden landed in a country with a long tradition of secrecy and suppressing freedom of speech, a landscape roiled by the secret control and surveillance he claimed to despise.

At first Snowden was stuck in the airport terminal because his passport had already been revoked by the United States and he did not have valid documents. He was supposed to be in a special transit zone, but no one could find him. What at first looked like a bad joke turned into long, dreadful weeks as Russian and international journalists scoured the airport looking for him. The journalists bought plane tickets in order to be admitted to secure areas, and some even flew to Cuba on a plane Snowden was rumored to be taking—he was not on the flight. It became obvious to the journalists that Snowden was well protected. Unlike other Moscow airports, Sheremetyevo had a special FSB detachment, established there in Soviet times when it was the only international airport in the country, as well as a normal section made up of the border guards. Snowden spent thirty-nine days, invisible, supposedly somewhere in the Sheremetyevo Airport.

On June 25, at a meeting with the president of Finland, Putin insisted that “our special services never worked with Mr. Snowden and are not working with him now.” He called Snowden a “transit passenger” who “remains in the transit hall.” Putin ruled out extraditing Snowden to the United States, where he was charged with leaking classified information, and declared that Snowden “has committed no crimes in the Russian Federation.”[15] A week later Putin insisted, “Snowden is not our agent, never was, and isn’t today.”[16] Putin seemed in these early weeks to be attempting to keep his distance from Snowden, saying he was a free man, comparing him to dissidents and human rights activists. Putin said Snowden could leave Russia if he wanted to. But was that the truth?

On July 11 Tanya Lokshina, the head of the Moscow office of Human Rights Watch, was at her office in Moscow, busy preparing for a business trip to New York. Although she appears to be a fragile woman with delicate features under a mop of fiery red hair, Lokshina was a fearless human rights activist who had carried out investigations of brutal abuses in Chechnya and Dagestan and during the Russian war with Georgia.

The Kremlin was never very pleased with her organization or Lokshina personally. She received menacing phone calls, and in October 2012 anonymous threats were sent to her cell phone that included details that could have been obtained only by eavesdropping on her. At the time, she was six months pregnant. Kenneth Roth, the executive director of Human Rights Watch, declared that the people threatening her “knew where she lived, what she was doing. They made explicit reference to the fact of her pregnancy. They threatened harm to herself and to her unborn baby.”[17]

Lokshina had left Russia for a while, but now she was back in Moscow and focused on her work. Her son, Nikita, was six months old.

At 5 p.m. that day her assistant, Masha, opened the door and said, “Tanya, you have a phone call from Snowden.”[18] Lokshina for a moment thought it had to be some sort of joke, but Masha insisted that a man on the phone said he is calling from Sheremetyevo, represents Snowden, and that Snowden wanted to meet her; the man on the phone was providing details of the meeting. Lokshina told Masha to give the caller her e-mail but still didn’t think it was really Snowden.

In five minutes she got an e-mail from ed.snowden@lavabit.com:

The letter went on, inviting the human rights organizations and “other respected individuals” to join Snowden the next day at the airport, promising a discussion about “the next steps forward in my situation.” Lokshina was instructed to meet at Terminal F, in the “centre of the arrival hall,” and “someone from airport staff will be waiting there to receive you with a sign labeled ‘G9.’” Lokshina thought that “9” could mean the number of people invited. An identical e-mail arrived for Sergei Nikitin, director of Amnesty International’s office in Moscow.[20] Nikitin had directed Amnesty in Russia since 2003 and was also a target of the Russian authorities, who, a few months earlier, raided the organization’s office, a few small rooms hidden in an obscure courtyard in a derelict old building.[21]

Lokshina thought the e-mail looked strange. It was also very formal, addressed to no one. “I thought it was false. The letter was written in strange and awkward language.” She had spent years in the United States in her youth, and it looked to be written in British English: “in the centre of the arrival hall…” The telephone number was also unusual—a mobile number. Most Russian mobile numbers are registered to people, not organizations, so it was impossible, from the number, to discern anything about who was behind it. Lokshina forwarded the e-mail to her colleagues at the headquarters of Human Rights Watch as well as to a pair of friends, the Moscow correspondents of the New York Times and the Daily Telegraph. Nikitin had also sent it to his headquarters. Both were skeptical and uncertain.

Impulsively Lokshina then put the e-mail on her Facebook page. It made a huge and immediate splash in the media. The rest of the day and the next morning she felt under siege—the phone rang constantly, her son demanded her attention, and she still didn’t know whether to go to the airport. When she got another call from the same person who had first phoned and was now asked for passport details to get to the secure area, she realized the invitation was for real.

The next day Lokshina took with her a tape recorder she had been given by Ellen Barry, a correspondent at the New York Times. When she and Nikitin arrived at Terminal F, they saw hundreds of journalists. She had plenty of experience with herds of reporters, but this one was larger than she had ever seen, like a “herd of mammoths that were going to trample me,” she recalled. The human rights activists who gathered around the sign “G9” were clearly divided into several parts: the Russian representatives of independent international human rights organizations, including Lokshina and Nikitin; heads of pro-Kremlin “human rights” groups, including Vladimir Lukin, Human Rights Commissioner of Russia, appointed by Putin, and Olga Kostina, a head of the government-funded NGO Resistance; a deputy of the State Duma, Vyacheslav Nikonov; and lastly, the well-known lawyers Anatoly Kucherena and Henri Reznik. Nikitin, with all his experience, immediately concluded that Kucherena, a tall, bulky, and imposing man, was the leader, if not an organizer of the meeting.

Kucherena is a prominent lawyer as well as a member of the Public Council within the FSB, an organization established in 2007 to promote the image of the Russian security service.[22] Kucherena also serves as chairman of the Institute for Democracy and Cooperation, a front organization for Russia’s propaganda machine, with branches in New York and Paris. Putin had suggested personally that such an institute be created to criticize human rights violations in the United States; the institute has an annual report called “The State of Human Rights in the United States.”[23]

Lokshina, Nikitin, and the other human rights activists were shown into a room in the secure area of the terminal and eventually led onto the airfield. At this moment Lokshina suddenly remembered that Snowden wanted to fly to Venezuela, and she thought maybe the plan was to fly Snowden there and to take the human rights activists along to guarantee his safety. She panicked and called her husband with instructions for how to feed the baby if she were flown to Venezuela. Then everyone was put on a bus.

The bus made a circle and stopped near an unmarked door of the same terminal, but on the far side of the building. They were shown into a room. When they walked in, Snowden was sitting there, along with a translator and Sarah Harrison, a member of the WikiLeaks group, who had been with Snowden since he fled Hong Kong. Nikitin quickly approached Snowden and asked about his condition. He got to Snowden first because Kucherena doesn’t speak English, and Nikitin seized the initiative. But then a man stood in front of them and made an announcement: “Dear gentlemen, Mr. Snowden wants to make a statement, and I ask you in the interests of his security do not record it on video.” Nikitin, Kucherena, Lokshina, and Reznik sat in the first row. In the back were some young bulky men in suits. Lokshina took two photographs and sent them to Barry of the Times immediately. Barry at once published them on Twitter. Lokshina also put Barry’s tape recorder on the table in front of her and turned it on. During the meeting Lokshina texted reports to Barry while Nikitin used an open line on his phone to transmit the audio to some journalists who were listening.

Lokshina told us later that she was certain it was not Edward Snowden who invited them. Snowden did not speak Russian and did not know the people there. Lokshina concluded it was all a show, orchestrated by the security services. “It was obvious that the comrades from the intelligence agencies gathered a group of people and made up all of this event. And they arranged the meeting, probably to legitimize the decision already made that he would be granted temporary asylum.”

Kucherena, his legs crossed, sitting in the front row, attempted to ask the first question. He spoke in Russian and said, “Well, how do they treat you here?” He was cut off by Harrison, who shot back, “Please wait. First Ed Snowden had a statement to read.”

Snowden used the moment to appeal for “guarantees of safe passage from the relevant nations in securing my travel to Latin America” and announced that he would also seek asylum in Russia. “I will be submitting my request to Russia today, and hope it will be accepted favorably.” The rest of the meeting seemed to unfold quickly, and Lukin asked Snowden whether he had any complaints. He said no, and then lawyers started debating Snowden’s status.

Nikitin gave Snowden his business card but never heard from him again. Snowden was extremely cautious, but Nikitin didn’t think it was worthwhile to arrange some kind of covert communications channel; he mostly wanted to establish Snowden’s condition, read Snowden’s body language, and detect signs of torture—to ask the questions any human rights activist would naturally ask. Nikitin observed that Snowden was relaxed and comfortable. “I was impressed by his sangfroid. After all, he lost everything.” Lokshina had the same feeling, “He did not look depressed or anxious.”

The meeting participants were shown out of the room, back to the terminal, and Snowden disappeared with Harrison. Lokshina instantly remembered that she forgot her tape recorder and asked the security men to retrieve it. In thirty minutes they brought Lokshina the tape recorder, but the recording had been erased; the meeting had lasted forty-five minutes. Lokshina and Nikitin told journalists in the terminal that they supported Snowden’s appeal for asylum. Kucherena, the lawyer with close connections to the FSB, said he would provide legal support for Snowden.

Did the Russian authorities stage a meeting so the human rights groups would endorse Snowden’s appeal for asylum, just as Putin wanted? Although they sat in the front row at the meeting, the human rights activists had no say over the meeting’s time, place, or circumstances. If there was a script, they had not written it. They heard Snowden talk, and then he disappeared. It was a clever manipulation. Snowden’s revelations about mass surveillance had outraged people around the world, and their anger was directed against the US government. Now Putin was presenting himself as a defender of freedoms and the only world leader strong enough to stand up to the United States. The human rights organizations, which Putin had been suppressing for years, were made props in Putin’s show, at least briefly. The meeting was a sign that Putin was not going to keep his distance from Snowden but rather would attempt to co-opt him for his own purposes.

A year later Lokshina, sitting in a coffee shop in Moscow, remarked that Snowden seems to have been trapped too. “In fact he’s in prison,” she said. “No doubt in a comfortable one—he is well fed there, and he did not need anything. But he does not walk the streets of this city.”

Snowden may not have known or realized it, but his disclosures emboldened those in Russia who wanted more control over the Internet. The State Duma debated Snowden’s revelations of mass surveillance in special hearings. A vice speaker of the Russian parliament suggested that the Snowden disclosures meant Russian citizens should be forbidden from keeping their personal data on foreign servers. “We should provide a digital sovereignty for our country,” he said. Ruslan Gattarov, chairman of one of the pro-Kremlin youth organizations and a member of the upper house of parliament, the Federation Council, invited Snowden to come to the Council to “investigate” what he described as the surrender of Russian citizens’ data to the American intelligence agencies.[24]

This “digital sovereignty” claim was cover for something the Kremlin wanted all along—to force Facebook, Twitter, and Google’s services, Gmail and YouTube, to be subject to Russian legislation, which meant providing backdoor access to the Russian security services. It was a way to have SORM black boxes installed on the Gmail, Facebook, and Twitter servers. Since spring of 2011 the FSB had been lamenting it had no means to intercept chats and e-mail exchanges on Facebook and Gmail, and now the chances appeared to be improved. The pretext of protecting Russian personal data—the notion of “digital sovereignty”—was raised in order to impose new controls on the Internet, bring the global platforms to heel, and put their servers on the Russian soil. Snowden’s name was being invoked by those who wanted to carry out new repressive measures in Russia.

On August 1, 2013, Snowden was granted one year of asylum in Russia, and the next day he left Sheremetyevo, still evading journalists. Kucherena reported the news, saying he personally put Snowden in the car. For months to come, Snowden refused to talk to Russian and Moscow-based foreign journalists. To us, the silence seemed odd and unpleasant. After all, Snowden wasn’t afraid of journalists—he had used them to leak the thousands of pages of secret documents. He also spoke to American journalists coming from the United States. Snowden was, in theory, in favor of openness. So why did he refuse to talk to those of us in Russia who, in our journalism, fought every day for openness and freedom of information? Was he being manipulated again? And if so, by whom?

On September 4, 2013, Putin said in an interview that when Snowden first approached the Russian consulate in Hong Kong, the case was immediately reported to him, but he instructed aides to send Snowden away. That part of the story hadn’t been reported before, but was it true? Was Putin really that ambivalent about this former NSA contractor who had upset the United States, or was he playing a clever game?[25]

While Snowden remained out of sight, Russia’s security services achieved another dramatic leap in their capability to eavesdrop on the Internet. In the autumn of 2013 new SORM technical guidelines were announced that would require phone operators and Internet providers to store information for twelve hours at a time until it could be retrieved by the authorities. The guidelines also made it possible for the security services to intercept correspondence that users send through services such as Gmail and Yahoo and the popular ICQ instant messages. The goal of the updated requirements was very clear: to expand surveillance capabilities to intercept messages and information passed through foreign Internet providers.

The reaction was surprising. On October 21 VimpelCom, one of Russia’s largest telecom companies, publicly—and courageously—denounced the government’s plans to expand the SORM capabilities. VimpelCom sent a letter to the Ministry of Communications, criticizing the plan as unconstitutional. Next another major provider, Mail.ru, said the requirement to keep data for twelve hours “violates the Constitution of the Russian Federation, in particular the right to privacy, confidentiality of correspondence, telephone conversations, postal, telegraph and other communications” and is “inconsistent with a number of federal laws and codes.”[26] The service also protested that a facility to keep that much data might not cost $100 million, as VimpelCom suggested, but more like $400 million. “This will require approximately 30–40 petabytes of data for the entire Runet every 12 hours,” said Vice President and Technical Director Vladimir Gabrielyan. Anton Nossik wrote that the “FSB wants to know about every one of our moves on the Internet: Who and what we sent, and from whom they received, what sites come in, what we have there, name and password.”

Nossik also wrote that “recording of all incoming and outgoing Internet traffic of 75 million Russian users requires, without any exaggeration, petabytes and exabytes of disk space.” He warned that the new SORM requirements would force users to pay more for Internet services. But the protests did not stop the Kremlin from doing what it wanted to do. The decree implementing the new SORM requirements was signed by the minister of communications on April 16, 2014, and required all operators to install the equipment by March 31, 2015. The requirement to keep twelve hours of data remained in the decree.[27] The Ministry of Communications officials also admitted that the new SORM black boxes are strengthened by DPI, as the devices can monitor the Internet traffic on the application level.[28] The two most intrusive surveillance technologies were finally combined, to be used by the Russian security services all over the country.

When all this was happening, Snowden was silent. Although he gave some interviews to American journalists, he refused to comment on Russian affairs and dropped off the radar until April 17, 2014. We tried repeatedly to contact Snowden, and we also asked American journalist, lawyer, and author Glenn Greenwald for an interview, but Greenwald never responded to our e-mails.

On that day Putin held another of his annual question-and-answer sessions in which citizens call in on a direct line. Much had changed since 2013; the success of the Sochi Olympics and the annexation of Crimea had generated a mood of intense patriotism and anti-Western sentiment. Putin’s approval ratings had soared.

As always, the call-in show was broadcast live by three major TV channels along with three radio stations, and it lasted nearly four hours. A well-staged event, it started with calls from Crimea, with “Thank you, Mr. President, on behalf of all the people of Crimea,” and other displays of boosterism. Hours passed, and all of a sudden a host in the studio in charge of fielding phone calls turned not to Putin but to the television watchers and proclaimed, “We have a surprise video call, which I would describe as sensational. It was sent by a person who has made an information revolution by exposing a mass surveillance program that affected millions of people around the world.”

Then, a theatrical pause.

“Mr. President, you have a question from former intelligence agent Edward Snowden!”

Putin grinned:

“Do I really?”

Then Snowden’s Skype call appeared on the screen. His first word was in Russian: “Zdravstvuyte”—Hello.

Then he proceeded in English:

The host in the studio, journalist Kirill Kleymenov, asked Putin, “Mr. President, did you get the gist of the question?”

Putin, obviously pleased with the question, replied, “Yes, by and large.”

Nevertheless Kleymenov—after praising Putin’s ability to speak English (Putin laughed, saying American English is slightly different)—tried to translate the question. He almost missed the introductory part about the White House investigations and mistranslated the part about the debate in Russia over surveillance, saying there is a large debate in Russia, and then posed a question about mass surveillance.

Putin began his reply with a joke. “Mr. Snowden, you are a former intelligence officer, and I,”—a pause, and the audience started to giggle—“worked for an intelligence agency too. So let’s talk like two professionals.” Putin then insisted that Russian laws strictly regulate the use of special equipment by the security services, including for the tapping of private conversations and for the surveillance of online communications. Putin emphasized that a court warrant is needed to use the equipment in each particular case. “So there is no, and cannot be any, indiscriminate mass surveillance under Russian law,” Putin declared.

“Yes, we do surveillance on the Internet,” Putin allowed, “but not on such a large scale and not arbitrarily. Besides,”—and here he smiled slyly—“we do not have such technical capabilities and funds as the United States.”[30]

Putin’s answer was a classic obfuscation, just like the one he gave NTV journalists more than a decade earlier in the library of the Kremlin.

At first we were encouraged that Snowden at last started talking about Russia’s tightening surveillance of the Internet, hoping it could provoke a public debate about SORM—Andrei made this point in his public comments. But Snowden was heavily criticized for taking part in a Putin show, and the next day he published an op-ed in the Guardian answering his critics. “I was surprised that people who witnessed me risk my life to expose the surveillance practices of my own country could not believe that I might also criticize the surveillance policies of Russia, a country to which I have sworn no allegiance, without ulterior motive,” he wrote. “I regret that my question could be misinterpreted, and that it enabled many to ignore the substance of the question—and Putin’s evasive response—in order to speculate, wildly and incorrectly, about my motives for asking it.”

Snowden added, “The investigative journalist Andrei Soldatov, perhaps the single most prominent critic of Russia’s surveillance apparatus (and someone who has repeatedly criticized me in the past year), described my question as ‘extremely important for Russia.’ According to the Daily Beast, Soldatov said it could lift a de facto ban on public conversations about state eavesdropping. Others have pointed out that Putin’s response appears to be the strongest denial of involvement in mass surveillance ever given by a Russian leader—a denial that is, generously speaking, likely to be revisited by journalists.”[31]

In the end Snowden’s question didn’t provoke a debate in Russia over surveillance. Nor did it stop the Kremlin.

On May 5 Putin signed a new law aimed at tightening the controls over the many popular online bloggers in Russia who carried out lively and relatively free debates on the Internet. Widely known as the “Bloggers Law,” it was a part of a broader rewrite of Russia’s antiterrorism statute, started in January 2014, which expanded the already-vast clout of the country’s Federal Security Service and altered penalties for terrorism and extremism crimes. The new law required bloggers with more than three thousand followers—which was many of them—to register with the government. Registration was more than a mere formality; it would give the security services a way to track them, intimidate them, or close them down. Once registered like the news media, a blogger would be subject to state regulation. In addition to the registration, the law required that bloggers could not remain anonymous and that social media would maintain computer records on Russian soil of everything posted over the previous six months. The law marked a first legislative step to force the global social media to relocate their servers to Russia. At their headquarters in California, both Twitter and Facebook said they were studying the law but would not comment further.

Russia’s annexation of Crimea in 2014 presaged still more efforts to control the Internet. Ksenzov, the chief censor at Roskomnadzor, became more and more aggressive on Twitter against the demonstrators in Ukraine, whose Maidan uprising, named after the square in Kiev, had touched off the crisis. The Maidan demonstrations frightened Putin too.

Ksenzov lashed out at the US, Russian, and international media in a string of angry tweets. In one of them he accused CNN of being “insane” for quoting Zbigniew Brzezinski, the former White House national security advisor. Then, on May 16, he attacked Twitter itself, and this time it was much more serious. In an interview with Izvestia, the largest pro-Kremlin daily newspaper, Ksenzov claimed that Twitter promotes the interests of the United States and then added, “We can tomorrow block Twitter or Facebook in Russia. It will take few minutes. We do not see this as a big risk. If at any point we decide that the impact of disabling of social networks will be less significant compared to the harm caused by the unconstructive position of management of international companies for Russian society, we will do what is required to do by law.” The threat was the most categorical yet made in public. Medvedev, serving as prime minister, criticized Ksenzov, and Roskomnadzor did not officially enforce Ksenzov’s statement. But he was unrepentant. The same day on Twitter he said, “Not going to make excuses. Responsible for my words.”

Twitter got the message. A few days later it blocked accounts of the radical Ukrainian party Pravy Sector for Russian users, saying the action was in response to a Russian court order. The action marked another success for the Kremlin’s effort to tame the global Internet giants, but the Electronic Frontier Foundation in the United States took note and made a good point about Twitter’s decision: “There are two ways that Twitter’s actions are disappointing. First, Twitter has no employees or assets in Russia, so it should not have to comply with a Russian court order at all. And the order isn’t even about a Russian account—it’s a Ukrainian one. Worse yet, Pravy Sector’s account is plainly political. If Twitter won’t stand up for political speech in a country where independent media is increasingly under attack, what will it stand for?”

On July 4 the State Duma passed another law prohibiting the storage of Russians’ personal data anywhere but in Russia. Once again members of parliament pointed to Snowden’s revelations of mass surveillance to justify the action. A member of Putin’s United Russia party suggested nominating Snowden for a Nobel Prize. In effect, Russian security agencies received expanded powers over the Internet under the pretext of protecting the personal data of Russian citizens from the menace that Snowden had described.

The law stipulated that global platforms would relocate their servers to Russia by September 1, 2015. After this, all three global platforms—Google, Twitter, and Facebook—sent high-ranking representatives to Moscow. Details of their talks were kept secret. On July 28 Ksenzov, who had turned Twitter into his main channel of communication, tweeted, “They start a war against us. A full-scale Third World Information one.” On August 5 he triumphantly retweeted news from the state-controlled RIA Novosti agency: “For the first time, Apple has begun to store personal user data on the Chinese soil.”

The pressure on the global platforms became enormous. Of the trio, only Google had an office in Moscow. Very secretive and shielded from journalists by a hired public relations company, Google’s government relations officer was Marina Zhunich. She had started her career at the Moscow office of the BBC’s Russian service and then briefly joined the Organization for Security and Cooperation in Europe. Hers was a classic career for a graduate of the Moscow State Institute of International Relations, which groomed young people for service in diplomacy. In the 2000s she worked in public relations at international companies in Moscow. She joined Google in 2009, when Medvedev was president and the Internet was his most enjoyable toy. In the summer of 2012 Zhunich found herself in the eye of the storm. In July she made a statement on YouTube criticizing the proposals to block sites by their Internet protocol or IP addresses.[32] Then she attended most of the meetings at the Ministry of Communications, and some progovernment Internet businessmen openly expressed unhappiness with her active involvement in Russian policy.

Two years later, in June 2014, it was revealed that Zhunich had herself been put under surveillance by private security services hired by businessmen close to the Kremlin—she had been spied on along with journalists of TV Dozhd and Novaya Gazeta. When the surveillance was made public by the hacker group Anonymous, Google was silent. We tried to talk to Zhunich at a conference, but she slipped away. We then turned to Facebook to connect with her, and for two days attempted to coax her into an interview. She was very guarded, and when we asked about surveillance of her, she replied, “No, I will not take part in that.”[33]

On November 14, 2014, just after 7:00 p.m. and already dark, dozens of people, mostly in their twenties and thirties, were searching for a small red-brick building in Moscow. It was not easy, as the tiny structure was in the yard of a derelict factory, with no signs to help the visitors find it. The visitors, most of them journalists working for Russian online news media, seemed to be lost, searching for the modest venue for a ceremony of the national Internet media awards named after Edward Snowden.

The Russian Association for Electronic Communications had announced in April the establishment of the new award and claimed they had secured agreement from Snowden. But many of the journalists knew it was Alexey Venediktov who was behind the idea. Venediktov positioned himself as a quiet intermediary between the digital news and social media and his own high-placed contacts in the Kremlin. His personal assistant had secured the agreement of Snowden for the award. The assistant was also inserted by Venediktov into a team of experts to work on the controversial Bloggers Law. Venediktov was an editor-in-chief of Echo Moskvy, the radio station that had been a champion of liberal democracy since the last days of the Soviet Union, but he also maintained good contacts in the Kremlin, including, periodically, Putin himself.

On the cold day in November chosen to award the prizes, the mood was cheerless. Once they found the building, the journalists encountered a band that tried to raise their spirits, to no avail. Two of the show’s hosts, Tatyana Felgenhauer and Alexander Plushev, both of them journalists from Echo Moskvy, wore long faces—the fate of the station was increasingly in doubt, in part because of some indiscreet tweets by Plushev that drew the ire of Putin’s team. The chairman of the board of directors of the station, Mikhail Lesin, who had tried to lay his hands on the Internet in December 1999 at the meeting with Putin, warned that that it’s “entirely possible” to fire Venediktov. Everyone at Echo was on edge.

Plushev and Felgenhauer tried their best while giving the awards, making some jokes, but when Plushev read a gag about his possible firing, he laughed bitterly. The show itself was sad and confused. Ilya Klishin, now the editor of TV Dozhd’s website, was clearly shocked when he got his award, shared with an editor of the website of Lifenews.ru, a shameless pro-Kremlin tabloid-style TV channel that was preparing to take up occupancy of TV Dozhd’s premises after TV Dozhd had been expelled from the Red October complex.

One of those in the crowd was Stas Kozlovsky, leader of the Wikipedia community in Russia and a professor in the psychology department at Moscow State University. Kozlovsky, thirty-eight, discovered Wikipedia in 2003, when its Russian version had only a few hundred articles. He gave up his blog and started to write for Wikipedia. Though he looked a bit like a Cheshire cat, Kozlovsky was famous for being a fierce fighter for Internet freedom. He was the one who, at Irina Levova’s urging, put Russian Wikipedia into a blackout in the summer of 2012 to protest Internet filtering and has been battling on behalf of Wikipedia since the authorities first tried to block the online encyclopedia.

Artem Kozlyuk, a head of Rublacklist.net, the watchdog that keeps tabs on which sites have been blacklisted, greeted him with a knowing smile: “Hi, Stas, are you ready for a blackout in May?” In May 2015 a new law was to come into force that would make it possible to block all kinds of sites if they carried information without signed agreements from authors or rights holders, a measure described as an antipiracy law. It would almost certainly lead to blocking Wikipedia. “Now any hyperlink to any text or page on the Internet can cause blocking of a website. The Russian Wikipedia contains nearly 1.2 million articles, and each has dozens of hyperlinks to the sources,” Kozlovsky told us.

At the Snowden ceremony there was no sign of the man who had loaned it his name. When Andrei pointed that out to Kozlovsky, he replied with a sad smile, “Well, Snowden could have done good things globally, but for Russia he was a disaster.”

Four months later, in March 2015, the Ministry of Communications convened a gathering of the biggest Russian data centers to discuss the relocation of servers. A representative of Rostelecom, a state-controlled Russian operator, stepped in to announce that Google had already relocated the servers to the operator’s data center, adding, “The Company [Google] is our client now, and we are the restricted access, semi-government facility.”[34] At the time Google declined to provide comments.

Snowden, a whistleblower who loved to quote the UN Declaration of Human Rights, landed in a country with a miserable record on human rights. He appealed to NGOs and investigative journalists for help, but in Russia human rights activists are branded “foreign agents” or spies, and investigative journalism is under threat of complete extinction. Snowden argued that he took risks to expose state secrets in the interests of freedom of information, but he remained a guest of a regime that for years has been suppressing freedom of information. Although he justified his actions by the need to defend the Internet from government intrusion, when he landed in Moscow, the Kremlin was in the middle of a large-scale offensive against Internet freedoms.

Snowden failed to respond to these challenges. For months he tried to pretend he was not in Russia, but just somewhere, in some limbo, that he found asylum in an unmarked country that would never extradite him to the United States. The Kremlin helped him preserve this fiction, and he was never dragged into being a tool of the Russian propaganda media outlets. He was allowed to keep out of sight.

After ten months in Moscow, Snowden asked Putin at a staged news conference about surveillance, but Putin merely deflected the question.

Since the day Snowden landed in Moscow the symbols of the global Internet—Google, Facebook, and Twitter—came under increasing pressure from the Kremlin to make the global Internet local, to destroy the very nature of the global network. Snowden didn’t say a word about it except for his single call to the Putin news conference.

Snowden’s revelations suggest he aspired to fight for Internet freedom not only in the United States but around the world; however, Russia was omitted from his fight. He left his home country to campaign for more transparency surrounding the intelligence agencies’ activities, and found himself living in Moscow, heavily protected by Russian secret services—behind the walls, shielded from the world outside.

At the same time Snowden was in Moscow, Russia was already attempting to change the global rules of the Internet. That too seemed to escape Snowden’s attention.

CHAPTER 11 Putin’s Overseas Offensive

Vladimir Putin was certain that all things in the world—including the Internet—existed with a hierarchical, vertical structure. He was also certain that the Internet must have someone controlling it at the top. He viewed the United States with suspicion, thinking the Americans ruled the web and that it was a CIA project. Putin wanted to end that supremacy. Just as he attempted to change the rules inside Russia, so too did he attempt to change them for the world. The goal was to make other countries, especially the United States, accept Russia’s right to control the Internet within its borders, to censor or suppress it completely if the information circulated online in any way threatened Putin’s hold on power.

Andrey Krutskikh devoted his entire career in the Russian Foreign Ministry to arms control. He joined the diplomatic service in 1973, right after university, and served in the ministry for the final eighteen years of the Soviet Union’s existence. He admired the diplomatic style of the stolid and uncompromising foreign minister, Andrei Gromyko, known informally in the West as Mr. Nyet. Krutskikh often called Gromyko “great.”

From the very beginning of his service Krutskikh’s work centered on disarmament, nuclear weapons, and the so-called main adversaries, the United States and Canada. When he was twenty-four years old, in 1975, he was sent to Salt Lake City as a member of the Soviet delegation to negotiate strategic nuclear arms control. Krutskikh’s experience at the negotiations in Salt Lake City left a strong impression on him. It was a time when Soviet diplomats had stature; they decided the fate of the world and spoke on equal terms with the Americans. After the Soviet collapse and into the late 1990s Krutskikh continued to focus on arms-control issues and rose through the ranks of the ministry. He was not a smooth or slick diplomat; he had a rather agitated manner—expressive, his hands always in motion. Krutskikh soon wondered whether arms control could be useful in the emerging realm of cyber conflict.

Among a particular group of Russian generals who represented FAPSI, the powerful electronic intelligence agency that had grown out of the KGB, a similar mindset was developing. The agency’s headquarters was located in a stark, modern terraced building with giant antenna globes on the roof not far from the KGB headquarters. Like the US NSA, FAPSI was responsible for information security, signals, and electronic intelligence. For many years their generals watched the growth of the Internet with suspicion, thinking it was a threat to Russia’s national security, because in the early days the Russian Internet was built with Western technology, and they were obsessed with the fear that it would be thoroughly penetrated by the Americans.

The leader of this group of suspicious generals was Vladislav Sherstyuk, a colonel-general in the intelligence wing of the agency and a KGB officer since 1966. By the 1990s he became head of the very mysterious and powerful Third Department of FAPSI, in charge of spying on foreign telecommunications. All Russian centers of electronic espionage abroad were subordinated to this department, including the radio interception center at Lourdes in Cuba, which was in charge of monitoring and intercepting radio communications from the United States. Sherstyuk was a spymaster, determined to exploit communications to steal US secrets and protect Russia against espionage of the same kind. This naturally made him wary of the Internet, where so much was beyond his control.

When the war in Chechnya began, Sherstyuk was put in charge of FAPSI’s group there, and he organized the interception of Chechens’ communications. In December 1998 he was appointed director of FAPSI, a mighty intelligence service in its own right that competed head-to-head with the FSB. Among other things, they had a very special role in controlling the government’s most sensitive communications networks.

Krutskikh and the FAPSI generals spoke the same language of suspicion—a language of threats posed by the Internet. In early 1999 Krutskikh was helping to draft a resolution for the UN General Assembly that reflected these views and warned that information—the Internet—could be misused for “criminal or terrorist purposes” and could undermine “the security of States.” In other words, information technologies had to be controlled because they could be dangerous. The resolution was adopted without a vote.[1]

Krutskikh and the generals viewed the Internet as a battleground for information warfare. (This term should not be mixed with cyberwarfare, which is mostly about protecting a nation’s critical digital networks from hackers.) For Krutskikh and the generals, information warfare encompasses something political and menacing, including “disinformation and tendentious information” that is spread to incite psychological warfare, used for altering how people make decisions and how societies see the world.[2] In contrast to those who celebrate free media and the Internet as a glorious information superhighway that opens limitless possibilities for discovery, Krutskikh and the generals worried that it could become the front lines of conflict between nations and hostile groups.

In December 1999 Sherstyuk moved out of FAPSI to the Russian Security Council, an advisory group to the president on security. Once there, he supervised a department for information security, which included the Internet, and brought his ideas with him. The Security Council normally is made up of top officials, including the president, and meets periodically, but it also has an influential staff, which Sherstyuk joined. In 2000 his team composed the “Doctrine of the Information Security of the Russian Federation,” which included an unusually broad list of threats, ranging from “compromising of keys and cryptographic protection of information” to “devaluation of spiritual values,” “reduction of spiritual, moral and creative potential of the Russian population,” as well as “manipulation of information (disinformation, concealment or misrepresentation).” Quite ominously, it identified one source of the threats as “the desire of some countries to dominate and infringe the interests of Russia in the global information space.”[3] Putin approved the doctrine on December 9, 2000.

In 2003 FAPSI was disbanded, but not the ideas of the suspicious generals. Sherstyuk remained at the Security Council, and some of his views were reinforced when a like-minded top official from the FSB, Nikolai Klimashin, was moved to the Security Council. Sherstyuk founded and headed the Information Security Institute at Moscow State University, which he built into a major think tank to define Russian foreign policy on information security. Meanwhile, Krutskikh rose to become deputy chief of the Department for Security and Disarmament Issues at the ministry.

For years at international meetings Krutskikh had been driving home that Russia wanted to govern its own space on the Internet. Whereas others, including the United States, saw the Internet as a wide-open expanse of freedom for the whole world, Krutskikh insisted that Russia should be able to control what was said online within its borders. He expressed fear that, without such control, hostile forces might use the Internet to harm Russia and its people. “If through the Internet we would be forced to forget our mighty great Russian language, and speak only using curse words, we should not agree with that,” he told us, echoing Putin’s deep suspicions about the Internet and who was behind it. Krutskikh repeatedly proposed some kind of international agreement or treaty that would give Russia the control it sought over the Internet. Influenced by his own career in arms-control negotiations, he was convinced that such an agreement must be between Russia and the United States. He wasn’t anti-American, but he grew emotionally attached to the idea that the two former Cold War superpowers could somehow make a pact that would give Russia control over its digital space. The United States, however, never warmed to the idea—the US government never attempted to control content on the Internet, and many of the first Internet pioneers in America were very open about the Internet as a symbol of how information should roam free—but what Krutskikh wanted most was to be taken seriously and to have his views treated with respect, as they were during the Cold War.

But he didn’t get much respect. At a bilateral meeting in March 2009 in Vienna, Krutskikh delivered a long monologue arguing that Russia and the United States—and perhaps other nations—should collaborate to regulate the Internet as nations and governments. He expressed fear that the Internet was building beyond their control, that there could be an arms race in cyber space, and it was time for governments to take charge.

Russian generals felt they were losing the global cyber arms race and wanted to put some limits on the United States’ offensive capabilities. But Krutskikh’s speech fell on deaf ears. An American diplomat cabled back an account of the meeting, saying, “There was little change, if any, between U.S. and Russian long-held views” on the subject. Krutskikh desperately wanted some sort of joint statement with the United States, but the US administration was reluctant to sign anything.[4]

But he didn’t give up. In 2010 Kaspersky Lab investigated Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges.[5] Krutskikh seized on the incident—with its destructive malware, designed in part by the United States—as a justification for a ban on cyber weapons.[6] In 2011 Kaspersky, who was highly regarded in Russia as an Internet entrepreneur, added his voice to the idea of a ban on cyber weapons, and in November he wrote on his blog, “Considering the fact that peace and world stability strongly relies on the internet, an international organization needs to be created in order to control cyber-weapons. A kind of International Atomic Energy Agency but dedicated to the cyberspace.”[7]

In the Bavarian Alps a small mountain resort town, Garmisch-Partenkirchen, is famous for its spectacular views and NATO’s Marshall Center for Security Studies, which is based there. Nearby is a pretty hotel, Atlas, with a traditional Bavarian three-story lodge that is a twenty-minute walk from the Marshall Center. Founded in the early sixteenth century as a tavern, the hotel proudly lists among its previous guests Duke Ludwig from Bavaria, the Prince of Wales, and the King of Jordan. Every April, for almost a week, the hotel hangs a Russian flag from its balcony, hung personally by Sherstyuk, who, since 2007, has been bringing to the lodge a group of Russian and American generals and high-placed officials to talk quietly about information security and cyber conflict. The first two days are always reserved for general discussions, mostly on cyber security and what kind of research is required. Russians gathered in one part of the hotel, and non-Russians gathered in another, partly because many Russians didn’t speak English, and most Americans didn’t speak Russian. The third day was devoted to individual meetings. The real business was conducted in closed rooms with only a few participants. Klimashin was among the guests, as well as Krutskikh, who never tired of making speeches and arguing for agreement on “terms and definitions” in cyberspace and for greater UN involvement in Internet governance. He favored the United Nations because it was filled with governments, not companies, and many of them were sympathetic to Russia’s desire to control the Internet within their borders.[8]

The US government took the gatherings in Garmisch very seriously every year. High-level officials were sent; in 2010 the US delegation included Christopher Painter, the second-ranking White House official on cyber security, and Judith Strotz, the director of the State Department’s Office of Cyber Affairs.[9]

Russian officials in charge of information security often spoke bitterly of US domination of the Internet, believing all the tools and mechanisms for technical control were in US hands. Their main target was the Internet Corporation for Assigned Names and Numbers, known as ICANN, a nonprofit organization headquartered in California. In 1997 President Clinton directed the secretary of commerce to privatize the management of the domain name system, a critical part of the Internet that serves as a giant warehouse of web addresses looked up every time a user wants to go somewhere online. The Defense Advanced Research Projects Agency, the National Science Foundation, and other US research agencies had previously performed this task. On September 18, 1998, ICANN was created and given a contract with the US Department of Commerce to oversee a number of Internet-related tasks, but the most important among them was to manage the distribution of domain names worldwide. In the 2000s other nations campaigned to have a greater role in ICANN, but the Kremlin’s idea was more radical: to strip ICANN of its powers.

The president of ICANN, Paul Twomey, hastened to the second gathering in Garmisch in 2008. He and other high-ranking ICANN representatives tried to keep open channels of communications with the Russians. One of the top US ICANN representatives who made sure always to attend was George Sadowsky. Looking always professorial, he taught mathematics at Harvard and was a technical adviser to the United Nations in the 1970s. In 2001 Sadowsky became executive director of the Global Internet Policy Initiative, which promoted Internet freedoms in the former Soviet Union and Central Asia. In 2009 he was selected to the board of directors of ICANN. Sadowsky had a great deal of experience in dealing with Russian officials. He found the endless discussions to be frustrating, as both sides saw the world differently and had trouble even agreeing to a common language about the Internet; there were very basic divisions over definitions regarding the Internet. “Is it a communications service or is it an information service?” he recalled. “And this went on, and on, and on.”[10] In Garmisch both Russians and Americans tried to be pleasant and friendly, but they were at a stalemate. And with each passing year the discussions became increasingly difficult—after the conference in 2010 Sadowsky admitted, “The Russians have a dramatically different definition of information security than we do; it’s a broader notion, and they really mean state security.”[11]

When the Russian officials failed to get an agreement with the United States about ICANN, they shifted strategy, looking for a new way to assert more sovereignty over the Internet. This new approach led them to the International Telecommunications Union, or ITU. With headquarters in Geneva, the organization was originally established in 1895 to regulate the telephone and telegraph. It is a specialized UN agency, and as such, it is dependent on the member states.

The ITU was not involved in Internet governance until late 2006, when Hamadoun I. Touré was elected its secretary general. Touré made the Internet a central issue for the ITU from the start of his tenure. A citizen of Mali, he speaks fluent Russian and studied at the Communications Institute in Leningrad, the same institute where Boris Goldstein, one of the main Russian experts on SORM, studied and has been working for decades. Touré was well known in and maintained close ties with Russia—he was first elected and then, in 2010, reelected with the full support of Russia. As secretary general of ITU, he became very critical of ICANN, and in August 2010 he even refused Rod Beckstrom, then chief executive and president of ICANN, permission to attend an ITU conference.

Krutskikh spotted all this jockeying and, frustrated by the failures to change ICANN, moved to promote a larger role for the ITU. This was a surprising development for Sadowsky. When he met Krutskikh at a Moscow conference in 2008, the Russian official was pleasant and restrained. But it was another story two years later when they met again at the same conference. Sadowsky said something unfavorable about the ITU, and Krutskikh responded emotionally and forcefully, interrupting the American midremarks.

For Sadowsky, it seemed like Krutskikh—and Russia—had wagered a big bet on the ITU.

The tumultuous uprisings of the Arab Spring that threw out long-serving authoritarian leaders—uprisings that Internet communications accelerated—suddenly made the issue of Internet governance more urgent for Putin. In June 2011 Putin went to Geneva to talk to Touré. They met at the large hall at the UN Office, and Putin reminded Touré that Russia cofounded the ITU and went on to say that Russia intended to actively participate in “establishing international control over the internet” by using the capabilities of the ITU.[12] It was an audacious idea: to control the Internet using a century-old UN agency.

Krutskikh, in preparation for the new effort, moved in August 2011 to another department inside the foreign ministry. The department was closely tied to the security services and had once been supervised by a former first deputy director of the FSB. Then in March of the following year he was made a special coordinator for issues regarding political use of information and telecommunication technologies—the Internet—and given a rank of ambassador. He was to be Putin’s point man on a campaign to wrest more control of the Internet from the United States.

The next major ITU conference was scheduled for December 2012 in Dubai. The top ITU officials intended to use the gathering to change the rules for the Internet globally through a review of an existing global treaty, which was last updated in 1988, before the digital era. The ITU intended to amend the treaty to include the Internet and, thus, make it subject to ITU regulation. And the Kremlin decided to make the conference in Dubai the launch pad for a general offensive against US domination of the Internet.

Krutskikh went to work recruiting other countries to support Russia. He won nods of agreement from China, where the Internet is rigidly and widely censored, and from Central Asian nations that were former Soviet republics and also largely authoritarian. In May 2012 Krutskikh won backing directly from the Kremlin. The former minister of communications Igor Shchegolev moved to the administration as Putin’s adviser on the Internet, and he fully shared Krutskikh’s ideas about the ITU and ICANN. Shchegolev had accompanied Putin in June 2011 to Geneva and took part in the meeting with Touré.[13] The new communications minister, Nikolai Nikiforov, twenty-nine, was technically savvy but inexperienced. He was appointed to his position from Kazan, Tatarstan, where he had served as Tatarstan’s minister of communications. He was far from being an independent political figure.

Krutskikh plotted his strategy for the Dubai meeting in an office near the foreign ministry’s twenty-seven-story tower in central Moscow. His office building next door looked like a giant, seven-story cube with an oblique angle. From there, on the fourth floor, with an Andreevsky Flag (two blue stripes crossed diagonally on white, the insignia of the Russian fleet) on the wall and a spaceship model on his desk, with his papers always carefully sorted, Krutskikh laid out the battle plan, drafting dozens of proposals for the ITU summit.

Google launched a campaign against the Russian offensive. In May 2012 Vint Cerf, “chief Internet evangelist” at Google and widely recognized as one of the fathers of the Internet, published an op-ed in the New York Times headlined “Keep the Internet Open.”[14] He referred to Putin’s remark at the meeting with Touré in 2011 and criticized a proposal submitted by China, Russia, Tajikistan, and Uzbekistan to the UN General Assembly that sought to establish government-led “international norms and rules” in cyberspace. Cerf proclaimed, “The decisions taken in Dubai in December have the potential to put government handcuffs on the Net.” He appealed for action against it.

But Russia was undeterred, and preparations became more intense. In June the first draft of the Russian proposals to the ITU conference were leaked to the press. They were couched in jargon, but the point was crystal clear: Russia proposed to give countries the right to control the Internet in cases in which it was used “for the purpose of interfering in the internal affairs or undermining the sovereignty, national security, territorial integrity and public safety of other states, or to divulge information of a sensitive nature.” This would give nations the right to censor on the slimmest of pretexts.[15] Then, just two weeks before the conference started in Dubai, there was another leak of Russian proposals, and then another one. The direction of the drafts was the same, giving nations “the sovereign right… to regulate the national Internet segment.”[16]

The two-week ITU conference started on Monday, December 3, at the Dubai World Trade Center, a thirty-nine-story rectangular tower built in 1978 at the city’s Trade Centre Roundabout. More than nineteen hundred participants from 193 countries attended.[17] Krutskikh hoped this would be his triumphal moment.

The Russian delegation was led by the minister of communications, Nikiforov, with Krutskikh as a member of his team. Touré at once appointed Nikiforov one of the vice chairs of the conference. Russia’s hopes looked promising: the Russian team had already secured private pledges of support from China and eighty-seven other countries for the draft proposals, and Krutskikh was determined to win over other countries.

Throughout the first week of the conference the participants debated the leaked Russian drafts in the corridors and meeting rooms as they waited anxiously for the official Russian proposal to come.[18] Tensions were high, as the United States opposed talking about Internet regulation at the ITU conference at all. On Thursday, December 6, the head of the US delegation, Ambassador Terry Kramer, convened a special briefing. Kramer was not a career diplomat but rather a top company manager with a twenty-five-year career in the private sector and telecommunications, mostly at Vodafone, and was specifically appointed by President Obama to head the delegation. Kramer didn’t hesitate to use strong words. “Fundamentally, the conference, to us, should not be dealing with the internet sector,” he declared. “That carries significant implications that could open the doors to things such as content censorship.” He dismissed the Russian proposals out of hand. “What can happen is what are seemingly harmless proposals can open the door to censorship, because people can then say, listen, as part of internet security, we see traffic and content that we don’t like.”[19]

On Friday, December 7, a twenty-two-page document was passed to the conference’s organizer, the ITU. It was headed, “Russia, UAE, China, Saudi Arabia, Algeria, Sudan, and Egypt. PROPOSALS FOR THE WORK OF THE CONFERENCE.” The document had the insignia of the ITU globe at the top and was dated December 5, 2012. Although the document was written in English, it had been edited by someone with a computer in Cyrillic. Some of the editing changes were made by Maria Ivankovich, an expert at the Radio Research and Development Institute within the Russian Ministry of Communications, one of three major research centers involved in developing SORM, the Russian system of communications interception.

A day later, on December 8, the website wcitleaks.org made a splash in the media by publishing a link to the latest Russian proposal, which declared that member states have “the sovereign right to establish and implement public policy, including international policy, on matters of Internet governance.”[20] The proposal drew condemnation from around the world, and Krutskikh’s dream began to fall apart; the Egyptian delegation announced that despite the fact that its name was on it, it “never supported the document.” On December 10, without explanation, the Russian delegation withdrew it. It was reported that Touré talked personally to Nikiforov to persuade Russia to withdraw the proposal following American threats to walk out of the conference if the document was formally submitted.[21] Touré feared that the proposal could break up the conference completely, and he wanted the new treaty to be signed.

The Russian initiative failed spectacularly—strongly opposed by the United States and other Western governments.

At the last day of the conference, on Friday, December 14, a new treaty was offered for signing, and eighty-nine countries endorsed the document, including Russia. Much of the language of the earlier drafts had been taken out, but the final document still contained Article 5B, which stated, “Member states should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services.”

It sounded rather unobjectionable. But the Western delegations were certain that this clause was intended, among other things, to support actions by governments that want to control content on the Internet, as Russia was striving to do. Kramer said the treaty was “seeking to insert governmental control over Internet governance” and, in a dramatic moment, walked out of the hall, destroying any prospects for a treaty.[22] On the whole, fifty-five countries refused to sign the new treaty, including Western European and Anglo-Saxon nations, and their refusal to sign the new treaty meant that the document simply could not be implemented.

Krutskikh was the only Russian official in Dubai willing to comment. “The Americans are the fathers and mothers of the Internet, and we have to appreciate that,” he said with bitterness. “But words like ‘Internet’ and ‘security’ should not be treated like curse words. They have been treated like curse words by some delegations at this conference.”[23]

The Kremlin had sought to recruit nations from around the world to change the rules of the Internet to give authoritarian countries the ability to censor it. But it didn’t work. The nations involved in building the Internet, chiefly the United States, were dead set against it.

Krutskikh’s dream slipped away.

A few months after the ITU disaster Krutskikh took part in a conference on information security in Russia. He spoke at length about the threats to Russia on the Internet, and when he finished, Irina approached him and asked for a comment about what had happened in Dubai. He was both angry and passionate, stating that the Russian initiative didn’t fail because it was never officially on the table. Then he exclaimed, “We have not lost! Eighty-nine countries support us!” He vowed that Russia would continue to promote its model of global Internet regulation in every possible forum.

Snowden’s revelations of mass surveillance of Internet and telephone metadata in 2013 prompted other countries to start thinking in terms of “national sovereignty” on the Internet, and the United States faced widespread condemnation and criticism. Brazil’s communications minister said that local ISPs could be required to store data on servers within the country, saying local control over data was a “matter of national sovereignty.” Later, Germany’s Deutsche Telekom declared that it wanted to create a national Internet to protect Germany from privacy infringements. In February 2014 German chancellor Angela Merkel, furious at the disclosure that the NSA had monitored her cell phone, raised the prospect with French president François Hollande to build a European network so as to avoid data passing through US servers.

In June 2013 Presidents Obama and Putin agreed to establish a new working group within the US-Russia Bilateral Presidential Commission as part of a cyber security confidence-building measure between the two countries. To chair the group from the Russian side Putin appointed deputy secretary of the Security Council Klimashin, and Krutskikh was made the group’s cocoordinator.[24] Putin clearly still trusted Krutskikh and his generals. The new working group gathered for the first time in November in Washington; the participants, our sources told us, consciously left Snowden’s name out of the talks.

Krutskikh got a second chance. In February 2014 Putin appointed him his special representative for international negotiations on Internet regulation. On April 23–24, in São Paulo, Brazil, a conference was held, NETmundial. Provoked by Edward Snowden’s revelations, it was a two-day global meeting on the topic of Internet governance. Nikiforov, the Russian minister of communications, noted that the conference delivered a standing ovation after a speaker expressed words of gratitude to Snowden. Nikiforov delivered welcoming remarks prepared by Krutskikh, and they had all his usual hallmarks—attacks on ICANN and calls to hand over all powers to the ITU. But against Nikiforov’s expectations, the speech didn’t go over well—the participants simply ignored Russia’s proposals.

The very next day in Moscow Putin declared that the Internet was a “CIA project” and that Russia needed to be protected from it.[25] His remarks were reported far and wide, overshadowing the Russian presentation at the conference, and Nikiforov’s speech was omitted from the documents of NETmundial. The Russian ministry was outraged and published a protest on its site.[26]

Many countries were unhappy with the way the Internet was governed, but it didn’t mean they would march in lockstep with Russia. They could be very critical of US dominance on the Internet or the way their citizens’ personal data was circulated, but they were not ready to turn the global network into a collection of local Internets under the control of national governments.

The Kremlin’s attempt to change the global rules of the Internet fell flat. But there were other ways Putin could experiment with digital sovereignty—for example, in a small, beautiful town on the Black Sea.

CHAPTER 12 Watch Your Back

In the center of Toronto, on Bloor Street, on a cold day in March 2013 we walked up the steps of a two-story English-style mansion with a tall round tower attached to it. During World War II the building was used to train pilots to identify weather patterns, but now it is part of the University of Toronto. Inside we found a bunch of geeks and researchers who worked to identify surveillance and filtering equipment on communications around the world.

We were met by Professor Ron Deibert, forty-nine years old, who, as a scholar, was deeply interested in the impact of the Internet on world politics. In the mid-1990s he moved to the University of Toronto because it had been the home of Canadian communications theorists Harold Innis and Marshall McLuhan. In 2001 the Ford Foundation offered him a $250,000 grant to conduct research on the Internet and international security, giving rise to a research center known as the Citizen Lab.[1] Deibert recruited ex-hackers, programmers, and researchers in an effort to discover hidden surveillance and content filtering on global networks.

In a few years Citizen Lab emerged as a primary source of data on repressive regimes’ Internet intrusions and attacks on their critics and opponents. In 2009 they identified a massive intrusion into the computers of the Tibetan leader, the Dalai Lama, and on computers in 103 countries. The intrusion was called “GhostNet” and was believed to have emanated from China. Citizen Lab also revealed malware campaigns against Syrian activists and exposed how a remote intrusion and surveillance software called FinFisher was used against protesters in Bahrain and political dissidents in Malaysia and Ethiopia.

We met that day in the tower on Bloor Street. The group also included Masashi Nishihata and Sarah McKune from Citizen Lab as well as Eric King of Privacy International, the British organization concerned with privacy issues. Deibert showed us into the turret room under the ceiling of the tower, known to the staff as the Jedi Council. We joined the group to plan an investigation into Russian surveillance in the upcoming Olympic Games, scheduled for February 2014 at Sochi on the Black Sea.

The games were a showcase for Vladimir Putin. In 2007 he had personally presented, in English, Russia’s bid to the International Olympic Committee, and Russia won. In the years before the games Putin put the FSB in charge of providing security for the Olympics. In 2010 an FSB general, Oleg Syromolotov, was appointed as the chairman of the Russian group that would oversee security at the games. We described to the others at the meeting how Syromolotov, inside the FSB, was not in charge of counterterrorism operations, as might be expected; rather, he was a top counterintelligence officer at Lubyanka since 2000. He spent his entire career in the KGB and then the FSB, and for thirteen years he had directed FSB efforts to hunt down foreign spies. Now he was put in charge of providing security for a major international gathering that would host athletes, journalists, and political leaders from around the world. We told the group that Syromolotov’s appointment was significant. It could mean that Russia viewed the games as an opportunity to collect intelligence.

We obtained a PowerPoint presentation about security at the games that was primarily concerned with the communications challenges, and we found something revealing on its final pages, which we shared with our colleagues. The slides revealed how SORM—the black boxes of the FSB that were placed on all kind of communications connections—were being deployed to Sochi to cover all communications at the games. The next to last slide gave a list of the black boxes’ basic requirements, including that they should be able to “intercept all segments of the network,” that the fact of SORM’s presence there should be completely secret, that there should be an iron-clad system to avoid anyone discovering that they were being intercepted, and that they should be hidden from the personnel of phone companies and ISPs. We suggested to our colleagues that Russia was preparing to use surveillance of the same intensity that China had in the 2008 Summer Games in Beijing.

King, of Privacy International and a world-renowned expert in spotting the presence of surveillance equipment suppliers, had made it his passion to attend every expo on surveillance throughout the globe. He knew what SORM was about—he had come across this technology in Central Asia. He asked us, “What does it mean that it is being upgraded for the Olympics? Does that mean that SORM will be combined with deep packet inspection [the system of infiltrating the content of communications]? If they were used together, would that transform the targeted surveillance into mass surveillance? In other words, would it help to identify and track, say, activists by words they use?”

We just didn’t know. We thought there might be clues if we could find out what hardware and equipment was being used, but that would take some digging.

One thing we did know was that the FSB and Interior Ministry officials spoke openly and increasingly about their experiences in the 1980 Moscow Olympics more than three decades earlier. Officials had learned certain lessons about both surveillance and physical security of the Games. The lesson for surveillance was to monitor as much as possible; the lesson for physical security was to isolate the Games as much as possible.

In 1980 the Olympic Games were secured in a way that was only possible in the totalitarian Soviet state—Moscow was ruthlessly cleansed of any possible troublemakers, who were sent out of the capital, and the city stood empty for the two weeks of the competitions, surrounded by troops and with KGB officers at every corner. When some of the sporting events were underattended, the authorities just sent troops to fill the stands. The Moscow Olympics was surrounded by paranoia; the KGB prepared dozens of reports of foreign intelligence services’ “hostile intentions” to undermine the games.

We underscored to the group in Toronto that the appointment of Syromolotov, a top counterintelligence officer in the FSB, seemed to echo this Soviet-style approach. It was clear that in Sochi the authorities wanted to combine the KGB’s traditional methods with cutting-edge surveillance technologies.

Those who gathered in Citizen Lab’s tower that day knew how quickly the pace of electronic surveillance was growing in Russia. The FSB’s supervision of the Olympics security meant that all measures were to be carried out under a veil of secrecy. For years it had been impossible to obtain comments from the FSB; the press office was effectively shut off from journalists’ requests. Not only officials but also companies contracted by the authorities to provide security solutions were reluctant to talk.

Under the turret that day we acknowledged with the others that there were many unknowns. We felt that Russia was preparing something large and menacing in surveillance, but we didn’t know how it would be actually used, how it would work, and what was the goal for the FSB: to gather intelligence using interception and surveillance, to stop protesters from reaching the site of the games, or maybe to use the surveillance measures as a big stick to intimidate and frighten possible troublemakers?

We also wondered about the future of SORM and what the Russian authorities wanted to do after the games ended. Was Sochi intended to be a laboratory to be replicated all over the country? After all, many security measures, first tested in Moscow in 1980, were then introduced on the national level. Even the antiriot police units known as OMON, which had beaten protesters during the demonstrations in 2011–2012, were formed because of the Moscow Olympics. What kind of legacy would Sochi leave in terms of surveillance and control of information?

The information games were afoot.

Once we got back to Moscow we decided to make a point of examining all kinds of open sources, including technical documents published on the government’s procurement agency website, zakupki.gov.ru; Russian law requires all government agencies, including the secret services, to buy their equipment through this site. We also scrutinized presentations and public statements made by government officials and top managers of firms involved with the Olympics and security for the city of Sochi. We reviewed public records of government oversight agencies such as the telecoms watchdog Roskomnadzor. Soon we found out that our suspicions about upgrading SORM were correct.

The Russian Supreme Court keeps statistics about court orders issued for interception, but they are held deeply inside the court’s filing system and are not in the open. For years finding such information was impossible; members of parliament told us they could not get it. Then a lawyer gave us a hint on how to mine the data out of the computers. We followed the lawyer’s advice and discovered what we were looking for—the court’s statistics. We found that in six years Russia’s use of SORM had skyrocketed: the number of intercepted phone conversations and e-mail messages doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These figures do not include counterintelligence eavesdropping on Russian citizens and foreigners, the area of Syromolotov’s department.

It was hard to find specific details about SORM deployment in Sochi, so we turned to the data of Roskomnadzor, the communications watchdog that was very busy making sure SORM equipment was properly installed in the Sochi region. We discovered that several local ISPs were fined for having failed to install Omega, the SORM black box recommended by the FSB. One document from Roskomnadzor showed that in November 2012 the ISP Sochi-Online was officially warned for “failing to introduce the required technical equipment to ensure the functioning of SORM.”

Our suspicions about SORM deepened on April 8 when Gus Hosein, director of Privacy International, forwarded us a US State Department warning for Americans wanting to attend the Olympics in Sochi. The document, issued by the department’s Bureau of Diplomatic Security, carried the title, “Russian SORM Factsheet, Winter Olympics; Surveillance; Cyber,” and it warned that when traveling to Russia, people “should be aware that their telephone and electronic communications may be subject to surveillance, potentially compromising sensitive information.” The warning then went into details describing SORM, stating that the system “permits the monitoring, retention and analysis of all data that traverses Russian communications networks.” The document warned people heading to Sochi to be extremely careful:

When we read this, we wondered what the Americans knew about SORM that we didn’t.

A year before, in August 2012, the Americans were the most numerous spectators at the London Olympics, with over sixty-six thousand Americans attending the games.[3] It was clear that Americans would come by the thousands to Russia in February 2014.

Although we worried about the use of surveillance and interception in Sochi, it had a legitimate purpose in fighting terrorism. The threat and the reality of terrorism cast a long shadow over Sochi, and then it happened.

On April 15, 2013, Boston hosted its annual marathon, and 23,000 runners took part. About two hours after the winner crossed the finish line but with more than 5,700 runners yet to finish, two bombs detonated on Boylston Street. Three people were killed and more than 250 injured. The same day, using surveillance cameras, police identified two brothers as suspects, Tamerlan and Dzhokhar Tsarnaev. After a manhunt, the older brother, Tamerlan, was killed, and Dzhokhar captured. It was soon discovered that over a decade before the attack, their parents, ethnic Chechens, had moved the family to the United States from Dagestan, a Russian internal republic in the North Caucasus.

The terrorist attack had a lasting impact on the way the terrorist threat to the Sochi Olympics was viewed in the United States and around the world. It was long assumed that the militants in the North Caucasus were not interested in attacking Western targets. Since the 1990s the Chechen movement shifted from a nationalist agenda to make Chechnya independent, to one embracing radical Islam. The Chechen’s top commander, Dokku Umarov, proclaimed an Islamic state in the North Caucasus, the Caucasus Emirate, in October 2007, and since then militants spread across the republics of the North Caucasus, but primarily in Dagestan. They continued to attack Russians—developing a clear terrorist strategy, attacking civilians on the Russian mainland, including in Moscow, and killing law enforcement personnel in the North Caucasus. But foreigners were not in their crosshairs.

The Boston bombing raised questions about whether that had changed. To make things worse, in a few months thousands of Americans would fly close to the Islamists’ stronghold; Sochi, one of the most beautiful places in South Russia, on the coast of the Black Sea, is geographically located at the foot of the Caucasus Mountains.

Soon it became known that the Russian FSB had sent messages in 2011 to the FBI and CIA about Tamerlan Tsarnaev.[4] Though these letters were not real warnings—rather, the FSB asked for information on Tsarnaev, fearing he could join the militants in Dagestan—this information inflamed public opinion in the United States, and there were calls for more cooperation between Russian and American security services. Putin and Obama spoke twice by phone in the wake of the marathon bombing.[5] A White House statement said Obama praised the “close cooperation” Washington received on counterterrorism from Moscow, stating, “Both sides underlined their interest in deepening the close cooperation of the Russian and US special services in the fight against international terrorism.”[6] On May 11 British prime minister David Cameron said that the Russian and British security services would cooperate in the build-up to the Winter Olympics in Sochi after his talks with Putin, adding that Britain would be providing “limited” security support at the Olympic Games. “We both want the Sochi Games to be a safe and secure Games,” he said.[7]

This was a bad time to be asking questions about surveillance at the Olympics. The bombings in Boston made many people more tolerant of surveillance because of tangible fears of terrorism.

Six months before the Olympics were to open, on August 19, 2013, Putin signed an executive order, No. 686, that effectively turned the Olympics venue into a fortress.[8] It banned the entry of all vehicles and cars apart from those specially registered to Sochi from January 7 to March 21, 2014. Putin’s order also prohibited any protests in the area of the Games during this period. But some of the fortress wasn’t visible.

All those who wanted to visit the Olympics were required to pass through advance screening by the security services. The Russian authorities introduced a new security measure, a spectator pass that all visitors of the Games would need to have. To get it, a visitor was required to post his or her passport data and photo on a special website and wait for the FSB to check their information. If there were no suspicions, an applicant could receive a spectator pass, which bore his or her photo and name. Only with the spectator pass in hand could a visitor buy tickets to the Olympic competitions. The procedure was clearly aimed at gathering data on tens of thousands of people from across the globe.

In August 2013 Irina decided to get a spectator pass, so she went on the official Olympic website. Because the procedure required taking a photo, Irina clicked the function to do this. Her computer then warned her that the site “is requesting access to your camera and microphone. If you click ‘Allow,’ you may be recorded.” This seemed a bit odd, so we asked Citizen Lab’s researcher Byron Sonne to look at the site more closely. “This image, where the Flash entity on the site is asking for access to your camera and microphone, does indeed appear pretty intrusive and downright creepy,” he responded. We wondered whether this procedure was intended to collect legitimate information or to send a message that everybody was being watched.

We analyzed dozens of open-source technical documents published on the government procurement agency website as well as public records of government oversight agencies and presentations of companies contracted by the government. We confirmed that SORM had been greatly strengthened in Sochi for the Olympics.

In November 2012 it was announced that there would be free WiFi access at all the competition venues “for the first time in Olympic history” as well as in the media centers and media hotels. But all users were required to login and provide their spectator pass details—the FSB wanted to make sure nobody went unrecognized.

Conventional security measures would be high at Sochi, with more than forty thousand police on duty and more than five thousand surveillance cameras installed across the city. To gather data from cameras, in 2009–2011 Sochi had a federal program called “Safe Sochi,” and a centralized command and control center was built in the city. The cost of the program was more than 1.5 billion rubles (over $48 million), and 1.2 billion of that was provided by MegaFon, one of three national mobile operators. We also discovered that Sochi was to be the first Olympics that would use surveillance drones, with both the FSB and the Interior Ministry acquiring drones. The FSB also purchased sonar systems to detect submarines so as to prevent a sea-launched terror attack.

We wanted our investigation to come out before the Olympics, as we hoped that the international and national media attention to Sochi could help prompt the conversation about out-of-control surveillance throughout Russia. But where could we publish the story? When dealing with sensitive stories, Russian media preferred not to be the initial source. In our investigation project “Russia’s Surveillance State,” most of our stories were first published in Wired and only then translated and picked up by Russian media.

The Guardian seemed to us the obvious choice. The British newspaper put a great deal of effort into covering surveillance issues. In these months the Guardian had been running Snowden’s revelations almost on a weekly basis, and the Guardian’s Luke Harding had been our friend since his days as a Moscow correspondent.

We wrote to Luke in early September, describing what we had. “Sochi is a terrific story,” he answered. He forwarded our e-mail to the Guardian’s foreign editor and put us in touch with their new Moscow correspondent, Shaun Walker, whom we met at a Moscow café to discuss the story and possible repercussions. It was a very sensitive story, and we didn’t know how the Kremlin might react to such an account in a Western newspaper; the Games were Putin’s personal project, guarded by the FSB. The decision was not easy for Shaun either; though he had been living for years in Moscow, it was his very first week as the Guardian Moscow’s correspondent, and the FSB had expelled his predecessor, Luke Harding, from Russia two years before.

We spent three weeks editing and repackaging our investigation. Meanwhile Shaun worked on getting comments. But it was slow and painful. Finally Shaun said that the Guardian had decided to run the story on October 1. Then it was delayed. And then, a surprising development: on the morning of October 2 the authorities announced that there was to be a press conference about security measures at the Olympics, that day at 2:00 p.m. Shaun rushed to the RIA Novosti building, where the press conference was to take place. FSB official Alexey Lavrishchev was listed among the participants and stated, “No, the city of Sochi will not be like a concentration camp.” He then recalled the London Olympics: “Video surveillance cameras were mounted everywhere, even, excuse me, in the toilets. None of this will happen in Sochi!” He stressed that security in Sochi will be “invisible and unnoticeable.”[9] Shaun sent us a quick message, “Amazing press conference! He read off a sheet of paper for 15 minutes, then they had questions, but only Russian outlets.” He added, “He scuttled off like a crab at the end.”

The Guardian ran our investigation on Sunday, October 6, placing it on the front page and headlined, “Russia to Monitor ‘All Communications’ at Winter Olympics in Sochi.” It added, “Exclusive: Investigation Uncovers FSB Surveillance System—Branded ‘PRISM on Steroids’—to Listen to all Athletes and Visitors.” The term “PRISM on Steroids” was coined by Ron Deibert, with PRISM referring to the especially intrusive NSA program designed to intercept communications without the knowledge of communications services providers, exposed by Snowden.

Three days after the Guardian piece was published, the major English-language Russian government propaganda outlet, the Voice of Russia, ran an interview with a pro-Kremlin expert about the story, full of personal attacks against us and Shaun Walker.[10] We had expected as much. But the next day the position was changed: the same Voice of Russia published a story that seemed to come clean about what we were reporting. We were stunned at the admissions, particularly the headline that admitted that the authorities were tapping the phones. “Don’t Be Scared of Phone Tapping During Sochi-2014, It’s for Your Own Safety—Experts.”[11] We were further surprised when these experts talked openly about the equipment installed. They admitted that “technological equipment of special services provides for eavesdropping on telephone conversations, as well as for analyzing social network and e-mail correspondence” and said that “this kind of control is the best way to spot terrorist activity and nip the problem in the bud.”[12]

We began to wonder: Why was this being acknowledged so openly? Were all these sophisticated technologies going to be actually used at Sochi, or was it something else? Was it just the threat of surveillance being used to intimidate and deter? What really puzzled us was that the story was not met with the usual denials and silence; instead, the authorities were talking about it.

Even as the acknowledgment of the surveillance plans surprised us, we did a double-take on November 8, 2013, when Prime Minister Dmitry Medvedev signed an instruction listing all the parties who would be subject to FSB surveillance, including the organizers of the Games, all the athletes from around the world, judges for the competitions, and the thousands of journalists who would converge on Sochi.[13] The decree provided for the creation of a database for the users of all types of communication, including Internet services at public WiFi locations “in a volume equal to the volume of information contained in the Olympic and Paralympic identity and accreditation cards”; that is, the database contained not only each subscriber’s full name but also detailed information guaranteed to establish his or her identity. The database contained “data on payments for communications services rendered, including connections, traffic, and subscriber payment,” meaning it contained all information on who called whom or sent messages during the Games as well as the location of each call. In the language of intelligence agencies this is called “gathering metadata,” the same kind of data-harvesting that the US NSA carried out and Snowden exposed.

It was the openness of Medvedev’s instruction that shocked us—it was posted on the government’s website. What’s more, it seemed to us that the authorities were trying, somehow, to signal that at the Olympics, watch your back, because we are watching you.

Medvedev’s instruction required the government to store the data collected during the Games for three years and said the FSB must be provided “round-the-clock remote access to the subscriber database.” That means the FSB, operating from a remote location, will have three years to explore by whom, when, and how often athletes, judges, and journalists attending the Games were contacted.

On November 13 three members of the European parliament tabled written questions that raised concerns about surveillance at the Sochi Olympics, referring in particular to our investigation. “Given that everybody seems to be spying on everyone else these days, it seems legitimate to ask questions not only about the EU and the United States but about Russia as well,” said Sophie in ‘t Veld, a Dutch member of the European parliament and the author of the questions. “Russia is a particular problem because of the Olympics, which it is using as a pretext for stepping up surveillance, with no court oversight.” She added, “I hope this will act as a wake-up call.”[14]

On December 29, at 12:45 a.m., a suicide bomber walked in the hall of the railway station in Volgograd, about six hundred miles from the venue of the Olympics, and blew himself up. Eighteen people were killed. The next day around 8:30 a.m., a trolleybus that connects a suburb to Volgograd’s downtown area was hit by a suicide bomber, killing sixteen people. Volgograd is a large city located in the South Federal District of Russia, the same district as Sochi. Militants from Dagestan organized the bombings, which raised fears that the Russian authorities would be unable to secure the Games and that the “ring of steel” Putin had declared was built around Sochi would not stop terrorists. The stakes were high, and Western leaders hastened to offer Putin more help in providing security. Privacy concerns were set aside.

On Sunday, January 19, the Islamic militants in Dagestan claimed responsibility for the bombings. They also delivered a direct threat to the Olympics. In a video posted online two men addressed Putin, “If you hold these Olympics, we will give you a present for the innocent Muslim blood being spilled all around the world: in Afghanistan, in Somalia, in Syria.” One of them added, “For the tourists who come, there will be a present, too.”[15]

A few days before the video was posted, Dokku Umarov, a leader of Islamist extremists on the North Caucasus, was reported to have been killed by Russian forces, but it didn’t eliminate the threat. The Olympics presented a tempting target for militants. In the 2000s strong censorship in the Russian media had deprived the militants of attention, and the movement was in decline. But for the Olympics the eyes of all major global news organizations were to be focused on Sochi.

At the time journalists spotted wanted posters with the images of three women who were suspected suicide bombers, so-called black widows, at the airport and in the Sochi hotels. Police launched an urgent search for possible suicide bombers and distributed the posters further. For months the Russian media had been under pressure to report everything around the Olympics in positive way, and now they were hesitant to report the news that black widows were being sought inside the “ring of steel.” Then a local blog, blogsochi.ru, posted information about these suicide bombers. When NBC reported the news, the Russian media picked up the story. The authorities felt clearly uncomfortable; they had failed to prevent the news from spreading.

