Extradition battles, Japan's Defense White Paper, Hybrid Russian cybercrime, Chinese text input method vulnerabilities, Putinism in a nutshell
What We’re Reading, Hearing, and Watching – August 10, 2023
Two US Setbacks in Extradition Battles With Russia
Twice in one week, the United States has experienced setbacks in its attempts to extradite criminal suspects from foreign countries. In both cases, Russian authorities had hastened to lodge competing extradition requests, likely in an attempt to prevent the suspects from facing US prosecution, where they could be induced to testify against other Russian suspects. US-Russian extradition battles have become commonplace in the past decade. In both of the recent cases, judicial authorities decided to delay final decisions on whether to send the suspects to the US or to Russia.
The Suspected Spy: Sergey Cherkasov, allegedly a Russian deep-cover spy, spent years posing as a Brazilian named Victor Muller Ferreira, deceived his professors and fellow students at the School of Advanced International Studies at Johns Hopkins University in Washington DC, and nearly won an internship at the International Criminal Court in the Hague, where he could potentially have spied on discussions of war crimes allegations against Russia. After Brazil convicted Cherkasov for fraudulently claiming Brazilian identity, Russian authorities hastily put together a criminal case against him on drug charges, the Bellingcat investigative group has reported. On July 27, Brazil’s Justice Ministry announced it would not honor an American extradition request but would keep Cherkasov in custody on Brazilian charges, pending investigation of Russia’s extradition request. As the New York Times pointed out, the final decision rests with Brazilian president Ignacio Lula da Silva. Lula likely experiences competing pressures as he seeks global influence amidst a tumultuous relationship with the United States, which a recent study by the Brookings Institution think tank has detailed. A Brazilian geopolitically focused Twitter account has been analyzing the Brazilian court records on Cherkasov’s case, which could help elucidate its dynamics.
The Hacker: On August 1, a court in Kazakhstan rejected a US extradition request and was still weighing Russia’s appeal to extradite Nikita Kislitsin, an IT expert who since 2013 has worked for Russian cybersecurity firm Group-IB. US authorities had indicted Kislitsin secretly in 2013 for allegedly helping sell data stolen from the Formspring social network in 2012; that sealed indictment became public in 2020. (On July 26 Kislitsin’s boss, Group-IB co-founder Ilya Sachkov, received a 14-year sentence from a Russian court on charges of treason. In 2023 Group-IB spun off its Russian assets into a company called FACCT).
Japan’s 2023 Defense White Paper Infuriates China
Japan’s annual Defense White Paper, released at the end of July, assessed Chinese military activities and other activities affecting the regional security environment surrounding Japan as “unprecedented and the greatest strategic challenge.” The portrayal of China in the Japanese Defense White Paper has infuriated China. The Chinese Defense spokesperson stated that the Defense White Paper “grossly interferes in China’s internal affairs and provokes regional tensions.” (hxxp://eng.chinamil.com[.]cn/CHINA_209163/TopStories_209189/16240944.html) Several major Chinese state media fought back with commentaries and editorials. People’s Daily published a lengthy commentary in Chinese language, challenging Japan to “reflect on its history of aggression.” (hxxp://paper.people.com[.]cn/rmrb/html/2023-08/02/nw.D110000renmrb_20230802_2-15.htm). Manoj Kewalramani from the Substack newsletter “Tracking People’s Daily.” offered a translation explaining the main points of the commentary.
China Daily also published an English-language editorial saying the Defense White Paper engages in “calling white black” and represents “how a thief cries ‘catch thief.” On a side note, Taiwan’s Ministry of Foreign Affairs issued a statement expressing appreciation for the statements of Japan’s Defense White Paper to underline “the importance of stability across the Taiwan Strait to Japan’s national security and the stability of the international community.”
