Data moves across the internet at about 124,000 miles a second, and that’s on the slow end of the spectrum. It’s fast, efficient, cheap, and the easiest way to instantly move anything from one country to another. This is also why it’s the most favorite espionage method in the world, but more on that in a bit.
At the moment, the internet is splitting into two different spheres. I wrote an article in 2018 on the major push by the Chinese government – via their Belt and Road initiative – to bring its authoritarian style internet infrastructure into dozens of countries. This new international “intranet” would act, in many ways, as a foil to the freer and more open internet that western countries enjoy. What I didn’t cover in that article is the ever-growing bifurcation the free and open internet has within itself. While there is an authoritarian slant to this new division thanks to extremism, it is created by the political divide the United States and some parts of Europe see.
Enter the attempts over the years by Russian intelligence – via their assets in agents, cutouts, friendly oligarchs, hackers, and more – to sow discord into society. Creating political divisiveness is cheaper and easier than launching an invasion, and Russia has really honed that skill. We are now finding out that Russian intelligence could have pulled off one of the greatest intelligence coups in history, and very few people are even talking about this.
Social media platform Parler is now one of the epicenters of this situation. 2020 saw an exodus of conservatives leave Facebook and Twitter and head to Parler. This, unfortunately, also included the QAnon crowd. Parler became the platform of choice for an “uncensored” social media experience and was instrumental as a tool for coordination for the January 6, 2021, Capitol riot that ended with hundreds of rioters entering the Capitol Building. Thousands of videos, pictures, and posts of this event were posted to Parler, which eventually became evidence of crimes for the FBI to investigate. Parler then had all of its user data copied out of the platform due to a severe vulnerability their programming had. Basically, anyone could have attached to Parler as an administrator and gained access to everything, including deleted posts.
Apple and Google, citing a violation of their respective Terms and Conditions, removed the Parler app from their app stores. Amazon, who was hosting Parler’s platform, then followed suit and pulled the plug for the same reason. Parler is now suing Amazon, but they essentially have no case as Amazon repeatedly warned them that if they didn’t police the extremist content their users were generating, they would be cut off. January 6 was a bridge too far for Amazon.
After about a week, Parler came back online with a basic website saying they were still alive and looking to get back up and running.
And here is where this takes quite the turn…
Being a curious cybersecurity nerd, I quickly ran what is called an Name Server Lookup and found that Parler.com now resolved to a Content Delivery Network (CDN) provider called DDoS-Guard. CDN’s are not typically hosting a website. Rather, they are simply routing a connection to the website as efficiently as possible and offering threat mitigation if the website comes under attack.
From there, I ran a quick Trace Route from my U.S. based connection to Parler. Basically, a Trace Route shows the path along the internet a connection will take to get from its original location to the intended website. An internet connection will “hop” from one provider to another to another as it routes to get to where it’s supposed to go.
Parler, historically being a U.S. based company and site, now had my connection routing from its origin in the United States through a server in Sweden. Because DDoS-Guard is a CDN, what should typically happen is that the connection is delivered as quickly as possible, on the shortest route possible, to ensure the quickest load times for the website. So unless Parler moved to Sweden, this was rather odd behavior but not necessarily indicative of malfeasance.
DDoS-Guard, though, was a different story. In researching them, it was determined that they are incorporated in Scotland under the legal entity Cognitive Cloud L.P. Scotland is considered a tax haven, has fewer disclosure requirements than most countries, and allows non-residents to incorporate easily there. Scottish shell companies have been tied to criminal activity for years.
Cognitive Cloud L.P. is a Scottish corporate structure for financial disclosures but is owned by Aleksei Likhachev and Evgeniy Marchenko, the latter of which lives and operates out of Moscow, according to a Russian site that tracks business executives.
Corporations owned by Russians aren’t necessarily signs of a Russian intelligence operation; however, DDoS-Guard has some rather strange bedfellows. DDoS-Guard has been supplying a plethora of fringe U.S. based extremist websites with its CDN service. Multiple QAnon websites have used DDoS-Guard as a CDN as well as 8chan, a former site that has seen multiple mass shooters post their manifestos before killing people. 8chan was also where “Q” of QAnon infamy posted their “drops” to their followers. 8chan was then replaced by 8kun. DDoS-Guard also provides its services to Hamas, an organization that has been designated a Foreign Terrorist Organization by the U.S. Government and others.
So, then the logical question becomes: “Why are multiple political extremist fringe sites being delivered and protected by a Russian shell company?”
I speculate that the answer is rather simple: Because Russian intelligence has a vested interest in ensuring their survival. Consider that the world has seen similar behavior from Russian intelligence in the past.
Between 2015 and 2017, during the U.S. Presidential Election, Russia’s Internet Research Agency created an army of online trolls that spent money for Facebook advertising on politically divisive ads targeting both conservatives and liberals. These specially crafted ads were designed to drive a wedge into society. Anyone can literally download and view every single ad here. This shows that Russia is savvy enough to identify pain points in society and exploit them.
So, when “Q” showed up and people started getting on board with these conspiracy theories, it was absolutely in their best interests to ensure that these websites were kept online and thriving. “Q,” however it came to life, was a natural extension of the work that the Internet Research Agency did.
There are plenty of CDN providers out there, both in the United States and other countries; however, the core extremist “Q” type sites are almost all using a single Russian provider. Reviewing other recent histories, this actually makes sense in its own way.
Consider that a 22-year-old woman and avowed QAnon follower, Riley June Williams, was caught by Britain’s ITV storming the Capitol Building on a mission to steal Speaker of the House Nancy Pelosi’s laptop in order to sell it to Russian intelligence.
For years, Russian influence has been quietly shifting a portion of the U.S. electorate towards its positions. It’s to the point where it was perfectly fine for two men from Ohio to wear “I’d Rather Be A Russian Than A Democrat” t-shirts at a Lewis Center, Ohio rally put on by President Trump in 2018.
The United States is not alone in this, though it is the biggest target. Russia was caught funding France’s National Front Party, and their leader has taken loans from oligarchs. Russia was also identified in funding the Five Star Movement in Italy. Greece received a de facto bailout when Kremlin-backed oligarchs started buying up Greek media outlets, which in turn made Greece’s Syriza Party more favorable to Russian foreign policy (though they deny that). The far-right UKIP party in the UK has ties to Russia as well. And on and on and on.
So how does a society combat foreign influence, especially when its goal is to ensure the survival of the most toxic elements we face today? How do we do it without harming the economy or driving more people into the extremism void?
The default answer is “time and education.” If society can make its growing fringe aware of this evidence and logic, perhaps we can persuade them that what they believe is a part of a greater ruse.
At 124,000 miles a second all day, every day, does anyone really think that’s going to stop this?
As the U.S. has a new administration assuming power, one of their primary tasks needs to be to address and cut off this foreign influence online. The rest of the problem, though, America has to take care of on her own. Welcome to the fight for democracy’s survival.
Nick is the founder and CEO of Security Fantatics, the Cybersecurity/Cyberwarfare division of BSSi2dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. As a member of the Board of Advisors for Roosevelt University’s College of Arts and Sciences as well as their Center for Cyber and Information Security, the Official Spokesperson for the COVID-19 Cyber Threat Coalition and a board member of Bits N’ Bytes Cybersecurity Education as well as Strategic Cybersecurity Advisor for the Private Directors Association, Nick helped to create an NSA certified curriculum that will help the Cybersecurity/Cyberwarfare community to keep defending our government, people and corporations from Cyber threats globally. In 2017 Nick was accepted into the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives, and is a regular contributor of articles which are published on forbes.com as well as smerconish.com.