Strategic Use of 'Okhotnik
Russia's Approach in Cyber Surveillance, Dissident Targeting, and Disinformation Campaigns"
Abstract
This article examines the strategic applications of the "Okhotnik" software, developed by Russian IT company T. Hunter, particularly in the context of the Russian government's intelligence and surveillance activities. Focusing on its use in monitoring internal unrest, targeting dissidents, and propagating disinformation about the West and Ukraine, the study reveals how Okhotnik's capabilities in real-time data collection, facial recognition, and data analysis from various sources including social media and dark net platforms, enable a comprehensive approach to cyber surveillance. The article discusses the implications of such technologies in authoritarian regimes, highlighting the ethical and political concerns surrounding state-sponsored surveillance and information manipulation.
Keywords
Okhotnik software, T. Hunter, Russian government, surveillance, cyber operations, internal unrest, dissidents, disinformation campaigns, West, Ukraine, facial recognition, data analysis, social media monitoring, dark net, cyber surveillance, intelligence gathering, state-sponsored surveillance, information manipulation, national security, civil liberties, privacy rights, technology ethics, policy frameworks, surveillance technologies.
Introduction
This article delves into the operational dynamics and strategic implications of the "Okhotnik" software, a sophisticated tool developed by the Russian IT company T. Hunter. Primarily designed for open-source data investigations, Okhotnik has found extensive use in the realms of cyber surveillance, dissident targeting, and disinformation campaigns orchestrated by the Russian government. The article explores how this tool integrates advanced functionalities like real-time data analysis, facial recognition, and extensive data mining capabilities to support the Russian state's intelligence and internal security objectives. It scrutinizes the tool's role in monitoring dissent, shaping public narratives, and influencing perceptions about the West and Ukraine, raising critical questions about the intersection of technology, state power, and civil liberties in the digital age.
France's cyber defense unit, Viginum, uncovered a disinformation campaign from Azerbaijan. This campaign aimed to discredit Paris' capability to host the 2024 Olympic Games. Linked to the Azerbaijani presidential party, it featured widely viewed photos and a video depicting clashes between French police and protesters, circulating under the hashtag #boycottparis2024 after the June riots in Paris.
Viginum's inquiry indicated that a foreign actor with ties to Azerbaijan engaged in deceptive practices to tarnish France's reputation as the host of the 2024 Olympic and Paralympic Games. However, Viginum has not established a direct connection between this campaign and Azerbaijani authorities. The Azerbaijani government and presidential party did not provide immediate comments.
This disinformation drive aligns with the deteriorating relations between Paris and Baku, which have been exacerbated since Baku assumed control over the Nagorno-Karabakh region. France has openly criticized Azerbaijan for obstructing the Lachin Corridor, the principal route connecting Armenia to Nagorno-Karabakh. Paris has requested clarifications from Baku regarding this disinformation campaign.
So far, significant disinformation campaigns targeting the Paris 2024 Olympics include the Azerbaijani-linked campaign, which aimed to challenge Paris' hosting abilities through critical content on social media, and the Kremlin-linked campaign. The latter, orchestrated by the Doppelgänger bot network known for Kremlin propaganda, involved spreading anti-Semitic content and videos. These videos, purportedly from the Grey Wolves, threatened attacks on Jews at the Olympics, echoing the 1972 Munich Olympics tragedy. This campaign involved bots disseminating unsettling content on social media to instill fear and spread misinformation.
These campaigns employ diverse tactics, including disseminating false stories and exploiting social media to reach extensive audiences. Their apparent goal is to foster uncertainty, fear, and confusion about the upcoming Olympic Games in Paris. The dynamic landscape of digital disinformation suggests that new campaigns might emerge as the event draws near.
The Doppelgänger network's campaign involved state or Russian state-affiliated structures, including circulating counterfeit statements from the French Foreign Ministry and imitating websites of various European government organizations and NATO.
Structura National Technologies and Social Design Agency are under European sanctions and identified as the campaign's perpetrators, and they have played significant roles in Russia's digital disinformation efforts. Structura National Technologies, closely linked to Russian political power, has been instrumental in the "RRN" (Recent Reliable News) campaign since 2022. This initiative seeks to manipulate information and share disinformation supporting Russia's aggression against Ukraine. It has created fake websites impersonating government organizations and legitimate media in key European countries like Germany, France, Italy, Ukraine, and the United Kingdom, amplifying the pro-Russian "RRN" campaign on social media.
Social Design Agency, mirroring Structura's profile, has been pivotal in creating these fake websites and boosting the "RRN" campaign on social media, actions that materially support efforts undermining Ukraine's territorial integrity, sovereignty, and independence.
The disinformation activities of these entities encompass various fake publications and operations, such as:
"Ukraine Inc.": A cartoon series negatively portraying Ukraine and President Zelenskyy, part of a broader campaign to shift public opinion against Ukraine, especially in Germany.
