Spy Games 2014

Dec 15, 2013

Surveillance, Censorship, Intolerance and Violence

Implications for privacy at the Sochi Olympics
Athletes train their entire lives to compete in their sport at the Olympics. But in Sochi, our athletes, their coaches, sports organization representatives, spectators and dignitaries may find themselves competing in a different sort of games… that have already begun (without an opening ceremony).

Let What Games Begin?
The social network presence, telecommunications and e-mails of those attending the 2014 Winter Olympics (and their friends) will be under intense scrutiny prior to, during and after the official games. They will be exploited for competitive advantage, political-economic intelligence, hints of sedition, identity theft, and future manufacturing access.

The Russians have the means, motive, and a history of surveillance, censorship and the repression of ideas that run counter to the state’s doctrine. Leading up to the Games, there is clear evidence of a growing surveillance apparatus ­gaining momentum.

These Olympics are taking place amidst a profound and unprecedented technological capability for pervasive surveillance. Sochi ­provides a concentration of targets of opportunity within the State’s sphere of control. In what could be called the 2014 “spy games”, the Russians have home-turf advantage.

The Federal Security Service of the Russian Federation (FSB) is the country’s principal security agency and successor to the USSR’s Committee of State Security (KGB). However, the FSB is much more than just an ordinary security service – it combines the mandates of an elite police force with those of an intelligence agency.

Ironically, by delivering details of Western signals intelligence capabilities directly into the hands of the Russian State Security and Intelligence Services, American intelligence thief Edward Snowden may have helped advance Russian surveillance capabilities in the lead-up to the Games.

Affecting Athletes
Athletes participating in the 2014 Winter Olympics may face the most technically intrusive surveillance in the history of the Games – with spying that extends into social media and the Internet at large.

The profiling of athletes probably began as soon as they were named to a team. This most likely includes harvesting the athlete’s social media presence, the content of their posts, political views, their social network of friends, pattern-of-life, possible indiscretions, or online training logs, heart-rate zone performance, and so on. Entrapment, or breaking into a trusted circle of friends or groups may have already been attempted and may, in fact, continue long after the Games are over. Athletes and their electronics were also exposed during any travel in advance of the Games. In fact, simply visiting web sites related to the Sochi Olympics may have been enough to infect ones computer with spyware.

Although athletes hope to take home medals, they may be taking home something else on their laptop. During the Games, one should assume that all phone calls, e-mail, texts, web browsing, access to voice-mail and online banking will be intercepted and exploited. The confidentiality and integrity of any computer or device brought to the games can be compromised with momentary physical access (such as when passing through security). Personal contacts and account passwords on a laptop or phone can be stolen, or hacking malware installed in mere seconds.

Strategy discussed in team dressing-rooms or over the air are subject to eavesdropping, whereas team radio communications are also vulnerable to electronic warfare tactics such as deception, spoofing, interference or jamming at critical moments during play.

Consider what some have described as the “cozy” relationship that Russian security services share with organized crime. These entities stand to benefit from information collected from the state-espionage infrastructure. Consequently, your banking and identity information are also at risk.

The U.S. State Department’s bureau of diplomatic security warned anyone travelling to the Games to be extremely cautious with communications, explaining:

“Russian law permits the monitoring, retention and analysis of all data that traverses Russian communication networks. Business travellers should be particularly aware that trade secrets, negotiating positions, and other sensitive information may be taken and shared with competitors, counterparts, or Russian regulatory and legal entities."

Russian Roulette
What you say before, during and after the Games can get you and others in trouble. The FSB system does not discriminate between free-speech, social advocacy, sedition or espionage, and homosexuality is equated with pedophilia by the state. Russian authorities often postulate that organizations working on human rights and other issues have subversive agendas. Protests, including online ones, had been banned during the run-up to the Olympics, however that was later modified so that protesters who register could stage protests, albeit many miles from Games’ facilities. Should athletes feel compelled to speak out on various important issues, they should do so with an appreciation of the risks, and take the necessary precautions.