Meanwhile, after the publication of our investigation in the Guardian, dozens of Western journalists came to us, asking anxious questions about their communications before traveling to Sochi. Some of them were on their way back from Sochi to Moscow and told us stories of odd happenings with their phones and laptops in Sochi. Wacek Radziwiniwicz from the Polish newspaper Gazeta Wyborcza could not connect with the server in Warsaw, and his phone received wrong SMSs. “Our technicians told us not to use public Wi-Fi,” said Nataliya Vasilyeva, Moscow correspondent for the Associated Press. “But sometimes we used it, and every time the system required to provide all details for identification. It was like enter and say, ‘Hello, it’s me.’”[16] Andrei opted not to bring his laptop to Sochi when he traveled to the city with an NBC crew in early January.

Boris Nemtsov, an opposition leader in Moscow and a former deputy prime minister, had written a report, published in 2013 and prepared with help from Nikolai Levshits, a civil activist, that documented some of the corruption surrounding contracts for the Olympics. He suggested that more than half of the $50 billion spent on the Games had disappeared. Just before the Games, in January 2014, Levshits applied for a spectator pass to the Olympics. He tried twice, but every time the website sent him the same message: “Your application is rejected.” He also noticed that the website tried to take control of his laptop.[17]

On February 5, two days before the opening ceremonies, Dmitry Kozak, the deputy prime minister responsible for the Olympic preparations, made a tour with foreign journalists around Sochi. Kozak had a surprising response to some criticism expressed by journalists about the conditions in the hotel rooms: “We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall, and then leave the room for the whole day,” he said.[18] His statement was bizarre but also struck us as containing a fascinating warning: we are watching you, even in the shower.

The Games opened on February 7, and the grand opening ceremony at the Fisht Olympic Stadium lasted for three hours. Forty thousand spectators came to watch the event, and Putin personally greeted the athletes. The official theme of the ceremony was “Dreams of Russia,” and the mood was festive.

That same day the website nosochi2014.com, which had been launched in 2007 to protest the Sochi Olympics and to serve as a reminder of ethnic cleansing carried out against Sochi’s native people—the Circassians—by Czarist Russia, was hacked and infected by malware.[19] Citizen Lab experts looked at the site and discovered that the site included a malicious JavaScript hosted on the domain e094bcfdc2d.com, which at the time of investigation, was hosted at an address registered to the Russian State Institute of Information Technologies and Telecommunications in St. Petersburg.

On February 19, four days before the Games ended, the protest band Pussy Riot made a trip to Sochi to perform and planned to record a new video clip. They knew it could be difficult: after the group performed a punk prayer, “Mother of God, Chase Putin Away,” in Moscow’s Cathedral of Christ the Savior, they were considered an enemy of the state, and three of them were imprisoned. Anastasia Kirilenko, a journalist for Radio Liberty, was to accompany Pussy Riot in Sochi. They were well aware of surveillance and had talked details of the coming trip via ChatSecure, an encrypted smartphone messenger. One of the group’s supporters gave them new cell phones that, in Sochi, they used exclusively. But it did not help Pussy Riot avoid surveillance. Video cameras spotted their car, and the police detained them a few times under false pretexts.[20]

Nevertheless, Pussy Riot managed to perform in Sochi twice. Five girls in colorful balaclavas started to shout out “Putin will teach you to love the Motherland” in front of the Sochi-2014 banner and were immediately attacked by a group of Cossacks, who beat them with whips, ripped their masks off, and threw the group’s guitar away. Journalists recorded the group’s performance and the Cossacks’ intrusion. A bit later the group held another performance in central Sochi next to the Olympic rings in front of the city hall. Although police watched the event, they did not intervene. The video of the clip went viral.

The Russian secret services have had a long tradition of using spying techniques not merely to spy on people but to intimidate them. The KGB had a method of “overt surveillance” in which they followed a target without concealing themselves. It was used against dissidents. After all of the evidence we found of investments in cutting-edge surveillance technologies, the FSB primarily used them for intimidation; they wanted to showcase their surveillance and did not hide it, like the “overt surveillance” of the KGB. The authorities didn’t deny our investigation—in fact, it was confirmed by the Voice of Russia, and Medvedev’s decree, openly posted, also sent a strong signal. Even Kozak’s comment, though extremely bizarre, seems to make the same point—in Sochi we are watching you everywhere.

But the intimidation didn’t work. Committed bloggers, foreign journalists, Pussy Riot, and activists all managed to do their thing without much restraint. If the surveillance was built to prevent protests or bottle up information, then the surveillance state built in Sochi was a paper tiger. Still, publicly Sochi became a great personal success for Putin; he got support domestically and around the world. After all, nobody wanted to question the enormous $50 billion cost of the Games.[21] It was all justified by success: Russia was back. The games went off largely without a hitch—there was no terrorism and a great deal of national pride on display.

We don’t know with any degree of detail how much interception or surveillance was carried out at Sochi using such things as SORM and other technology. But we think there is another possibility, equally disturbing: the Russian secret services gathered large amounts of personal data on all visitors to the Games, including diplomats, journalists, and all kinds of officials. And these efforts were planned and conducted under guidance of the top counterintelligence official in the country, and counterintelligence officers tend to play a long game. It cannot be ruled out that someday, long after the closing ceremony of the Olympic Games, any one of these people could be approached with the information collected in February 2014 in Sochi.

CHAPTER 13 The Big Red Button

On February 23, 2014, the day the Sochi Olympics ended, Putin was not entirely happy. One of his guests, a close ally, who was with him at the opening ceremony of the games had gone missing from Sochi. Viktor Yanukovych, the Ukrainian president, had disappeared from his capital, Kiev, a day before. After months of protests against Yanukovych on the Maidan, the central square of Kiev, no one knew where the president had gone. Television broadcasts showed that some government buildings in the capital had been abandoned; the headquarters of the Ukranian secret police was also empty, and police were nowhere to be seen. Protesters had pulled down a monument to Lenin. The demonstrations and the sudden dissolution of Yanukovych’s presidency appeared to Putin to be far more serious than the public uprisings known as “color revolutions” over the previous decade in Ukraine and Georgia, and, beginning in 2010, the Arab Spring; this time it looked more like August of 1991, when the Soviet Union teetered on the abyss. For Putin, the events in Ukraine suggested that the elites of the country had split, and some of them had betrayed Yanukovych, a frightening prospect for the Russian president. Putin had invested his personal prestige in Yanukovych and sent his intelligence officers to Kiev under the guidance of a colonel general of the FSB to show his support. When Yanukovych fled, Putin saw it as proof of a conspiracy by the West to undermine Russia’s sphere of influence, which, in his mind, included Ukraine.[1]

In a week the Russian military transported Yanukovych to Rostov-on-Don and unmarked Russian troops occupied Crimea, which had been part of Ukraine. On March 1 Putin obtained permission from the cheering Russian parliament to use troops in Ukraine as well.[2] They unleashed an unprecedented campaign of propaganda, calling the Ukrainian protesters “fascists” and warning that Russians living in eastern Ukraine were threatened.[3] This was the start of a major armed conflict that engulfed eastern Ukraine in the months ahead as Russian-backed separatists battled Ukrainian troops for control of several provinces. Thousands of people were killed and injured in the war, inciting sharp protests and Western sanctions imposed on Russia.

As soon as the crisis began, the Russian authorities tightened control of information online. Since 2012 the Kremlin had been actively building mechanisms and tools of control of the Internet, and now the moment came to test their effectiveness. On March 3 Roskomnadzor rushed to block thirteen pages of groups linked to the Ukrainian protest movement on the Russian-based social network VKontakte.[4]

On March 8 pro-Kremlin activists launched a new website that pointed a finger at “national traitors.” It was established on the domain predatel.net, where predatel stands for a traitor, and domain extension .net for nyet, or no: no traitors. It sought to gather the public statements of liberals deemed unpatriotic and then threaten them. The first name on the list was Navalny, and it also included the opposition leader Boris Nemtsov, journalist Sergei Parkhomenko, artists and writers, and some civil activists and journalists who took part in Moscow protests in 2011–2012.

A week later a popular Russian news site, Lenta.ru, suddenly faced the traditional methods of intimidation by the authorities. On the morning of March 12 Roskomnadzor issued the website a warning for publishing material of an “extremist nature,” citing an interview with one of the leaders of the far right Ukrainian party, Pravy Sector. The interview was conducted by Ilya Azar, the reporter who had exposed the carousel voting fraud during the Russian parliamentary elections in December 2012. On the same day as the warning the owner of Lenta.ru, Alexander Mamut, called the editor, Galina Timchenko, and demanded Azar be fired. Timchenko refused, so Mamut immediately fired Timchenko. All thirty-nine journalists of Lenta.ru left the publication in protest, along with Timchenko.[5]

On March 16 a hurried referendum in Crimea resulted in a call to join Russia. Two days later Putin summoned both houses of the Russian parliament to the Kremlin for what was to be one of his most memorable and emotional speeches celebrating the taking of Crimea, with its big Russian-speaking population, from Ukraine. To effusive applause Putin spoke emotionally about the destiny of Russia. And then, finally, he turned to the West, noting that Russia’s actions had already drawn threats of sanctions that might cause disruption inside Russia. He paused and then asked ominously, “I would like to know what it is they have in mind exactly: action by the fifth column, this disparate bunch of ‘national traitors,’ or are they hoping to put us in a worsening social and economic situation so as to provoke public discontent?” He promised to “respond accordingly.”[6]

Earlier, on March 13, Roskomnadzor had blocked three independent opposition news media—Kasparov.ru, Ej.ru, and Grani.ru—along with Navalny’s blog on LiveJournal.com.[7] Maxim Ksenzov from Roskomnadzor was quick to explain that the sites were blocked because of “extremist calls.” He added that Navalny was no longer allowed to use communications and post anything on the Internet: “Wherever the materials appear under his name—there will be blocking.”[8]

The political commentary site Ej.ru represents Ezhednevny Journal, or Daily Journal, and was launched in 2005 in a desperate attempt to save a team of journalists thrown out of Itogi magazine during the annihilation of Gusinsky’s media empire. With a simple design, it published three stories per day along with some short news items. Along with Grani.ru, it was a platform for prominent liberal commentators in the country, from satirist Viktor Shenderovich, to military experts and political analysts expelled from traditional media in the 2000s. The site enjoyed popularity among the liberal-minded intelligentsia.

Since February Ej.ru had come under fierce attack from Putin’s supporters after it had published a column by Shenderovich in which he questioned the whole wave of intense patriotism ignited by the Sochi Olympics.[9] Despite the attacks, Ej.ru continued functioning, and on this day it had a story that dissected Russian propaganda and the televised euphoria surrounding the annexation of Crimea by Russia. That same day Navalny posted the results of phone polls conducted by his activists about Crimea and Ukraine, revealing that Russians’ attitudes were dramatically contrary to the propaganda. Navalny said his surveys showed that 84.5 percent of those asked viewed Ukraine as a friendly country.

From this day onward all three sites and a blog were blocked on Russian soil.

The night of Putin’s speech, worried journalists of the liberal and independent media arranged an urgent meeting. They chose to meet at the Sakharov Center, the venue of human rights organizations, named after the Soviet dissident Andrei Sakharov, on Thursday, March 21. The center occupies two buildings—a two-story mansion and a tiny exposition hall on the embankment of the Yauza River. It was given the premises in the early 1990s by the first Russian government, which felt in some debt to Soviet dissidents, and for years the center was used to host talks and debates on human rights issues.

That evening Sergei Lukashevsky, the thirty-nine-year-old director of the center who had brought his children to the demonstration on Bolotnaya Square in 2012, was waiting for the journalists and bloggers to gather on the second floor of the Sakharov Center, in a room filled with chairs set in a circle. All editors of the blocked websites came to the meeting, including Alexander Ryklin of Ej.ru; Vladimir Korsunsky, editor of Grani.ru, and Kirill Samodurov, editor of Kasparov.ru. Galina Timchenko, a former editor of Lenta.ru, was among the first to arrive. Anton Nossik walked in, followed by Grigory Okhotin from OVD-Info. Olga Romanova, from Russia Behind Bars, who had collected money via Yandex Money for the protests in 2011, also appeared. There was also Nikolai Lyaskin, one of Chief Navalny’s lieutenants, and Lena Bereznitskaya-Bruni, the editor of Newsru.com who had helped us withstand FSB pressure in 2002. All in all, dozens of journalists and bloggers came along with some liberal lawyers.

The day they had all feared had finally arrived. Since November 2012 the filtering in Russia expanded to areas way beyond protecting children from harmful content. By March 2014 Russia had four official blacklists of banned websites and pages: the first one to deal with sites deemed extremist; the second to block sites containing child pornography, suicide, and drugs; the third to block sites with copyright problems; and the fourth, the most recent one, created in February 2014, lists the sites blocked—without a court order—because they call for demonstrations that had not been approved by the authorities. There is also an unofficial fifth blacklist aimed not at sites but at hosting companies based abroad that Roskomnadzor considers to be uncooperative and, thus, need to be blocked.

The fourth blacklist, which included Ej.ru, Kasparov.ru, Grani.ru, and the Navalny blog, exists thanks to the efforts of Andrei Lugovoi, a former KGB officer best known for his involvement in the poisoning of another former Russian security agent, Alexander Litvinenko, who fled to London in 2000 and was assassinated in 2006. The British authorities accused Lugovoi of conducting the poisoning by radioactive polonium, allegations he vehemently denied. Instead, he accused the British intelligence of carrying out the poisoning and got a seat in the Russian parliament. He was made a member of the Security Committee, in charge of writing legislation for the Russian secret services, of the State Duma. Putin approved Lugovoi’s blacklist in December 30, 2013, and it came into force on February 1, 2014.

The discussion at the Sakharov Center was emotional. Roskomnadzor’s failure to provide any reason for the blocking outraged editors of the blocked sites. In the letters they all received they were simply told, with no explanation, that they would be blocked. Korsunsky remarked darkly, “Websites are blocked just because they are suppressed as enemy information sources. Putin said it openly: ‘The enemies.’ He’s going to fight with this. But legally, there is still a possibility—as long as we breathe, we need to do something. As well as to keep working.” But he urged, “We should be ready to work in a state of war.”

The editors debated possible legal avenues of resistance and technical solutions that could bypass the blocking. The odds of winning in court seemed slim. Ryklin angrily said that everybody should finally understand that their sites are blocked forever, and even if the lawyers would be able to win in court, the next day the General Prosecutor’s Office would find another article to use as pretext for blocking.[10]

Olga Pashkova from Ej.ru suggested launching a united platform for all blocked sites. Other journalists thought about posting extracts of the stories on Facebook. Nossik exclaimed, “Forget about Facebook—it would be blocked in a month. We are walking in the direction of North Korea!” Timchenko insisted that the blocked sites should turn to social media, “Launch your campaign in social networks and contact the administrators of large groups, for example in VKontakte. That’s all. This is a very big resource.”

The journalists thought of some joint action they might take, a campaign for the blocked websites, but it was clear this was not a good option. An editor of the Echo Moskvy website, which might have been counted upon to take up the campaign, was at the meeting but was conspicuously silent. Nossik was not discouraged, arguing that they all have an advantage: “We all work with bytes, right? And we can all interact with the same bytes.” He said that they don’t need to meet somewhere regularly to coordinate efforts; it’s enough to meet on Facebook. And when Facebook would be shut down, somewhere else.

But they all urgently needed to find a way to bypass the blocking. There was a lot of talk about Tor, a circumvention tool in widespread use around the world and essentially a network of virtual tunnels: instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover a user’s tracks so nobody at any single point can tell where the data came from or where it’s going. In the case of the blocked sites, it meant that people who came to the blocked sites couldn’t be seen as coming from Russia, thus evading Roskomnadzor’s blocking. It’s easy to use, and the only problem with Tor is that a user must install Tor software on the computer to use its network.

That posed a fundamental problem: How could they teach readers to use circumvention tools? The blocked sites already lost thousands of readers, and although a committed audience would find a way to get to the sites, the question remained: How would they reach the rest?

Nossik came up with the idea to promote Tor and other circumvention tools on his page on LiveJournal.com and called others to follow his example. Some suggested to remember the Soviet dissident practice of disseminating information on carbon-copied typescript known as samizdat. Some offered to print leaflets.

One of those at the meeting was Artem Kozlyuk, a thirty-five-year-old born in Cherepovets in central Russia to a military family. He studied at the Cherepovets military school, spent a few years in the army, and soon moved to Moscow, where he joined the Pirate Party in 2011. The idea of Internet censorship shocked him, and the day the blacklist came into force, on November 1, 2012, he launched a project against filtering. It was called Roskomsvoboda, or Freedom from Roskomnadzor, and was also known as Rublacklist.net. On the home page of the website there is a link to the major treasure of the project—the total of how many sites are blocked and a list of sites blocked by mistake.

Ksenzov and Zharov, the brains behind Roskomnadzor, had made the official blacklist secret, ostensibly to avoid promoting the blocked sites and pages. The list is available only to authorized ISPs so they can check the lists daily. Kozlyuk was certain that the primitive system of filtering inevitably led to the blocking of innocent sites that happen to be hosted on the same IP address, so he made his cause to find a way to check the blacklist against the real numbers of blocked sites. Some liberal ISPs shared the data from the blacklists, and Kozlyuk was able to check how many sites are blocked along with the sites targeted by Roskomnadzor. The difference in numbers was astonishing—whereas Roskomnadzor insisted that only a few thousand sites were blocked, Kozlyuk’s figures showed tens of thousands of sites. Kozlyuk knew better than anyone in the room how the filtering was organized, and he was hopeful. He described how one day he wanted to go to a prohibited site, Grani.ru. When he did this, the page was blank—it was blocked. But his home ISP had defiantly put a message on the blank page, saying, “To bypass the censorship, click here.” The link then took the user to a site with a list of circumvention tools. Kozlyuk’s point was that many friendly ISPs might be enlisted to help bypass the censorship. Kozlyuk’s idea drew support, but few in the room believed it would be able to solve the problem of blocking.

But soon a technical solution was found, one that was much more effective at evading the blacklists.

Ruslan Leviev, then twenty-seven years old, is a computer geek and a lawyer by training. Short and thin, with earrings in both of his earlobes and often with a radical haircut, he was born in the Russian Far East, where he worked for an NGO providing poor citizens with legal support in court. In 2009 Leviev moved to Moscow, and two years later he joined the protests in Moscow against fraud in the parliamentary elections and was detained along with hundreds of outraged Muscovites. He spent two days in prison, and when he left the detention center, he decided to volunteer to help Navalny build his online projects. The first was the online elections watchdog Navalny launched.

When the law on filtering was debated in 2012, Leviev attended the meetings at Roskomnadzor as Navalny’s representative, and he got to know Ksenzov. Leviev tried to explain why the filtering was such a bad idea, and he invited Ksenzov to talk to the audience of Habrahabr, the biggest Russian web community of programmers, where Leviev published extracts of Navalny’s blog on fighting corruption. On January 4, 2013, Ksenzov started answering the participants’ questions and posted his answers for a few days. Leviev thought this was a very good sign—he even asked the audience to be polite with Ksenzov because he could not imagine an official from any other ministry department willing to talk to them.

When Navalny’s blog on LiveJournal was blocked on March 18, 2014—the blog on which Leviev had worked so hard—Leviev came to realize that the cooperation with the authorities was pointless. Everything seemed to change so quickly; Ksenzov at once started to attack Leviev, calling him a foreign agent and the fifth column because Leviev had volunteered for Navalny.

Leviev felt desperate, but one day a friend gave him an idea of how to bypass the blocking. When someone visits an Internet site, such as Lenta.ru, the domain name is linked to one or more Internet protocol addresses, which are a set of numbers. Sometimes there can be a whole list of these addresses linked to one domain. By changing the list of the Internet protocol addresses assigned to the domain on the site of domain names registration center, Leviev found that he could trick the blocking—even send it off in another direction entirely. In an experiment he manipulated the numbers so that when Roskomnadzor tried to block Navalny, they instead blocked a pro-Kremlin site called Lifenews.ru. Next he tried redirecting the censorship to block Roskomnadzor’s own internal list of sites that were currently blocked, paralyzing Roskomnadzor.[11] “It was like the blacklist blocked itself,” Leviev recalled.

It was a bright victory for Leviev’s team: the system of technical filtering had gaps, and Leviev thought about how to exploit them, not to harass Roskomnadzor but to keep Navalny’s blog online.

They set up a domain, navalny.us, with lots of subdomains—the technical mechanism of blocking does not block all subdomains. Leviev called for help: on the site of navalny.us he posted instructions on how to make a subdomain, and urged people to make them and send word to Navalny. Over sixty volunteers responded, many with several subdomains, and Leviev got a network of 150 to 200 possible subdomains, ready to go.

The system became known as the “Big Red Button of Navalny”—the user gets to navalny.us, sees a big red button, pushes it, and it leads him or her to one of the subdomains. Navalny’s blog survives.

Next Leviev went to war against Roskomnadzor’s censors. He figured out how to identify who inside the agency was responsible for the search-and-destroy missions against Navalny and others.[12] In April Leviev published a large post with a scheme, logs, and detailed explanations of who was in charge inside of Roskomnadzor for checking the blocked sites.[13] By exposing them, he made their lives difficult, often trapping them into long, pointless dead ends. When the censors came to work and started to check whether the Navalny blog was working, their screens were filled with images of cats and ponies—a wicked retaliation.

Leviev was pleasantly surprised one day when Roskomnadzor officials acknowledged to the newspaper Vedomosti that they saw a cat instead of Navalny’s blog.[14] It was a triumph—a rare one—for the digital revolutionaries. Despite all of Roskomnadzor’s efforts, Navalny’s blog was alive and accessible, and no one needed special software like Tor to access the site.

Leviev was sitting in the offices of TV Dozhd in the Red October compound when he told Irina about his success in evading the censors. Leviev’s small company, Newscaster, was broadcasting online from an antiwar street demonstration in Moscow for TV Dozhd. Newscaster provided the broadcast to TV Dozhd for free because Leviev thought its content was important. The TV Dozhd premises were almost deserted because the channel was on the move after having come under constant pressure. In the patriotic hysterics that were already evident in January 2014, TV Dozhd was accused of being unpatriotic for conducting a controversial online poll that asked viewers whether Leningrad, now St. Petersburg, should have been surrendered to the Nazis in 1941 in order to spare its citizens the mass agony of a brutal nine-hundred-day siege. The poll took place on Sunday, January 26, a day before the seventieth anniversary of the lifting of the siege. Pro-Kremlin bloggers immediately attacked the channel, and in thirty minutes Ilya Klishin, now editor of the channel’s site, removed the poll and apologized for the wording. On Monday Putin was in St. Petersburg to take part in official celebrations.[15] He was on his way to the Piskarev cemetery where his brother, who had died during the blockade, is buried, when he was shown the TV Dozhd poll.[16]

On January 27 Sindeeva, the founder of TV Dozhd, was sitting in her glass office at Red October. She started getting calls and e-mails from viewers that the channel was going off the air in different regions. A cable operator, who said it was his patriotic duty to throw TV Dozhd off his package, began the attack, and soon others followed.[17] By then TV Dozhd was present in 18 million homes and enjoyed a monthly audience of 12 million viewers. Every day an estimated 1.1 million people watched it. The audience in regions was on the rise, and Sindeeva’s contacts told her that the presidential administration was worried about the growth in viewers; TV Dozhd had ceased being just a Moscow hipster’s thing. Some operators called Sindeeva and explained that they got phone calls from the Kremlin and could not resist the pressure.[18] “It was a snowball,” Sindeeva said. When, on January 29, Putin’s spokesperson Dmitry Peskov said, “TV Dozhd crossed the line of the permissible,” all other cable operators followed suit and switched off TV Dozhd.[19] The channel lost millions of viewers—its lifeline.

Sindeeva desperately tried to find a way to get the channel back on cable. The channel held a press conference, and Sindeeva talked about the pressure. She asked for a personal meeting with Putin and was initially told that Putin agreed. However, Volodin intervened, and the meeting never happened. Journalists of the channel went to Putin’s press conferences and asked questions about the fate of TV Dozhd, and on April 17 Putin said something encouraging but it led nowhere.[20] In June a TV Dozhd reporter tried again, but the result was the same. Putin simply shrugged, “I don’t know who gave the command to switch you off from the cable, I didn’t give such a command.”[21] It looked like a déjà vu—his words echoed his meeting with NTV journalists in January 2001.

From this time forward TV Dozhd was available only on the Internet. It lost many advertisers, and Sindeeva was forced to introduce a paid model for TV Dozhd content.

