Episode 28: A Return to Stanislav

DINA TEMPLE-RASTON: Um, so how are you doing? We've actually been thinking a lot about
you. Are you doing okay?

STANISLAV: Uh, sometimes — it depends on the day. Sometimes I feel moody, sometimes
I'm, like, optimistic. But, uh, moody, in most cases.

TEMPLE-RASTON: That’s a friend of Click Here. His name is Stanislav.

But we just call him Stan.

He lives in St. Petersburg, Russia, and we first talked to him in March, not long after
Russia’s invasion of Ukraine. And he gave us a really good idea of how a regular Russian
was seeing the war, and how it has affected him personally.

STANISLAV: It is very hard when you see that all your friends, 90% of the friends who
understand what's going on, are in shock.

[MUSIC]

STANISLAV: I think already five or six families of mine have already left the country, um, by
car, by airplane. I’m in panic…

TEMPLE-RASTON: And truth be told, Stan wanted to leave too. But he couldn’t. His wife was
eight months pregnant and couldn’t travel. Now he has a newborn son.

STANISLAV: Damien…

TEMPLE-RASTON: Damien, I think, in English.

STANISLAV: Yeah. Yeah, yeah…

TEMPLE-RASTON: Is he sleeping?

STANISLAV: Uh, he's sleeping better than others, so he's like a gift for us.

1
TEMPLE-RASTON: When Stan was awaiting Damien’s arrival back in March, he was trying to
come up with creative ways to keep his European clients happy. He does marketing for
companies, specifically search engine optimization.

And his overseas clients that are from places like the Netherlands and Israel have to abide
by the sanctions.

STAN (in March): Uh, they cannot pay for my services right now because my bank is blocked
by sanctions. So I'm trying to find a solution for my family.

TEMPLE-RASTON: For a while, dabbling in cryptocurrencies allowed him to get paid, but
that’s become harder, too. Among other things, last month Putin banned the use of crypto
to pay for goods and services in Russia.

Which isn’t a big surprise. Putin’s had a love/hate relationship with crypto for years. He’s
not a fan of Russians trading currencies over which he has no control. Now, when Stan tries
to trade crypto he gets a warning – a little pop up banner on his computer.

STANISLAV: When you are making your transfer peer-to-peer, you can see the message from
this bank that we know that you are trying to buy crypto, and it's not allowed.

[THEME MUSIC]

TEMPLE-RASTON: I’m Dina Temple-Raston, and this is Click Here, a podcast about all things
cyber and intelligence.

Today, a return to Stan, a conversation about post-invasion Russia as seen by a man who is
living in it. And we speak with two Yale economists who make a very compelling case that
Putin is lying when he says the sanctions aren’t working, that the Russian economy is doing
just fine.

STEVEN TIAN: The Russian economy is tanking…

JEFFREY SONNENFELD: What's going on here is sort of a game of chicken, a game of who
can hold out the longest.

TEMPLE-RASTON: Stay with us.

2
[BREAK]

[MUSIC]

TEMPLE-RASTON: Stan has a Russian passport, but he is half-Russian, half-Ukrainian. So the

events unfolding in Ukraine may be more visceral for him. He’s educated, a small business
owner, a dad, and a voracious consumer of news — international news.

STANISLAV: I’m in the community of the people who are against the war, but when you
speak with the ordinary people just working in the shop, maybe, uh, most of them are really
supporting the war. So, you know, it can be a problem.

TEMPLE-RASTON: When he tries to explain the war to his kids, he makes clear that he thinks
the invasion was wrong. But he has to be careful about telling them things they might
repeat at school.

STANISLAV: So I'm like, I'm trying to explain my vision, but like in a neutral way.

TEMPLE-RASTON: Right, so they don't get in trouble.

STANISLAV: Yeah.

[MUSIC]

TEMPLE-RASTON: He’s been watching attitudes shift in Russia since the war began. When
we talked to him back in March, he said there was this big patriotic push – there were flags
everywhere. People were making a big ‘Z’ sign in the air to show they supported the war.

STANISLAV: The z-sign, like Zorro. It’s the same as German swasti, stakis, I don’t know…

TEMPLE-RASTON: Yeah yeah, yeah. Swastika.