Comments about gay rights, Russia’s internal conflicts, religious intolerance, or support for the opposition will flag you for special attention. Even discussion-threads on social media back home are visible to the Russian government. Friends posting certain content to your wall that is publicly visible can be problematic.

The new law regarding gay propaganda falls under the guise of ‘things that are harmful to children.’ This is, quite simply, a catch-all criterion that allows the government to prosecute people who voice ‘unsanctioned’ ideas. Mostly, this includes the gay lifestyle but also includes recreational drug use.

Specifically, if someone “propagates non-traditional sexual relations to minors,” the law calls for a U$125 to $160 fine, deportation, and/or 15 days in jail for foreigners (however, if the foreigner uses media or the Internet, fines can increase to U$1500-$3000). This is not the Olympic experience that most athletes have in mind.

Russians that you befriend within these proscribed online discussions will also be at risk for being arrested, or they may be disguised government agents trying to trap you. Similarly, athletes must be aware that showing sympathy or expressing a feeling of brotherhood with insurgents will likely create a risky situation for themselves.

It goes without saying that joking about bombs or acts of terrorism, even in a private conversation, will likely be treated seriously by the authorities.

Among the Most Dangerous Olympics
Sochi is located in the North Caucasus, very close to the ongoing insurgency that is predominantly in Dagestan. Historically, Sochi is a Soviet resort town offering skiing in the winter and beaches in the summer.

The area has been the scene of armed insurgencies since the breakup of the USSR, essentially two armed conflicts that have deteriorated into guerilla warfare. Though violence has decreased significantly since the mid 2000s, the grievances have festered. Currently, the most violent region is Dagestan, followed by Chechnya, and then Ingushetia.

The insurgency is not limited to a single actor, but includes several independent entities. The largest and most well-known insurgency, the Caucasian Emirate (Imarat Kavkaz or IK), has shifted its vision from a global concept of Jihad to an anti-Russian, nationalist vision. Recent increases in Western and ethnic-Russian individuals joining the cause has created many splinter groups, each with their own set of objectives.

Conversely, fascist and neo-Nazi gangs, styling themselves as nationalists, are a serious and growing concern in Russia. The far-right is extremely xenophobic; believing strongly in racial purity and a Slavic brotherhood. They target anyone who appears to be migrant workers from the former Soviet Union, whom they view as occupiers and criminals. These groups have strong ties to violent hooliganism in sport.

Meanwhile, state security services are intent on monitoring and cracking down on anything that threatens to disrupt the Games, as well as capitalizing on exploiting opportunities in the pursuit of national objectives. Here, Russian organized crime stands to profit the most.
“As Sochi Olympic venues are built, so are Kremlin’s surveillance networks. Terrorism threat and Kremlin paranoia prompt Russian spy chiefs to build unprecedented eavesdropping system,” wrote Andrei Soldatov, Irina Borogan and Shaun Walker, in The Guardian, October 2013

Censorship, Surveillance and Violence
New online censorship legislation, spearheaded by Russia, could mean that filtering in the region is poised for activation. As it is, the censorship landscape in the Commonwealth of Independent States (CIS) is in constant flux. The fight against terrorism, separatism and extremism, ‘protecting ­children from harmful online content’, and the defense of intellectual property is laying judicial practices to waste.

Under the pretext of protecting children from harmful online content, Russia has legitimized the blocking of websites.  Kyrgyzstan went so far as to cut off the entire country from the Internet during uprisings in 2010, thus demonstrating the capability. Belarus has a documented history of blocking access to opposition websites and independent news, particularly during elections. Even those countries in the CIS that are not typically associated with online restrictions have reverted to tactics, such as “just-in-time” blocking, at critical times in the game.

The filtering practices of one country, typically Russia or Kazakhstan, can migrate to others through transit agreements between major ISPs. Upstream filtering, traffic shaping, legislative developments, and growing information security concerns, have led to unpredictable online spaces in the CIS, and differing levels of filtration and censorship.

Someone is Listening
Western diplomats, foreign journalists and businesses report a huge rise in surveillance and harassment agents of the state, leading up to the Games.

