This Hacktivist Site Lets You Prank-Call Russian Officials

Credit to Author: Andy Greenberg| Date: Wed, 18 May 2022 10:56:57 +0000

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

Robocalls have become a modern scourge, the destroyer of focus, the nuisance that somehow cannot be eradicated. But perhaps they can, at least, be repurposed to strike a very small and slightly absurd blow against the Russian government's unprovoked invasion of Ukraine.

Today, a group of international hacktivists launched a website, WasteRussianTime.today, designed to combine prank calling and robocalling into an automated weapon of telephonic annoyance targeted at the Russian state. Visit the site, click a button, and it will cycle through a leaked list of Russian government, military, and intelligence phone numbers to connect two random Russian officials—and allow the site's visitor to silently listen in as those officials waste their time trying to figure out why they're speaking to each other and who initiated the call.

“We’re hoping for confusion, that they get annoyed, and that these might even be interesting calls to listen to for people who speak Russian,” says one of the site's creators who goes by the name Shera. The group of artists, activists, and coders behind the site is, according to Shera, called the Obfuscated Dreams of Scheherazade. “This war started inside Moscow and St. Petersburg, within the power circle of Putin, and that’s who we want to annoy and disturb.”

Since Russia began its full-scale war in Ukraine on February 24, hacktivists working independently and even rallied by the Ukrainian government have carried out an unprecedented campaign of hacking operations targeting Russian organizations, some of which have resulted in the theft and leak of hundreds of gigabytes of Russians' emails and other private information. The Ukrainian government itself at one point released a list of what it said were the names and contact details of 620 Russian intelligence agents. 

Now, by combing through that pile of leaked information, scraping phone numbers from emails, and combining the results with those found in other public sources, the creators of WasteRussianTime.today say they've assembled more than 5,000 Russian government phone numbers, both landlines and cell phones, including members of the Russian military police, staff of its parliament, known as the Duma, and even Russia's Federal Security Service, or FSB—all of which are now targets of its automated robo-dialing campaign.

WasteRussianTime.today is designed to work by starting a VoIP call, automatically dialing 40 of the leaked phone numbers, and merging the user into a three-way call with the first two Russian officials' phones that connect. The site's creators say they decided not to let visitors to the site actually speak on the calls, for fear that they might say something that could identify and endanger themselves. So instead, the site functions as a kind of performance art installation, allowing visitors to silently observe and enjoy its spam calls. "Join the civil intervention against war," a message on the site reads. "If you're on the phone, you can't drop bombs or coordinate soldiers."

In WIRED's dozen or so test calls on the site just before its launch, the site's creators still seemed to be ironing out some bugs. The site only worked on desktop, and most of the calls resulted in at least one non-working number audio message. In about half the calls, at least one confused Russian-speaking did pick up. But in only one call did two people pick up the phone, and one hung up before the other started speaking. Shera says the site's developers will be tweaking it over time to identify and weed out non-working numbers.

The site's creators say the idea for WasteRussianTime.today came about 24 hours after Russia launched its full-scale invasion of Ukraine in late February. As the hacktivist group discussed ways of protesting or disrupting the war, their brainstorming eventually turned to how they might be able to create a site that used leaked Russian phone numbers to allow visitors to call ordinary Russian citizens and speak to them about the invasion. But as more Russian government numbers leaked in the post-invasion hacking wave—and as they realized most visitors wouldn't be able to speak Russian, and the calls might create safety concerns—they instead pivoted to making Russian officials essentially prank call each other, with the site's visitors as the audience.

Bringing that idea to fruition took nearly three months, in part, the site's creators say, because they were designing it to be resilient against the inevitable response from the site's targets. They've prepared a broad range of numbers to call from, to make their calls more difficult to block or ignore. And they've engaged a service that offers defense against distributed denial of service attacks that might otherwise be used to knock their site offline with bombardments of junk traffic. (They declined to name the service.) “We think the whole system will not live forever; someday, it will get blocked probably,” says Shera, suggesting that the site may manage to stay online and functional for anywhere from hours to weeks.

WasteRussianTime.today's creators say they took care to screen the numbers they included to make sure they're all government or military staff, rather than random Russian civilians. For the cell phone numbers they're including, for instance, they're only using numbers leaked in recent months, since cell phone numbers are often recycled from one user to the next. But they also admit they didn't do much actual testing of the numbers for fear of alerting their targets to the project too early, which would lead to their calls being blocked. In a message posted online, they called on Russians to share any more government or military phone numbers they may have, but ask that those supplying them share verification where possible so they can avoid harassing civilians. “We’re doing our best not to call some random grandma in Siberia,” Shera says.

The hacktivists say their idea was partly inspired by journalists at Bellingcat and Russian news site The Insider who have called Russian officials and even intelligence agents, pretending to be their colleagues or superiors, to trick them into revealing sensitive information. That technique was most famously used by Alexei Navalny, working with Bellingcat, when he dialed up an FSB agent and duped him into confessing to trying to assassinate him with the Novichok nerve agent in a nearly hour-long phone call.

But Christo Grozev, the Bulgarian Bellingcat researcher and journalist who helped Navalny spoof that FSB call, points out that the WasteRussianTime.today project does come at a cost. “Whenever something like this becomes public, the whole department changes their numbers, and that's not good for investigations, including journalistic investigations,” says Grozev.

All the same, Grozev says he does appreciate the prankster spirit in which the project was conceived, and he says that it may discourage and demotivate Russian government staffers who feel their private information isn't being protected. “It’s a great psychological operation,” he says. “It’s just more of a radio morning show prank, rather than a journalistic operation.”

The site's cocreator, Shera, for his part, says that many of the numbers are already leaked and public to varying degrees. But more broadly, if the effect of the project is little more than a prank, so be it. “We just want to do our part and annoy the Russian military-industrial complex,” he says. “And make people laugh a bit.”

https://www.wired.com/category/security/feed/

Leave a Reply