Ukraine at D+615: Russian payment system hacked.
N2K logoNov 1, 2023

Russia detains soldiers accused of atrocity in occupied Ukraine as it tunes its influence campaign. Ukrainian hacktivist auxiliaries deface the website of Russia's payment processing system Mir.

Ukraine at D+615: Russian payment system hacked.

There's been little change on the ground overnight. Ukrainian forces continue their incremental advance in the direction of the Sea of Azov, and Russian forces continue to batter Ardviivka. Ukrainian President Zelenskyy cautioned the world against expecting success too soon, The BBC reports that Ukraine has begun another round of evacuations, removing children from thirty-one towns and villages near the front.

New one-way attack drones fielded.

From the UK's Ministry of Defence this morning: "Russia’s Lancet small one-way-attack uncrewed aerial systems (OWA UAVs) have highly likely been one of the most effective new capabilities that Russia has fielded in Ukraine over the last 12 months. It is designed to be piloted over enemy territory, waiting until a target is identified, before diving towards it and detonating. Lancets are manufactured by the ZALA Aero Group. ZALA also make the small, unarmed Orlan 10 UAV which Russia often deploys alongside Lancet to spot targets. Ukraine has also experienced success with small OWA UAVs. Russia deploys Lancets to attack priority targets and they have become increasingly prominent in the key counter-battery fight, striking enemy artillery. Traditionally, Russia has used small UAVs mainly for reconnaissance. With its attack capability, Lancet has been a step change in how Russia uses this category of weapons.

Russia seeks to deal with internal disquiet at home and atrocity abroad.

"Chechen Republic Head Ramzan Kadyrov's response to the October 29 antisemitic riots in the Republic of Dagestan suggests that Russian officials may be increasingly concerned about the weakening of authoritarian control in regions on the periphery of the Russian Federation," in the Institute for the Study of War's assessment. The ISW thinks Mr. Kadyrov is driven by two motives: demonstrated loyalty to Mr. Putin and the desire to be feared at home as a hard-handed leader. "Kadyrov responded to the riots in Dagestan by praising Russian President Vladimir Putin's accusation that the West orchestrated the situation to destabilize Russia. Kadyrov later called on Chechen security forces to immediately detain instigators of any potential riots in Chechnya or to 'fire three warning shots in the air and after that, fire the fourth shot in the head.' Kadyrov's reactions to the riots in Dagestan suggest that he is first and foremost concerned with maintaining the perception of his unwavering support of Putin and secondly with demonstrating the strength of his authoritarian rule over Chechnya by threatening a violent response to potential future riots."

Elsewhere, in a surprising move given Moscow's earlier dismissal of an atrocity reported in Donetsk as either a Ukrainian or an Anglo-Saxon provocation (and it can be hard to tell the two apart), Russian authorities have, the ISW writes, "detained two suspects for the murder of a Ukrainian family in occupied Donetsk Oblast." The two suspects are said to be "contract servicemen" assigned to the Russian Pacific Fleet's 155th Separate Naval Brigade. Using sailors as infantry is an old Russian tradition extending through Soviet times to the Tsarist era. Russian naval infantry has historically had a reputation as an elite, but it's an elite whose reputation is founded on its readiness for brutality, especially against civilians, as opposed to high professional standards or exceptional training. "The Investigative Committee stated that the preliminary investigation indicates that the motive of the murders was of a 'domestic' nature." The ISW adds an obvious and understated legal opinion: "Attacks on civilians hors de combat (in rear areas far removed from active combat zones) by representatives of an occupying power constitute a clear violation of multiple international legal norms and very likely rise to the level of a war crime or crime against humanity." The arrests are striking exceptions to the customary Russian policy of at the very least ignoring if not actively encouraging atrocities. They may indicate that hard war and brutality toward the conquered are not testing well in whatever focus groups the Kremlin's marketers are using.

That the Kremlin seeks to trim and tune its talking points on the basis of how they're being received seems confirmed, the Financial Times reports, by the way President Putin has toned down the nuclear saber-rattling that marked official rhetoric into the early months of this year.

Two Russians arrested on treason charges, accused of hacking for Ukraine.

