Executive Summary:
A division of Russia’s Communications Authority, the General Radio Frequency Center (GRFC), has been playing a significant role in creating Russia’s sovereign Internet by establishing numerous restrictions and cracking down on users.
The GRFC is a Kremlin censorship tool which uses machine learning technology to detect and block civilian use of encryption, criticism of the Russian government, and evidence of war crimes committed by Russian soldiers.
The expansion of the GRFC, along with the increasing sharing of “best practices” between Russia and other authoritarian states abroad, demonstrates the emerging roles played by stakeholders in the Kremlin’s security apparatus.
On August 9, Russia announced that it would block the widely used encrypted messaging platform Signal, citing its “violation of Russian law.” The Russian Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor) stated that “the implementation of [this decision] is necessary to prevent the use of the messaging platform for terrorist and extremist purposes” (RBC, August 9). The continuing crackdown on internet freedom in Russia is being increasingly driven by an organization within Roskomnadzor, the General Radio Frequency Center (GRFC) (Istories.media, February 8, 2023). Since the beginning of the Kremlin’s war in Ukraine, Russian citizens have increasingly been subjected to a continuously growing wave of repression targeting internet freedom and the civilian use of encryption (Radio Free Europe/Radio Liberty, February 9, 2023). As the war continues and more Russian citizens lose faith in Moscow’s mission, discontent will grow within Russian society. This is likely to lead to the Kremlin imposing even more repression on the Russian people, particularly through restrictions on technologies that enable Russians to communicate with each other.
Russia adopted legislation on the creation of a sovereign internet in 2019, but the wartime conditions of the past two years have provided the Kremlin with an opportunity to implement a variety of new censorship systems (The Moscow Times, November 1, 2019). The GRFC is responsible for the development and implementation of many of RuNet’s (the Russian Internet) repressive internet measures, including the development of new surveillance technologies and installation of advanced packet filtering systems to block access to undesirable parts of the Internet.
The GRFC’s expanding role in the Russian surveillance and censorship state is detailed in a series of data leaks released in 2023 by Cyberpartisans (Kiberpartizany). Cyberpartisans is an anonymous Belarusian hacktivist group known for its various cyber-attacks targeting the Belarusian and Russian governments (T.me/cpartisans, February 9, 2023). Two million documents detailing various GRFC projects were stolen. In addition to purging evidence of Russian war crimes from approved search engines, the GRFC is also heavily involved in monitoring online media for any perceived slights against Russian President Vladimir Putin. The organization is likewise developing neural networks to better detect any anti-government behavior on social media and identify individuals in protest activities from videos posted on the Internet (The Moscow Times, February 13, 2023).
The hacked documents also show how the GRFC developed and operated an encrypted messaging platform for coordinating communications between different elements of Russia’s security state, including the Prosecutor-General, Roskomnadzor, Rosgvardiya (National Guard), Federal Protective Service, Federal Security Service (FSB), and Ministry of Internal Affairs (Current Time, February 8, 2023).
The GRFC is now moving to force all tech companies, including international firms, to comply with their censorship and surveillance systems. Google exited Russia in the aftermath of the invasion of Ukraine, but up to 2,000 servers remain at Russian service providers containing cached resources and content delivery systems used by the search engine giant (3DNews, August 9). The GRFC has begun to inform service providers that they must turn over these servers to the Kremlin’s monitoring system. Providers have started to comply, and in early August 2024, users in Russia began to complain about increasing issues and a slowdown in content delivery when accessing YouTube. The GRFC has gone as far as sending a warning message to internet providers who have been trying to improve YouTube loading speeds, reportedly stating that providers should “exclude the use of technologies that distort, fragment, and substitute internet traffic” for websites that are “subject to restrictions under Russian law” (The Moscow Times, August 1, 29).
The implementation of GRFC’s packet-filtering technology is successfully blocking civilian use of virtual private networks (VPNs), which are commonly used to protect the confidentiality of browsing activity. The director of the GRFC’s laboratory claimed in October 2023 to be able to successfully detect and block 90 percent of VPN traffic in real-time with the help of machine learning systems (Interfax, October 25, 2023). Russian civil society organizations and IT news channels have partly confirmed these statements and have reported that multiple data transmission protocols commonly used by VPNs are no longer usable in the country, resulting in many popular VPN services no longer functioning (Habr, March 15).
The GRFC is also beginning to play a larger role in shaping the Kremlin’s cyber defense strategies. The Russian press analyzed government procurement orders and discovered that the organization purchased 54 different Apple devices to study them for potential vulnerabilities, along with other manufacturers—including Huawei, a sign of continuing fears of Chinese espionage despite Moscow’s growing ties with Beijing (Vedomosti, August 1, 2023). This directive was accompanied by reports of bans on the use of Apple technology by various elements of the Russian state due to concerns about potential US espionage (TASS, July 31, 2023).
The increasing scope of power these actors involved in surveillance and censorship enjoy is justified under the guise of protecting Russian citizens, particularly given the vast increase in call center fraud since the outbreak of the war in Ukraine. Ukrainian cybercrime and call center fraud targeting Russian citizens is relentless, with Anton Nemkin, a member of Russia’s Duma responsible for information policy, estimating in July 2024 that 1,000 call centers targeting Russians are operating in Ukraine at any given moment (RIA Novosti, July 6). Roskomnadzor provided statistics asserting that they had successfully verified 69 billion calls in the first 11 months of 2023 via systems built by the GRFC. However, information security specialists were less optimistic about the efficacy of new measures in the long term, noting that fraudsters are constantly developing new methods to bypass verification (ComNews.ru, October 23, 2023).
Analysis of Russia’s security state has traditionally emphasized the role of FSB and the Main Directorate of the General Staff of the Russian Armed Forces (GRU) under Putin. The expansion of the RuNet project, along with the increasing sharing of best practices between Russia and other authoritarian states abroad, demonstrates the emerging parts played by stakeholders in the Kremlin’s security apparatus, such as the GRFC, whose role in censorship, surveillance, and cyber defense will likely only grow as the Kremlin makes the creation of a sovereign internet a national priority.
This article was originally published in Eurasia Daily Monitor.
Luke Rodeheffer is a cybersecurity researcher and expert with a decade worth of experience researching cyber issues in Eastern Europe. He speaks Russian, Turkish, and German, holds a CISSP certification, and a graduate degree from Stanford.