Russian Active Measures for the Internet Age.

Is Donald Trump Putin’s Revenge?

Was the election of Donald Trump the result of the successful application of “active measures” by Russia? Did the massive Facebook and Twitter campaigns by the Russians change public opinion enough in the final days of the Presidential campaign to move the needle and help Trump win?

According to Retired KGB Maj. Gen. Oleg Kalugin, former Director of Foreign Intelligence for the KGB, “active measures” are “the heart and soul of Soviet intelligence”: “Not intelligence collection, but subversion: active measures to weaken the West, to drive wedges in the Western community alliances of all sorts, particularly NATO, to sow discord among allies, to weaken the United States in the eyes of the people of Europe, Asia, Africa, Latin America, and thus to prepare ground in case the war really occurs.” (Wkipedia)  I cannot think of another American president in my lifetime who has been a more disruptive and polarizing force both domestically and on the world stage.  Is Trump’s presidency a “win” for Russia?

I watched a two-part Frontline documentary on PBS titled Putin’s Revenge that examines the rise to power of an obscure ex-KGB analyst named Vladimir Putin, as Boris Yeltsin’s right hand man and heir apparent, and the tactics he used to influence the last U.S. Presidential Election.  Evidence would indicate that Putin prefers Republican presidents to Democrats.  I recommend these videos to you, and you can live stream them here.

It is clear that Russia is actively using cyber-operations against the west.  What kind of “active measures” are being used by Russia against it’s perceived adversaries in the west?  They are attacking European NATO member states, former Soviet-bloc east European countries, Russian Federation member states, Countries in the Middle East and Arabian Peninsula.  What is their goal?

The Mitrokhin Archive talked extensively about active measures as they were carried out by Russian intelligence and security services during the two World Wars and Cold War.  According to Wikipedia:

Active measures (Russian: активные мероприятия) is a term for the actions of political warfare conducted by the Soviet and Russian security services (Cheka, OGPU, NKVD, KGB, FSB) to influence the course of world events.  Active measures range “from media manipulations to special actions involving various degrees of violence”. They were used both abroad and domestically. They included disinformation, propaganda, counterfeiting official documents, assassinations, and political repression, such as penetration into churches, and persecution of political dissidents.

Oleg Kalugin called active measures subversion intended to: “drive wedges in the Western community … particularly NATO, to sow discord among allies, to weaken the United States … and thus to prepare ground in case the war really occurs.”

Active measures included the establishment and support of international front organizations (e.g. the World Peace Council); foreign communist, socialist and opposition parties; wars of national liberation in the Third World; and underground, revolutionary, insurgency, criminal, and terrorist groups. The intelligence agencies of Eastern Bloc states also contributed to the program, providing operatives and intelligence for assassinations and other types of covert operations.” (Wikipedia)

A more current analysis of Russian active measures appeared on August 13, 2017 on Wired.com.

“A few months after taking over as Russia’s chief of the general staff, General Valery Gerasimov outlined his vision for a 21st-century style of warfare. It erased the boundary between peace and war and relied on emerging technologies to provide a level of deniability for the Russian military. “In the 21st century…wars are no longer declared and, having begun, proceed according to an unfamiliar template.”  Later, he outlined a coordinated and multi-pronged approach to warfare that relies on asymmetric tools to open up “a permanently operating front through the entire territory of the enemy state.” (Wired.com)

Some of the updated active measures of the Russian intelligence and military services are described below.

Active Measures for the Cyber Age

  • Disinformation – Manipulation of media outlets and social networks to create political discord and influence elections.  Also used to create doubt in governmental agencies, law enforcement, the military, and domestic security services.  This has been updated through the extensive use of Internet services such as Facebook and Twitter.  Trump’s use of the #FAKENEWS hashtag plays into Russia’s efforts in this area.
  • Cyber Actions – The Russians began their movement into cyber-operations by recruiting Russian cyber-crime organizations.  This gave the Russian government plausible deniability.  Currently these operations are being run more frequently by officers of the Russian military and intelligence services.  Nevertheless, there is still a lot of private contracting with cyber-crime groups.
  • Money – The relationship with Russian cyber-criminals has given the Russian government another lucrative way to fund operations through profitable cyber-crime operations.  This provides ample cash resources to support other covert operations.
  • Espionage – This includes the use of human spies – “illegals” or “nonofficial cover (NOC) agents.  But more frequently, espionage is carried out remotely from a computer terminal, and uses cyber-tactics such as remote access Trojan horse programs, phishing emails, social engineering, email and social media account hijacking, network and server breaches, information exfiltration, and so on.

Other Active Measures

  • Energy Policy – Russia is using it extensive natural energy resource to apply leverage to European countries but restricting supply when it suits Russia’s political objectives.  The sale of natural gas and oil provides much need hard currency, so this is not always an optimal tactic.
  • Compromise and Extortion (Kompromat) – This tactics involves discovering or creating compromising information and using it to blackmail the victim.  Historically there has been a large use of honeypots and sex tapes featuring the victim and a graduate of the FSB’s “Sparrow School.”
  • Violence – This is more colorfully known as wet work, and includes all forms of physical violence from simple beatings to torture, poisoning, and assassination.
  • Diplomacy – For Russia, diplomacy is just another useful tactic in a world of asymmetric warfare.

In the next post, we will continue this investigation, and take a look at a timeline of the cyber-exploits that have been attributed to he Russian Government.  These cyber attacks started out in 2004 as small, unsophisticated attacks against former soviet-bloc countries, done with as much secrecy and deniability as possible.  As the Russians gained experience, and learned that there would be few, if any consequences from the west, they became bolder and more daring.  They are at the point where there is little concern from them about attribution and deniability, it is now just a part of there intelligence operations and foreign policy.

More Information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.