The raw intelligence document published this week that contains salacious stories about Donald Trump also offers up a glimpse into how Russia goes about its cyber spying – including the tidbit that it has cracked Telegram’s encrypted instant messaging service.
While none of the 35-page document is substantiated, it is detailed, and at least some of it is considered credible enough by U.S. intelligence agencies for them to have briefed Trump and President Barack Obama on it.
According to the documents prepared by a former British spy, a “cyber operative” for the Russian Federal Security Service (FSB) told him that Telegram no longer posed an issue for the government. “His/her understanding was that the FSB now successfully had cracked this communication software and therefore it was no longer secure to use,” the document says.
The Kremlin Russian president Vladimir Putin’s government has a well-oiled cyber-espionage machine
Telegram had been of special concern for the FSB because it was used by internal activists opposed to the government, according to a July 26, 2016 entry.
Telegram has been criticised by cryptographers because it uses encryption it made up itself, which often leads to a product that hasn’t been vetted stringently enough to insure its soundness.
When it comes to cyberattacks, Russia’s offensive tactics include targeting foreign governments, especially Western governments; penetrating foreign corporations, especially banks; monitoring of the domestic elite; and attacking political opponents inside Russia and abroad.
In one case the FSB compromised some IT gear used by a foreign director of a Russian state-owned enterprise and that led to the FSB accessing important Western institutions via that backdoor. An IT staffer within the enterprise had been turned by the FSB to carry out the work.
Foreign agents are also recruited. In one case the FSB offered a U.S. citizen of Russian descent funding for an IT startup in exchange for a backdoor into the company’s software so Russia could plant Trojans to be used against specific targets. The document says this was a common FSB tactic, but doesn’t say whether it was successful in this case.
The document says the FSB also claimed success selling a cheap PC game containing malware that compromised the machines.
Russia’s extensive program of state-sponsored offensive cyber operations is headed by the FSB. “External targets include foreign governments and big corporations, especially banks,” the document says, but mainly succeeds only among lower level targets. It says it has “[l]imited success in attacking top foreign targets like G7 governments, security services and [international financial institutions] but much more on second tier ones through IT back doors, using corporate and other visitors to Russia.”
Sign up for CIO Asia eNewsletters.