The raw intelligence documents published this week that contain salacious stories about Donald Trump also offer up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram’s encrypted instant messaging service.
While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.
According to the documents prepared by a former British spy, a “cyber operative” for the Russian Federal Security Service (FSB) told him Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,” the documents says.
Telegram had been of special concern for the FSB because it was used by internal activists opposed to the government, according to a July 26, 2016 entry.
Telegram has been criticized by cryptographers because it uses encryption it made up itself, which often leads to a product that hasn’t been vetted stringently enough to insure its soundness.
When it comes to cyberattacks, Russia’s offensive tactics include targeting foreign governments, especially Western governments; penetrating foreign corporations, especially banks; monitoring of the domestic elite; and attacking political opponents inside Russia and abroad.
In one case the FSB compromised some IT gear used by a foreign director of a Russian state-owned enterprise and that led to the FSB accessing important Western institutions via that backdoor. An IT staffer within the enterprise had been turned by the FSB to carry out the work.
Foreign agents are also recruited. In one case the FSB offered a U.S. citizen of Russian descent funding for an IT startup in exchange for a backdoor into the company’s software so Russia could plant Trojans to be used against specific targets. The document says this was a common FSB tactic, but doesn’t say whether it was successful in this case.
The document says the FSB also claimed success selling a cheap PC game containing malware that compromised the machines.
Russia’s extensive program of state-sponsored offensive cyber operations is headed by the FSB. “External targets include foreign governments and big corporations, especially banks,” the document says, but mainly succeeds only among lower level targets. It says it has “[l]imited success in attacking top foreign targets like G7 governments, security services and [international financial institutions] but much more on second tier ones through IT back doors, using corporate and other visitors to Russia.”
Those second-tier targets include western private banks and the governments of smaller states that are allied to the top Western states. “Hundreds of agents, either consciously cooperating with the FSB or whose personal and professional IT systems had even unwittingly [been] compromised, were recruited,” the document says.
The FSB recruits the “most capable cyber operatives in Russia” using coercion and blackmail and puts them to work on state-sponsored programs, with an eye toward maintaining official deniability of their activities, the document says.
Russian institutions are also the victims of cyberattacks, particularly from about 15 organized crime groups operating outside the control of the FSB and the Russian state. “The Central Bank of Russia claimed that in 2015 alone there had been more than 20 attempts at serious cyber embezzlement of money from corresponding accounts held there, comprising several billions of Rubles,” the intelligence document says.
The crime groups involved include Anunak (a.k.a. Carbanak), Buktrap and Metel.