TEMPLE-RASTON: Now there are even more worrying signs that Putin’s disinformation
campaign is gaining traction. And it’s not just in official ways, but in more personal ones,
too.

3
It’s little things, like the kids at his children’s school making up a new game, a kind of cops
and robbers thing. But in this case, the Ukrainians are the bad guys.

STANISLAV: But I told my kids, you know, that 50% of your blood is Ukrainian. So please, uh,
I hope you'll never use these words, like, ‘the enemy.’

TEMPLE-RASTON: I hope you’ll never use words like ‘the enemy,’ he says.

[MUSIC]

TEMPLE-RASTON: Stan’s mother was Ukrainian. His wife is Ukrainian. But he told his kids
not to talk about that.

STANISLAV: But please, but please let's keep it, uh, like let's keep it secret in our family.
Don't tell anyone about this. So this is a problem. Yeah.

TEMPLE-RASTON: He’s worried that his half-Ukrainian kids will be bullied by the Russian
ones.

STANISLAV: Maybe majority of the kids are thinking that, uh, we are the good guys…

TEMPLE-RASTON: When he’s not anticipating the problems his kids might face at school,
Stan is worrying about his business. He helps European companies market and sell their
products in Russia. But with sanctions in place, they aren’t allowed to do that. So, that’s
taken a huge bite out of his business.

STANISLAV: It’s reducing 20 percent of my revenues.

TEMPLE-RASTON: Stan had been trying to move money and savings around by using
cryptocurrency: paying bills with Bitcoin, asking clients to use a crypto exchange. But those
end-runs aren’t working anymore.

In addition to Moscow cracking down on crypto, it is taking aim at some of the banks.
Consider the case of one of Russia’s most popular online banks, Tinkoff.

STANISLAV: It was the biggest private bank in Russia and it was very…technologically one of
the best in Russia.

4
TEMPLE-RASTON: And it was one of the banks Stan was using to do his crypto trading.

STANISLAV: All the modern people in Russia, uh, use this bank because it's most
technological and had a friendly design and so on.

TEMPLE-RASTON: An oligarch friend of Putin’s just bought a large stake in it. The
circumstances of the sale are still a little murky. The man who had a controlling interest in
the bank was a guy named Oleg Tinkov. And, like Stan, he has opinions about the war.

And he made them public in a pretty colorful Instagram post back in April. Among other
things he said that Putin had started an “insane war.” Days later, Russia announced that
Tinkov was selling the controlling interest in the bank that bears his name.

Which is Probably not a coincidence. The subtext is that Tinkov was made an offer he
couldn’t refuse. What all this means for people like Stan, though, is that a bank that might
have turned a blind eye to the occasional crypto trade is now more likely to tow the party
line.

The central government has also proposed creating a single company that would handle all
the country’s classified ads, which would essentially nationalize or end a company called
Avito. It’s the biggest classified ad company in Russia.

[RUSSIAN AD]

TEMPLE-RASTON: That’s one of their commercials, which are on Russian television all the
time.

[RUSSIAN AD]

STANISLAV: It's like Craigslist. This is the biggest classified. So millions of people are selling
some used goods through it, and it's a big one. It's a huge, huge business, but the Russian
government is going to make, uh, their own…how to say English?

TEMPLE-RASTON: Monopoly?

STANISLAV: Yeah. Monopoly business from the government.

TEMPLE-RASTON: Why are they doing that?

5
STANISLAV: Because they want some money.

TEMPLE-RASTON: So there’s a private bank purchased one day. Classified ads are
nationalized the next. And Stan’s biggest worry? That the Kremlin will focus on a company
called Yandex next.

STANISLAV: They are trying to destroy big business in Russia. For example they will ruin
Yandex, and this is the only search engine which I am allowed to use.

TEMPLE-RASTON: Yandex is known as Russia’s coolest company. It is like a Russian Google.

And if you’re in the search engine optimization business, like Stan is, well, Yandex is pretty
important.

Before the war, some 50 million Russians went to the Yandex home page to get the latest
headlines. Now the Kremlin is curating what appears there, and Stan worries they could
start censoring search results too.

