StopThem.ru: What happens to Russian hackers without State or State-sponsored support

Last Updated on Wednesday, 13 January 2010 06:00 Written by Jeffreycarr Thursday, 7 January 2010 01:01

Figure 1: Thumbnail image of the home page of stopgeorgia.ru

Shortly after the destruction of a Russian statue by Georgian authorities on December 19, 2009, I received an email from the former administrators of StopGeorgia.ru, a coordinating forum for the Russian cyber campaign against Georgian websites in August, 2008. In it, they announced a new forum which would be used to orchestrate attacks against Georgian, NATO, and U.S. government websites (excerpted text follows):

We, being the representatives of the Russian hack-underground, won’t tolerate the extermination of our historical heritage and efforts to set the nations of the former USSR at loggerheads. We won’t let to stir up national hatred,   and stand up for peace and friendship among nations, which history has been sealed by ties of fraternity forever. We call up for protest against those who try to rewrite the course of history because of political interests hereby depriving us of future. There is no future without past!

We demand to stop humiliation of our History and appeal to mass media to report current events objectively. Till the situation will change we oppose the governments of those countries which politicians exterminate our historical heritage. It weren’t us who unleashed the war, and not we will answer for the consequences.

This didn’t surprise anyone. After all, the Estonia cyber attacks of 2007 occurred for a similar reason. The surprise was the lack of support that this effort has received. Xakep.ru, a popular and well-known Russian hacker forum, actually deleted the announcement that the StopThem.ru administrators had posted to promote their effort. Here’s a machine translation of part of the thread. You can read the full cached version of the exchange here.

Author: stopthem999

The explosion of the monument to Soviet soldiers in Kutaisi.

All those who care about our history. All those who do not want to passively sit and obsudat this topic, all you have to be useful. Join our community http:// stopthem . ru /

There we will discuss ways that could affect the situation.

This resource was founded by the creators of the resource StopGeorgia.ru ktoroy was illegally blocked by Western law enforcement agencies. You go to the forum stopthem . ru this resource and offers suggestions hack all kinds of Georgian resources.

RE: The explosion of the monument to Soviet soldiers in Kutaisi.

Author: The Joker

22.12.2009 5:55:20

This topic calls for ethnic strife and thereby violates the Rules of the forum.

In fact, a Yandex.ru search for “StopThem.ru” produces almost no results at all. This protest was pretty much dead in the water from the get-go, and the reason is simple. Unlike the StopGeorgia.ru forum of 2008, there was no official government and/or Nashi support for this effort.  According to my sources, the forum has very few members and no activity since December 30.

I’m glad the administrators made the effort though. They’ve managed to provide a wonderful example of how a purely grassroots cyber campaign (StopThem.ru) struggles along hoping for publicity and promotion for momentum versus a State-sponsored campaign (e.g., StopGeorgia.ru) that sprang fully formed, engaging in Web Wars within 24 hrs.

The FBI saves the Baku-Tbilisi-Ceyhan (BTC) pipeline from an attack by Russian hackers

Last Updated on Tuesday, 25 August 2009 05:26 Written by Jeffreycarr Tuesday, 25 August 2009 12:04

UPDATE: I just heard from a contact that British Petroleum says the report of a hacker attack on the BTC pipeline is false. That oil was shifted to a different pipeline but not because of a Russian orchestrated hacker attack.

According to a news report on a Georgian Web site, Russian hackers under the direction of the GRU/FSB took down the data server of the BTC Pipeline on August 24th, 2009, effectively shutting down the second longest oil pipeline in the world. An FBI team and an un-identified intelligence service regained control of the pipeline’s data server and migrated it to Washington. The BTC pipeline has resumed normal operation.

Here’s the fairly short story as it appears on 1TV’s Web site:

Russian hackers through the agency of Russian Special Service vandalized servers of energy pipe, carrying gas from Azerbaijan to Europe bypassing Russia, 1news.az and Aviation Week report. According to the publication, Russian hackers are long attacking Baku-Tbilisi-Ceyhan (BTC) pipeline data server. Hacker attacks caused suspension in BTC operations, forcing Eastern Oil Consortium to redirect the oil through Baku-Novorossiysk Russian pipeline. “After U.S. experts restored the BTC server, the pipeline operation was recovered,” Aviation Week informs.

