Updated Feb. 5, 2024 at 10:35 p.m.
In Russia, 2024 has begun with it a series of unprecedented Internet restrictions, each implemented with varying degrees of severity. Initially, authorities blocked popular instant messengers like Telegram and WhatsApp during the protests in the far-flung Russian republics of Bashkortostan and Yakutia. But quickly this wave of blocking access extended to other regions across the country.
[shortcode-Subscribe-to-Ukraine-daily-box]
Subsequently, in regions near borders with NATO member countries, including Pskov, Novgorod, and Leningrad, authorities began nightly shutdowns of mobile Internet, purportedly for undisclosed military purposes.
Finally, on January 30, the entire nation experienced a widespread outage of the .ru domain segment, supposedly due to technical issues.
What’s really going on behind these restrictions? Digital security experts investigate the signs that the Kremlin may be building a nationwide firewall to restrict internet access.
When RuNet went down
Around 18:00 Moscow time on January 30, a significant outage affected the .ru domain zone in Russia. Users reported widespread unavailability of numerous popular Russian services, including Sberbank, Yandex, VKontakte, Wildberries, Avito, and Ozon. Even attempts to access Russian sites from abroad were unsuccessful.
The Ministry of Digital Development attributed the issue to a failure in DNSSEC (Domain Name System Security Extensions), a set of protocol extensions for the domain name system (DNS). The problem was resolved several hours later. According to the Coordination Center, the blame lay with “imperfections” in the software responsible for generating DNSSEC encryption keys.
Russia is trying to establish its own national domain name service.
Lawyers from the Network Freedom Project speculated that the outage might be linked to Russia’s efforts to establish its own national domain name service, essentially an “address book” for associating website addresses with machine-readable IP addresses. They cautioned that if the national DNS server were launched successfully, there would be no guarantee that it would direct browsers to the requested sites accurately, nor would it refrain from recording and transmitting users’ request data to IP addresses.
Tech expert Philip Kulin described the incident as “a huge failure, the first in 14 years of the signature’s existence.” He suggested that the outage likely resulted from a maintenance error, exacerbated by the specialized nature of the task and the unavailability of the responsible specialist, who was en route to the office in Moscow. Kulin also noted that the National Domain Name System (NDNS) was incapable of functioning with DNSSEC at all.
Sarkis Darbinyan, the head of the legal practice at Roskomsvoboda, a non-governmental organisation that supports open self-regulatory networks and protection of digital rights of Internet users, suggested that authorities hastily launched a backup center without thorough testing, resulting in the loss of communication with the root server.
Still, even if the national outage appears to have been a glitch, there are signs elsewhere that there are intentional actions being taken to limit internet access that may be leading to a much tougher system of censorship and information control by the Kremlin.
The hand of FSB
The DNS failure occurred amidst a backdrop of ongoing Internet slowdowns and messenger blocking across various regions of Russia. According to the “In Connection” project, in January, residents of the Tula region and Karelia reported Internet slowdowns, while interruptions in WhatsApp and Telegram were noted in Bashkortostan, the Omsk, Novosibirsk, and Irkutsk regions, as well as the Krasnoyarsk, Khabarovsk, and Primorsky territories. Reports also surfaced about the inaccessibility of foreign sites and local mobile Internet outages in Yakutia and the Arkhangelsk region.
Mikhail Klimarev, the director of the Internet Defense Society, told Vazhnye istorii that on January 29, his project’s volunteers documented numerous user reports concerning brief access issues with YouTube. He attributed the main cause of service interruptions to “blocking.”
Leonid Yuldashev, a staff member of the Canadian digital freedom company eQualitie, said, “Government departments have quite big ambitions for the Internet, and it is impossible to carry them out without tests. You can simulate communication with different providers in the laboratory, but it is a different thing to do this in real life.”
Specialist Philip Kulin points out that Russia employs two methods for internet blocking: through official lists provided by Russian media regulator Roskomnadzor and through traffic filtering. Roskomnadzor mandated the installation of traffic filtering systems for operators starting from September 2020 as part of the “sovereign Internet” law. With this system, the state can not only block but also “slow down” specific services and data transfer protocols. It can also organize “shutdowns” at the local level by blocking IP addresses, domains, protocols, and instant messengers.
“To put it bluntly, the FSB has total control,” Yuldashev said, referring to Russia’s intelligence services.
Tech expert Sarkis Darbinyan suggested that blocking messengers in smaller regions without protests might be part of a preparatory campaign for larger-scale blocking: “They are trying not to touch Moscow and St. Petersburg yet. They always test on rabbits and then move on to the ‘cattle.'”
