Erecting Russia’s digital iron curtain
As its war against Ukraine rages on, Russia is attempting to block, throttle, fine, and/or censor nearly all “Western” social media platforms, as well as other key information sources. These internet blocks and bans affect information going in and out of Russia, which theoretically prevents information about the conflict from reaching its citizens. Millions of Russians, however, especially of a younger generation, continue to access social media and therefore information that is not readily available at home, such as on legacy media like television networks owned or controlled by the government.
Ultimately, while blocking foreign social media platforms has not completely blocked the flow of information, in combination with intimidation by the authorities, it has made sharing reliable news and opinions more difficult and may well exacerbate a generational split within the Russian society.
The Russian internet was relatively free until about 2012 when Russia adopted an internet blacklist maintained by Roskomnadzor, the Kremlin’s digital watchdog, which continues to play a role in Russia’s information war surrounding its invasion of Ukraine. Russia has been gradually tightening its grip in an effort to control the flow of information at home for more than a decade.
Pressure on foreign-owned social media platforms built up gradually, then suddenly. In 2016, Roskomnadzor banned LinkedIn because the company allegedly collected data from unregistered users, such as IP address, device model number, and cookie files, all of which are considered to be private personal data in Russia and therefore off limits. 2021 became a turning point for the worse. In April 2021, Russia began to throttle Twitter after claiming that the platform was serving content related to suicide, child pornography, and other illicit media. The platform is now banned in Russia.
Meanwhile, the Russian authorities have threatened to do the same to other platforms, such as YouTube (owned by Google) for blocking channels related to the German-language program of RT, Russia’s state-controlled broadcaster. They bombarded YouTube with requests to remove various content that the Russian authorities found violative—which often meant content related to organizations critical of the government—and compelled them to open offices in Russia to “localize” their presence. It was this type of pressure that in 2022, after the war started, the authorities ratcheted up yet one notch.
The invasion of Ukraine has poured fuel on the censorship fire, as virtually all “Western” news sources and social media platforms have been banned by Russia although, notably, they are not inaccessible.
On March 4, 2022, Russia banned Facebook and later, Instagram (which has a significantly larger user base than Facebook in Russia), after a court found them guilty of “extremist activities.” Two weeks later, Russia officially named Meta “extremist,” which essentially means that those advertising on their platforms can be prosecuted (an exception presently exists for the WhatsApp messenger). (Roskomnadzor says it has observed 26 cases of discrimination against Russian media outlets by Facebook since October 2020.)
When going after foreign-owned platforms, the Russian authorities followed an easily identifiable pattern: they put pressure on platforms with a smaller Russian user base first, and when they deemed that the measures did not lead to a large enough backlash, they moved on to the next platform. With threats to ban YouTube, which has a user base larger than any other platform in Russia, and is the primary source of entertainment for millions of Russian families, the Kremlin is reaching the top of this ladder.
While there are viable Russian alternatives to many “Western” social media platforms, home-grown social media sites are effectively subject to the control of the Russian government as Russian authorities can easily pressure them to remove any unwanted content—in ways they aren’t able to pressure Facebook or Alphabet, say. Homegrown social media sites are also subject to heavy surveillance by the FSB. In addition, the SORM–3 surveillance system essentially allows Russian security services to collect extensive traffic data, including on instant messages. In recent years, countless individuals were arrested across Russia for posting content authorities deemed “extremist” on their VKontakte accounts.
Recommended: Russian APT and Ransomware Groups: Vulnerabilities and Threat Actors Who Exploit Them
In most cases, these arrests were tied to posts that mocked the Russian Orthodox Church (based on an anti-blasphemy law adopted in 2013), but after the Russian parliament recently passed draconian laws against spreading “fakes” on the army and state bodies many Russians now fear that the authorities will punish any criticism of the government found on these platforms. Not only are homegrown Russian platforms limited in their access to alternative information, but they have also become a dangerous space for Russian citizens to engage in free discussion about their government and society.
Bypassing state restrictions
After the ban of Facebook, Twitter and Instagram there are limits to what an average Russian citizen can access, all while Russia’s main pro-government influencers – with the exception of state-funded media accounts – continue using Western platforms. At this time, Telegram is the only messaging application that has continued to evade full censorship, likely due to its ability to nimbly change the way in which it routes traffic, and also because the platform is also useful for the Russian authorities. In that regard, it can serve as a way to share information but also to spread misinformation or propaganda, or to monitor who and how are spreading narratives deemed undesirable by the authorities.
There are certainly methods to bypass state monitoring, like VPN services, and the usage of VPNs, which has reportedly spiked. Tor also offers alternatives for Russian users that are blocked from Western news sources, as select news outlets, and social media sites like Facebook and now Twitter, offer Tor sites. But these bypasses require users to be aware that they exist and of the resources that users can reach by using them.
This also reflects a split between younger Russians (under 40-50 years of age) who, as surveys routinely show, mostly get their news—and in many cases, their income—from or through social media, and the older generation who rely more heavily on television. Russia’s youngest citizens (under 30 years) are also more likely to have grown up as active users of Western social media and news sources in an increasingly restrictive internet environment, and are thus more aware of bypass methods.
Recommended: Funding and the Russia-Ukraine War: KYC for Crypto Transactions Proving Difficult
Therefore many independent Russian resources, like the news outlet Meduza, are also actively sharing guidelines for accessing VPN. Doxa, another independent news site, advertised a free and allegedly undetectable VPN service. Twitter created an onion mirror of its platform, which is accessible only through the Tor browser, and which Russia cannot fully block. Twitter said last Monday it would label and limit the reach of tweets linking to Russian state-affiliated news sources, and announced last Friday it was temporarily suspending ads in Ukraine and Russia “to ensure critical public safety information is elevated and ads don’t detract from it.”
The Russian government’s efforts to block access to foreign-based online services that host content that the government cannot control is starting to put them on equal ground with China, Iran, and North Korea, each with their own native messaging applications, and a list of websites or content that are blocked, banned, or throttled. The Russian government also started pushing guidance on the Russian Trusted Root Certificate Authority, recommending that users change their browser settings and use government approved technology.
What the chatter tells us
Increasingly harsh internet censorship has impacted conversations in illicit communities monitored by Flashpoint as well. However, most users in these communities are not worried that the Russian government will simply disconnect Russian internet infrastructure from the rest of the world, even as Russia’s “Sovereign Internet” law makes this possible.
According to our research, what users are worried about is increased surveillance capabilities, most of all those relying on deep packet inspection (DPI) technology, and, if they run schemes relying on social media platforms, about having to rebuild their infrastructure. Several threat actors on top-tier forums raised the necessity of adopting best practices from hackers residing in more repressive regimes, such as China.
Threat actors’ fears reflect sentiments in the wider society. Sharing information online or opinions publicly can become prohibitively risky for most users even if the platforms, on which they are sharing it, are not banned or throttled, like Telegram, as long as there is a plausible chance that the authorities are able to monitor messages or to link user handles to personal information. The Russian authorities have tried to foster this self-censorship by various means, ranging from physically checking the phones of passers-by to data leaks. Both can worsen self-censorship, and in a situation where the Russian government is actively encouraging people to intimidate “traitors”, leaked personal data can easily expose dissenters to violent attacks. As regards access to social media platforms, it appears that in illicit communities, just as in the wider society, only those who have been very active users of these platforms will be inclined to walk the extra mile to continue accessing them.
Get Flashpoint intelligence on your team
Any organization’s security capabilities are only as good as its threat and vulnerability intelligence partner. Flashpoint’s suite of tools offer you a comprehensive overview of your threat landscape, providing you with the ability to proactively manage risks and protect your assets, infrastructure, and personnel. To unlock the power of great threat intelligence, sign up for a demo or get started with a free trial today.