In March TV Dozhd got a letter from its headquarters’ landlord: in a few months they were to be expelled from its premises on Red October, the symbol of the modernized hipsters of Medvedev’s time. For some months journalists of TV Dozhd had to broadcast from their apartments. But they broadcast nevertheless.[22]

On August 2, 2014, Ksenzov’s agency, Roskomnadzor, reached a new level, attempting to censor the Internet beyond the Russian borders. The agency sent a request to fourteen websites to block information about an unapproved march in Novosibirsk to support greater autonomy for Siberia from the Moscow central authorities. The march was organized by Artem Loskutov, a twenty-eight-year-old performance artist in Novosibirsk who played out political themes in his art. He wanted to protest Russia’s interference in Ukraine by mimicking the Kremlin’s rhetoric about “federalization” of Ukraine to justify the separatists’ war there.[23] The news of Loskutov’s planned demonstration went viral, and the Russian BBC interviewed Loskutov. At once the service received a request from Roskomnadzor to remove the interview from its site. Ksenzov confirmed that the request was valid but declined to explain. In response, the BBC made the request public and refused to remove the interview.[24] Roskomnadzor threatened to block the site bbcrussian.com on Russian soil, but never followed through.

Most of the fourteen sites complied with Roskomnadzor’s request. Among them were Ukrainian websites. One of them was the site TSN.ua, whose editors said they were acting “to maintain accessibility of the entire site for the Russian audience.”[25] Other sites, like obozrevatel.com, glavcom.ua, and delo.ua, refused to comply, so Roskomnadzor blocked them on Russian soil.

On August 6 the German Internet hosting provider Hetzner Online AG received an e-mail from Roskomnadzor requesting they suspend hosting of the popular Ukrainian news media site glavkom.ua. Hetzner agreed and sent a warning letter to the editors of glavkom.ua. Immediately the letter was posted online, triggering protests—people were outraged that a request from Russia to a firm in Germany could take down a website in Ukraine. Hetzner was forced to apologize.

In December 2014, however, Roskomnadzor sent a warning to the American news site BuzzFeed for posting a video the Russian authorities deemed extremist. The video was removed not by BuzzFeed but by Google, which owns YouTube.[26]

This was an important victory for Roskomnadzor, marking the first time the agency openly and shamelessly blocked foreign websites for expressing political views regarding Russia.

But in late December 2014 Roskomnadzor made another move, this time against Facebook. On December 19 activists opened an event group on Facebook in support of Alexey Navalny. Navalny, along with his younger brother, was facing trumped-up accusations of fraud. The case was used to keep Navalny under pressure as well as a pretext to keep him under house arrest for months. Prosecutors had asked the court to sentence Navalny to ten years in jail, and the verdict was expected in few days. The event on Facebook was actually an invitation to gather in the center of Moscow to protest against the verdict, as there was no doubt he would be found guilty. The prosecutor’s office immediately issued a request to Roskomnadzor to block the event, and Roskomnadzor forwarded the document to Facebook’s office in London.[27] Facebook complied, blocking the group on December 20.[28]

The outraged activists launched several new groups, and Leviev, in few hours, added a new “big red button” on the site navalny.us that linked to the current, unblocked event group on Facebook. Facebook’s decision to comply with the Russian censor triggered a great deal of outrage in Moscow and abroad.[29] Following the outcry, Facebook and Twitter decided not to block the event groups launched by Navalny’s supporters.[30]

The online protest forced the authorities to change their plans: instead of January 15, the Navalny brothers’ verdict was announced on December 30. Alexey Navalny was given three and a half years of suspended sentence, and his younger brother, Oleg Navalny, was sent to prison for three and a half years.[31] If the authorities had hoped to discourage protesters by shifting the verdict to December 30, the day before New Year’s Eve, they miscalculated. That cold night thousands of Muscovites assembled on Tverskaya Street, two hundred meters from the Kremlin, to protest Navalny’s verdict. Navalny, who was still under house arrest, made it to Tverskaya but was detained shortly after he appeared along with some of his close supporters.

Almost twenty-five years prior, Relcom and Demos programmers didn’t wait for someone to tell them what to do during the putsch. Likewise, in December 2014 activists didn’t wait for a leader’s decision—in this case, Navalny—to start launching groups to support him on Facebook. It was a horizontal structure, a network, that made all of that possible. It repeated itself time and again.

Although Navalny stood as a symbol of Moscow’s protests in December 2011, he was under lock and key most of December. It was activists and journalists who took over organizing protest rallies. Three years later, in December 2014, Navalny was again under lock and key, placed under house arrest, and he couldn’t take part in organizing efforts. But again it didn’t matter. The group on Facebook was launched first by a Navalny friend, Leonid Volkov, and when this first group was blocked, a dozen new groups were launched, this time by people with no ties to Navalny who were simply outraged by censorship.

The authorities who sought to block, filter, and censor simply did not know what to do with the forces behind the “big red button.”

CHAPTER 14 Moscow’s Long Shadow

On November 21, 2013, Mustafa Nayyem, a thirty-two-year-old liberal television journalist, had been deeply disappointed by Ukrainian president Viktor Yanukovych’s decision to postpone the integration of Ukraine into the European Union. Yanukovych hesitated to sign an agreement with the EU because of pressure from Vladimir Putin, who wanted to hold Ukraine close to Russia and opposed any pact with Europe.

Nayyem posted an angry message on Facebook. “Well, let’s get serious,” he wrote. “Who today is ready to come to Maidan before midnight? ‘Likes’ don’t count. Only comments under this post with the words, ‘I am ready.’ As soon as we get more than a thousand, we will organize ourselves.”

This Facebook post started the Ukrainian revolution. Thousands went to Independence Square, popularly known as Maidan, and stayed there. In the months that followed, the Maidan was turned into an improvised fortress, surrounded by barricades, fires, and smoking tires and guarded day and night by protesters. The protesters wanted closer ties with Europe—a sentiment that was shared by part of Ukraine’s population, largely in the western portion of the country, whereas the east felt aligned to Russia, not in the least because most spoke Russian as their first language. The protests in Kiev were a seminal crisis for Putin, who felt a move by Ukraine toward Europe would be intolerable—it would bring the West to Russia’s borders.

On November 30 the Ukrainian riot police, the Berkut, launched an offensive against the protesters on the Maidan, and dozens were severely beaten. The protesters were forcibly dispersed. Some of them took refuge in St. Michael’s Cathedral, an elegant gold-domed monastery not far from the square. The police then besieged the monastery.

Sasha Romantsova worked at a bank in Kiev, but her job didn’t fit her energetic personality. At twenty-seven, she had already successfully created a large student movement at her university and was deeply interested in events at the Maidan. She had joined one of the first marches in favor of Ukraine’s integration with Europe.

When the protests were dispersed into the monastery, Romantsova received a desperate text message from a friend hiding inside, who said the Berkut were battering down the monastery’s doors. Romantsova was frightened for her friend and angry at the use of force against the protesters. She called the Center of Civil Liberties of Kiev and volunteered to do something—anything—to help to defend the protesters. The center, based in a residential apartment in the center of Kiev, was at that moment thinking the same thing; a workshop was under way on human rights. They decided to form a volunteer service to help locate the detained and wounded from the Berkut crackdown and to open a telephone hotline to gather information from those in trouble.

But one of the most important decisions made that day was to open a group on Facebook, called Euromaidan SOS, which immediately gathered over ten thousand followers. When Romantsova called the center to volunteer, she was told, “We opened a phone hotline, and we need a volunteer to sit here from 4:00 a.m. to 8:00 a.m.” Romantsova enthusiastically accepted. She had to be at work at 9:00 a.m. but was more than willing to work the hotline for four hours first. She stayed there for months during the Maidan uprising, shuttling between the office and the hospital where the wounded were treated. When a few radio stations and a major television channel advertised the phone numbers for the hotline—actually three cell phones—the project expanded rapidly. It began with the intention of locating casualties, but it soon became an information service, fielding calls from all over the city. People called in to report eyewitness spottings of the Berkut, which were then posted on the Euromaidan SOS page, asking those who lived nearby to verify them and report back.[1]

The Euromaidan SOS experiment on Facebook took advantage of the horizontal structure of a network, allowing people to share information readily and disseminating it where it was needed without the need for an established organization behind it. What happened in Kiev was reminiscent of Relcom’s request in August 1991 for users to look out their windows and report back troop movements, but this time it was not e-mails but Facebook that provided the platform. The authorities knew where the Euromaidan SOS was based, but the speed of the network took them by surprise. The Euromaidan SOS group on Facebook thrived and grew with the protests. Soon Euromaidan SOS had created comprehensive lists of the wounded or those missing or detained by the Berkut, and the lists were frequently checked and updated. Along with Romantsova, 250 volunteers worked on Euromaidan SOS, searching for the missing and keeping a direct telephone line open to the Maidan protest organizers on the square. Regular announcements were made by megaphone at the square regarding those who were missing or detained.

Yet the digital pathways that enabled protest could also be used against the protesters. The night of January 21, 2014, was frosty and only about 10 degrees at the Maidan. Most of the protesters were sleeping in tents. Suddenly, all their cell phones vibrated with a new text message. The number was disguised as a service message, and it read, “Dear subscriber, you are registered as a participant in a mass disturbance.”

The identical message went to users of each of the three mobile operators in the city—Kyivstar, MTS, and Life. But it went only to people who were on Independence Square. The phrasing of the message echoed language in a new Ukraine law that made it illegal to take part in a protest deemed violent. The law had taken effect that very morning.

The sense of the message was clear: the protesters had been identified. The text message was a means of intimidation.

Romantsova also received the text. She wasn’t taken aback by it, but she and the protesters saw it as a new trick by the authorities against the protesters. Many of the Maidan protesters quickly took a screen shot of the message and posted it online—the network answered back, defiantly.

In fact, the texts appeared to have an effect opposite the one intended—they outraged many Ukrainians and were widely reported.[2] All three Ukrainian mobile operators immediately denied they had sent the text messages. So the question emerged: If the message was not sent by the mobile operators, how it was done?

Kyivstar suggested that it was the work of a “pirate” cell phone tower set up in the area. This could have referred to something called an IMSI-catcher, a device that can emit a signal over an area of nearly four square miles, forcing hundreds of cell phones per minute to release their unique IMSI and IMEI identification codes, which can then be used to track a person’s movements in real time. Every phone has such identification codes, although most people are not aware of it. This technology also can be used to intercept text messages and phone calls by duping cell phones within range into operating with a false cellular tower. A transceiver around the size of a suitcase can be placed in a vehicle or at another static location and then operated remotely by security agents.

However, the telephone carriers could offer no evidence that a pirate tower was used, but there is another possibility: SORM—the black boxes, which can monitor both Internet and cellular communications—could identify the protesters and send the message. If security services had SORM, they could use it as a back door into the Ukrainian mobile networks, giving them the ability to carry out such an operation without being detected.

A fascinating clue then emerged. A Kiev city court had ordered Kyivstar to disclose to the police which cell phones in their network were turned on outside the courthouse during a protest that occurred on January 10.[3] The warrant, No. 759, which we obtained, was issued by a Kiev district court on January 13. Its goal was to identify people in the particular area of the protest. Further, the police specifically requested that a representative of Kyivstar be excluded from the proceedings to keep the operation secret. The judge agreed with the police request.

This warrant made clear that the Security Service of Ukraine (SBU) and other law enforcement agencies had the capability to eavesdrop on communications networks without the telecom operator’s knowledge. Thus, the security services could have used their surveillance systems against protesters. On February 3 the communications regulatory agency of Ukraine reported that it could not determine who had sent the text messages to protesters in January. Secrecy prevailed.

After March 1, the day Russia annexed Crimea, many Western experts told us at different cyber security gatherings that they expected a massive denial-of-service attack to be launched against Ukrainian websites. The fears were well founded: every Russian conflict with a neighboring country in the 2000s—including Georgia and Estonia—had been accompanied by such relatively crude onslaughts against the countries’ online resources.[4] For a while the Ukraine conflict developed along the same lines. On March 3 the Ukrainian information agency UNIAN reported a powerful denial-of-service attack, causing the agency’s website to be temporarily taken offline.[5] The Internet infrastructure of the country seemed weak, almost begging cyber hackers to try their hand. Ukrainians clearly understood this vulnerability. That same day Konstantin Korsun, an SBU cyber-security officer in 1996–2006 and now in the cyber security business, working as the head of the NGO Ukrainian Information Security Group and supporting Maidan, appealed for help. “Because of the military intervention of Russia against Ukraine I ask everybody who has the technical ability to counter the enemy in the information war, to contact me and be prepared for a fight,” he wrote on LinkedIn. “Will talk to the security forces to work together against the external enemy.”

Almost immediately he received a reply from Maxim Litvinov, head of the cyber crime department in the Interior Ministry of Ukraine: “You can count on me.” Litvinov said he had analysts, a laboratory, and loyal personnel, and he didn’t want to wait until the country was already under attack.[6]

But the large and much-feared cyber attack on Ukraine did not come as it had been anticipated; instead it came from another direction, a tidal wave of propaganda spread on social networks.[7] The Kremlin launched a massive campaign to infiltrate social networks—first of all, VKontakte—and exploit the digital pathways for its own purposes. Russia possessed certain natural advantages on this information battleground. First, both Russia and Ukraine shared a common cultural and historical legacy in the Soviet Union, such as the experience of World War II and the shared Russian language, used widely in Ukraine. Second, the Russian-based social network VKontakte is the most popular social network in Ukraine, with more than 20 million users. Russian officials knew how to frame the messages they wanted to send and had all but taken control of VKontakte. They then decided to take their information combat to the enemy, fighting on Twitter, YouTube, and Facebook.

From the Kremlin an army was unleashed, a fighting force whose weapons were words. Legions of trolls, people who disrupt online discussions by deliberately posting inflammatory, extraneous, or off-topic messages, were deployed to provoke and intimidate people. The trolls are not usually volunteers but paid propagandists. In the 2000s they were used inside Russia against liberal and independent media and bloggers. Now this army, hundreds of people, was directed outside.

The trolls often appear in the comments section of traditional news media and social media. Katarina Aistova, a former hotel receptionist, then twenty-one years old, was one of them. In April 2014 she spotted something negative written about Putin on WorldNetDaily. “You are against Putin!” she exclaimed in response to another user. “Do you actually know what he does for his country and for people?? The fact is that Obama is losing ground as a leader.” A lot of the commentary was much more strident.

The Guardian was among the first in the Western media to find itself in the Russian trolls’ crosshairs. On May 4 the newspaper reported that a particularly nasty strain emerged in the midst of the conflict in Ukraine, “which infests comment threads on the Guardian and elsewhere, despite the best efforts of moderators.” Readers and reporters became concerned that these comments came from “those paid to troll, and to denigrate in abusive terms anyone criticising Russia or President Vladimir Putin.” The first complaint to the moderators of the Guardian was reported on March 6, when a reader complained, “In the past weeks [I] have become incredibly frustrated and disillusioned by your inability to effectively police the waves of Nashibot trolls who’ve been relentlessly posting pro-Putin propaganda in the comments on Ukraine v Russia coverage.” The Guardian replied that there was no conclusive evidence about who was behind the trolling, although Guardian moderators, who deal with forty thousand comments a day, believed there was an orchestrated campaign.[8]

In 2014 French and then Italian journalists told the authors that they were attacked by trolls when they published critical stories on Russia. In both countries the onslaughts were carried out in fluent and faultless French and Italian, and the trolls attacking the critical reporting from Russia were the same ones who separately were known to write xenophobic and anti-immigrant posts, which led French journalists to suspect that the comments could be coming from a community of far-right-wing activists.

In May, Ilya Klishin, the editor of the TV Dozhd website, shed some light on the trolls focused on the Western media. On May 21 Klishin exposed in Vedomosti the organization of trolls that had been directed to target the American audience.[9] He reported that the team serving under Vyacheslav Volodin, the deputy chief of the presidential administration in Moscow, who had replaced Surkov at the peak of the 2012 protests, had proposed a “systematic manipulation of public opinion through social media.”

Sources close to the presidential administration told Klishin that preliminary work began in the fall of 2013 and that Volodin personally approved the strategy. Volodin also moved Konstantin Kostin—the Kremlin official who once had been on the other end of a phone line, pressuring the Yandex News team to shape their news report to fit Kremlin wishes—into a key position at the Civil Society Development Foundation, a pro-Kremlin organization, although Kostin remained directly subordinate to Volodin.[10] In the summer of 2013 he announced the launch of a new, large system for social network monitoring called “Mediaimpuls.”

It was an ambitious attempt to monitor and manipulate social networks. Kostin boasted that they joined efforts with the Boston-based firm Crimson Hexagon, using a system designed to figure out consumer trends on social networks. According to Kostin, Mediaimpuls could monitor LiveJournal and Twitter along with Russian social networks. But it was cursed with the same trouble the Russian secret services had been lamenting since 2011: it could not deal with Facebook because Facebook does not give up the data.[11]

In the fall of 2013 the newspaper Novaya Gazeta exposed a “farm” of trolls writing away in a suburb of St. Petersburg known as Olgino. There the employees were paid over 25,000 rubles a month, then equivalent to about $900, to post comments on blogs and news articles. The troll farm occupied two rooms in a posh home with large glass walls. According to the report, employees in one room wrote blog posts for social networks, while those in the other room worked on comments. The troll farm had close ties with pro-Kremlin youth movements. Among those working in the glass-walled house was Katarina Aistova, the young woman mentioned above.

Anonymous International publicized the internal reports of this group in May 2014, with documents consisting of dozens of analytical briefs detailing the way the comments were dealt with on US media sites. There were also recommendations, such as this one for the site Politico: “In the future, there should be more provocative comments to start the discussion with the audience.”

The documents show that the masterminds of the troll movement were curious about legitimate online movements—the documents included, for example, a detailed analysis of Barack Obama support communities on Facebook and Twitter. They were also aware of the perils of being deleted by moderators; one brief cautions about “Censorship on the American Internet.” But the most interesting document was one that all but acknowledged that users in the United States could easily spot the troll campaigns supporting Russia, rendering the postings useless. “In the study of major US media, some pro-Russian comments were seen. After a detailed study, it became clear that such comments are extremely negatively perceived by the audience. In addition, users suggest that these comments were written either for ideological reasons or were paid.”

Although the campaign may not have worked well in the United States and Britain, Ukraine was different. False reports from the east of Ukraine and fake photographs of purported atrocities and victims flooded VKontakte and Facebook. Photographs of casualties from the war in Syria were doctored and presented as coming from the Ukraine provinces of Luhansk or Donetsk. The trolls claimed the violence was caused by Ukrainian “fascists” and sometimes borrowed images from war movies to make their point. There was a heart-wrenching photograph of a grieving young girl, sitting by the body of a dead woman sprawled on the ground and carrying the caption, “This is democracy, baby, Ukrainian army is killing Donbass people.” It went viral on social networks under the hashtag #SaveDonbassPeople. In fact, however, the photo was borrowed from a famous Russian film, Brest Fortress, released in 2010, about the Nazi invasion of the Soviet Union in 1941.

Although this and many other postings in the troll campaigns were filled with deceptions, they also struck a nerve, appealing to the historical memory of the Soviet Union—a country that lost over 30 million people in World War II—and carrying a highly emotional message to the Internet audience: fascists were coming again, this time with backing from the West, and there could be no questions asked, no place for skepticism, doubt, or opposition in this fight to the death.

By the end of 2014 the army of trolls enjoyed a major boost. The trolls at Olgino left the glass-walled house and moved to a four-story building in the same suburb of St. Petersburg in order to accommodate their growing numbers, now 250 people.[12] They worked in twelve-hour shifts and were required to post 135 comments a day.[13] New initiatives were launched, such as a quasi-news agency, like ANNA News, which was registered in Abkhazia, a breakaway region of Georgia. The agency set up accounts on a Russian replica of YouTube, known as Rutube; on YouTube itself; and on VKontakte, Facebook, Twitter, Google+, and Odnoklassniki. They posted videos that were presented as news but were largely propagandistic, including videos celebrating fighting by separatists in Ukraine. Another faux news agency, Novorossia television, set up accounts in social networks, posted videos on a daily basis, and collected money for separatists. The videos were then picked up by conventional pro-Kremlin TV channels and disseminated domestically and internationally. The efforts of these fake news agencies were combined with those of dozens of online communities positioned as blogs of patriotic citizens.

Some of the individual trolls enjoyed large, committed audiences. One of them writes under the name Lev Myshkin, taking his name from a character in Fyodor Dostoyevsky’s famous novel The Idiot. The character in the novel is a symbol of Russian humility and kindness, but the troll Lev Myshkin is different. No one knows his true identity, but he is very active online as a Russian propagandist. On Facebook he lists among his friends some prominent pro-Kremlin spin doctors and often mocks Ukraine’s political leaders. His message is bitterly anti-American and anti-Western, and he frequently publishes doctored photographs to make his point. As of this writing, he had almost five thousand followers on Facebook and over twenty-six hundred on Twitter, and more than a million people have watched his videos on YouTube. For all his activity, however, Myshkin’s biggest coup appeared to be something that almost escaped notice.

On February 4 the audio recording of an intercepted phone conversation between Victoria Nuland, the US assistant secretary of state for Europe, and Geoffrey Pyatt, the US ambassador to Ukraine, was posted on YouTube and the next day reposted by Myshkin, opening a new front on the digital battlefield.

The recording was explosive, a conversation between two US diplomats, discussing how to resolve the ongoing standoff between the Ukrainian government and protesters. In the private conversation, recorded in January 2014, Nuland cursed the European Union, expressing frustration at the EU’s handling of the Kiev crisis. According to our sources, Pyatt in Kiev used an ordinary cell phone for this conversation, not an encrypted one. Although the recording was embarrassing to the United States, as Nuland declared “Fuck the EU,” another aspect of it proved incendiary. Nuland expressed a preference for who should enter the new Ukrainian government—proof positive, in the Kremlin’s view, that the United States was calling the shots in Ukraine. It isn’t known precisely who obtained the conversation, but it was someone who wanted to embarrass the United States and had the means to intercept and record a telephone call.

The audio was initially uploaded on the YouTube channel “Re Post,” which had been mostly uploading anti-Maidan videos and smearing Ukrainian politicians. In some videos the voice of the cameraman is heard, he speaks in Russian and pretends to be a journalist, but he is very focused on documenting protesters’ faces, weapons (self-made batons and the like), and actions. Most of the videos got only a few hundred views on YouTube.

Quite suddenly, on February 4, the channel’s moderators uploaded the conversation, along with another conversation between European officials.[14] Two days passed, and no one noticed. Finally, on February 6, Christopher Miller, then the editor of English-language Ukrainian daily Kyiv Post, received an e-mail with a link to the Nuland video. The person who sent it to him, an acquaintance in the security service, asked, “Did you see this?”

Miller was thrown at first. The video had been viewed only three times before Miller watched it, and he wondered whether it was authentic. But the more he listened to it, the more he came to realize it was genuine. He called the embassy to get a comment and asked if it was real. They had no idea what he was talking about and were shocked.[15] Miller at once published the story, on February 6, quoting the intercept on the website of the Kyiv Post.[16]

But a strange thing happened on the way to a public uproar over the Nuland comments: Miller was not the only recipient. In fact, before he published his article, the hot intercept had fallen into the hands of the mysterious troll Lev Myshkin, who posted it on his YouTube channel a day before Miller, on February 5. And when Myshkin uploaded it, the video went viral.

The story of the recording—a murky one of phone calls recorded and mysterious uploads—highlights a larger picture depicting the security services, both in Russia and Ukraine, attempting to influence the political course of events with underhanded means. The eavesdropping on Nuland and Pyatt was probably made possible by SORM technology in Ukraine identical to Russia’s. The recording was then passed from one hand to another until it became public, in the process removing any fingerprints of who originally made the interception and recording. That’s the way combat in the shadows of the digital world is done.

The call created a sensation, but the Ukrainian security service, the SBU, denied any involvement. In two days the SBU held a press conference in Kiev. When asked about the Nuland recording, Maxim Lenko, a senior investigations official in the SBU, who was present at the conference, stepped forward and said, “The Ukrainian Security Service is not conducting any investigation into the matter at this time.”[17]

The video was extensively used by Russian propaganda outlets to portray Maidan as an American conspiracy. The circumstances of the intercept and its circuitous route to the media suggest that it was the SBU, not the Russian secret services, that conducted the interception. It is impossible to know for sure, but we think some SBU officers likely intercepted the Nuland call and then shopped around until they found a colleague or friend who would post it on YouTube. When the scheme didn’t ignite a media storm, they kept shopping for an alternative outlet and eventually found one.