With centralized and decentralized blocking methods, censorship is becoming more sophisticated.
Mikhail Klimarev believed it was possible that service interruptions, including those affecting YouTube, may not solely result from malicious blocking. “Google has not supplied servers to Russia for two years,” he explains. “On average, a server works for three to four years before starting to fail. Many services, such as search, the Play Store, and Google documents, rely on the same Global Google Cache servers that Russians actively use. Also, keep in mind that Russia’s communication infrastructure is deteriorating.”
For security purposes
Sarkis Darbinyan, head of the legal practice at the NGO Roskomsvoboda, said that while authorities used to primarily reduce communication channel capacity using traffic filtering means, they are now completely shutting down LTE networks in some regions.
“We are witnessing a combination of various centralized and decentralized blocking methods; censorship is becoming more stringent and sophisticated,” Darbinyan observes. “Decentralized blocking occurred from 2012 to 2021, when telecom operators blocked certain services under threat of punishment. Centralized blocking, on the other hand, originates from a single center at Roskomnadzor, which is entirely non-transparent even to telecom operators.”
From January 25 to January 30, in the Pskov, Novgorod, and Leningrad regions, authorities opted to shut down LTE networks. According to sources from Kommersant and RBC news outlets, local shutdowns were associated with “adjusting the equipment of law enforcement agencies,” including detection of drones during a recent summit of Vladimir Putin and Belarus leader Alexander Lukashenko’s visit to St. Petersburg.
Sergei Tovkach, the general director of Avianovatsii, a drone manufacturer, confirmed that Ukrainian drones utilize mobile Internet over Russian territory. Consequently, mobile operators impose speed limits by restricting repeated connections to stations. However, Tovkach argued that turning off 4G communications at night would not be effective.
“From an efficiency standpoint, this decision is highly questionable because drones primarily rely on more sophisticated navigation systems through satellite communication,” he said “They do not solely depend on Internet providers. However, this might complicate navigation in large cities.”
Like China and Iran, not North Korea
Thanks to a data leak from the Main Radio Frequency Center, The Insider discovered that prior to the war, Roskomnadzor had invested hundreds of millions of dollars in internet blocking equipment. Currently, the technical capabilities for fully blocking the Internet in Russia are expanding — TSPU installations are now present on all operators’ nodes, and authorities are finding ways to circumvent sanctions restrictions to procure them.
As early as August 2023, Russia faced widespread VPN blocking, with subscribers of the Big Four — MTS, Beeline, Megafon, Tele2 — reporting significant outages. It became evident that the state had acquired the ability to block protocols for data exchange between computers and servers, particularly affecting services like YouTube and other video platforms, which operate on specialized data transfer protocols.
“As we approach March [when the Russian presidential elections will take place], we anticipate an increased threat of partial blocking or the inability to access major services. Complete shutdowns in certain regions are also possible,” predicts Sarkis Darbinyan.
Digital freedom activist Leonid Yuldashev notes that Messengers are particularly vital for residents of regions where Internet access is more costly: they serve as a primary source for city news and enable communication for essential needs such as requesting assistance with gasoline or food.
An internet shutdown often indicates a political crisis.
Thus, it is an extreme measure for Russian authorities to shut them down. “At the household level, most likely, everyone understands that turning off LTE is a very drastic action,” says Yuldashev. “An internet shutdown often indicates a political crisis, a violent confrontation on the ground.”
The authorities may also hesitate to implement a shutdown for purely economic reasons, and Mikhail Klimarev emphasizes that the authorities themselves would suffer from a shutdown. “Even in Kazakhstan, during network blocking amidst protests in January 2022, they began to turn on the Internet apparently for document exchange and bank transfers,” he recalled. “Mobile Internet supports cash registers, mobile terminals, video surveillance, alarms, and transport monitoring. The worse the economy, the fewer tanks and missiles they make.”
Darbinyan anticipates that the Kremlin is building a system that combines Chinese and Iranian censorship approaches — preserving access to reliable government services while limiting access to “dubious” ones.
“I don’t think that Russia is ready to follow the North Korean path and generally deprive business and the population of the Internet because the consequences would be disastrous for a country that wants to be part of the global economic system and trade with other countries,” he concludes. “Instead, there will be frequent but temporary restrictions in certain territories. This allows the Kremlin to selectively shut down parts of the Internet in specific regions, at certain times, and when it’s convenient or necessary for them.”
