FSB alleges journalist provided intelligence to Ukraine's SBU for targeting a Russian publication
Russia's Federal Security Service (FSB) has initiated a criminal case against Elena Glushkova, a former freelance journalist for Radio Free Europe/Radio Liberty (RFE/RL), accusing her of collaborating with Ukrainian intelligence to facilitate cyberattacks. In a statement released to Russian state media, the FSB claimed Glushkova used the messaging platform Telegram to provide Ukraine’s Security Service (SBU) with information about a local Russian publication, which could then be used to attack its IT infrastructure. This accusation represents a significant escalation in the Kremlin's information war, blurring the lines between journalism and espionage to further suppress independent reporting.
Background: The Kremlin's war on information
The case against Glushkova does not exist in a vacuum. It is the latest development in a systematic and years-long campaign by Russian authorities to dismantle independent media. Since the full-scale invasion of Ukraine in 2022, this pressure has intensified dramatically. Moscow has enacted laws that criminalize spreading "fake news" about the military and have designated numerous news outlets, including RFE/RL, as "foreign agents" or "undesirable organizations." This legal framework has been used to silence dissent, imprison journalists like Evan Gershkovich of The Wall Street Journal, and force hundreds of reporters into exile.
RFE/RL, a U.S.-funded broadcaster, has been a perennial target. Its operations within Russia have been effectively shuttered under the weight of exorbitant fines and legal threats. The FSB's accusation against Glushkova, who RFE/RL confirms has not worked for them since 2021, serves to further tarnish the organization's reputation and intimidate anyone associated with it, past or present. In a statement to The Record, an RFE/RL spokesperson dismissed the claims as part of the Kremlin's "ongoing campaign to silence independent journalism and spread disinformation."
Technical analysis: What does 'aiding a cyberattack' mean?
The FSB's language is deliberately potent, evoking images of a journalist directly participating in hacking activities. However, the technical reality described is more aligned with classic intelligence gathering than direct cyber operations. The accusation is not that Glushkova deployed malware or exploited a vulnerability, but that she provided reconnaissance—human intelligence (HUMINT)—that could enable a future attack.
In any sophisticated cyber operation, reconnaissance is the critical first stage. Attackers need to understand their target's environment, including its network architecture, software stack, key personnel, and physical locations. The information Glushkova allegedly provided about a local print publication—potentially details about its staff, internal processes, or technology vendors—is precisely the kind of intelligence that state-sponsored threat actors seek. This data could be used to:
- Craft sophisticated spear-phishing emails: By knowing the names and roles of employees, attackers can create highly convincing emails designed to trick staff into revealing credentials or deploying malware.
- Identify technical weaknesses: Information about the publication's content management system, email provider, or other software could help attackers find known vulnerabilities to exploit.
- Map the organization's digital footprint: Understanding the publication's online infrastructure helps attackers identify potential entry points for network intrusion.
The FSB's claim that Glushkova used a Telegram channel allegedly controlled by the SBU is also technically plausible. Messaging apps with end-to-end encryption are frequently used by intelligence services, activists, and criminal groups for covert communication and coordination. While Telegram's security has been debated, its features offer a layer of concealment that makes it suitable for such activities.
By framing HUMINT gathering as "aiding cyberattacks," the FSB is weaponizing cybersecurity terminology. It conflates the act of collecting and sharing information—a core journalistic function—with the act of malicious hacking, thereby creating a legal pretext to prosecute reporters under severe national security statutes like Article 275.1 of the Criminal Code ("Cooperation on a confidential basis with a foreign state").
Impact assessment: A chilling effect on the truth
The primary target of this accusation is not just one journalist; it is the entire ecosystem of independent reporting on Russia. The implications are severe and far-reaching.
For journalists: The case against Glushkova sends a clear message: any communication with Ukrainian sources or organizations, or even reporting on topics deemed sensitive by the state, can be construed as treason or aiding an enemy. It dramatically raises the personal risk for any reporter, especially freelancers, who lack the full institutional backing of a large media corporation. The fear of being similarly accused will inevitably lead to greater self-censorship.
For media organizations: News outlets that cover Russia face a heightened duty of care for their staff, contributors, and sources. They must now contend with a reality where their journalistic activities can be reframed as hostile cyber-espionage, placing their people in direct legal and physical danger.
For the public: As independent voices are silenced, the Russian public is left with a media environment dominated by state-controlled propaganda. The ability to access objective information about the war in Ukraine and domestic affairs is further eroded, reinforcing the Kremlin's narrative and isolating citizens from the truth.
How to protect yourself: OPSEC for media in hostile zones
For journalists and media organizations operating in or reporting on authoritarian states, robust operational security (OPSEC) is not optional. While no defense is foolproof against a determined state adversary, certain practices can significantly reduce risk.
- Secure Communications: Always use applications with verified, end-to-end encryption for all sensitive conversations. Assume that all unencrypted channels are monitored. Be mindful of metadata, which can reveal who you are talking to, when, and for how long, even if the content is encrypted.
- Digital Hygiene: Regularly update all software and devices to patch vulnerabilities. Use strong, unique passwords for every account and enable multi-factor authentication (MFA). Be hyper-vigilant about phishing attempts, which are a primary vector for compromise. Using a reputable VPN service can help mask your IP address and encrypt your internet traffic, providing a crucial layer of privacy.
- