Ukraine’s greatest cyber offensive against Russia allowed us to look into the mind of the country waging war against us. So I thought we have to use this incident to the fullest – hence the report “The Surkov Leaks: the inner workings of Russia’s hybrid war against Ukraine.”
- Read more: The Surkov Leaks: Major report on Russia’s hybrid war in Ukraine published at RUSI Institute
Here are many excellent specialists who know how to defend their organizations against cyberattacks. I cannot tell anything about that. But what I can tell about is Russia’s hybrid war, in which cyber operations are only one instrument.
Some specialists contend that cyber operations are a part of hybrid warfare, the goal of which is to cause significant damage on the ground, akin to kinetic war. There is a truth to that, especially if we consider Russia’s use of electronic warfare in war zones such as Donbas – it is truly an instrument of war. But more often, cyber operations are part of a strategy of Russia’s hybrid war, in which Russia aims to alter the decision-making processes of its adversary. A cyberattack targeting infrastructure is unlikely to cause significant permanent damage, but it will definitely spread panic among the government among the general population, who start feeling insecure, start protesting, being afraid, and blame the government. And that is exactly the goal of such an attack.
It is an example of how Russia uses various means to influence the decision-making mechanisms of its adversary. Other tools, apart from cyberattacks, include disinformation and media campaigns, spreading rumors and panic, co-opting civic movements or creating new ones, bribing and infiltrating political groups, assassinations, terror attacks, kompropat, kinetic warfare as it is now happening in Donbas, and more.
With these tools, Russia aims to alter how their adversary sees the world – and therefore, alter the adversary’s decisions. For instance, alter the political decisions of a country. This approach is known as reflexive control, and Russia uses it immensely.
This is why I would like to stress that neither disinformation nor cyberattacks nor any other tool from this set should be taken separately. They should be always viewed as a set of measures that aim to trick political leaders into making decisions Russia wants without even knowing it.
Or, in other words, to hack the system of a society. And a society, as any system, has its vulnerabilities that Russia aims to exploit.
As some of you specialists here have told me, this is something that should be especially interesting to cyber specialists – what vulnerabilities exist and what we can do about them. So I’ll focus on this too.
So, onward to Surkov Leaks. In 2016 and 2017, the Ukrainian cyberalliance (a coalition of white-hat hackers who proclaimed their goal to defend their country from Russia in cyberspace) published tranches of emails originating from the office of Vladislav Surkov, Putin’s top advisor who has been called Putin’s Rasputin. These tranches of emails have been considered authentic by analysts from the Atlantic Council’s Digital Forensic lab and others.
There are three tranches of leaks – Surkov Leaks 1, 2, and 3. The emails are from the accounts belonging to Surkov himself, his assistant Inal Ardzinba, and the leader of the Communist party in the city of Kharkiv, Alla Aleksandrovska. There are around 4,000 emails in total, and they span 2013-2015.
What do they tell us about Russia’s hybrid war against Ukraine?
1) Russia is studying Ukraine very, very scrupulously. 90-95% of the content of Surkov’s mailbox consists of briefs about the media and political landscape of Ukraine. Russia also relied on sociological, personal reports about the situation, and analysis of insiders – pro-Russian Ukrainians who were ideological allies of the Kremlin and wanted to advance Russian plans for Ukraine. Surkov especially relied on the analysis of two Russian think tanks – the Center for Current policy run by Aleksey Chesnakov and Center for CIS studies run by Konstantin Zatulin.
2) To implement its plans for Ukraine, Russia relied on Ukrainian collaborators. They can be divided into two parts: ideological collaborators – those that genuinely believed in the ideas of the Russian world and wanted Ukraine to return to Russia’s grip. These are the ones we can identify from the hacks: communist party leader Alla Aleksandrovska, Pavlo Broyde, Oleksandr Slabiyev, Anton Davidchenko, Petro Horbunov. These people are seen corresponding with Surkov and his assistant Ardzinba, giving ideas and managing programs to implement Kremlin plans. They can be called the officers of Russia’s hybrid war. Then there are the situative collaborators – ones that simply received money for some activities. These can be called the foot soldiers of Russia’s hybrid war; they are seen carrying out paid for protests, provocations, rallies, and other types of activities imitating genuine civic engagement – on the Kremlin’s payroll.
Overall, I as an activist in the past, was amazed to see how closely the Kremlin’s activities resembled western funders of the activities of NGOs. The grant-seeker submits a proposal, gets it approved, gets money for the activities, reports about implementation. The mechanism with Russian collaborators and Surkov was similar. They are also seen submitting “grant proposals” of a sort to Surkov.
However, Western donors aim to strengthen democracy in Ukraine (at least as they see it) and are clear about their goals. They have open proposals and NGOs are given freedom of implementation.
The Kremlin’s aim was to destroy Ukrainian sovereignty and bring it under Russian control. The funding opportunities were secret. Surkov micromanaged every step and required reporting on an almost daily basis. My favorite example of Surkov’s micromanagement is when his assistant personally chose the chairs on which Kremlin-funded politicians and civic actors in Dnipropetrovsk Oblast would push for the federalization of Ukraine. But there are many more – it was common for Russia’s agents to discuss logos, posters, banners, effigies, and other visuals with Surkov.
Another important factor: ideology. Why would a person from Ukraine choose to plead allegiance to Russia and willingly work towards undermining Ukrainian statehood? Because of the ideology of the “Russian world”, presented as a separate civilization, and insufficient loyalty to Ukraine. This is something to watch out for wherever there is a Russian diaspora – or a population that is ideologically affiliated with Russia, such as in Ukraine.
Here it’s worth to stop a bit on who Surkov is, exactly. Called the gray cardinal of the Kremlin and Putin’s Rasputin, it was once said that not a single thing in the political environment of Russia happened without the participation of this man, who was responsible for bringing Vladimir Putin from the status of an unknown KGB operative to four-time president. Surkov, who studied to be an actor, is also known as the puppetmaster – for his ability to engineer postmodernist propaganda. His specialty was constructing Kremlin-backed youth movements such as Nashi. He fell out of favor with Putin though when he abstained from using the movements he engineered to quash protests against the government – but was nevertheless tasked with curating the occupied republics of Georgia and, in 2014, the LNR and DNR in eastern Ukraine.
So, Surkov used his talents of engineering a fake reality to the utmost in Ukraine. As we mentioned earlier, the goal of the fake reality was to coerce Ukraine into making decisions Russia wants without Ukraine even knowing it. And what were those decisions?
3) Russia’s goal in Ukraine is to stop the country’s westward movement – stop Ukraine’s integration into the EU and NATO. And since EU integration was one of the demands of the Euromaidan revolution and the Ukrainian government elected thereafter, Russia’s goal was to prevent this leadership from getting reelected and to prevent westward movements of the country along the way.
The “DNR” and “LNR” that Russia set up in east Ukraine is an excellent example of reflexive control serving Russian goals. The Surkov Leaks leave no doubt that the war in Donbas, portrayed by Russia as a civil war, is a Russian puppet republic, similar to those in Georgia and Moldova. The Surkov Leaks prove that Russia bankrolled these “republics” and appointed their leaders – to both the “parliament” and “cabinet” just like it did in Georgia.
It’s no wonder that Russia’s reform-minded neighbors are plagued by separatism and frozen conflicts.
In fact, one of Surkov’s collaborators who aimed to establish such a “republic” in southern Ukraine, in Besarabia, was a KGB operative from Transnistria.
But another thing that the Surkov Leaks prove is that the Minsk protocol, currently portrayed as the only way to stop the conflict in Donbas, was a carefully crafted trap for Ukraine. It is currently blocked because there is no way for Ukraine to implement it without capitulation to Russia – and this capitulation is, namely, the federalization of Ukraine and a permanent “special status” for Russia’s “republics” in Donbas which would be funded by Ukraine, were the Minsk protocol to be implemented. Surkov’s emails, and personal research show that Ukraine was forced into accepting this decision thanks to a combination of on-the-ground Russian military escalation and blackmail of EU leaders, who were scared of the prospects of a full-blown war in Europe with the threat of it turning into a nuclear war. The previous administration of President Poroshenko carefully balanced for several years to avoid this capitulation to Russia, but with our new president, I am much less certain about Ukraine being able to defend its national interests.
- Read more: Leaked Kremlin emails show Minsk protocol designed as path to Ukraine’s capitulation – Euromaidan Press report
The military invasion thanks to which the LNR and DNR were established and the Russian invasion happened were conditioned by the ruined state of Ukraine’s military and total unpreparedness to repel the Russian advance. In this, Ukraine is actually not as alone in Europe as it may seem: the state of most European armies desires more, and there is a persistent desire to disarm in order to “not provoke Russia.” The countermeasure to that is to take the Russian threat seriously and arm.
4) “Soft federalization.” Immediately after the Euromaidan revolution, Russia tried to engineer the “Novorossiya” movement to break off half of Ukraine. This movement failed, save for the “LNR” and “DNR,” but soon found another way – a hidden, soft federalization of Ukraine, using the Constitutional reform envisioned by the Minsk protocol which Russia coerced Ukraine into signing. The Surkov Leaks reveal a coordinated campaign to introduce a “special status” for different Ukrainian regions into Ukraine’s constitution, and therefore, achieve Russia’s goal of federalizing Ukraine.
Why the push for federalization? For years, Russia has painted Ukraine as a divided (and even non-existing) nation, the only solution to the problems of which is federalization. And it is clear why – a divided nation is easier to divide even further and control. Regions that have more power are easier to infiltrate than the central government – by bribing and coopting local leaders.
In the Surkov Leaks, we see a remarkably simultaneous campaign, with movements demanding a federal, special, or autonomous status for their regions springing up in the Odesa, Kharkiv, Dnipropetrovsk, and Zaporizhzhia oblasts (although from media reports we know that the campaign was even more widespread). The “leaders” of these supposedly independent movements finally convened at “All-Ukrainian Constitutional Forums” and read aloud talking points sent to them by Surkov beforehand. These included the demand for a federalization of Ukraine by giving Odesa a ‘free port’ status, increasing the budget powers of the Ukrainian regions, and adopting a law allowing areas like Besarabia the status of national-cultural autonomy. It’s worth noting that the Kremlin attempted to legitimize its federalization ideas by presenting them as “European” and “progressive.” For instance, at one of the “All-Ukrainian Forums,” foreign fringe politicians were present, such as Boleslaw Bereziuk from the Polish Party of Regions, Franz Weise from the far-right German party Alternative für Deutschland, Daniël van der Stoep, founder of the Dutch Eurosceptic party Article50, and Joe Lombardo, leader of the left-wing United National Antiwar Coalition, where they expressed support for the Kremlin’s ideas for the federalization of Ukraine.
Foreign politicians were present at the regional federalization forums organized by Russia as well – some of them pushed for a canton status for Ukraine’s regions, “like Switzerland.”
Speaking about Polish politicians, Boleslaw Bereziuk was recruited to speak at an event in Odesa, where the deputy head of the Polish Zmiana party, Nabil Malazi, was present as well.
But what is perhaps most remarkable in these federalization activities are the narratives carefully selected by Russia. In the Zaporizhzhia oblast, Pavlo Broyde, a pro-Russian Ukrainian who decided to sell himself to the Kremlin, conjured up several narratives that could be used to advance the federalization strategy. One was historical – the region was once home to the Kozaks of the Zaporizhzhian Sich; one economical. But the one which was chosen was ecological. Zaporizhzhia is an industrial region with a plethora of ecological problems. A “special status” for the oblast was presented as a way to solve them. Under this flag, which carried no hints of the Russian tricolor, the Kremlin gathered significant support for what seemed like a local cause: tens of thousands of signatures were collected and delivered to the Ukrainian parliament, rallies were organized, round tables. This example illustrates two major Russian principles of the hybrid war:
- local ideological collaborators are indispensable. Only an insider to the Ukrainian situation could identify a narrative that would be so successful. The Kremlin would not be able to wreck a country from within if it didn’t have willing collaborators.
- “trojan horse” narratives are indispensable. The Kremlin advances its goals under the guise of seemingly innocent and even beneficial causes. And it’s often difficult to discriminate between a genuine cause and one that was designed by Russia.
One such “Trojan Horse” narrative was the need for a “cultural autonomy” in the multi-ethnic Besarabia region. Dmitri Soin, a KGB operative from Transnistria, developed this plan, which included, according to our security service, an invasion from nearby Transnistria. But perhaps because Soin was not a local and did not “feel” the local landscape enough, the plan was broken up and the puppet leaders arrested (two of them were later traded in for Ukrainian political prisoners of the Kremlin, of who there are currently 87).
But the most important systemic vulnerabilities were actually laid out by Pavlo Broyde, the Ukrainian PR guru.
He wrote about the collapse of the vertical of power in southeastern Ukraine during the Yanukovych’s time. This means that this territory was virtually controlled by oligarch “overseers” through the “shadow vertical of power” who maintained control by corrupting the power structures and a combination of media and PR operations. Something akin to a feudal mafia clan. While the “overseers” had fled after Euromaidan, the structures of the “shadow vertical of power” remained and could be used for Russian purposes.
So here we see that not only democratic freedoms but also the absence of democracy, a set of manipulations of “feudal lords” with which they kept control was also a key asset for Russia.
5. Political infiltration. Since the goal of the Kremlin is to alter the course of a society, it aims to target the decision-making processes. And politicians are on the top of the list. In Ukraine, Surkov appeared to have fully funded the election campaign of Kharkiv Communist leader Alla Aleksandrovska (however, it failed to give good results – only a few deputies got into the local councils). More resultative was the Kremlin’s apparent cooperation with the pro-Russian Opposition Bloc who persistently represent Russian interests in Ukraine. However, the details of how this happens are not clear. On a more local level, Russia set up “permanent lobby groups” in local Ukrainian councils who were regularly tasked with generating small decisions to support Russia’s federalization scenario – for Russian money. In Odesa, on the other hand, Russia funded a permanent activist lobby group that regularly voiced Russian narratives from an ostensibly authentic leftwing perspective.
6. Media manipulations. Apart from influencing politicians, Russia aimed to shape the perceptions of the general population through the media discourse. After Ukraine blocked Russian TV stations on its territory, this was harder for Russia to do, but nevertheless, it found ways.
- Bribing journalists to cover Kremlin-sponsored events (called dzhynsa);
- Creating a network of influencers all disseminating the same messages;
- Attempting to take over a Ukrainian media holding (the outcome is unknown, but it disseminates pro-Russian messages to this day);
- Considering establishing new outlets which would disseminate tailored messages to different audiences: a site for Ukrainian patriots telling them to abandon Donbas, an anti-war site to demoralize the nation overall, a site for promoting separatism in the southeastern regions and others (unknown whether this succeeded, but Ukraine does have a number of shady websites disseminating pro-Kremlin messaging);
- Vbrosy: injections of distracting information aiming to sow panic and confuse. Some of these were disseminated in social media with the help of specialized software.
These techniques, however, would be useless if Russia did not find the right narratives – and it did so by studying Ukrainians to know how to best manipulate them. Mostly, they had two goals (these are classical goals of war propaganda):
- Demoralizing Ukrainians. Decreasing their will to fight. Not only against the war in Donbas by capitalizing on the very sensitive topic of war losses, but for their European future through the concept of “Eurorealism” – that nobody in the EU is waiting for Ukraine, and that the EU will make it all worse for Ukraine. When president Zelenskyy was elected, the number one expectation for him was to end the war quickly – and this is forcing Zelenskyy into a trap because it’s impossible to quickly end this war without capitulating to Russia.
- Creating divides between the general population and their leadership. Particularly, these focused on mocking and denigrating the post-Euromaidan government. The economic downfall from the war, inflation, higher tariffs made this easy. It’s hard to say how much Russia contributed to this, but Poroshenko’s government was extremely unpopular at the end of his term.
7. Exacerbating existing conflicts and creating new ones. Sowing chaos and encouraging protests.
Are these all the secrets of the Surkov Leaks? No, because there were many files with a password. The password to one of these files was hacked by the Cyberalliance. It contained a file called “Troy” which depicted a plan to take over Zaporizhzhia Oblast. But there are at least ten others which the activists were not able to hack. If you are able to help us with cracking the passwords, please send us an email.
So, looking from the systems point of view, how are Surkov and Russia trying to hack the system that is Ukraine, and how can we respond?
1. Extensive studying to reveal existing weaknesses
1. Have fewer weaknesses, build a resilient society. Study Russia in our turn. Know its goals and its weaknesses. Build resilience – first of all, cyber resilience!
2. Building loyalty to itself through the ideology of the “Russian world,” decreasing loyalty to Ukraine through historical and cultural myths, demonizing its leadership
2. Build loyalty to Ukraine, increase democracy and trust in governance
3. Using collapsed state authority for its own purposes
3. Strong state vertical of power
4. Using the weak state of the army for physical attacks
4. Be prepared, build up the army
5. Abusing civil liberties and freedom of speech for hybrid campaigns aiming to advance Russian agenda
5. Adopt targeted legislature which would respond to concrete threats, such as punishment for collaborators
6. Building “Virtual reality” to influence populations in target countries
6. Promote a more convincing picture of reality; quick response of state officials to disinformation
7. Spreading a “fog of war”
7. Raise awareness about Russian actions