Time and again intercepted conversations in Ukraine were used to compromise political opponents, and surveillance on telecommunications was used as a means of intimidation. This strategy provoked a great deal of speculation about conspiracies; for months a Ukrainian mobile operator was accused of sending Ukrainian citizens’ personal data to Russia and maintaining their servers in Moscow. No proof was ever found.

The truth, however, might be much simpler, tracing back to SORM, the black boxes first deployed in Russia years earlier to monitor telecommunications and Internet traffic. Ukraine’s security services possess their own SORM; except for a period after the Orange Revolution in 2005–2010, they always kept close ties with the Russian security services. The two countries’ security officers carried out joint operations and exchanged information, and that special relationship ended, rather spectacularly, only in February of 2014 when the SBU exposed the names of FSB generals who were present in Kiev on the day Yanukovych fled his capital.

Ukraine’s version of SORM was even more intrusive than Russia’s. “The Ukrainian SORM is tougher—they have the right to interrupt the conversation and we have no such powers,” said Victor Shlyapobersky, a chief of the SORM-testing laboratory at the St. Petersburg branch of the Central Research Institute of Communications, one of three main Russian research centers working on SORM development. To be stuck in the Soviet legacy means to be dependent on Russian supplies of surveillance. When Ukraine updated its national needs for SORM equipment in 2010, the Russian company IskraUraltel, a manufacturer of SORM equipment, was happy to announce that it had successfully tested its SORM devices under the new requirements, and it had been approved by the SBU.[18]

Although Ukraine hewed to Russia’s eavesdropping system with equipment supplied by Russia, this does not necessarily mean that Russian secret services conducted all sensitive interceptions, but this option cannot be ruled out. But it does suggest that the Ukrainian security services modeled their surveillance capabilities after the most opaque and nontransparent example, with origins tracing back to the KGB.

Ukraine possessed not only the same equipment as Russia but also used the same terminology. In two decades of independence Ukraine didn’t modify the basic terms used to label its surveillance departments. In the Soviet KGB the unit in charge of surveillance was called the OTU (Operativno-Technicheskoye Upravlenie, or the Operative-Technical Department), and eavesdropping and surveillance operations were identified in official documentation as ORM. That Soviet-style euphemism means Operativno-Rozisknie meropriatiya, or Operative-Search Measures.

In the 1990s the Russian FSB changed the name of the department to the UOTM (adding the word Measures to its title), but for years Ukraine remained attached to the Soviet acronym OTU. Now this department is called the DOTM (the Department of Operative-Technical Measures), echoing the Russian experience.

In late February in Kiev the chief of DOTM was fired along with Maxim Lenko, who had denied SBU’s role in intercepting the US diplomats’ conversation just three weeks before.[19] In July the chief of DOTM was changed again.[20] This musical chairs of the DOTM indicated that the new Ukrainian authorities didn’t accept that the SBU had had nothing to do with the eavesdropping.

The saga of the Nuland interception and the larger battle for the digital space in Ukraine also reflects the reality throughout the former Soviet Union. Some of the nations that became independent in 1991 simply preserved the methods they inherited from the old regime. “Ukraine, Kazakhstan, Belarus, and Uzbekistan, they all use a system that is much closer to SORM than to the European or American systems,” Shlyapobersky told us. In our own investigations we found documents confirming that Belarus, Ukraine, Uzbekistan, Kazakhstan, and Kyrgyzstan all have their national SORM systems. And in most cases this means their legislation and equipment has also been copied and imported from Russia.[21]

In September 2014, seven months after Maidan, Kiev was back to near normal. Independence Square was cleared; there was no sign of the barricades or burning tires that had once clogged the streets. It was time for the parliamentary elections, and Mustafa Nayyem, who had done so much to launch the Maidan movement with his post on Facebook, was one of the candidates. Andrei had difficulty catching up with his busy schedule, so Nayyem suggested they meet at the city court.

Nayyem had found out that a Ukrainian oligarch was trying to run for parliament despite the fact he had spent most of the 2000s out of the country, and this was against Ukrainian law. So Mustafa went to the court, and on the day we met, the hearings were under way.

The shabby Soviet-style building on Moskovskya Street, where the city court occupies a few floors, posed a striking contrast to the Moscow city court, which is all marble, statues, and expensive furniture. In a tiny room packed with journalists, a bald-headed Mustafa, wearing all black, with his two lawyers, faced three judges.

Mustafa’s lawyer was in the middle of a long peroration, full of details. The main judge turned left and whispered something to his colleague.

Mustafa’s lawyer exclaimed, “You should listen carefully to what I’m saying!”

“Well, the entire country listens to you now,” the judge said apologetically.

And he obviously didn’t mean only the lawyer.

CHAPTER 15 Information Runs Free

Along with the pressure on global platforms such as Facebook, Google+, and Twitter, the Kremlin also wanted to ratchet up the pressure on two very popular Russian platforms—the social network VKontakte, with massive user groups of thousands of people involved in political events, and the search engine Yandex, which carried news headlines on its home page that had become essential daily reading for millions of Russians. Both enjoyed widespread use beyond Russia’s borders in the former Soviet Union. When Russian authorities set out in 2014 to win the hearts and minds of Russian-speaking populations at home and abroad and to persuade them to accept the Kremlin’s version of the conflict in Ukraine, controlling these two home-grown platforms became crucial.

The year began in confusion for VKontakte. On January 24 Pavel Durov, the primary founder, sold 12 percent of the company—his share—to a friend, Ivan Tavrin, CEO of MegaFon, one of the biggest telecommunications companies in Russia, and offered odd explanations for the sale in a post on his page on VKontakte, saying that “what you own, sooner or later, owns you.” Reclusive, Durov communicated almost entirely with the outside world by posting on his page. In the same post, however, he stressed that he would remain CEO of VKontakte. “It’s my responsibility to [take] care of and protect this network,” he wrote.

VKontakte was modeled after Facebook, and Durov even chose the same fonts and colors, blue and white, for his network, but with a more primitive design. The network itself is a strange mix of contradictions: although a user is required to provide a genuine identity to register with VKontakte, the network has been famous for years as a safe haven for pirates, and many used it as a source of watching movies and listening to music for free.[1] It was Russia’s most popular social network in 2012, earning over $15 million in net profit that year.

VKontakte was caught in the middle of a conflict over control of the company between two of its biggest shareholders, both oligarchs: Igor Sechin and Alisher Usmanov. Sechin was a personal friend of Putin; Usmanov was a pro-Kremlin oligarch who had gathered a vast media empire of formerly liberal news outlets—he started with Gazeta.ru, then acquired Kommersant, and later turned to the Internet—and absorbed LiveJournal.com, the most popular blogging platform, as well as Mail.ru, the most popular e-mail service, and was believed to want to acquire some of Yandex too.

When caught in the squeeze between the two oligarchs, Durov was feeling the pressure personally. Some shareholders reportedly launched an internal investigation at the behest of one of the oligarchs into Durov’s business expense accounts, for reasons that were unclear.[2] In spring 2014 the pressure took its toll on Durov, who was still only twenty-nine years old. His moves became frantic. On March 11 he posted, “Seven Reasons to Stay in Russia,” in which he wrote, “In recent months the topic of emigration from Russia has become fashionable. But I go against the trend, and here are my seven reasons to stay in the country.” He listed low taxes, talented people, beautiful girls, and so on.

On April 1, out of the blue, Durov announced he was resigning as CEO of VKontakte. Then, two days later, he disavowed his resignation statement, and four days after that he posted a new message, lamenting bitterly the situation inside the company. He said he had filed a lawsuit to try to get back on the board of directors.

Whereas Durov’s previous posts had largely been about the company’s internal ownership conflict, the posts that he put up on April 16 carried a more ominous tone; they potentially applied to everybody who used the network. The first was posted at 9:36 p.m.:

He then posted a scan of the FSB letter, exactly in the same manner as he had in December 2011, when he refused to cooperate with them about the protests in Moscow.

The second posting, two hours later, declared, “On March 13, 2014, the Prosecutor’s office requested me to close down the anticorruption group of Alexey Navalny. I didn’t close this group in December 2011, and certainly, I did not close it now. In recent weeks, I was under pressure from different angles. We managed to gain over a month, but it’s time to state—neither myself, nor my team are going to conduct political censorship…. Freedom of information is the inalienable right in the post-industrial society.”

On April 21 Durov was fired as chief executive. He learned the news from journalists. He claimed he was fired because of his public refusal to cooperate with the authorities. The next day TechCrunch, a website, asked Durov in an e-mail about his future plans. “I’m out of Russia and have no plans to go back,” he wrote back. Durov left the country.

With Durov gone, the company was firmly under the control of two loyal oligarchs; the Kremlin had managed to repeat the tactic it had used earlier with traditional media, like Gusinsky’s Media-Most in the 2000s. This time it was even easier, as there were neither journalists to demand a personal meeting with Putin nor users who might turn out for demonstrations on Moscow’s streets. At this time the Kremlin believed they fully controlled the VKontakte company and its network—they foresaw no surprises. What the Kremlin miscalculated was that a social network is different from either television or newspapers. Although journalists generate the content in traditional media by working in the editorial office, users, often widely dispersed, create the content on social media, and they don’t care who owns the network.

These legions of dispersed users would soon prove VKontakte’s strength.

On April 24 Putin fired a shot that had wide reverberations for the second-largest Internet company in Russia. He was in St. Petersburg at a media forum organized by the All-Russia People’s Front, an ultrapatriotic, populist movement Putin had launched in haste in 2011 to corral political support from the provinces and other quarters when his United Russia Party, largely made up of bureaucrats, lost the respect of many voters. The new People’s Front, consciously evoking symbols and names from the Soviet era, had a modern political purpose for Putin: to counter the liberal-minded, Westernized intelligentsia of the big cities.

It was a staged event in the round, and in the middle of the discussion a pro-Kremlin blogger, Viktor Levanov, addressed Putin with an unusually long statement about the Internet. Levanov first attacked the United States—“It is an open secret that the United States controls the Internet”—then went after Google specifically. “Why can’t they build servers here?” he said, echoing the Kremlin line. “I do not want my personal data and information about politicians that run my country to go to the United States.”

Putin weighed in and answered as he had before, referring to Snowden and NSA, saying that the servers should be relocated to Russia. Then Putin asserted that the Internet began “as a special CIA project. And this is the way it is developing.”

Next Levanov did something unexpected. He asked a question about the Russian company Yandex, one of the most recognizable brands and popular websites in the country. “It is not quite clear what Yandex is: on the one hand we know it as a search engine; but on the other hand it is a kind of media, because all the time, every day the top five news items Yandex collects from other sources are viewed by millions of people. Meanwhile, Yandex does not have a media license and cannot be held liable under the law as a media outlet because it is a search engine.”[3]

This was not a casual allegation. By raising the question of whether Yandex was a media organization, the blogger was aiming a knife at its heart. Forcing Yandex to register as media would make the company subject to Russian media legislation and libel law, under which, if the media gets two warnings from the government, it could be closed down. Until this point Yandex had operated outside this control.

Putin eagerly pursued the theme. He claimed that Yandex, when it was formed, had been “forced” to accept Americans and Europeans in its company’s management. “And they had to agree to this,” he said. He also lamented that the company was partially registered abroad. Then Putin bore down on the real culprit he had in mind: “As I have said, this was all created by the Americans and they want to retain their monopoly.”[4]

His message was ominous, suggesting that one of the most successful Internet companies in Russia was under American control, which in turn controls the Internet. Putin had already warned with great fervor in his Crimea speech about traitors and “fifth columns,” and now his comments seemed to suggest there was something wrong with Yandex having foreigners around.

The next day Yandex NV, the Dutch-registered parent company of Russia’s search giant, fell 16 percent on the NASDAQ, and American investors rushed to Moscow to talk to Yandex’s management.[5] Yandex responded to Putin by saying that international investors’ participation was normal for a tech start-up and that, as a public company with a 70 percent free float, no single shareholder could exert pressure.[6] Yandex reminded Putin that Russia was one of the few countries where domestic Internet brands were stronger than global ones.

In early May a worried Yandex recruited to its board German Gref, CEO of the huge state-owned Sberbank and who is thought to be personally close to Putin.[7]

It soon was evident that Putin had not idly raised questions about Yandex. In May Andrei Lugovoi, the parliamentarian who authored legislation making it possible to block Ej.ru, Grani.ru, Kasparov.ru, and Navalny’s blog in March, announced a new initiative to force Yandex to register as a media company.[8] It was an unmistakable threat.

In a week the Russian Investigative Committee, an increasingly powerful law enforcement body, sent representatives to Yandex.Money offices with a search warrant.[9] The pretext for the warrant was a criminal investigation conducted by the committee against Alexey Navalny—the committee alleged Navalny had stolen money he had gathered via the online service Yandex, money intended for his campaign for Moscow mayor the previous autumn. But the raid was a shocking development and went way beyond the reasons cited for the search warrant. Yandex was one of the most famous Russian companies and inspired pride in Russia. Its profitability came not from oil and gas, the traditional sources of Russian wealth, but through building a business based on technology, and here, in this field, Russian engineers successfully competed with American companies—Yandex had a bigger share of the Russian search market than Google.

Many people felt uneasy about Putin’s eagerness to target the pride of the Russian tech business. Russian high-tech companies often had foreigners on their boards—it was a ticket to world markets and foreign investments, and for years it signaled success. Now the Russian president had made foreign board members look suspicious, almost as if they were agents of a foreign state.

The campus of Kaspersky Lab headquarters in Moscow fills two modern semitransparent buildings, surrounded by green lawns and the shimmering surface of a nearby reservoir. The tableau suggests nothing more than an ambition to be like Google or Apple—a big multinational, respected everywhere. Kaspersky Lab is one of Russia’s most recognizable brands. On the day Irina went there in May 2014, children frolicked on the grass in front of the company’s green and red corporate logo. Andrey Yarnikh, head of government relations, said it was the day employees could bring children to the office.

While Irina was walking around with Andrey Yarnikh, a big black SUV braked suddenly behind them. A man of medium height and graying wavy hair, wearing a bright shirt and jeans, jumped out of the car and approached them. It was Eugene Kaspersky, founder and CEO of Kaspersky Lab.

“Hi,” he greeted Yarnikh and shook his hand.

“Hi Genya!” said Yarnikh. And then Kaspersky disappeared even faster than he emerged.[10]

Yarnikh explained that Kaspersky didn’t like formality either in conversation or clothes, and in the early years of the company, when the laboratory was a relatively small entity, he used to kiss all female employees and shake hands with every man he met.

But this placid surface concealed anxieties behind the glass walls of the headquarters. Putin’s remarks about foreigners at Yandex made its way through Kaspersky Lab like a bolt of lightning. Although based in Moscow, Kaspersky boasts that 400 million people worldwide are protected by its cyber-threat and antivirus products. At one point a foreign investment firm, General Atlantic, owned part of Kaspersky Lab.[11] And in February 2014 Kaspersky had established an international advisory board and recruited several Americans, including Howard Schmidt, former cyber adviser to Presidents Bush and Obama. If having Americans involved in an Internet company was going to be a problem, then Kaspersky, like Yandex, would not be immune to scrutiny.

Kaspersky Lab has offices everywhere, from Australia to Germany, South Africa to the United States. Just like Yandex, Kaspersky Lab is registered abroad, in the United Kingdom.[12] And just as Volozh built Yandex, when Kaspersky built up his company, he didn’t exploit government connections and has not been promoted by the state.

Kaspersky was a complex and sometimes obscure figure in the world of the Russian Internet. When the first digital attacks were made on the media, he looked the other way. But then he came to the rescue of Novaya Gazeta. At other times he took positions that showed sympathy for the Kremlin approach to the Internet. For example, in February 2011 Kaspersky Lab joined the Safe Internet League, an Orthodox-dominated NGO that promotes Internet censorship under the pretext of protecting children from harmful content.[13] The League advanced weird ideas of creating “white lists” of sites approved in advance by them, and cyber druzhinas (from the Russian word that means the feudal prince’s armed guardsmen) patrolling the Internet.[14] The League has been working closely with Roskomnadzor.[15]

On the day Irina visited, people at Kaspersky were debating Anatoly Karachinsky’s decision to move his software company, Luxoft, out of Russia. It prompted a natural question about whether any large international companies could stay. Irina’s sources in the company said that many people at Kaspersky Lab regarded Putin’s words about the Internet and CIA—and the offensive on Yandex—as a hidden threat. They wondered what to do.

In the center of Moscow a modern office building was erected in 2007 at a time of massive renovation around the city. The building, which houses Silver-City, a business center, has all the hallmarks of that period: all glass and concrete, with ugly rectangular forms that hark back to the 1970s, defined in outlandish orange stripes. It was at this building on June 10, 2014, that Putin was to meet with the leaders of the Russian Internet for the first time in fifteen years; the last and only previous meeting was in December 1999.

Back then people spoke openly in front of Putin and were not afraid to oppose what they saw as the government’s power-grab to control the Internet. They did not fear Putin in those days, and by the end of the meeting Putin had supported those who objected to the government intrusion. At that time the Internet was new, and so was the hodge-podge of entrepreneurs who met with Putin. A decade and a half later the Russian Internet had grown into a $143 billion annual business, employing over 1.3 million professionals, generating 8.5 percent of Russia’s gross domestic product and accounting for 2.5 percent of all its trade.[16] In those same years Putin’s government had imposed surveillance on the Internet—the SORM black boxes and, ultimately, filtering and censorship.

The security at the meeting was strict, and journalists were admitted only with special identity cards issued just for this event. Before Putin arrived, there was a session about the future of the Internet. It was more like a wake. No one jumped up and shouted about the lack of Internet freedom. In fact, the subject of state control over the Internet was never mentioned; rather, it was evident that Putin, not yet in the room, held the upper hand. This reality weighed heavily on those who were present, including Volozh, the founder of Yandex, who had also been present fifteen years earlier and walked out of that meeting with the pencil. At this very moment Volozh was feeling the Kremlin pressure on the business he had built, and everybody knew it.

They could see a powerful reminder in the chair marked “VKontakte.” In the chair was not Durov, the founder; instead, there was Boris Dobrodeyev, then deputy chief executive of VKontakte, whose presence underscored the growing clout of the Kremlin. Dobrodeyev is a scion of the post-Soviet media establishment; his father, Oleg, is head of the television colossus known as the All-Russia State Television and Radio Broadcasting Company.[17] When Dobrodeyev sat in the chair, it was a sign that other chairs could also suffer the same fate—the founders could be replaced. The blogger Leviev, who had invented Alexey Navalny’s big red button, was present at the meeting because his company was broadcasting it. When he saw how Durov’s chair had been filled, he immediately thought of the peril that faced Volozh and Yandex. “Yandex’s business, all its ‘circulatory system,’ is in Russia: data centers, offices, the staff. Yes, there are offices abroad, but it is a drop in the sea, insignificant. If Volozh was to say something wrong—it will be very easy to take his business away,” he told us later.

Putin was late, as usual, and when he did arrive, he didn’t immediately enter the conference room; rather, he was shown a small exhibition of Internet start-ups in the hall. He was escorted by Kirill Varlamov, who had grown up in Ekaterinburg, graduated from the local technical university, and joined Uralmash, the mammoth metallurgical factory, as an engineer. In the early 2000s he founded a small software company and soon moved to Moscow. In 2011 he caught the eye of some people at one of Putin’s pet projects, the Agency of Strategic Initiatives. It was launched when Putin was prime minister and was designed to be a high-tech incubator, just like a much-publicized effort by Medvedev known as Skolkovo. Varlamov joined the agency, which proved to be a wise decision; he was introduced to Putin. In the same year, when Putin formed the All-Russia People’s Front, Varlamov joined. He was included on a list of nearly five hundred people who were prominent Putin political supporters, most of them celebrities; he was the only one with an Internet background. After Putin was elected president, Varlamov was made the head of a state-funded venture capital fund, giving him power over the budget available to Internet start-ups. By then Medvedev’s Skolkovo was in clear decline. Varlamov maintained a key position at the All-Russia People’s Front.

Russia had produced an entire generation of bright entrepreneurs in the first years of the digital revolution, but Putin was not interested in them. He wanted, most of all, someone loyal. Varlamov’s appearance at the June meeting signaled that Putin had triumphed. Varlamov’s fund had even organized the meeting, and when Putin appeared, Varlamov sat on his right—there was no doubt that Varlamov was the star of the show. Volozh, who was a genuine Internet legend in Russia, looked uneasy. He was exceedingly cautious and repeated his line that there are very few countries in the world where the local Internet companies dominate, and these companies became prominent not because of protection but because they were left alone.

The sole question about repressive measures on the Internet was raised by Dmitry Grishin of Mail.ru, Russia’s leading e-mail service. An engineer by training, Grishin, thirty-five years old, was nervous as he looked at Putin. He began by saying that most Russian software advances had happened because the state left the inventors alone. “And we have this mentality,” he said. “We have this mentality that we count on ourselves.” He added that contacts with the authorities seldom lead to good things, and “in principle, if you can hide, it is better to hide.”

Putin sternly interrupted him. “It’s wrong,” he said, shaking his head. “First of all, you can’t hide from us.” The remark said everything about the state of the Internet in Russia: it had grown immensely, had enabled appeals for freedom, and yet there was no place to hide.

Grishin reddened and said excitedly, “We often hear that all Internet users are from another planet. But we do love our country; we want to help to make it comfortable to live and work in. And we understand that the Internet has grown and it is now an integral part of the society. Therefore, in principle, we understand that the regulation, it’s necessary. And often the ideas in the regulation, they are very correct. But, unfortunately, sometimes it happens that realization, in general, is frightening. And it would be great to develop some sort of process that allows us not only to listen but also to be listened to. It would be very, very important!”[18]

It was a polite appeal but, in its timidity, reflected the reality of Putin and the Internet. The entrepreneurs and businessmen were not challenging the Kremlin; there were no new proposals that day, no confrontations. Some of those present were worried that a discussion might have been started about a project called Cheburashka, to create a purely domestic Internet—inaccessible from abroad—named after a popular children’s cartoon character. The project was suggested by a Russian senator in April, but, thankfully, it did not come up.

The real beneficiary on June 10 was Putin’s political machine, the All-Russia People’s Front, and Kirill Varlamov. The genuine Internet market leaders were invited not to talk to Putin but to lend legitimacy to a government-funded pet project. And they did.

Although Yandex had once resisted pressure from the Kremlin, now it gave some ground. On September 12, 2014, Yandex announced that the company had agreed to formally register three of its online services—Yandex’s cloud service, its social network Moi Krug, and its mail system. They were put on a special list at Roskomnadzor consisting of online services required to keep users’ metadata for six months and to provide remote access to this data for the Russian security services. Mail.ru and VKontakte were also included on the list.[19] The scope of SORM had just expanded.

Yandex also attempted to tread carefully in the minefield of the Ukraine war. In March the service started offering different maps of Ukraine for Russian and Ukrainian users. The Russians would see a map showing Crimea as part of Russia, while a user in Ukraine would see the peninsula as still part of Ukraine. Yandex explained it by saying Crimea would be shown according to the official position of the country in which the map was viewed.[20]

The Kremlin pressure to control the Internet was not always visible. It did not always appear in black-and-white threats. Sometimes the battle was waged in the mists. Those who believed in keeping the Internet out of the hands of the state tried to survive any way they could. Andrei Kolesnikov learned the game firsthand, and he was a very good player. CEO of an NGO that had been set up in 2001 to oversee Internet domain names, Kolesnikov has a long history with the Russian Internet; in 1992 he was one of eight people who signed the agreement that established the domain .ru. He was present at the meeting with Putin in December 1999, and he also attended the meeting with Putin in June 2014, though this time he was not invited to join the panel.

Kolesnikov was the first Russian expert to join ICANN’s governing bodies, and he was acutely aware of the Kremlin’s ideas about the Internet and what the Kremlin thought of NGOs as a whole. To avoid interference, he devoted a lot of time to attending public meetings on Internet security and offered repeatedly to be a technical expert to people who were in charge of setting policy on the Internet. His position was fragile. When Andrei visited him in September 2014, Kolesnikov argued with great fervor that repressive laws were, in fact, in “a parallel reality,” and they had no impact on the Internet at all. After half an hour of wrangling, he insisted that what the authorities had done to the Internet was entirely immaterial: “Look, did it affect your morning coffee?”[21]

But the next morning brought disturbing news. The business daily Vedomosti exposed a Kremlin plan to gather the Russian Security Council, the advisory group to the president on security, in three days to discuss the option of shutting the country off from the global Internet in case of an emergency.