Cloned Government Websites and Fake Documents: Imitating legitimate websites like the German Federal Ministry of the Interior and Community to spread misinformation about non-existent government programs and creating counterfeit government documents regarding immigration laws.
Spoofed Ministry Websites and Fabricated Media Reports: Cloning the French Ministry of Foreign Affairs' website to disseminate a bogus document about a tax for Ukraine and sharing links to fabricated media reports in France to discredit Western support for Ukraine.
Use of Redirects and Fake News Articles: Employing posts with seemingly harmless links that lead to forged media websites or pro-Russian content, skirting Facebook's URL blocks by using new links that redirect to the old sites. These spoofed major media outlets, like Germany's Süddeutsche Zeitung and the British Guardian, propagated pro-Russian narratives.
Promotion of Propaganda Outlets: Boosting websites like RRN and Tribunal Ukraine, notorious for publishing false information, as part of the campaign. The French government specifically identified RRN as a component of the disinformation efforts.
This approach underscores the sophistication and breadth of Russia's digital disinformation campaigns, leveraging various tactics and targeting numerous countries to propagate their narratives and influence global opinion.
The fake websites created by Structura National Technologies and Social Design Agency masqueraded as government organizations and legitimate media, mainly in Europe. Designed to mimic credible entities from countries like Germany, France, Italy, Ukraine, and the United Kingdom, these websites aimed to disseminate disinformation and reinforce the pro-Russian "RRN" campaign on social media. As part of a broader coordinated inauthentic behavior enforcement targeting Ukraine and other European nations, these spoofed websites played a vital role in the disinformation efforts, misleading audiences by presenting false information.
Sergey Chemezov, CEO of Rostec and a close associate of Vladimir Putin, leads the conglomerate. Within Rostec, Vasily Brovko, director for special projects, has played a significant role in disinformation efforts. Brovko's career within Rostec has included overseeing the PR and IT departments, indicating a coordinated approach at an organizational level in Rostec's disinformation campaigns.
Okhotnik – Targeting Russian Citizens, Dissidents, and Beyond
T. Hunter, known for its penetration testing of corporate networks and systems, developed the Okhotnik app, an analytical platform for open-source cybercrime data. This app, capable of de-anonymizing Telegram channel accounts, was acquired by Rostec. Rostec and its partners planned to offer this software to law enforcement agencies, including branches of the Interior Ministry and FSB's operative and technical subdivisions.
The Okhotnik software complex, designed for investigations based on open-source data, searches and analyzes information across social networks, messengers, the Tor network, and other open sources. It serves various sectors, including police, intelligence, cybersecurity, finance, insurance, and consulting. The software collects data in real-time, visualizes it in a single workspace, and uses algorithms for automatic object detection. It integrates third-party software and databases and searches based on various data types, including names, aliases, email addresses, phone numbers, IP addresses, phrases, and locations. Okhotnik collects data from over 300 sources, including closed criminal forums, Tor, social media, and marketplaces, and is designed for high-speed data collection, secrecy, and clear visualization of search results.
The Okhotnik app, developed by T. Hunter, was mentioned in the context of Rostec's activities and its use in cyber operations. However, specific details about the app's functionality, its role in disinformation efforts, or its operational use within Rostec's framework are not readily available in the public domain. The lack of detailed information is due to the secretive nature of such tools and their use in intelligence and cyber operations.
The software is registered under Russian law and is included in the Unified Register of Russian Programs for Electronic Computers and Databases. Known aspects of the Okhotnik app include:
• Application in Various Sectors: The app is used in top fields like police and intelligence, cybersecurity, finance and insurance, consulting, and reliability checking.
• Data Mining Development: It has undergone five years of development in data mining tools.
• Search Methods: Okhotnik uses over 700 search methods.
• Primary Use Cases: It serves financial, insurance, credit organizations, law enforcement and security agencies, commercial company security services, cybersecurity companies, consulting, and reliability checking firms, as well as government agencies.
• Features: It includes capabilities like analyzing connections (including hidden and deleted data), company and employee relationship analysis, Dark Net searches, face recognition, geolocation, corporate leak detection and investigation, and messenger analysis.
• Operational Efficiency: The software collects data in real-time, visualizes it in a single workspace, and uses algorithms for automatic object detection. It integrates with third-party software and databases, with searches conducted across social networks and based on various data types like names, aliases, email addresses, phone numbers, IP addresses, phrases, and locations.
• Data Coverage: As previously stated, Okhotnik gathers data from over 300 sources, including searches in over 40 of the largest closed criminal forums, marketplaces, and search services.
The system is designed for high-speed data collection, reducing investigation costs by replacing up to 10 analytical department employees, ensuring secrecy for complex and prolonged investigations, and providing clear visualization of search results.
