Another Brick In The Great Kremlin Firewall: Mass Internet Outages Part Of ‘Sovereign Internet’
By Mike Eckel, alumnus of The Fletcher School and Senior News Correspondent
How bad was the outage that cascaded across Russia’s Internet on the evening of January 30?
At one point, Yandex, the country’s largest search engine — known as the country’s own Google, for its dominance within Russia — was down along with dozens if not scores of the country’s biggest and best-known Internet companies. Even popular website www.сбой.рф, which is dedicated to tracking Internet outages, also went down.
For roughly two hours, Russia experienced an outage that activists and experts said was among the most widespread and far-reaching disruptions the country’s once-freewheeling Internet has ever experienced.
Not since 2018, when regulators tried to cut off access to the widely used messaging platform Telegram and ended up blocking millions of web addresses, or 2021, when “equipment failure” at the state telecom provider sparked wide outages including of the Kremlin website, has Russia’s Internet experienced a disruption as sweeping as this.
“There has been a momentary bump in Russia’s shift toward a more isolated network environment,” said Isik Mater, director of research, at NetBlocks, a private, U.K.-based watchdog that monitors Internet governance around the world.
For years, Russian regulators have gradually built up the legal and technical infrastructure with the ultimate aim of being able to monitor and control the Russian Internet, commonly known as the RuNet.
Some of the efforts have been geared toward reining in the country’s biggest web companies. A marquee company whose shares traded on the NASDAQ stock exchange, Yandex has been hobbled by government interference over how it guides Russians searching for news or information about the Ukraine war. The company is on the verge of a major reorganization that essentially will split it up.
Other major web companies like VK, Russia’s equivalent to Facebook, have been folded into companies controlled by Kremlin-allied oligarchs or state-owned companies. Authorities appear to be moving to create a “super app” that would nudge Russians into using a single application for a range of online activities such as chatting, paying taxes, searching for romantic partners, and paying traffic fines.
On the hardware side, authorities, led by the state Internet regulator Roskomnadzor, have worked since the 1990s to build and refine a network of devices, servers, and Internet traffic monitors, something known as the System for Operative Search Activities.
Known by the Russian acronym SORM, the system involves mandatory installation of special devices by all Internet service providers, enabling the country’s primary domestic intelligence agency, the Federal Security Service, to vacuum up and monitor anything floating around the RuNet.
In the mid-2010s, the Kremlin-controlled parliament passed a series of lawsrequiring major Internet companies like Google, Facebook, and Apple to house their servers on Russian territory, making it easier for authorities to control or monitor traffic. Many of the companies ended up pulling out of Russia.
The system was expanded and advanced over subsequent years, making it easier for the state to thwart various privacy security or encryption measures. Developments also included things like “deep packet inspection,” which allows for monitoring technical data and network information.
It hasn’t always worked very well.
In 2018, Roskomnadzor targeted Telegram, the messaging app that is widely used in Russia and the region. The popularity of the app and its reputation for strong encryption has made it a target of the intelligence agencies, who want to be able to monitor communications and identify users.
But the effort ended up also blocking millions of web addresses — which are technically known as Internet Protocol — housed on cloud computing services provided by Amazon and Google. It disrupted myriad online business and services.
In 2019, lawmakers passed more amendments that, among other things, broadened Roskomnadzor’s ability to blacklist and block websites and go after tools — called virtual private networks, or VPNs — that help people get around blockages and shield a user’s identity and location. The effort was dubbed the “sovereign Internet” law.
It also broadened Roskomnadzor’s ability to slow down, or “throttle,” data flowing to and from websites or apps, making them nearly impossible to access. And it set up a specialized entity within Roskomnadzor charged with searching for online threats.
In March 2021, regulators throttled social media giant Twitter, now known as X, after the company refused to take down posts Roskomnadzor deemed in violation of regulations. It was the “first ever use of large-scale targeted throttling for censorship purposes,” according to a paper by U.S. and Russian academics.
The effort backfired, however, when Internet users across Russia complained that a large number of sites, including the Kremlin’s main website and other government pages, had stopped working. The Communications Ministry blamed “equipment failure.”
‘Who Deleted The RuNet’s Address Book?’
The 2019 sovereign Internet law also provided for the establishment of a Russian domain name system, known by its acronym DNS.
Widely known as the “phonebook” or “address book” of the Internet, the DNS operates when a person who types a web address into a browser to load a web page. The browser then translates the letters in that address into an alphanumeric Internet Protocol number that connects to the server or the computers that quickly work to load the page.
Since the early years of the Internet, the DNS has been overseen by a nongovernmental organization based in the U.S. state of California called the Internet Corporation for Assigned Names and Numbers, or ICANN.
That has long grated on the Russian authorities. Some, including President Vladimir Putin, have embraced conspiracy theories that the Internet is a project controlled by the Central Intelligence Agency.
For that reason, Russian regulators have sought to build their own national domain name system, which could be more easily monitored and controlled by the government.
(This post is republished from RFERL.)