Veteran Journalist Traces Politically Entangled Russian Cybercrime Back to its Origins
Natto Thoughts wrote previously about the Russian-speaking extortion group Cl0p that stole data from hundreds of organizations by exploiting flaws in the MOVEit file sharing tool. Now a wide-ranging article by Misha Glenny provides broad context on cyber operations in Ukraine and Russia, beginning with the CarderPlanet cybercrime group in the early 2000s (Glenny wrote the book on that group). Glenny, a British journalist and rector of the Institute for Human Sciences in Vienna, surveys the history of Russian cybercrime operations, some of which appear to show cooperation between financially motivated criminals and Russian intelligence services. Glenny’s conclusion, “In cyber space, the markers separating criminals, the state and military and corporate interests become more blurred every year," bears repeating. Accenture Cyber Threat Intelligence has referred to such overlapping efforts as “hybrid ransomware” and “hybrid DDoS” operations. Several previous Natto Thoughts posts have discussed such hybrid threats.
Glenny also takes note of the Cl0p ransomware actors’ claim that they would not expose the data of governments, municipalities or police. Natto Team has called Cl0p’s “promise” into question and also noted that ransomware groups continue to target US and global public services. The relationship between Russian crime and politics in cyberspace continues to evolve and to pose a threat to Ukraine and its allies.
If you use Sogou Input Method, Please Update the Software
Vulnerabilities discovered in the Sogou input method, the most popular method for inputting Chinese characters into a computer, could allow eavesdropping on users’ keystrokes as they are transmitted over the Internet. Currently over 455 million monthly active users across multiple platforms, including Windows, Android, and iOS, use the Sogou input method. A recent report by Toronto-based investigative group Citizen Lab disclosed the vulnerabilities in Sogou keyboard encryption after reporting them to Sogou developers. Tencent, the Chinese technology giant that owns Sogou, released fixed versions of the affected software as of July 20, 2023. Through analyzing three versions of the software, researchers from the Citizen Lab discovered the vulnerabilities in a custom-designed system named “EncryptWall” for encrypting sensitive data. In this case, software developers in China did not use well-supported encryption implementations such as the Transport Layer Security (TLS) cryptographic protocol. Furthermore, Citizen Lab warns, even after Tencent resolved these vulnerabilities now resolved, the Sogou app regularly transmits typed content to Sogou’s servers in mainland China, raising the possibility of Chinese government monitoring.
Natto Team has observed a global trend of internet fragmentation between different countries. This trend, also known as Balkanization, includes an increase in localized technology applications and standards-making. China has been advocating alternative internet protocols for a while. For example, in May 2020 Huawei, a Chinese telecommunication giant, proposed to develop a “New IP Framework,” revising the protocols for sending packets of data across the Internet. Internet Corporation for Assigned Names and Numbers (ICANN), the multi-stakeholder group that coordinates and maintains the global Internet, has warned that Huawei’s proposed system “could make pervasive monitoring much easier”. The Jamestown Foundation, a Washington DC-based think tank, has analyzed Huawei’s “New IP” proposals against the background of “Chinese government promotion of state-centric approaches to internet governance”. Also, as Natto Thoughts previously discussed, Russia has also suggested alternative internet structures, such as an alternative domain name system (DNS). The impact of internet Balkanization will likely drive up business operation costs and introduce new attack surfaces.
Putinism in a Nutshell
Why do Russians acquiesce in Putin’s war on Ukraine? Natto Thoughts has discussed why Russians at least nominally support the war, particularly the importance of Putin’s appeal to Soviet victories against Nazi Germany in World War II. A new report provides a vivid, coherent and in-depth picture of Putin’s Russia in 2023. New York Times reporter Roger Cohen spent a month traveling and talking with Russians, from Buryatia in the east, whose sons have disproportionately fought and died in the war effort, to Moscow in the west. He writes, “Putinism is a postmodern compilation of contradictions. It combines mawkish Soviet nostalgia with Mafia capitalism, devotion to the Orthodox Church with the spread of broken families, ferocious attacks on a “unipolar” American world with revived Russian imperialist aggression — all held together by the ruthless suppression of dissident voices and recourse to violence when necessary.” And raising the chilling prospect that Russia may even call off the formalistic presidential elections scheduled for March 2024, Cohen cites presidential spokesman Dmitri Preskov as saying, “Our presidential election is not really democracy, it is costly bureaucracy….Mr. Putin will be re-elected next year with more than 90 percent of the vote.”