Potential Targets for Okhotnik Software
Law Enforcement and Intelligence Agencies: Okhotnik assists in criminal investigations and intelligence gathering, particularly in analyzing open-source data for security threats or illegal activities.
Financial and Insurance Organizations: These sectors use Okhotnik for risk assessment, fraud detection, and security analysis, especially given the software's ability to analyze connections and detect corporate leaks.
Cybersecurity Firms: Okhotnik's data mining and real-time analysis capabilities make it an asset for identifying cybersecurity threats and vulnerabilities.
Consulting and Reliability Checking Firms: These firms might use Okhotnik for background checks, due diligence, and reliability assessments of businesses and individuals.
Government Agencies: For government entities, Okhotnik serves in national security assessments, policy-making support, and monitoring of public sentiment or security threats.
Commercial Security Services: Companies employ Okhotnik for internal security audits, monitoring employee conduct, and safeguarding against corporate espionage.
Features and Functionalities of Okhotnik:
Data Mining Development: Its data mining tools, honed over five years, enable deep analysis of large datasets.
Wide Array of Search Methods: With over 700 search methods, Okhotnik offers versatile investigative capabilities.
Comprehensive Data Analysis: The app's ability to analyze hidden or deleted data, relationships, and Dark Net activities provides comprehensive insights.
Advanced Technological Features: Face recognition, geolocation, and object detection algorithms enhance its surveillance and investigative capabilities.
Integration and Customization: Okhotnik's design allows integration with third-party software and databases, enabling customized applications.
Operational Efficiency: Real-time data collection and visualization streamline investigative processes, making it a potent tool for rapid analysis.
Data Coverage and Operational Scope:
Okhotnik accesses information from over 300 diverse sources.
It probes into major closed criminal forums and marketplaces, expanding its surveillance reach.
The system's design for high-speed data collection and clear visualization aids in swift and informed decision-making, replacing the need for extensive manual analysis.
The "Okhotnik" software is a powerful tool in various organizations' arsenal, offering extensive data analysis and intelligence-gathering capabilities. Its diverse applications and the secrecy of its operations mark it as a significant asset in cybersecurity, intelligence, and corporate security.
The Russian government uses the "Okhotnik" software in various ways to address internal unrest, target dissidents, and disseminate disinformation:
Suppression of Internal Unrest: The Russian government uses Okhotnik to monitor social media and messenger platforms, identifying and analyzing patterns of unrest or opposition. By analyzing connections and geolocations, authorities pinpoint hotspots of dissent and plan strategic responses.
Targeting Dissidents: Okhotnik enables the identification of individuals leading or participating in opposition movements through its facial recognition and data analysis capabilities. This identification leads to surveillance or targeting of these individuals.
Disinformation about the West and Ukraine: For disinformation campaigns, Okhotnik assists in crafting narratives by analyzing Western media and public opinion. The software identifies trending topics and vulnerabilities in public sentiment for exploitation in disinformation campaigns to manipulate perceptions about the West and Ukraine.
These uses align with the software's capabilities in data collection, real-time analysis, and extensive source access, making it a potent tool for intelligence and strategic operations.
The use of surveillance tools like the Okhotnik software aligns with the broader mindset of paranoia and control that characterizes Vladimir Putin's governance and the Kremlin's approach to internal and external affairs. Such technology facilitates a deep-seated desire for control over the Russian populace, quelling dissent and maintaining political stability as defined by the state. It also reflects a paranoid stance towards perceived threats, both within and outside Russia, by closely monitoring and sometimes manipulating public narratives. This approach reinforces an autocratic governance model where control and suppression of opposition take precedence over democratic freedoms and transparency.
The use of the Okhotnik software by the Russian government, particularly for surveillance and targeting dissidents, represents a significant betrayal of the Russian people's trust and rights. It infringes on individual privacy and freedom of expression, cornerstones of a democratic society. By employing such tools for internal surveillance and the suppression of dissent, the government undermines the principles of transparency and accountability. Furthermore, the software's role in disinformation campaigns against the West and Ukraine contributes to the manipulation of public opinion, compromising the ability of Russian citizens to access truthful information and make informed decisions.
The "Okhotnik" software, as a product of T. Hunter, represents a significant advancement in the technological capabilities of state surveillance and cyber operations. This study demonstrates how the Russian government employs Okhotnik for internal surveillance, targeting dissidents, and conducting disinformation campaigns against the West and Ukraine. The implications of such technologies extend beyond mere data collection, posing profound ethical and political challenges. As governments increasingly rely on advanced technological tools for intelligence and security purposes, the balance between national security and individual privacy rights emerges as a critical concern in the digital era. This analysis underscores the urgent need for robust policy frameworks and ethical guidelines governing state use of surveillance technologies. Top of Form