Not surprising has been the arrest of two men on charges of treason. They're accused of participating in cyberattacks against Russian targets Both men were computer scientists, and both were arrested in Siberia (they're from Tomsk and Kuzbass). The FSB, which has them in custody, hasn't said whether the two men's activities were related. Both are charged under Article 275 of the Criminal Code of the Russian Federation (that is, with "high treason in the form of providing assistance to a foreign state or foreign organization") and face sentences upon conviction of twenty years to life. Kommersant reports that the FSB says both men were working under the direction of Ukrainian intelligence services.

Recruiting Central Asian migrants may be growing more difficult.

The ISW also reports that "A court in Uzbekistan has reportedly sentenced the first Uzbek citizen to prison for serving as a mercenary for Russian forces in Ukraine. A court in Uzbekistan found an Uzbek man, who reportedly served in the Donetsk People’s Republic (DNR) military from 2014-2015, guilty of violating the Uzbek law against mercenarism." That violation is alleged to have occurred before Russia undertook its present war in February of 2022. "Relatives of the convicted man claimed that he did not participate in the war in Ukraine and was in Russia during the indicated years. This sentencing may heighten tensions between the governments of Russia and Central Asian countries as Russian authorities have increased efforts to coerce Central Asian migrants into Russian military service."

Ukrainian hacktivist auxiliaries deface Russian payments website.

The Record reports that Ukrainian hacktivist auxiliaries associated with DumpForums and the Ukrainian Cyber Alliance defaced the website of NSPK, the Russian-government-operated paycard system. They also claim to have taken some 30 Gigabytes of data from the system, and have posted a screenshot of a folder as evidence of their success. That, of course, is far from a conclusive proof-of-hack.

NSPK confirmed to TASS that its website had been defaced, but denied that any data had been compromised. The bank said that the "Mir" payment system itself was uncompromised, All user data, says NSPK, are safe. The defaced website was run, NSPK explains, by a third-party contractor, and that therefore the attackers had no ability to pivot into sensitive data. Maybe, but third-party responsibility is no more proof-of-security than a screenshot of a folder is proof-of-hack.

Mir, whose name has the double meaning of "world" and "peace," was established to bucket along as a domestic alternative to Western payment systems like Visa and Mastercard. Since the invasion of Ukraine sanctions have left Russians on thin financial services ice, and Mir is intended to give them a reliably accessible payment method. It's not much good for foreign travel, unless you're traveling to Belarus, Cuba, or Venezuela.

The message DumpForums put on the NSPK site announces that Russia has left the ruble zone, and has adopted cowrie shells as its currency. The authors are satirists. Their defacement message, which affects to be from NSPK itself, reads in full (translation aided by Google Translate):

"We welcome you to our new website, which our partners Dump Forums kindly built for us almost free of charge: we paid with all your personal data, since this is the only and lasting value that we had left.

"Due to the fact that the insidious Western imperialists flatly refuse to provide us with plastic, and the less insidious Chinese comrades do not allow us into the yuan zone, NSPK JSC is pleased to announce that we have developed a number of innovative projects aimed at complete and final import substitution.

"The latest processing system "Beresta-Ѣ" provides reliable data protection from hacker attacks and fully complies with our crippled traditions. Our motto is “Sri like grandfathers, ..yat!”

"In connection with Russia's exit from the ruble zone, we are ready to offer you a new means of payment - cowrie shells. By selling our useless system administrators to the Republic of Guinea, we were able to ensure a sufficient reserve of the new unit of account.

"The exchange will be made at the rate of 1,000 rubles for one cowrie shell and 10,000 for one rapana. As you understand, this is a temporary measure, since the supply of rapan in the non-Black Earth region is extremely limited, and Crimea is Ukraine and we are not welcome there. In the future, we plan to replace rapans with some native Russian gastropods from the Nordenskiöld Sea."

We particularly liked the stuff about the gastropods. The Nordenskiöld Sea is the older, non-Russian name for the Laptev Sea, the most isolated and desolate arm of the Arctic Ocean. Are there gastropods up there? You've probably wondered if sea snails thrive in those waters. Apparently they do. "Arctic Ocean Gastropod Prosobranchs" by A. N. Golikov (published by Springer Verlag) mentions 225 species.