The centralized structure of the Russian Internet has led the authorities to believe that this was entirely possible; international traffic could be cut off either by the operators that control cross-border fiber-optic cables or at the Internet exchange points, where the international traffic joins the national Internet.

Even two decades after the collapse of the Soviet Union, Russian telecommunications remain largely centralized. Russia is connected to the outside world by fiber-optic cables, most of them laid by five Russian national operators, with the state-controlled Rostelecom enjoying the largest Internet backbone network in the country. Russia has only a dozen Internet exchange points (compared with more than eighty in the United States).[22] And nearly half of the Russian Internet traffic passes through one of them, MSK-IX. The MSK-IX itself is based on the premises of the M9 phone exchange, which is owned by Rostelecom. (In January 2015 Rostelecom took over the MSK-IX, too.)

The geography of Russia doesn’t help. Although most of the world’s Internet traffic is passed via underwater cables, Russia connects with the West through the terrestrial cross-border fiber-optic cables laid from Moscow to St. Petersburg to Helsinki and Stockholm, and only recently did Rostelecom lay cables in a new direction, from Moscow to Frankfurt, Germany. In the east there are also some lines to China, Japan, and Iran, but overall the connections to the outside world are sparse.

Although it didn’t get as much attention, the Security Council also wanted to talk about a second option—to hand over the powers of administering Russian domains from Kolesnikov’s center to the government. If approved, it would mean that all Russian domains were under direct government control—or, rather, direct control of most websites in the country.

This time the initiative was not approved, but the message was strong and clear.

In 2014 Putin had one big secret he wanted to keep: Russian troops were in Ukraine. The Russian security services hunted down people around the country who tried to expose Putin’s secret, relying on the same technology the secret police had used almost seventy years earlier.

On April 17, 2014, Svetlana Davydova heard something on the street in the city of Vyazma, about 150 miles west of Moscow, and grabbed her phone. She was a mother of six children and pregnant with the seventh. She knew that outside the small town the Russian military intelligence service had a base, and she had just overheard talk at a bus stop that small groups of officers were being sent to Moscow and then Ukraine.

At that moment Russia was backing an undeclared war by Ukrainian separatists. Davydova had no access to secret information about the military unit; she simply overheard what people were saying on their cell phones at the bus stop. She was very interested in events in Ukraine and personally opposed to the Russian military presence there. She told her husband, Anatoly, what she had heard—and what it might mean. Then she wrote down what she knew.

That day, around 2:00 p.m., she called a hotline to the embassy of Ukraine in Moscow on her cell phone. She told the embassy she had information about the deployment of Russian military intelligence officers to Ukraine, and not much more. Nine minutes later the first secretary of the embassy called her back and asked her to provide details. Davydova relayed all she knew—just rumors she had heard on the street.

Davydova didn’t know it, but the FSB was monitoring the hotline, and the Russian security service had recorded her voice during the call to the embassy. The FSB immediately went to work to identify who she was. They had no difficulty—Davydova’s phone number was easily traced.

Then nothing happened for a while. Davydova was not questioned about the call. The war in Ukraine grew more intense.

Six months later Davydova gave birth to a baby girl. In two months, on January 21, 2015, there was a knock at the door of her apartment, and when Anatoly opened it, a group of special operations soldiers dressed in black burst in. The group was led by a top FSB official sent from Moscow. Davydova was detained, taken away, and the officers searched her small apartment, taking her computer, notebooks, and other materials as the family looked on. Davydova was brought directly to Moscow’s Lefortovo prison, the main prison the FSB used for high-profile investigations and detentions. She was frightened and worried, not least of all about the two-month-old baby she had been torn away from.

Six days later she was charged with treason, which can carry a sentence of twelve to twenty years in prison. She was told that her call to the embassy of Ukraine had been intercepted. She was given a state-appointed lawyer who advised her to plead guilty. Overwrought with emotion and scared, at first she complied.

For the FSB it was not enough to have just a guilty plea, however; they needed to prove she had made the call. For this the security service needed a sample of her voice to compare with the recording of the call. But Davydova refused to give the voice sample.

At this point, in early 2015, her case gained widespread attention in Russia, and human rights activists visited her in Lefortovo, a common practice. When they came to the prison to see her, the FSB illicitly made a video, without telling her or the activists. Then the FSB reached back to technology that had been created and perfected since 1949 in the work at Marfino and Kuchino. From this video recording they compared her voice on the intercepted phone call.[23]

Davydova was not a spy—she was a housewife. But she was caught up in something larger—the secret services were repeating practices of wiretapping and examining voices, all in an effort to keep the lid on a closed society, to lock up information, even if it was just a rumor a housewife had overheard at a bus stop.

After two weeks in prison and a public outcry, Davydova was released, and the charges were later dropped.

In the summer of 2014 Russian and Ukrainian journalists started to find dozens of profiles of Russian soldiers on VKontakte—and many who had been posted to Ukraine had added to their pages photographs from their posting. The Russian military commanders were not aware the soldiers were posting boastful comments and photographs, identifying their units and their geographic positions.

The pictures and comments exposed the lies that Putin had been spouting about the war. Journalists in Russia’s northwestern city Pskov, bordering Latvia and Estonia, found online, on VKontakte, profiles of soldiers from a paratrooper base in the region. The soldiers, who had visited their pages for the last time on August 15–16, posted photographs from Ukraine.

Then the soldiers disappeared. There were awful rumors that dozens of Pskov’s paratroopers had been killed in an ambush in Ukraine. On August 22 journalists found a new post on the VKontakte page of one of the soldiers, Leonid Kichatkin:

“Life has stopped!!”

Then, a bit later: “Dear friends!!!!!!!!!! Leonid was killed […] funeral[’]s Monday at 10am in Vibutah. Whoever wants to say goodbye to him, please come over. My phone number 8953254066. A wife[,] Oksana[.]”

Soon the post reporting the tragedy was removed and replaced by a cheerful post depicting a family celebration. When journalists called the number, a male voice on the phone answered that he was Leonid, alive and well.

But journalists attended the funerals and found the two new graves, and one of them bears the inscription: “Leonid Kichatkin, 30.09.1984–19.08.2014.”

When two TV Dozhd journalists and a Novaya Gazeta reporter went to the Pskov cemetery, they were attacked by unknown men in balaclavas, and a local parliamentary deputy was beaten up because he had exposed the postings in the local newspaper. But it didn’t prevent other leaks about Russian soldiers in Ukraine, and VKontakte turned out to be indispensable—both for the soldiers posting and for those who would be reading. The soldiers chose VKontakte because it was easy to use and was there, always online. On July 23 a Russian soldier conscript from Samara in southern Russia posted photographs of his artillery pieces on VKontakte, with the words, “All night we were shooting at Ukraine.” It went viral.

The Russian seizure of Crimea in early 2014 was carried out bloodlessly by soldiers wearing no insignia. It was relatively clean and swift and heralded as a new kind of warfare. But the two graves in Pskov shattered this image of a bloodless new kind of warfare. The reality that soldiers were being killed on the battlefield in Ukraine exposed the cover-up and deception about Russia’s role in the violence in the Donbass. The losses, inevitable lies, and cover-ups didn’t work in large part because Russian soldiers as well as their relatives and friends kept posting on VKontakte.

After all the Kremlin efforts to control information, the information about Ukraine freed itself. The primary source of sensitive data on the violence in Ukraine was not journalists, nongovernmental organizations, opposition leaders, activists, or even bloggers; it was soldiers. Inexperienced young men, who had been schooled by state-sponsored television propaganda, were electrified by it and went to war, boasting of their exploits.

The network enabled the information to move freely, unhindered, to millions.

CHAPTER 16 The Red Web Comes to the United States

Despite the gloomy and depressing mood that swept the country after the Russian government defeated the Moscow protests and the patriotic hysteria generated by its annexation of Crimea, uncensored debates and unrestricted exchange of opinions still remain possible on the Russian Internet. The Kremlin certainly didn’t emerge a winner from its first serious collision with the global network.

Since then we have seen two major developments. Inside Russia the Kremlin, worried about the disastrous consequences of its efforts to control the Internet, turned to China for guidance and technical support. The ramifications of this turn could be very serious. Outside Russia most Kremlin offensives now include an aggressive cyber component, such as the hacking operation in the United States in 2016, which produced surprisingly successful results. Whether it affected the outcome of the presidential election result is questionable, but it certainly propelled Russia right into the heart of the election process and made Putin look like the third player—perhaps even the kingmaker—in the most powerful country of the world.

So how did the Kremlin, once so fearful of the power of the Internet and understanding so little about the nature of the global network, find a way to use it in the United States, the birthplace of the Internet and still its innovative powerhouse? The first stage of the story required Russia to align its interests with a onetime online antagonist. So began the uncomfortable liaison between the Kremlin and WikiLeaks.

In January 2016 thirty-five-year-old Mika Velikovsky, a shrewd, jovial reporter with a habit of wearing an Indiana Jones hat everywhere he went, was invited to join an international team of investigative journalists.

Velikovsky was thrilled. He had been in and out of work for several years, ever since the Kremlin began its purge of the media following the Moscow protests in 2011–2012. In media circles this purge was referred to as a “f—ing chain of events,” an expression coined by its first victim, the editor of the liberal journal Bolshoi Gorod (The Big City), who was fired because his publication had been supportive of the protests. Four years later the Moscow media landscape was distinctly depressing, rife with stories about bad editors and which team of journalists had just been fired.

Velikovsky accepted the job right away. After all, he had plenty of experience working on investigations involving international partners. In the late 2000s he worked for the Russky Reporter (Russian Reporter), WikiLeaks’ media partner in Moscow.[1] In 2010 Velikovsky traveled to Sweden and spent a few days conferring with WikiLeaks founder Julian Assange. After that, he became Russian Reporter’s contact for interacting with Assange’s team, working on US State Department diplomatic cables and the leaked emails from the private security company Stratfor. Velikovsky valued his connection with WikiLeaks and took pains to maintain it after the joint project ended, speaking occasionally on Skype with Assange and Sarah Harrison, head of the WikiLeaks’ investigative team. (It was not easy: Assange had a habit of cutting partners off completely once a project was done.) The effort was fruitful: when Velikovsky visited Assange in London the Russian journalist agreed to work on a film based on the WikiLeaks’ cables. He spent four months traveling across Central Asia for a documentary that was to show how the region’s authoritarian regimes reacted to the WikiLeaks exposés.[2] When Edward Snowden flew to Moscow, Velikovsky tried to use his contacts at WikiLeaks to get in touch with the American. He even met with the WikiLeaks people in Moscow, but the only result of this effort was surveillance by the Russian security services. The surveillance was so easy to spot—the same men followed Velikovsky on foot and in a car—that it was clearly intended to be a warning.[3] The state seemed to be telling him to mind his own business.

In 2016 Velikovsky was invited to join a large-scale investigation being conducted by the Organized Crime and Corruption Reporting Project (OCCRP), which consists of reporters based all over Europe and the former Soviet Union, from Azerbaijan to Romania to Ukraine to Russia. The project had gotten their hands on an extensive trove of documents detailing offshore Panamanian companies that government officials and oligarchs all over the world—Russians included—used for illegal purposes, including fraud, tax evasion, and evading international sanctions. When the journalists’ findings were eventually published, the “Panama Papers” made headlines all over the world.

Before that, though, the internationl team spent months digging into the documents and connecting the dots. Each national team was given data on their compatriots. Using this data, each group tried to zero in on the financial activities of their country’s high-placed government officials and their personal friends. The Russian team consisted of reporters from Novaya Gazeta, one of the most respected independent outlets still operating in Russia. The publication exists under constant government pressure, and its journalists risk their lives for their work: contract killers assassinated Anna Politkovskaya, critical of the war in Chechnya, in October 2006. Now Velikovsky joined the team.

The OCCRP broke its first story on April 3, 2016. Velikovsky was proud to be part of it, especially as it turned out that his team unearthed the biggest news contained in the Panama Papers. The Russian journalists identified multi-million-dollar accounts owned by Sergei Roldugin, a personal friend of President Putin. Roldugin was a cellist, and although he had some business dealings, including oil and the media, he was no oligarch. And yet it appeared he had been put in charge of Putin’s private money.[4]

These findings quickly developed into a major news story when Putin’s spokesperson, Dmitry Peskov, commented on them.[5] This was highly unusual: Russian officials generally do not comment on sensitive stories in order to prevent them from gaining traction. To the team of Russian journalists, this looked like an endorsement of their findings.

But then Velikovsky was confronted with something totally unexpected. WikiLeaks launched a vicious attack on the OCCRP report on Twitter. On April 5 WikiLeaks posted:

In another tweet they developed the accusation:

The tweet implied that the journalists had been used, either as paid agents or as dupes of the US government. USAID and George Soros are conspiracy theorists’ totems. For years the Kremlin has seen the United States Agency for International Development, USAID, as a CIA front that is plotting to undermine the Russian political regime. Meanwhile George Soros, along with his foundation, Open Society, have been accused of sponsoring “color revolutions” in Russia’s neighboring countries. Russia expelled USAID in September 2012 and listed Soros’s Open Society Foundation as an “undesirable organization” in November 2015 after the General Prosecutor’s Office said it threatened Russia’s constitutional order and security.[6]

Mika Velikovsky was outraged. His friends at WikiLeaks—people he worked alongside for years—had turned against him. It was personal, and it was unfair. In Velikovsky’s eyes Assange betrayed the very principles he had explained to him during their conversations: “Assange told me many times that it’s not important what the leaker’s motivations are or who he works for. The only important thing is the authenticity of the documents. If you have doubts, you can start thinking about why and where and how. But if you don’t have any doubts [about the documents’ authenticity], then it doesn’t matter who leaked…. That’s why it was so disgusting to see this coming from WikiLeaks!”[7]

Days went by, and the Roldugin story didn’t die. Instead, with each passing day it gained more media coverage all over the world. On April 7 Vladimir Putin attended a media forum in St. Petersburg where he personally commented on the Panama Papers. He immediately attacked journalists: “What did they do? They manufactured an information product. They found some of my friends and acquaintances—I will talk about that shortly—and they fiddled around and knocked something together. I saw these pictures. There are many, many people in the background—it is impossible to understand who they are, and there is a close-up photo of your humble servant in the foreground. Now, this is being spread!”

He was clearly personally affronted. Putin could barely hold himself together: “There is a certain friend of the Russian president, and they say he has done something, so probably something corruption-related. What exactly? There is no corruption involved at all!”[8]

And then Putin did something unexpected: he tried to debunk the findings by citing WikiLeaks’ claim that the whole thing was an American conspiracy: “Besides, we now know from WikiLeaks that officials and state agencies in the United States are behind all this!”

The next day we were both at the Journalism Festival in Perugia. Sarah Harrison, the head of WikiLeaks’ investigative team who had spent forty days alongside Snowden in Moscow’s airport in 2013, was there too. She was giving a talk about WikiLeaks and Snowden.

During the question-and-answer session Andrei asked Harrison about WikiLeaks’ response to the Panama Papers. Andrei also pointed out that, to Russian journalists, WikiLeaks’ conspiracy claim sounded strange: after all, the journalists who took part in the Panama Papers investigation worked for Novaya Gazeta, a newspaper whose commitment to exposing corruption has led to the high-profile murders of several of its journalists. Yet just the day before, Andrei continued, Putin had quoted the WikiLeaks’ tweet about US funding to publicly call into question the Panama Papers’ investigation findings.

Referring to “bias” and “spin,” Harrison immediately deflected responsibility: “Please, do not make me responsible for what Putin says! What Putin says and does has nothing to do with me!”

Then she went on the offensive. The fact that a Russian story was the first to make headlines was, in her eyes, enough to justify WikiLeaks’ attack. “It is very clear, from the reporting that came out, that it’s being used as basically an attack on Putin,” she said. Then, echoing the longstanding Kremlin line, she added, “And the funding of this organization as a whole does come from the USAID!”[9]

Her response shocked us: we have known both the OCCRP project and its leader, the Sarajevo-based veteran journalist Drew Sullivan, since 2008. Sullivan was well respected in investigative journalism circles; for years he and his reporters have been exposing corruption in regions not particularly safe for journalists. Sullivan is also known for his integrity—just a year earlier, in the summer 2015, he stated that his organization would stay away from a $500,000 US government grant to combat Russian propaganda: “The problem starts with the grant title, ‘Investigative Journalism Training to Counter Russian Messaging in the Baltics.’” He continued, “The title implies the grant seeks journalists to actively counter a Russian message which, at best, is not a mission for journalism and, at worst, is propaganda itself.”[10]

We were dismayed to hear WikiLeaks using the same line of argument as the Kremlin. We felt that this kind of logic was not compatible with the ideals of the free flow of information we believe in and that WikiLeaks itself had, in the past, professed. WikiLeaks appeared to take the Kremlin’s side, and we didn’t understand why.

The very same day, April 8, Putin summoned an urgent meeting of his Security Council in the Kremlin. These meetings are held in high secrecy—even official photographers are rarely admitted. This time the long, marble-covered hall on the second floor of the domed Kremlin Senate building was almost empty—at the grand table only eight of the twenty-one seats were occupied. Of these eight people, six were former KGB officers: Putin himself; his chief of staff Sergei Ivanov; Sergei Naryshkin, the speaker of the Duma; Nikolai Patrushev, the secretary of the Security Council; Alexander Bortnikov, the FSB director; and Mikhail Fradkov, chief of the Foreign Intelligence Service, the SVR. Neither the minister of defense nor the chief of military intelligence were present.[11] The transcript of the meeting was never made public. The relatively small number of participants and their known backgrounds leads us to think it was about a very sensitive matter, such as the need for a retaliatory response to the Panama Papers exposés.

In the United States the presidential campaign was in full swing, and the Kremlin was watching as Hillary Clinton seemed headed toward an almost-certain victory. Putin had strong feelings about her: he believed she had been a driving force behind the Moscow protests. He also believed that she and her people at the US State Department were behind most of the Western anti-Russian moves—from the US sanctions, to the activities of the Russian opposition, to journalistic investigations exposing corruption in Russia. Putin’s circle was certain that the Obama administration was working to get Clinton elected. In their conspiratorial eyes this meant that the result of the US elections had already been decided.

A week passed, and on April 14 Putin held his annual television phone-in show. The Direct Line is broadcast live by Russian television channels and major radio stations. At this show Putin again brought up the Panama Papers and felt the need to further defend his friend Roldugin. He also renewed his accusations against the United States: “Who is engaged in these provocations? We know that there are employees of official US agencies.”

Next he said something very strange: “An article was written—I asked [my] press secretary Peskov where it first appeared—in the Süddeutsche Zeitung. The Süddeutsche Zeitung is part of a media holding that belongs to the US financial corporation Goldman Sachs. In other words, the ears of masterminds are sticking out everywhere [a Russian expression, meaning their fingerprints are all over it]!”[12]

It was a baffling connection, and it was wrong. Why on earth had the Russian president mentioned Goldman Sachs? Goldman Sachs does not own the German Süddeutsche Zeitung—and the respected newspaper immediately issued a statement to that effect. The next day the Kremlin responded with a rare apology: “It is more the error of those who prepared the briefing documents [than Putin’s], it’s my error,” Kremlin spokesperson Dmitry Peskov told reporters.

So why bring up Goldman Sachs at all?

By mid-April, including when Putin made his strange remark, a hacking group—later identified as APT29, or Cozy Bear—had for months been inside the Democratic National Committee’s (DNC) computer system. In March a second team, known as APT28, or Fancy Bear, had joined in and launched its own attack on the DNC. On March 19 Fancy Bear hackers had made a breakthrough: a Clinton campaign chairman, John Podesta, was lured into re-entering his Gmail password on a specially designed phishing web page, and hackers began pumping his emails off it.[13]

In the fall of the election year of 2016 one of the biggest news stories that came out of the hacking operation was the publication of Hillary Clinton’s transcripts of three paid speeches at Goldman Sachs. In these speeches she was embarassingly uncritical of Wall Street as she discussed the causes of and responses to the 2008 financial crisis.[14] The hackers stole these transcripts from John Podesta’s email account in the spring—right around the time of Putin’s comments about the cellist Roldugin and his false statement about Süddeutsche Zeitung’s connection to Goldman Sachs. WikiLeaks published the documents in October 2016. But in mid-April, when Putin gave his press conference, nobody except the hackers and those who had directed them knew that the hackers possessed Hillary Clinton’s Goldman Sachs transcripts.

If someone had briefed Vladimir Putin about the hackers’ Podesta findings, he may have been encouraged to believe in a conspiracy theory whereby Clinton had prompted a Goldman Sachs connection to publish the Panama Papers. It’s difficult to see how the bank got into his head otherwise.

Four days later, on April 19, the domain DCleaks.com was registered.

In the summer DCleaks.com would become one of the two websites used for publishing emails from hacked accounts of American officials. Another would be WikiLeaks.

On June 14 Ellen Nakashima, the national security reporter at the Washington Post, broke a story: Russian government hackers had penetrated the network of the US Democratic National Committee. Ellen had been briefed by DNC officials and Shawn Henry, a former head of the FBI’s cyber division, now president of CrowdStrike, the private information security company hired to handle the DNC breach.[15] Nakashima’s story was met with furious denials from the Kremlin: “I completely rule out a possibility that the [Russian] government or the government bodies were involved in this,” said Putin’s spokesperson, Dmitry Peskov.[16]

The next day CrowdStrike published the report along with technical details of the hacking attack.[17] The author of the report was Dmitri Alperovitch, cofounder and chief technology officer of CrowdStrike. Alperovitch, a blonde, solidly built thirty-six-year-old cyber expert, left Russia in 1994 and had never since set foot back in his native land. (“My Moscow is long gone,” he told Andrei.) In the 2000s Alperovitch became a prominent American cyber expert, having made his reputation investigating Chinese hackers’ operations in the United States.[18] In his report on the DNC hacking Alperovitch made a bold claim about the hackers’ identity and their sponsors: the activity of Fancy Bear “may indicate affiliation with Glavnoye Razvedivatelnoye Upravlenie (Main Intelligence Department) or GRU, Russia’s premier military intelligence service.” He was not so certain about the second team, Cozy Bear, but most experts, including Alperovitch, were inclined to think Cozy Bear was the work of the FSB.

This posed a serious problem for the US government. The Kremlin had been outsourcing its hacking activities, making attribution difficult—which was no accident. The Kremlin had used outsourced groups elsewhere to create plausible deniability and lower the costs and risks of controversial overseas operations. For example, for years Moscow denied its military presence in the east of Ukraine, insisting it was some local guerrillas.

The Kremlin’s tactics were opposite of China’s, where the regime directly oversees cyber attacks and it is possible to identify the chain of command. In Russia all kinds of informal actors—from patriotic hackers, to Kremlin-funded youth movement activists, to employees of cybersecurity companies forced into cooperation by government officials—have been involved in operations targeting the Kremlin’s enemies both within the country and in former Soviet states.[19]

This heterogeneous group had developed an impressively efficient set of tactics. In general there were three common features. The first was the use of rank-and-file hacktivists not directly connected to the state in order to help the Kremlin maintain plausible deniability. The second was guidance and protection from criminal prosecution, provided by the president’s administration alongside the secret services. Finally, hacked information was published as kompromat (i.e., compromising materials) online as a way of smearing an opponent.

