Lorie Shaull



Cybersecurity Threatening Politics and Business as Usual

Many believe that China and indeed Russia’s hybrid, cyber and information practices, delve into digital espionage, a notion copied in the commercial space and in pursuit of opposing information which is truly the currency of the next generation.

There was a time when the ‘Internet of Things’ served as the scourge of authoritarian and kleptocratic leaders who blamed it for fomenting the Arab Spring and a myriad of revolutions. However, to date, Russia, China, South Africa and North Korea have learned how to utilise these tools to push back against rival nations and their actors.

And this geopolitical espionage has trickled in to the hearts and minds of the American electorate. The indictment of thirteen Russians and three companies by U.S. Special Counsel Mueller exposed a “sophisticated network designed to subvert the 2016 elections,” according to The New York Times, one that “…stretched from an office in St. Petersburg, Russia into the social feeds of Americans and ultimately reached the streets of election battleground states.”

Russian hackers have intervened in many European countries, including Catalonia, Spain; France; UK; Germany; Poland; Sweden and elsewhere, allegedly supporting separatism and withdrawal from the EU. The indictment of thirteen Russians and three international companies by U.S. Special Counsel Mueller exposed a “sophisticated network designed to subvert the 2016 election,” according to The New York Times that “stretched from an office in St. Petersburg, Russia into the social feeds of Americans and ultimately reached the streets of election battleground states.” Russian hackers concurrently compromised the voting systems in at least seven US states, where “unknown intruders” gained access to a base of nearly one hundred thousand votes.

As noted before, Russian hackers have intervened in many European countries. Other sources say that a Russian citizen, Alexej Gubarev, could be one of the Putin’s allies at the centre of operations who undermined the 2016 US elections. In addition, there are other sources of information stating that Gubarev’s XBT/Webzilla, a company which was named in Trump’s report, is purported to have engaged in hacking the DNC during the 2016 US election using botnets to transmit viruses and steal data.

Clete Stevens, renowned cyber analyst, can you take us through the manipulation of the ‘Internet of Things’ for political and commercial gain?

Social media sites know a user’s geo-location, patterns of behavior, interests and preferences, and use tags to sell to advertisers. Facebook recently took action to combat this scourge of ‘fake news,’ starting with the creation of a “dispute” button, which was later eliminated. Facebook’s algorithm for ranking its newsfeed was then revised, with posts of people close to the account holder having priority over unfamiliar users.

While Facebook was linked to the infamous Cambridge Analytica in harvesting user data for “psychological manipulation,” US legislators continue to ignore alternative, smaller sized social media companies. These include traffic agencies that manipulate opinion and illegally collect and sell personal data of users to third parties. Fortunately, the Cambridge Analytica is a UK based company, and there is a great Rule of Law in the United Kingdom and Europe, as well as in United States. But there are other less developed countries that serve as good examples for international leaders. Ukraine gained tremendous experience in combatting these malign Russian activities, and this experience could be useful to help the US or UK, and international law enforcement agencies. I want to elaborate more about the Ukrainian case, because this is a great example for many developing nations in Africa and around the world, which wish to avoid meddling by Russian, Chinese or other cyber aggressive countries, like Iran or North Korea.

You have mentioned these “traffic agencies” that manipulate people’s opinions and illegally collect and sell personal data of users to third parties- how this happens?

The bulk of this “digital human trafficking” may take place on websites with pirated music and video content such as Kinogo and Seasonvar and popular torrent trackers like Torrentino and TFile, offering free access to popular American TV- shows and movies. These piracy hubs are especially popular in Nigeria, Ghana, and other African and Post-Communist countries, such as Ukraine and Russia, because internet users often want to have access to free pirated movies and games, but this comes with a great price. As a rule, illegal content distribution hubs position themselves as file sharing sites so as to hide the true nature of their business.

Companies that monetize Internet traffic, such as Adwise Agency, may earn a surcharge on advertising from their clients on various sites. These agencies may slow down a user’s browsing of a site through the use of pixels, hidden buttons for pop-up advertisements, and other ethically questionable tactics. One of the purposes of such agencies may be the collection of information about visitors to the sites with pirated content and sell it to special arbitrators who can later use it for political campaigns, business advertising and other illegal purposes. At the same time, all data collection remains unnoticed to the website’s users.

How do governments permit this to happen?

It is not so easy to track. As you know, even in the United States, with its top security protocols, there are serious issues with Russian hackers. But certain governments may be several steps ahead of the game and that is why the Ukraine attracts great attention due to its cyber successes.

Ukraine has begun resolving the problems of such illegal activities on many fronts, and it is very important to do because internet is so interconnected. For example, an illegal online gambling business was forcibly closed down in Ukraine. This particular business had been managed in Ukraine by Kyle Sygyda, but is owned by Russian citizens Rustam Gilfanov and Sergei Tokarev, who allegedly have been under sanctions in several countries and owned the aforementioned Adwise.

Why is this case so important to the international community?

Some of the internet sources suggest that Tokarev and Gilfanov could control not just the one agency, Adwise, but also companies including Lucky Labs, AdTech, Playson, and tens of others around the world, involved in fraud activities related to the Level Up gambling company hosting more than 200+ employees.

Am I correct that these companies are structured in clusters or groups?

Exactly, for example Adwise promoted an article on their website about Russian Internet giant Yandex.ru. But, according to the research company Gemius, 10.8 million people over the age of 14 use “Yandex” and it was able to avoid Ukrainian sanctions and continues to support the spread of Russian propaganda in Ukraine. This is an alarming case for many democracies. Soviet Russia once had a great level of control over Angola, Benin, DRC, Ethiopia, Mozambique, Cuba, China, North Korea and others, and history may repeat itself, Putin’s arm has already reached the Middle East, and Africa may be next.

What should internet users know in order to help combat possible attempts to undermine “Internet digital democracies”?

Well, it is clear that without advertisers willing to pay for their commercials to air on pirated-content websites, such platforms would not exist. Hence, there must be a multi-pronged solution to this problem, prompting advertisers from Nigeria to Nepal to reach for advanced AdTech resolutions which make opaque platforms obsolete.

There are common interests in ensuring the digital security of Internet users by uniting the industry and preventing advertisers from contributing to the proliferation of piracy, copyright violation and personal data theft. Washington and Kiev should serve as examples by taking the lead in combating malign activities by initiating the formation of an intergovernmental body, otherwise we may witness serious shifts in geo politics because of interwoven, internet-driven hybrid tactics.