Leaks Expose Chinese, Russian and German Security Fears
Not just i-SOON: leaks reveal China’s "Delete America" policy, Russian nuclear tripwires and fears of China, German plans for missiles to Ukraine, and Kremlin efforts to ensure Putin’s reelection.
Document 79 “Delete America”: a Leak but not a Surprise
On March 7, the Wall Street Journal (WSJ) reported on a leaked Chinese policy directive called “Document 79,” issued in September 2022, that ordered state-owned enterprises (SOEs) in finance, energy and other sectors to “replace foreign software in their IT systems by 2027, and to report their progress every quarter.” The WSJ report pointed out Document 79 was particularly significant in that it targeted enterprise software, “the last bastions of profitability for American tech companies in China.” China had already decoupled itself from foreign sources in areas such as hardware and the “internet space,” the WSJ reported, with the latter apparently referring to China’s Great Wall that bars access to some Western websites and social media platforms.
Were we surprised to learn that China was removing US or other foreign-origin enterprise software from systems of the Chinese government and its SOEs? Probably not.
China has been working on software localization (软件国产化) since at least 2013. Following the 2013 leaks of classified US documents by former National Security Agency contractor Edward Snowden, also known as the Prism Gate scandal because it included documents on PRISM, an NSA program to collect user data from platforms such as Microsoft, Google, Apple, Yahoo, Facebook and YouTube. Chinese information technology industry experts suggested critical government organizations should not use foreign software because “foreign software has security issues, such as software ‘backdoors’.” They urged the industry to promote China’s own software development capability instead. “Because of too much use of foreign software, (we) lack domestic capability in software [development],” an executive vice president of a local software industry association said in August 2013. Around the same time, China’s State Council issued a notice requesting government agencies to use legitimate software and prohibit the use of unauthorized and non-registered software. An academician of the Chinese Academy of Engineering and researcher of the Institute of Computing Technology of the Chinese Academy of Sciences pointed out that domestic software should play a greater role in ensuring information security and proposed that government agencies’ performance standards include “the number of legitimate domestic software [products] procured”.
Responding to the Chinese government policy, Alibaba, one of China’s tech giants, led a “removing IOE” movement in 2013. IOE referred to IBM’s server services, Oracle’s database software, and EMC’s data storage services. Alibaba made substantial progress in removing foreign IOE in building its cloud services. Although Chinese tech experts claimed the reason for removing “IOE” was because the products and services of the IOE companies limited the scalability of the Chinese internet company, many Chinese tech companies saw this as a signal to minimize foreign software products and technology in their systems.
In 2014, when the Chinese government procurement center announced its antivirus software product purchasing list, for the first time it included no foreign security companies’ software products, such as Kaspersky and Symantec. Instead, five domestic products were chosen, including products from Qihoo360 and Kingsoft. The government’s move had boosted the confidence of the domestic software and information security vendors as well as that of domestic investors.
Despite the Chinese government’s continuous effort at developing “autonomous, independent and controllable” technology, the speed of domestic software development has not been impressive (hxxp://www.xinhuanet.com/politics/2021-02/18/c_1127109407[.]htm). In 2023, China released its first open source desktop operating system “Open Kylin1.0” and the government affiliated media claimed it as a milestone. However, domestic IT experts quietly admitted Open Kylin1.0 was “usable but not good at all.”
Lastly, an interesting finding is that the timing of the original, classified release of the Document 79 in September 2022 seems to have followed Russian President Vladimir Putin’s signature of a decree in March 2022 banning Russian state agencies from using foreign software in critical information infrastructure by 2025. Chinese official media widely reported the news of Putin’s ban on foreign software. Putin’s move followed Russia’s February 24, 2022 invasion of Ukraine and Western moves to isolate Russia from major technology and communications services. A communique that Russia’s Digital Ministry purportedly sent to software developers and government entities within Russia, which Internet-freedom advocates leaked on February 26 2022, cited the risk of internet cutoffs and of poisoned software updates or code libraries. This appears to reflect a fear that the broad sanctions Western countries adopted on 26 February could include disconnection from GitHub and other repositories.