STANISLAV: In 1, 2, 3 months, you will have some problems with, uh, with the business. I
understand it right now because it will affect me and my family.

[MUSIC]

TEMPLE-RASTON: When we come back, two Yale economists dig into Russia’s economy and,
contrary to popular belief, they say the sanctions are really biting. LIke South Africa during
apartheid apartheid biting…

JEFF SONNENFELD: The mayor of Moscow admits that there are hundreds of thousands of
folks unemployed. And if he's admitting that, and that was already back in April, the
situation's not getting better.

We’ll be right back.

[BREAK]

6
SONNENFELD: I'm Jeff Sonnenfeld, senior associate Dean at the Yale School of Management
and the president of the Yale Chief Executive Leadership Institute, kind of a fold out
business card.

TIAN: And I am Steven Tian. I am one of Jeff’s researchers at the Yale Chief Executive
Leadership Institute.

TEMPLE-RASTON: A couple of weeks ago, Jeff and Steven released a report that made a lot
of people sit up and take a second look at how the sanctions are affecting the Russian
economy. For months, Putin has fashioned himself the world’s energy czar. The story line
was that he was holding Europe hostage, that Russia controlled the flow of gas, so it was
getting the better of the allies.

NEWS MONTAGE: Europe is already bracing for what could be a long cold winter. Since
Russia invaded Ukraine, oil prices have been surging…

NEWS MONTAGE: To make it through the winter, assuming there is a full disruption of
Russian gas, we need to save gas to fill our gas storages faster…

TEMPLE-RASTON: Putin claims Europe needs their gas far more than Russia needs the
money from selling it, because Russia's economy is doing just fine, thank you very much.

But Jeff and Steven and their co-authors say the world has fallen for a massive
disinformation campaign. Russia actually needs those energy exports much more than
Europe does because the rest of its economy is reeling.

And Jeff says if we want to understand just how bad things are, we should go back to what
we saw in South Africa, back in the 1980s. That’s when major corporations pulled out of the
country to protest the apartheid regime. Except in that case, Jeff says, only 200 big
corporations left. The number that have effectively pulled out of Russia since the invasion is
five times that.

And to ensure no one can see what that kind of isolation has done, the Central Bank in
Moscow has stopped releasing numbers that accurately reflect the health of the economy.

SONNENFELD: They've destroyed 20 years of their own statistical credibility and trust in the
last few months.

7
TEMPLE-RASTON: But Jeff and Steven found an ingenious way to get around that.

SONNENFELD: We just go to the other side to get the data. In a global economy, for every
buyer there's a seller; every seller, there's a buyer. If Russia's not gonna put out the true
information, it's still available.

TIAN: We’re looking at data from the ports industry, we’re looking at proprietary data from
corporations and financial institutions, and we’re able to draw across so many different
data sources and piece together a really a holistic picture of what's going on.

TEMPLE-RASTON: And what they found is an economy that’s barely hanging on.

SONNENFELD: Multinational firms, uh, have taken away perhaps as much as 40% of the
GDP, maybe a little bit more. They also have taken away a lot of employment. Russia
acknowledges that that was, at minimum, 12% of their workforce.

TEMPLE-RASTON: Stan says he’s experiencing that first-hand. Things you wouldn't
necessarily think of missing have simply disappeared from Russia, like computer operating
systems.

STANISLAV: I know right now, uh, nearly 70% of notebooks, they are coming without any
operating system. So no, no Windows. When you don't have Windows and you have 140
million people in your country, uh, in every office and so on.

TEMPLE-RASTON: Apple and Microsoft have stopped selling their products and services in
Russia. So, the operating systems just don't show up in computers now. You also can’t get
parts for your iPhone.

More broadly, Stan told us stores are shuttered in his area, malls are closed. These
disruptions, these little gaps like a missing operating system, are having a ripple effect
throughout the economy. And have extended to all kinds of industries — like cars. Steven
says Russia has suspended some safety regulations on its domestic cars so they can
continue to roll off the line.

TIAN: They don't have enough airbags. They don't have enough safety brakes. They're now
making cars without airbags and safety brakes, and I don’t know about you, but I wouldn’t
want to drive.