The paper says attacks had the same IPs as those of Estonian websites swamp during 2007 Estonian Cyberwar. The source stresses that cyber crime officers of the Intelligence Service and FBI got BTC data servers under control and migrated them to Washington.

If this account is accurate, it has several intriguing components to it:

1. A confirmed  FSB/GRU-led hacker operation against a long-time target of GRU interest, the Baku-Tbilisi-Ceyhan (BTC) pipeline.
2. This attack was traced to the same servers used during the Estonia attack, which connects these hackers and the FSB/GRU handlers with Nashi Commissar Konstantin Goloskokov who claimed credit for orchestrating the Estonia attack in 2007 with a handful of Nashi members from an unrecognized republic of the former Soviet Union.
3. The use of the FBI in this operation, probably directed by FBI Assistand Director Shawn Henry from his new FBI office in Tallinn, Estonia.

One year ago today, Aviation Week reported on a train explosion designed to interrupt oil flow from the same pipeline. That article had referred to the long-standing interest that the GRU had in the pipeline:

There is reason for concern. Reports circulating during 2003 hinted that the Russian GRU – part of Moscow’s military intelligence community – was allocating funds to hire and train mercenaries in pipeline sabotage, and some Western intelligence sources warned of possible sabotage acts against the lucrative 1,100 mile Ceyhan oil project.

I’m looking for confirmation on the details of this story now, and will post updates as I have them.

Background on the BTC Pipeline

The Baku-Tbilisi-Ceyhun (BTC) Pipeline Project starts at the Caspian Sea in Azerbaijan, extends through Georgia crossing the northeast border into Turkey and continues south-southwest to a new marine terminal at Ceyhun in Iskenderun Gulf. It is the second longest pipeline in the world (1,768 kilometers) and discharges one million barrels of oil per day.

The pipeline is operated by British Petroleum with other oil producer partners including SOCAR (Azerbaijan), Chevron, Conoco-Phillips, StatOilHydro (Norway), TPAO (Turkey), ENI (Italy), TOTAL SA (France), Itochu (Japan), INPEX (Japan), and HESS (US).

Nashi Youth Leader Reveals Existence of Kremlin-financed Spy Program

Last Updated on Tuesday, 10 February 2009 09:20 Written by admin Tuesday, 10 February 2009 08:36

From the Moscow Times:

Anna Bukovskaya, a St. Petersburg activist with the pro-Kremlin Nashi youth group, said she coordinated a group of 30 young people who infiltrated branches of the banned National Bolshevik Party, Youth Yabloko and United Civil Front in Moscow, St. Petersburg, Voronezh and six other cities.

The agents informed Bukovskaya, who passed the information to senior Nashi official Dmitry Golubyatnikov, who in turn contacted “Surkov’s people” in the Kremlin, Bukovskaya told The Moscow Times. Vladislav Surkov is President Dmitry Medvedev’s first deputy chief of staff.

The agents provided information on planned and past events together with pictures and personal information on activists and leaders, including their contact numbers, Bukovskaya said by telephone from St. Petersburg. 

They were paid 20,000 rubles ($550) per month, while she received 40,000 rubles per month, she said.

She said Nashi, which is believed to have been created by Surkov, had nothing to do with the project and speculated that Kremlin officials might be behind it.

From Russian Ren TV (Source: transcript of Russian TV broadcast on Feb 4, 2009)

[Bukovskaya] The project was to become more aggressive, i.e. videos and photos to compromise the opposition, data from their computers; and, as a separate track, the dispatch of provocateurs.

If only the interviewer asked Bukovskaya to clarify “how” data from computers was obtained. Is it too far a leap to say “hacking”? Remember that the sole Russian hacker who confessed to launching DDoS attacks against Estonia, Konstantin Goloskokov, was a Commissar in Nashi. 

Bukovskaya’s revelation colors Goloskokov’s admission in a whole new way. We now have evidence that the Kremlin is enlisting and financing espionage by its youth up to and including the “cyber” domain.

How many nationalistic hackers were members of Bukovskaya’s crew, I wonder?

UPDATE: Just found this article from March 14, 2008 wherein Nashi hackers are accused of launching DDoS attacks against the Kommersant newspaper Web site.