Russian Military Files Leak: Nuclear Threshold
On February 28 the Financial Times (FT) reported that “western sources” had shown it a cache of Russian military files that spanned the years 2008- 2014 and contained presentations and war-gaming exercises related to Russia’s potential use of nuclear weapons. The materials include scenarios simulating a hypothetical invasion by China, including an invasion of Siberia via Kazakhstan. These exercises suggest Russia’s long-term wariness about China’s intentions.
Most unsettling, the China exercise showed Russian military leaders thinking concretely about the potential use of tactical nuclear weapons in the battlefield. Whereas the Russian nuclear doctrine broadly authorizes the use of nuclear weapons to counter threats to Russia’s existence, sovereignty or independence, the February 28 leak contains a naval training presentation outlining specific hypothetical triggers for nuclear weapons use. These include “the destruction of 20 per cent of Russia’s strategic ballistic missile submarines, 30 per cent of its nuclear-powered attack submarines, three or more cruisers, three airfields, or a simultaneous hit on main and reserve coastal command centres.” More broadly, the materials envision Russia using tactical nuclear weapons as part of an “escalate to de-escalate” approach to “end the conflict on its own terms by shocking the country’s adversary…”
It is small comfort to hear an assessment by William Alberque of the International Institute for Strategic Studies of where Russia might seriously consider a nuclear strike: according to the FT, “Russian leaders believe that, whereas a nuclear strike against China or the US could be ‘soberising’, a nuclear strike on Ukraine would be likely to escalate the conflict and lead to direct intervention by the US or UK, Alberque said. ‘That is absolutely the last thing Putin wants’.” Alberque’s assessment that Russia would seriously consider using nuclear weapons against China or the US, but not against Ukraine, contrasts with US intelligence from 2022, as described below.
The Financial Times report on the leaked materials appeared two days after French President Emmanuel Macron had made a controversial comment saying Europe should not rule out sending military personnel for active defense of Ukraine. On February 29, Russian President Vladimir Putin warned Western countries that they would face “tragic” consequences if they sent troops to “the territory of our country.” Putin added that the suggestion of doing so “raises the real threat of a nuclear conflict that will mean the destruction of our civilization.” It should be noted that Russia officially considers four Russian-occupied Ukrainian provinces as part of the Russian homeland. Theoretically, Putin was warning that Russia could resort to nuclear weapons even if Ukraine’s foreign allies deployed military advisors to Russian-occupied parts of Ukraine, or if Ukraine targeted those territories with weapons that NATO allies had provided. This type of saber-rattling is not new, but Putin may have intended it to project an image of Russian military strength on the eve of the March 17 rubber-stamp presidential election.
Putin’s saber-rattling led to real alarm at one point in October and November 2022. The intensity of crisis, reminiscent of the Cuban Missile Crisis exactly 60 years earlier, emerged from a March 9 2024 New York Times investigative report. On October 6, 2022, as a Ukrainian counter-offensive forced Russia to retreat from great swathes of Ukrainian territory Russia had occupied, US President Joe Biden told a group of US Democratic donors that US intelligence intercepts had detected “frequent conversations within the Russian military about reaching into the nuclear arsenal.” Indeed, “one of the most senior Russian military commanders was explicitly discussing the logistics of detonating a weapon on the battlefield.” The CIA warned that, if Ukraine moved to retake Crimea, “the likelihood of nuclear use might rise to 50 percent or even higher,” the New York Times said. US President Biden’s administration took the situation deadly seriously. The Pentagon held wargames to envision various scenarios and responses; in one such scenario, the hypothetical detonation of a tactical nuclear weapon succeeded in the hypothetical aim: shattering NATO unity. Top US officials also urged their counterparts in China, India, and Turkey to warn Putin that a nuclear attack would lead to grave consequences. The Group of 20, an intergovernmental forum of 19 countries plus the European Union and African Union, issued a joint declaration on November 16, 2022. “If the Russian leader was indeed inching toward the brink, he stepped back.” The FT reported, citing “people close to the Kremlin,” that Putin “had projected scenarios resulting from the use of tactical nuclear weapons and independently decided they would not give Russia an advantage.” In an interview released March 13, when asked “whether he had considered using ‘tactical’ nuclear weapons at that point, Mr. Putin said that ‘there was never such a need’,” the New York Times noted.