A shadow infrastructure of electronics is being outfitted to the venues, constructed by Russian oligarchs, to provide inescapable video surveillance and capability to collect, filter and shape communications traffic of its guests. The System for Operative Investigative Activities (SORM) is the eyes and ears of the security and intelligence services.

Russian organizers are promoting the fastest Wi-Fi networks in Olympic history, free of charge. Just remember: “If it is free, then you are the product.”

Doku Umarov, leader of the Caucasian Emirate insurgent group, cancelled the moratorium on attacks on civilians in Russia. While not necessarily connected, a female suicide bomber from Dagestan blew herself up in a bus in Volgograd on 21 October 2013. In the past, ethnic Russians have been targeted instead of foreigners, however, being at the wrong place at the wrong time is an unfortunate risk, as is getting caught in the cross-fire between insurgents, right-wing extremists, and state paramilitaries.

Far-right extremist groups predominantly target ethnic communities, especially groups from the Caucasus and the former Soviet Republics in Central Asia. Attacks are vicious, and there is a history of violence against ethnic minorities of all ages in major cities, like Moscow.

No one is immune. As recently as 15 October 2013, men posing as electricians broke into the flat of a Dutch diplomat, tied him up, hit him, and drew a heart with LGBT (lesbian, gay, bisexual, and transgender) on his mirror. This appeared to be an orchestrated attack by Russian authorities after the arrest and release of a Russian diplomat several days before.

Extremists and nationalists have also targeted those with non-Slavic features and skin-colour, albeit significantly less frequently. The police do little to prosecute hate crimes, possibly due to reportedly high levels of corruption among security forces.

Indirect Risks
It is a safe bet that the International Olympic Committee (IOC), the World Anti-Doping Association (WADA), and numerous national sports organizations and governments have already been compromised by targeted cyber-espionage, most likely originating from China or Russia. Canada-based WADA was first compromised in August 2009 – that exposure reportedly lasted more than a year and the server used by the intruders had collected over a year’s worth of evidence. Credible reports explain that the attack began with a spear-phishing email which was sent to an individual with the right level of access; the email contained an exploit which, when opened on an unpatched system, triggered a download of implant malware. Responding to this news WADA stated it “has yet to be convinced that [hacking] took place.” In disputing the report, the Association assures that the ADAMS system, which plots the whereabouts of athletes, remains secure.

Although Canadian athletes can reach the podium, they may have to navigate a few more challenges than previous Olympics. Athletes, coaches, officials, and visitors alike are counselled to exercise discretion on-line: either discussing team tactics or sensitive issues like gay rights. Not only does this present a personal risk, it could also erode Team Canada’s competitive advantage or place native LGBT Russians at risk.

Across the globe, state capacities to conduct surveillance and censor cyberspace are growing, and those advocating for Internet freedom are often at grave personal risk. As new, digitally-empowered generations use technology to amplify their political and economic voices worldwide, we are witnessing the coming-of-age of networked movements and power. The potential for cyberspace to deepen democratic development, engagement and inclusion is unprecedented. And yet the use of cyberspace is under threat.

Currently, over 650 million people live under some form of state-imposed internet censorship. This is expected to rise, as less democratic or authoritarian states use a combination of regulation and extra legal means to enforce internet censorship and surveillance. In some countries – including and especially those afflicted by civil war – digital activists and citizen reporters are under extreme personal threat.

Countries in the Eurasia region are on the frontline in the battle for internet freedom. A groundswell of local lawyers, academics and activists network to support innovative policy/advocacy interventions and turn back the rising tide of internet censorship and surveillance across the region.

Digital activists – such as human rights activists, journalists, citizen reporters, lawyers, non-violent civil society organizations and ordinary citizens – continue to strive towards improving digital safety and security, expanding access to online communication and information, raising public awareness of the issues at stake, and engaging the policy debate. We must support them.

Dave McMahon, a former Canadian national biathlon champion, is currently the Chief Operating Officer of the SecDev Group, which advises on the game-changing impact of cyberspace.
© FrontLine Security 2013