Russian spies buy congressional directories to hunt down targets, report says

Jenna McLaughlin
National Security and Investigations Reporter

Each year in January, Russian intelligence operatives use a local cutout to order a number of copies of thick directories containing the names, job descriptions, email addresses and phone numbers of federal government and congressional employees.

According to Estonia’s foreign intelligence service in its new annual report, that unit is a front for Russian foreign intelligence, which use the publicly available but slightly more difficult to obtain open source data from the West “to gather intelligence on the persons and institutions.”

Aided by their geographical proximity to Russia, Estonia’s intelligence officers are regarded as some of the world’s top experts on Russian misbehavior. The new report, the fourth published openly, zeroes in on Russia’s ongoing ambitions in the realm of its military, overseas meddling and foreign relationships, including with world powers like China.

The Baltic officials’ report includes a section on how the Russian foreign intelligence agency, the FSB, targets people using human, cyber and signals intelligence. According to the assessment, the FSB’s signals intelligence unit, similar to the National Security Agency in the United States, is called the 16th Center. That unit sweeps up communications worldwide, from “radio, satellite, telephone, mobile or data link communications.”

Yahoo News photo illustration; photos: AP, Getty Images, Shutterstock

The congressional phonebooks, purchased from U.S. Leadership Connect and a local periodical provider, are an example of how Russia uses open source intelligence to amass as much information as possible on possible U.S. targets, for surveillance or potential recruitment.

“The Russians have always taken advantage of the relative openness of societies in the West,” said Robert Dannenberg, a former CIA officer who at one point served as chief of the Central Eurasian Division.

The Russians use it “mostly for targeting purposes but also to fill holes in collection,” he continued. And in the 2016 U.S. presidential elections, the open source data allowed Russians to target specific audiences for “active measures,” said Dannenberg.

The Russians’ use of the federal and congressional directories are reminiscent of the Moonlight Maze operation, according to Thomas Rid, a professor of strategic studies at the Johns Hopkins School of Advanced International Studies. Moonlight Maze was one of the earliest computer intrusions into U.S. institutions, and first reported by Newsweek in 1999. “One of the early targeting methods,” said Rid in an interview, “was to use a directory from the State Department.”

“There’s a long track record of Soviet intelligence using publicly available records, but not easily available, for espionage and active measures,” he continued. “It’s an old joke in intelligence history circles that the best reports that Soviet spies would write would copy reports from the New York Times and the Washington Post.”

According to Rid, who is currently working on a book on the history of disinformation, it’s possible that Russia is “in a better position” to integrate open source intelligence with the other data the services gather. “The U.S. is historically not very good at this,” he said. “I think it’s remarkable that they missed the 2016 leak operation.”

Tracking how the FSB obtains directories and other open source information is made even more difficult since different parts of the Russian intelligence services, like its military, often go by a string of numbers, according to the report. For example, the part of the FSB that buys the manuals is “Military Unit 71330.”

“It is impossible to identify the military or intelligence unit in any given instance without factual knowledge,” says the report.

Open source isn’t the only way Russian services are gathering data.

Similar to recent concerns over Chinese telecommunication companies like Huawei being subject to state authority, Russian service providers, including the “instant messaging application providers” that many people have migrated to for conversations, are forced to hand over the keys to decrypt communications when asked.

However, according to the Estonian intelligence service, Russia is also focused on developing capabilities to break into “the communications of both domestic and foreign service providers.”

When it comes to digital intelligence, Russian security services are continuing cyber operations aggressively, according to the Estonian report. One aspect the services are adopting even more heavily, according to the assessment, is taking advantage of the work of cyber criminals and “patriotic hackers” — though the government doesn’t have total control over these people, and supporting them has sometimes backfired, when hackers tackle Russian domestic issues. “Local cyber criminals are also causing problems for Russia itself,” according to the report — including being arrested while traveling.

These skills will likely be on display during the upcoming European parliamentary elections in May 2019, according to the Estonians, where Russia will “continue to undermine the EU’s unity by sowing disorder and disbelief,” likely focusing on the larger member nations who stand to gain the largest number of seats where far-right parties are more inclined to support the Kremlin — including in Germany, France and Italy.

“Given the rise of far-right movements in Europe,” said Rid, “There’s increased opportunities to recruit.”

_____