The Russian government used this approach regularly against their opposition and activists. For instance, in the summer of 2012 hackers penetrated a Gmail account belonging to Alexei Navalny, one of the leaders of the Moscow protests, and then a blogger who went by the nickname Hacker Hell published Navalny’s emails. Hacker Hell was not part of any government organization, and the Kremlin insisted it had nothing to do with hacking. (When the Kremlin disowned Hacker Hell, however, it did not help him. In 2015 a German court identified Sergei Maksimov, a Russian national who had been a German resident since 1997, as Hacker Hell and found him guilty of hacking Navalny’s account. The German court gave him seventeen months’ probation.[20])

In March 2014 Ukraine found itself in the crosshairs. The hacktivist group CyberBerkut—which consisted of supporters of the country’s former president Viktor Yanukovych, who had fled to Russia the previous month—claimed to have hacked the email accounts of Ukrainian NGOs. A trove of emails was published on the website of CyberBerkut. These emails purported to prove that the targeted NGOs were not only in touch with the US Embassy but also received funding from American foundations. CyberBerkut’s goal was obvious: portray the Ukrainian NGO activists as thoroughly corrupt, American puppets engaged in betraying their country.[21] In January 2015 the same group of hackers attacked German government websites, including Chancellor Angela Merkel’s page, demanding that Berlin end support for the Ukrainian government.[22]

In April 2015 hackers also worked their way into the French television network TV5Monde. Pretending to be ISIS, the hackers breached the system and overrode the broadcast programming of the company’s eleven channels for over three hours. The French government’s cyber agency ANSSI (Agence nationale de la sécurité des systèmes d’information) attributed the attack to Russian hackers, a group known later as Fancy Bear.[23]

In 2016 it was the United States’ turn to come under attack. Putin’s spokesperson’s first reaction to the DNC hacking—in which Peskov emphasized the fact that no Russian government, and no Russian government bodies were involved—seemed to suggest that the Kremlin was recycling tactics that had worked against Russian dissidents, Ukrainian activists, and French television. There was even an obscure hacker to blame: the day Alperovitch published his report, a hacker who styled himself as Guccifer 2.0 announced on his blog that he had hacked the DNC. As proof, Guccifer provided eleven documents from the DNC.[24]

The Kremlin’s denial tactics had worked relatively well in the past mostly because the governments of countries that had been attacked were hesitant or unable to pursue the accusation as far as the Kremlin. But in the spring of 2016 this changed. In May our contacts in Western cyber circles told us that the cyber expert community had just reached a new consensus: currently available technical evidence was advanced enough both to trace and attribute cyber attacks.

If an attack could be attributed to a hacking group with a known history of attacking similar targets and this group’s attacks consistently worked to benefit one particular country, this constituted enough evidence to determine that the attacks were backed and directed by the state of that beneficiary country.[25]

The attack on the DNC was the first offensive investigated with this new approach in mind. Both CrowdStrike’s Alperovitch and the US intelligence community concluded that all evidence pointed to a Russian government–backed attack. In fact, Alperovitch was certain he had caught identifiable Russian military intelligence operatives red-handed, right in the middle of executing the DNC operation. “Andrei, all of them are in uniform!” he exclaimed to Soldatov during a meeting in Washington. The US intelligence community shared Alperovitch’s convictions.[26]

Although Alperovitch and his team expelled the hackers from the DNC computer system, that didn’t stop the hackers’ operation. They simply moved to the next stage: publishing kompromat.

On July 1 DCLeaks.com released a series of private emails written by the former NATO commander in Europe, four-star general Philip Breedlove. This leak was meant to show the Obama’s administration weakness toward Russia, using emails that allegedly show Breedlove trying to overcome Obama’s reluctance to escalate military tensions with Russia in response to the conflict in Ukraine.[27]

On July 22 WikiLeaks published a massive collection of internal DNC emails. It was a large haul, with 19,252 emails and 8,034 attachments from the inboxes of seven key staffers of the DNC, including communications director Luis Miranda and national finance director Jordan Kaplan. The same day Guccifer 2.0 claimed on Twitter that he had leaked the DNC emails to WikiLeaks.[28]

In mid-August DCLleaks.com released personal information—including mobile phone numbers—belonging to more than two hundred Democratic Party lawmakers.

The data hemorrhage seemed unstoppable.

The US government had to respond and respond swiftly, and it had a playbook ready. This set of rules was called cyber CBMs, or “confidence building measures.” The author of the cyber CBMs concept was Michele Markoff, a seasoned American diplomat who had spent half her career in strategic nuclear arms control negotiations. In 1998 she went into cyber and became a key figure at the Office of Cyber Affairs in the State Department. The career of her Russian counterpart, Andrey Krutskikh, had followed a similar trajectory—from nuclear arms control to cyber. In the 2010s Markoff and Krutskikh represented their respective countries at most of the talks between Russia and the United States on cyber space.

Markoff believed that the Internet needed a set of measures similar to the ones established to prevent a nuclear war. These controls, she thought, could prevent a cyber conflict from escalating. She found a good listener in Krutskikh. In June 2013 she secured the US-Russia bilateral agreement on confidence building in cyber space.

As part of the agreement the White House and the Kremlin established the Direct Communications Line. Essentially a secure communication line, it ran between the US Cybersecurity coordinator and a deputy head of the Russian Security Council and could be used “should there be a need to directly manage a crisis situation arising from an ICT [information and communications technology] security incident.”[29] It was the digital era’s equivalent of the mythical Cold War red telephone, the hotline that connected the presidents of the Soviet Union and the United States in emergencies.

The new hotline was integrated into the existing infrastructure of the Nuclear Risk Reduction Center, located in the Harry S Truman Building, the headquarters of the US State Deparment. It was from there at the end of September that Michael Daniel, Obama’s cyber czar who had a background in national security, passed a message to Sergei Buravlyov, a deputy secretary of the Russian Security Council and colonel-general of the FSB. “It was used the first time since it was established,” said Daniel, whose mission was “to communicate the US government’s serious concerns about the Russian information operation to attempt to influence the election.” The line was built to pass a message, and only if there is further escalation does it provide an option to communicate by voice. “We didn’t get to that,” recalled Daniel. He declined to comment how his Russian counterpart received the message, but it obviously was not a diplomatic success.[30]

There was, it turned out, a fundamental flaw in Michele Markoff’s logic. Modern cyber conflict is simply not comparable with conventional armed or nuclear conflict. When there is a missile launch or preparation for a missile launch, there is no way for the government to deny responsibility. However, all kinds of informal actors who are not easily detected can launch cyber attacks. This is called the problem of attribution, and it means a government can disown responsibility. The Kremlin saw this flaw and exploited it to the fullest. They had a different playbook. The message to Buravlyov was a dead end.

Vladimir Putin was clearly enjoying himself when, on September 1, a Bloomberg reporter asked him about the DNC hack. He laughed and said, “There are a lot of hackers today, you know, and they perform their work in such a filigreed and delicate manner that they can show their ‘tracks’ anywhere and anytime. It may not even be a track; they can cover their activity so that it looks like hackers are operating from other territories, from other countries. It is hard to check this activity, maybe not even possible.”

The president was apparently under the impression that hackers could not be identified and thus the attack could not be attributed. Putin clearly had not been briefed about the major shift in digital forensic and attribution policy that had taken place within the cybersecurity community in the spring and didn’t expect the US government to accuse Russia of running the hacking operation. But just in case, he carefully repeated the line of defense his spokesperson Peskov had previously used: “Anyway, we do not do that at the government level.”

Putin didn’t leave it there; he made a point of adding, “Besides, does it really matter who hacked Mrs. Clinton’s election campaign team database? Does it? What really matters is the content.”[31]

This exactly echoed Julian Assange, who had said in a July interview with NBC that commentators should be focusing on what the documents say, that “the real story is what these emails contain.”[32] (A hardly consistent claim given WikiLeaks’ April attack on Mika Velikovsky and his friends.)

Putin gave the Bloomberg interview in Vladivostok, on his way to the G20 Summit in China. There he met US president Barack Obama. There was no proper conversation between them—Obama just pulled Putin aside and told him to “cut it out and there were going to be serious consequences if he didn’t.”[33] Putin responded that the United States had long funded media outlets and civil-society groups that meddled in Russian affairs.[34]

The sticky question of attribution remained unresolved despite the cyber community’s new guidelines. Although several cybersecurity companies confirmed CrowdStrike’s findings and US intelligence supported the thesis that two Russian intelligence agencies conducted the DNC hack, the Kremlin continued to deny any responsibility. Meanwhile informal actors, like Guccifer 2.0, kept claiming they were behind the hack.

Inside Russia, Kremlin propaganda mocked US hacking claims while private Russian cyber companies were busy briefing journalists, apparently with one objective: to destroy the credibility of the CrowdStrike June report. The media were trying to figure out whether the Russian military intelligence cyber capabilities were up to the task of hacking the DNC servers. Cyberwarfare had been an FSB monopoly for more than two decades, and the Russian Ministry of Defence set to form its own so-called cyber troops relatively late, only in 2014.[35] Although the military immediately joined the FSB in actively recruiting at Russian technical universities, spotting the best and brightest, this didn’t quite support the claims that Fancy Bear was a military intelligence front—most cybersecurity experts thought Fancy Bear had been operational since at least 2007, long before the Russian military had joined the cyberwar scene.

On September 26, 2016, we were in Moscow when we got a message on WhatsApp from a friend at an American TV network: “Let me know if you have a few mins to chat.” He then sent us a collection of scraps from what appeared to be intelligence briefings on Trump’s connection with the Kremlin. Three days later another journalist from a top US newspaper contacted us with something that looked like it was coming from the same source. This information gave some insight into the Kremlin’s thoughts about the US election.

The document—the now-famous dossier prepared by Christopher Steele—read like a series of reports and included prurient details of an alleged assignation during Trump’s stay in the Ritz hotel in Moscow, among other things. It also made strong allegations about Trump’s closeness to Putin’s people. The American journalists were hesitant and wanted us to check the facts in the report. “It’s starting to smell like BS…. It seems like a smear campaign,” one of them told us.

So what was it? Was it a smear campaign? The answer was not immediately clear. Kremlin outsiders had no way of verifying most of the claims in the document. Some details, including names, were clearly erroneous—misspelled or misattributed. For instance, the name of the Russian diplomat withdrawn from the embassy in DC was Kalugin, not Kulagin, and the FSB unit named as responsible for gathering compromising material on Hillary Clinton, Department K, has nothing to do with eavesdropping or cyber operations. (Apparently, it was a confusion—there is another Department K in the Interior Ministry, and this is what oversaw cyber investigations.)

But the dossier was accurate in one thing: it correctly described the decision-making process in the Kremlin, and this suggested human sources in high places in Moscow.

The dossier also included some information about the DNC hacking, and it was strikingly different from the story told by CrowdStrike and repeated by the US intelligence. It implied that it was not the GRU or FSB but rather Sergei Ivanov who was “ultimately responsible for the operation,” though he was not entirely happy with the outcome. Dmitry Peskov, Putin’s spokesperson, “remained a key player in the operation” and played the crucial role in “handling and the exploitation of intelligence” by his “PR team.” And Ivanov was one of the six KGB officers present at the April meeting of the Security Council in the Kremlin Senate. In terms of foreign intelligence Ivanov was the most experienced person at the meeting. On August 12 he had been removed from his position of chief of Putin’s administration, but he maintained access to the marble-covered hall of the Kremlin Senate—Putin preserved his seat on the Security Council.

The dossier also asserted that the hacking operation had been organized through informal channels and used informal actors—hackers’ groups and companies. The FSB, not military intelligence GRU, was named as “the lead organization within the Russian state apparatus for cyber operations”—something that meshed better with what we had been finding when we investigated CrowdStrike’s report. The report further claimed that the FSB “often uses coercion and blackmail to recruit the most capable cyber operatives in Russia for its state-sponsored programmes” with the goal “to carry out its, ideally deniable, offensive cyber operations.” Further, the dossier said that Putin knew about the hacking and “was generally satisfied with the progress of the anti-Clinton operation up to date.”

Still, it was full of unverified claims and mistakes. Nobody knew what to do about it, and despite its wide circulation among reporters, it wasn’t made public until January 2017, when Buzzfeed posted it online and it became known as the Trump Dossier.[36]

In early October 2016 the US government took an unprecendented step: they officially accused Russia of a hacking operation, apparently trying to force the Kremlin to stop. The denunciation, made by the Department of Homeland Security and Office of the Director of National Intelligence, stated that “the U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.” The statement went on to say, “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”[37] Washington just raised the stakes for the Kremlin.

This step, however, had no immediate consequences. The hacking operation seemed to be suspended, but not the publication of kompromat: on October 2 Roger Stone, a longtime unofficial adviser to Donald Trump, tweeted cheerfully:

He was mistaken: the WikiLeaks publication came out not on Wednesday but had been postponed until Friday, October 7, when WikiLeaks published thousands of emails from John Podesta’s Gmail account.[39] The emails had excerpts from Clinton’s paid speeches, including the speeches at Goldman Sachs. Three days later, on Monday, Trump was at a campaign rally in Wilkes-Barre, Pennsylvania. “This just came out. I love WikiLeaks!” he told the crowd. Trump then read aloud quotes from Clinton’s speeches revealed by WikiLeaks.[40] In his hand Trump also had an email he said had been sent by Clinton adviser Sidney Blumenthal, in which Blumenthal appeared to admit that the killing of a US ambassador in Benghazi had had been “almost certainly preventable.” Next Trump read, “Clinton was in charge of the State Department and it failed to protect US personnel at an American consulate in Libya.” Trump said this email had come from the WikiLeaks trove. But it hadn’t. In fact, the Russian pro-Kremlin agency Sputnik had fabricated this quote. A Newsweek journalist had actually originated the quote in an article, and Blumenthal had copied and pasted it to Clinton. Sputnik, however, reported the comment as having been written by Blumenthal.[41]

By then the WikiLeaks website was hosted at least partially on the premises of the Russian hosting company HostKey on Barabanny Lane in the east of Moscow—WikiLeaks had moved its hosting to Russia in August.[42]

On November 6, on the eve of the election, WikiLeaks released a second collections of DNC emails, more than 8,263 in total.

On the US election day of November 8, at 3:45 p.m. Moscow time, when the polling stations in the United States just opened, Putin summoned his Security Council. This time the marble-covered hall in the Kremlin palace was more crowded. Along with the April group, Putin invited Prime Minister Dmitri Medvedev; Foreign Minister Sergei Lavrov; Minister of Defence Sergei Shoigu; the new head of the Administration of the President, Anton Vaino; and Vyacheslav Volodin, the Speaker of the Duma.

Officially Putin convened the meeting to talk about the pension system and how reform could affect servicemen. But this could hardly explain the presence in the room of Sergei Ivanov. And it didn’t explain the presence of Sergei Lavrov either, who was evidently nervous and drummed his fingers during Putin’s opening remarks, the only part of the meeting the Kremlin press office allowed to record.[43]

The next morning when the results of the election became known, Trump’s victory was met with jubilation in Moscow. Parties were given and, in the State Duma, champagne bottles were popped.

Russian officials openly praised Trump on TV. But the anxiety was also palpable—Trump was not expected to win, and nobody thought his victory would go over easily in Washington. Lots of people started asking themselves what the American intelligence services might do now about Trump’s Russian connections.

For the Kremlin it was time to cover some tracks.[44]

Unlike in Soviet times, these days Moscow is extremely well lit at night; in fact, the authorities take a special pride in the capital’s sparkling lights. Even so, no one driving along Leningradskoe highway toward the city center could possibly miss the two five-story, cube-shaped buildings of Kaspersky Lab: day and night the offices radiate electric light. Thanks to transparent walls, everyone who passes can see Kaspersky Lab’s employees at their desks at all hours, working on their black Dell computers. However, on the first floor of the main building the glass walls are always shuttered.

This floor houses Kaspersky’s investigation unit, headed by Ruslan Stoyanov. In Russian, Stoyanov’s unit goes by the acronym ORKI (from Otdel Rassledovania Kompruternikh Incidentov), which calls to mind Orcs, a race of creatures in Tolkien’s fantasy books who live underground and fight the men of the West. This was not a coincidence—Stoyanov has a weakness for symbolic names. The company he had founded before joining Kaspersky was called Indrik, a fabulous beast in Russian folklore—a gigantic bull with a head of a horse and an enormous horn, the king of all animals, who also spends his time wandering underground.

Stocky and short cut with a goatee, Stoyanov has always had strong patriotic feelings and likes to spend his holidays off-roading his four-wheel winch-equipped Niva (a Russian version of a Landrover Defender) through the woods.

Stoyanov built his reputation serving in the famous K Department of the Interior Ministry (the same one that, presumably, the Trump Dossier meant to refer to). In the K Department Stoyanov spent six years investigating cybercrimes. In 2006 he left the Ministry. Four years later he launched Indrik, which provided DDoS-protection to the corporate market. Before long, Stoyanov’s company’s future was all but secured when Kaspersky Lab began providing Indrik’s services to its customers. In 2012 they joined forces. Working for Kaspersky now, Stoyanov formed his investigation unit, the orcs—ORKI. Next Stoyanov became the contact point between Kaspersky’s big clients—banks and corporations under cyber attack who wanted to find their attackers—and the Interior Ministry and the FSB. Stoyanov’s role was to provide expertise for criminal investigations, but Kaspersky worried that the influx of requests for help from the FSB and the Interior Ministry were getting out of control. So they decided that Stoyanov should be the company’s single entry point for the secret services. Stoyanov cultivated his contacts with his former colleagues in the K Department of the Interior Ministry and with its counterpart in the FSB, the Information Security Center. At the FSB Stoyanov dealt primarily with the Information Security Center’s deputy head, Colonel Sergei Mikhailov. Mikhailov had a tarnished reputation outside the Lubyanka—in 2011 he had tried to force the online media Roem.ru, specializing in web enterprises and social networks, to disclose the identity of one of its journalists. Surprisingly, he failed—the General Prosecutor’s Office found his interest unlawful.[45] But Mikhailov also served as a handler of companies running crucial parts of the Russian Internet infrastructure.

Stoyanov also took pains to cultivate his contacts with Western counterparts—not only American but also German, British, and Dutch law enforcement agencies, among others. Russian hackers tended to live in Russia, but their hacking fingerprints existed globally.

Stoyanov’s patriotic feelings didn’t prevent him from traveling abroad. Travel was important to his sense of self-esteem—a former major of the Russian police, he could go to the United States and talk with American cyber experts as an equal about fascinating things.

In the fall of 2016 Stoyanov, now in his late thirties, had a special reason to be proud of himself: he had helped collect evidence for Russia’s biggest-ever crackdown on financial hackers, involving the arrest of fifty members of a cyber crime ring known as Lurk that had stolen more than 3 billion rubles ($45 million) from banks in Russia and abroad. Stoyanov’s unit had been investigating the group’s activities for years, and a joint operation with the FSB and the Interior Ministry had finally resulted in arrests.[46]

Stoyanov knew just about everyone in the murky world of cyber, and he seemed indispensable for Kaspersky and the secret services. But as the winter of 2016 fell on Moscow, the city’s paranoid atmosphere turned Stoyanov’s assets into his biggest liability. In short, Stoyanov and his friends knew too much about the Russian digital underground and its intricate and complicated connections with the secret services. They also had contacts in the West. Thus, they were a vulnerability.

On December 4, a Sunday, the operatives of the FSB went after Stoyanov. He was arrested in the airport on his way to China. Stoyanov’s wife and colleagues at Kaspersky learned of his arrest only after he failed to get online when his plane landed the next day. Mikhailov and his subordinate, Dmitry Dokuchaev, once known by the hacker alias Forb, were also seized by the FSB. (A few months later it turned out that Dokuchaev was the only confirmed connection between criminal hackers and the Russian secret services engaged in offensive operations in the United States—in March 2017 the FBI identified Dokuchaev as a member of a group that had hacked Yahoo in 2014.[47])

The FSB charged Stoyanov, Mikhailov, and Dokuchaev with state treason and threw them into the Lefortovo Prison. Lefortovo is Russia’s closest equivalent to Dumas’s Château d’If. It is entirely isolated, with tough and effective guards, and unauthorized contacts are completely impossible. Although there are always ways to communicate with the outside world in other Russian prisons, Lefortovo is an exception. Its guards make every effort to prevent inmates from seeing one another. When escorting prisoners guards use little clackers—a circular piece of metal—or snap their fingers to make their presence known to the other guards. If two escorts meet, one puts his charge into one of many wooden cabinets lining Lefortovo’s corridors. This has been the practice since Tsarist times.

Most cells house two people, and as a rule a newcomer is placed with an undercover FSB agent as his inmate for several months—to spy on him constantly inside the cell.

Stoyanov, Mikhailov, and Dokuchaev were locked up and safely secured. The FSB also worked on their relatives and colleagues—the information about the arrests remained secret to the public until the next year.

In January Sergey Buravlyov, the FSB general at the Russian end of the cyber hotline with the Americans in 2016, was quietly removed from the Security Council. Contrary to all Kremlin rules, no public announcement was made about his resignation.

With that, all the doors to the information about the Russian cyber operations were shut and sealed.

Or were they?

In April 2017 Stoyanov managed to smuggle a letter out of Lefortovo. In the first sentence Stoyanov asks the question on everyone’s mind: “Why me?” He explains that he is “one of the people who fought cybercrime for the last 17 years… but the paradigm in cybercrime has changed. Now cybercrime is closely connected with geopolitics. That’s why [cybercriminals] could unleash the full power of the government against an expert like me. And that’s why I was prosecuted.” Stoyanov clearly believes that there is a connection between the Kremlin and hackers.

Vladimir Putin built a fortress out of the Russian government—impenetrable and suspicious, with dead-ends and trap pits to trick the enemy and protected by thousands of guards and secret agents. Here decisions are made for unclear reasons, and there is almost no way for outsiders to understand what’s going on. The officials behind the Kremlin walls accept by definition that the environment outside is hostile, so why tell the truth when it’s more practical to lie and thus surprise the enemy? The Kremlin adopted this logic years ago. This is why understanding what actually happened in 2016 is so tricky.

The Russian hackers did not compromise polling stations, nor did they affect the critical infrastructure of the United States during the presidential campaign. Donald Trump found himself in the White House for a number of very serious reasons, most of them originating in the United States, not from abroad.

Yet there was something the Kremlin did foster in the political culture of America, something that was all too familiar to Russian—and, before them, Soviet—citizens. The Soviet officials never trusted the people. They strongly believed that any Russian citizen at any moment could spontaneously go mad or get drunk, crush the equipment in the workplace or come into contact with a suspicious foreigner and expose state secrets. In short, the authorities wholeheartedly despised the people they governed. The people are unreliable and, thus, needed to be managed and kept under control. That’s why every Soviet citizen was limited in his or her travels and contacts and entangled in hundreds of instructions, all with the goal of preventing him or her from doing anything unauthorized. And there was always someone behind the next door—a party official or a KGB officer—to be asked for permission.

The KGB believed in the same theory, but it went deeper. They were trained to think that every person was driven only by baser, inferior motives. When confronting Soviet dissidents, they looked for money, dirty family secrets, or madness, as they couldn’t accept for a second that someone could challenge the political system simply because they believed in their cause.

Putin is a product of this thinking. He doesn’t believe in mankind, nor does he believe in a benign society—the concept that people could voluntarily come together to do something for the common good. Those who tried to do something not directed by the government were either spies—paid agents of foreign hostile forces—or corrupt—i.e. paid agents of corporations. Any public debate with them about important issues was thus meaningless and dangerous. For Putin the serious business of governance should be left to professionals—his government officials.

This message was spread inside the country and was used to attack the political opposition; it also targeted all sorts of activists, from enviromentalists to feminists, using all the tools of propaganda available, from TV channels to social networks. Political or civic activity is a dirty business by definition, and nobody could be trusted—that was the main message. In the fragmented, confused post-Soviet society, it worked pretty well.

This cynicism was Putin’s gift to America.

In 2016 this message was widely propagated through social media in the United States, to a great extent supported by the publication of leaks, most of which were the result of Russian hacking operations. Conspiracy theories about Hillary Clinton, supplied by “the evidence” provided by WikiLeaks, were picked up by the pro-Kremlin English-speaking media like Sputnik, then promoted by trolls on Facebook, Twitter, and YouTube. Donald Trump was keen to exploit them, as the Blumenthal fake email story proved.

But this alone was not the reason Trump won the presidency. Large sections of American society had already lost their trust in political institutions—and particularly in the media. The process had started long ago and is also apparent in many other Western countries. The Russian hackers and their bosses did not create a wholly new narrative in America but instead sought to exploit the weaknesses that already existed.

This dark concept of total distrust was mostly spread via the Internet because it was what the Internet was built for—sharing ideas. Although the Internet is the most democratic means of communicating, it can be used by governments and groups that understand nothing about its nature. Creating disruption on the Internet doesn’t need advanced technology—North Korea very quickly developed cyber capabilities strong enough to hack Sony servers, and for years ISIS has outmaneuvered the West in online propaganda. Russia simply combined hacking, the public use of stolen information, and the moment—acting during the election period.

Does this mean we should accept the concept that the Internet carries more threats than benefits?

The creators of the Internet supported the opposite concept. Unlike Putin, they believed in people and built the global network under the assumption that it would be used for sharing something good. They may look naïve these days, but we got our modern linked-up technological world thanks to their concepts, not Putin’s. The Internet—and the concepts behind it—are still full of potential.