8
TEMPLE-RASTON: Putin says he can fix all these disruptions and keep the oil money flowing
by just selling energy to China instead of Europe. But that is much easier said than done.
Russia just doesn't have the right infrastructure to make that shift.

SONNENFELD: They don’t have the pipelines to get it there. There's one, there's one narrow
creaky pipeline that goes into China.

TEMPLE-RASTON: Which flies in the face of Putin’s narrative. He says, better watch out
Europe: Winter is coming, and you won’t have what you need to keep warm this winter. He
has said it so often, it has become conventional wisdom. Even Stan believes that if he goes
to Europe with his newborn, it’ll be too cold.

STANISLAV: He will be crawling on the floor, which is very cold. And you cannot, uh, wash
him and shower because it's freezing cold. It's not like in Russia

TEMPLE-RASTON: I asked Jeff about this.

SONNENFELD: Well it's um, uh, Stanislav should be reassured. If this was six months ago,
we might agree with him, but not now.

TEMPLE-RASTON: Jeff says by the end of the year, Europe will have all the energy reserves it
needs to keep everyone warm this winter, including Stan. Who is weighing the pros and
cons of leaving Russia in the next couple of months.

STANISLAV: On one hand, you have a school right now that suits you. Uh, you have your
friends, you have your family to support, uh, with kids. You have a car, too, but you see the
country that is like degrading.

TEMPLE-RASTON: Degrading…yeah, degrading

STANISLAV: Uh, and you know that in like one hour or in one year or in three years, it'll be a
different country. Uh, that's not comfortable for you.

TEMPLE-RASTON: So Stan is trying to muster the energy to pull up stakes and move his
family to Spain.

STANISLAV: So I'm trying to sleep better, trying to exercise and so on. Then I'm going to. I'm
uh, working with some therapists and some business coach.

9
TEMPLE-RASTON: Or maybe, he volunteers, he can set up shop in America.

STANISLAV: Maybe, maybe one of my steps, uh, next steps will be to create a US company
in, uh, Delaware. Delaware…

TEMPLE-RASTON: A new start in the fine state of Delaware. We’ll keep you posted.

This is Click Here.

[B SEGMENT MUSIC]

TEMPLE-RASTON: And we found this story, we thought might interest you.

Last month, an unusual offering popped up on an English language darkweb forum. A

hacker known as ‘ChinaDan’ said he had access to a database maintained by the Shanghai
police. And for a mere 10 Bitcoin, or about $200,000, you could be the proud owner of the
names, phone numbers, government ID numbers, and police reports from about one billion
Chinese.

If the leak was as advertised, it would be unprecedented. Not just because of its size but
because of its contents.

MICHAEL-ANGELO ZUMMO: It was actually on an English speaking website, that's now been
taken down. Uh, but that was a big breach.

That’s Michael-Angelo Zummo.

ZUMMO: I just go by Zummo.

He’s a cyber threat analyst with Cybersixgill, and we met up with him at Black Hat last
week. It was actually live in Vegas this year.

Zummo is former military, former law enforcement, and he spends a lot of time in the dark
markets on the web. And for him, the remarkable thing about the Shanghai police database
wasn’t just the leak, but what he saw happen afterward.

10
ZUMMO: We saw a lot of Chinese actors showing up all of a sudden interested in the forum,
uh, interested in more leaks like that. You know, maybe some was because they wanted to
see if their data was in that leak.

TEMPLE-RASTON: In other words, people who might have tangled with the Shanghai police
and would have shown up in that database were looking to see if they, personally, had been
compromised.

ZUMMO: But also, what I was most interested in was seeing this all of a sudden, this uptick
in Chinese threat actors looking for data like that. And it was, it was funny. After that
breach, there was all of a sudden a bunch of other data leaks coming out of China.

TEMPLE-RASTON: News of the police database sale seemed to inspire hackers to release
other Chinese private personal information or PPI.

ZUMMO: What we were trying to figure out is, was this data already available and now
Chinese threat actors just found new places to share this data like on an English forum
where we found the Shanghai breach? Or did that breach encourage more of these data
breaches? Either way, whichever way it went, you know, the uptick in it was definitely more
interesting to me.

