Hackers Turn the Tables on Russia

A new website features documents pilfered from Kremlin officials and agencies.

By Amy Mackinnon, a national security and intelligence reporter at Foreign Policy., and Elias Groll
A man looks at the computer screen with the page of Russian Prime Minister Dmitry Medvedev on Twitter in Moscow on August 14, 2014. (Yuri Kadobnov/AFP/Getty Images)
A man looks at the computer screen with the page of Russian Prime Minister Dmitry Medvedev on Twitter in Moscow on August 14, 2014. (Yuri Kadobnov/AFP/Getty Images)

Russian government officials are getting a taste of their own medicine. A new site that collects hacked and leaked material from around the web late last week published a major collection of documents and emails belonging to Russian government officials and oligarchs.

On Friday, a site calling itself Distributed Denial of Secrets published a 108-gigabyte archive dubbed the “Dark Side of the Kremlin,” which includes emails and documents from the Russian Interior Ministry, the Russian weapons exporter Rosoboronexport, and Kremlin officials, oligarchs, and separatist forces in eastern Ukraine. The trove is the result of numerous hacks conducted by various groups in Russia and Ukraine in recent years.

The Russian documents and emails “show how the Russian power system is interconnected, and documents influence operations in real time—from those separatists/terrorists backed by Russia to those in the Orthodox and business worlds,” said Emma Best, the co-founder of Distributed Denial of Secrets and a journalist and transparency activist, in message to Foreign Policy.

Russian attempts to influence the 2016 presidential election by hacking into the email and computer systems of Democratic Party operatives captured the world’s attention. But such hacking operations are rampant within Russia itself, and government ministries, Kremlin officials, and even the prime minister have all had the contents of their inboxes strewn across the internet.

The material from these hacks is scattered around the web, but Distributed Denial of Secrets has for the first time gathered up these Russian leaks, along with dozens of others from around the world, and collated them on a single, easy-to-access site.

Writing on Twitter, Aric Toler, the lead Eurasia researcher with the open-source investigative group Bellingcat, said that finding the leaks had previously been like collecting rare baseball cards. Now, they exist in a well-organized repository.

The transparency advocates behind Distributed Denial of Secrets aim to build on the early promise of WikiLeaks—before its credibility was damaged was by the political and personal machinations of its founder, Julian Assange—to expose corruption and promote government transparency.

Their repository includes material provided by groups with conflicting agendas, including Shaltai Boltai, a shadowy collective thought to have been behind the hack of Prime Minister Dmitry Medvedev’s email and his Twitter account in 2014. Though the collective has targeted some of Russia’s top politicians, it is also believed to have worked with the FSB, the successor organization to the KGB.

When the hack on Medvedev’s email eventually revealed some of the vast wealth he’d accumulated, including a palace in St. Petersburg and a vineyard in Tuscany, Russians responded with mass protests. Some of the protestors took to the street with sneakers tied around their necks, a reference to the expensive sneakers he was shown have purchased—Nike Air Max 95s.

“The Russian ones [hacks] that have had the most consequences are more internal palace politics—the FSB hacking someone to embarrass them,” Toler told FP.

Best’s site includes some documents WikiLeaks refused to publish, such as leaks from the Russian interior ministry. Its archive features some hacking greatest hits from recent years and some overlooked gems.

It includes material published on DCLeaks, a likely front for Russian hackers targeting the 2016 presidential election; documents published by Guccifer 2.0, another Russian persona involved in the 2016 campaign; and, of course, the leaked emails belonging to presidential nominee Hillary Clinton’s campaign chairman, John Podesta.

The repository also includes hacked emails from Enron, the energy giant whose name has become a byword for corporate corruption and greed; the source code for Stuxnet, the American-Israeli cyberweapon that targeted Iran’s nuclear infrastructure discovered in 2010; and chat logs from American far-right groups obtained by the hacker collective Unicorn Riot. Hacked emails from the American security firms HBGary and Stratfor are also among those hosted on the site.

Distributed Denial of Secrets acknowledges that it exists in something of a legal gray area, and some of its organizers are cloaked in secrecy. “As far as we are aware, our website and the contents we list are entirely legal in all sane and reasonable jurisdictions,” the founders write on the site. The primary technical developer for the site is referred to only as “The Architect” and is described as a “technical behemoth” who is “no stranger to controversy and has been involved in privacy and technology activism for at least 10 years.”

To protect users on the site, Distributed Denial of Service is hosted on the dark web and can only be accessed with the Tor Browser, a program that shields the identity of its users.

The files on the site come from hackers and other members of the hacking community, some of whom were known to the group previously, Best said. She said that while the emails in their archive are safe to download, the attachments and links contained within them have not been screened for malicious content.

Best said she can’t provide bulletproof verification of the material on her site but argues the platform can serve as an important archive of material that otherwise would never see the light of day.

Hacked and leaked Russian materials have in recent years exposed some of its government’s most controversial policies, including documenting Moscow’s control over separatists operating in eastern Ukraine, attempts by the Kremlin to influence the Russian media, and the existence of a paid army of pro-President Vladimir Putin bloggers working for the now-infamous Internet Research Agency.

Emails and documents have also revealed some comedic moments. A hack of Yevgeny Prigozhin’s company Concord Catering—which was later indicted as part of special counsel Robert Muller’s probe of meddling in the 2016 U.S. election—includes claims that Putin performed the song “Blueberry Hill” for the President of Finland and that in 2010, then-President Medvedev’s ringtone was allegedly a children’s song called “A Smile Makes Everything Brighter.”

Like most people, Russian officials’ inboxes are full of mundane email threads, requests for meetings, and budgets being passed around for editing. “Most of the people are a lot more boring than you’d expect,” Toler said. The challenge for researchers is to find the significant details.

But even the more routine content can provide clues about the authenticity of a leak. “If you find a very heavy ratio of boring stuff to interesting stuff, its likely to be real,” Toler said.

He cautioned that fraudulent material can still be inserted in the midst of a cache of genuine hacked documents: “It’s really very easy to slightly modify one of these emails, and then boom you have some kind of geopolitical incident.”

In 2016, Foreign Policy revealed the first documented example of Russian hackers altering stolen documents. After breaking into the computer system of financier George Soros’s Open Society Foundations, the hackers altered budget documents to make it appear that the Russian anti-corruption activist Alexei Navalny was receiving financial support from Soros.

“Generally I believe that Putin really considers using hackers as a legit soft power. No one is dead, you are not using tanks or missiles, no one can 100% prove that he is involved,” Navalny told FP at the time. “No men in uniform are involved, just a few guys with thick glasses and reporters who want to write an interesting story.”

Amy Mackinnon is a national security and intelligence reporter at Foreign Policy. Twitter: @ak_mack

 Twitter: @EliasGroll