Although the 2022 crisis passed, the New York Times authors warn that in 2024, hot-spots throughout the world – not just Ukraine but also Taiwan, the Korean Peninsula, and the Middle East – could potentially turn nuclear, especially as the arms control agreements laboriously negotiated in earlier decades have mostly fallen by the wayside.
The March 9 New York Times report on the 2022 crisis – based on interviews with government and military officials, who likely received permission to speak with reporters – comes on the heels of the February 28 Financial Times publication about Russia’s early discussions of using nuclear weapons in the battlefield. The two reports complement each other. It is unclear which “western sources” provided the documents to the Financial Times, but one possible explanation is that it is part of a “strategic declassification” policy by the US or another NATO country government.
Russian Presidential Administration Leak: Efforts to Guarantee Putin’s Election Victory
Another set of documents, obtained by Estonian news source Delfi, details plans by Russia’s Presidential Administration to “pre-rig” the March 17 presidential election to ensure that Putin wins without having to result to blatant falsification. News source Vsquare, part of a group of international journalists who are jointly investigating the leak, writes,
The leaked documents paint a detailed picture of how the Kremlin puts on a multi-billion-ruble show of civic movements in front of the public, creates government-controlled “opinion leaders”, builds a propaganda network that tries to influence every Russian, and essentially spies on its own citizens online using sophisticated IT systems. In the leaked Kremlin documents, these activities are literally and unashamedly called an ‘information war’, even though it is being waged against their own society.
Indeed, the documents show that “Russia is becoming a totalitarian society. It is no longer an authoritarian, fake democracy,” in the words of Martin Kragh, deputy director of the Center for East European Studies in Stockholm. He added, “The difference between an authoritarian and a totalitarian system is that totalitarianism demands public loyalty from you [i.e. ordinary citizens]. It is no longer enough for you to simply be silent and not resist. [Now] it is also necessary to actually participate in political organizations.”
As Mark Galeotti, an expert on Russia’s security services, commented, these “Kremlin Leaks” serve as “a reminder of the power and scope of the Presidential Administration” and particularly the central role of First Deputy Chief of Staff Sergei Kiriyenko, whom Galeotti calls “in effect wartime propagandist in chief and viceroy of the Occupied Territories.” An example of the efforts Kiriyenko oversees is an NGO called ANO Dialog, which receives tens of millions of dollars to recruit and oversee content creators in Russian-occupied Ukraine (The Natto Team mentioned ANO Dialog in a report on the network of pro-Kremlin hacktivist persona Solntsepek). For more on Russian information warfare efforts, see the Natto Team’s three part Disinformation Handbook and Natto Thoughts’ commentary on a recent report on Russian information warfare strategy.
In a followup report, Vsquare said the Russian Red Cross (RRC) “entered an official partnership with an organization that is under Western sanctions for “re-educating” children that Russia has deported from occupied Ukraine. The RRC also routinely engages with Russia’s patriotic military camps, which teach children as young as 8 how to fire Kalashnikov automatic rifles and participate in close-combat.”
German Military Leak: Missiles for Ukraine
On March 1, top Russian propagandist Margarita Simonyan posted on Telegram a recording of a phone call among top German military officials, discussing whether to supply long-range Taurus missiles to Ukraine. Putin spokesman Dmity Peskov said the leak ‘“confirms once again that the countries of the collective west are being drawn into the conflict around Ukraine,” according to the FT. German Defense Minister Boris Pistorius called the leak “a hybrid attack aimed at disinformation. It’s about division, it’s about undermining our unity.” “It’s as if Putin dropped a cluster bomb over Berlin,” wrote the Frankfurter Allgemeine Zeitung.
The incident calls into question the security of the country’s military communications – though German officials blame a single participant who used an unencrypted line to call in to the WebEx meeting from a Singapore hotel . It came shortly before the March 11 publication of a 175-page report by a military oversight commission. That report described the results of years of underinvestment in the Bundeswehr, including “radios that cannot communicate with allies; paper-only medical records that need to be mailed; military documents sent by fax, rather than secure email….’mouldering’ and ‘dilapidated’ barracks,” and personnel shortfalls, according to the Financial Times. The March 1 leak highlights and likely will exacerbate disagreements within the German government about aid to Ukraine. The leakers, by portraying a German threat to Russia, also may have intended to encourage Russian citizens to rally around the flag in the leadup to the March 17 presidential election.