TEMPLE-RASTON: According to researchers who dug into the breach, the police database
itself was secure. The problem was, its management dashboard was accessible from the
internet. So anyone with decent hacking skills could vacuum up the information without a
password.

What’s ironic about all of this is that Chinese authorities have been amassing swaths of
digital and biological information on the Chinese people for years. They sift through social
media, collect biometric data, record the interactions of their people and then put that
through an endless array of algorithms to tease out patterns.

Think Minority Report on Steroids.

MINORITY REPORT TRAILER: I’m arresting you for the future murder of Sarah Marks…

TEMPLE-RASTON: But the Central Government has never been all that careful about
safeguarding what it collects, which is how the police data ended up in a dark web
marketplace.

11
I asked Zummo if Chinese dark web sites felt different from, say, Russian ones – aside from
being in their respective languages. And he said the differences actually felt cultural.

ZUMMO: The sites themselves aren't that different, but when it comes to those two specific
communities, Russian threat actors, they're the big, bad guys down there. All kind of
working for themselves, they're all working towards how do I make money? And so they're
using those different tools, developing their own tools, selling those tools to other threat
actors, whether they're Russian or not. Uh, whereas, the Chinese community’s a little bit
different. They're more about working together and kind of strengthening their community
and working towards goals like that.

TEMPLE-RASTON: Neither the Shanghai police nor China’s cyber watchdog ever commented
publicly on the authenticity of last month’s leak. But any mention of the breach? Those
appear to have been scrubbed from Chinese social media platforms, like Weibo and WeChat.

This is Click Here.

[HEADLINES MUSIC]

TEMPLE-RASTON: Here are some of the top cyber and intelligence stories from the past
week.

Chris Krebs, the Former director of the Cybersecurity and Infrastructure Security Agency
was at the annual Black Hat hacker conference last week calling for changes in the way the
U.S. approaches cybersecurity.

During a keynote address he said Congress should create a U.S. Digital Agency to
incorporate parts of CISA, the National Institute of Standards and Technology, and a
handful of other agencies like the FTC and FCC.

KREBS: I think it’s time to rethink the way government interacts with technology. I’m not
just talking about security. I’m talking about privacy. I’m talking about trust and safety
issues. We’re not where we need to be and we’re falling behind and Americans are suffering
as a result.

12
TEMPLE-RASTON: Speaking of CISA, last week it released an election security toolkit. It’s
intended as a one-stop shop with free services and tools available for state and local
election officials so they can improve the resilience of their election infrastructure.

It includes links to free resources to help combat threats like phishing, ransomware,
distributed denial-of-service attacks, and election-specific hacks. It also breaks down which
tools can be used to protect which parts of a state’s election infrastructure – from voter
information to websites to email to their networks.

The Department of Homeland Security says don’t rest easy about Log4j – the open source
software that opens hundreds of millions of devices to possible hacking.

SILVERS: Log4j is not over. This was not like a historic lookback, but we’re in the clear.

DHS’ undersecretary for policy, Rob Silvers, told an audience at Black Hat that it’ll be years,
maybe a decade, before the log4j problem will be adequately addressed.

SILVERS: It is likely that organizations are going to be dealing with continued Log4j for years
to come, maybe a decade or longer.

Log4j is a logging library for Java and it is widely used by businesses and web portals. The
fact that it had an exploitable flaw in its code was discovered by an engineer working for
Alibaba last December. Now people are rushing to address it.

[THEME MUSIC]

TEMPLE-RASTON: Click Here is a production of The Record by Recorded Future. I’m Dina
Temple-Raston, your host, writer and executive producer. Sean Powers is our senior
producer and marketing director, and Will Jarvis is our producer and helps with writing.

Karen Duffin and Lu Olkowski are our editors. Darren Ankrom is our fact checker. Ben
Levingston composes our original music and other music is from Blue Dot sessions. Kendra
Hanna is our intern.

And we want to hear from you. Please leave us a review and rating wherever you get your
podcasts. And you can connect with us at ClickHereshow.com.

13
We’ll be back on Tuesday.

14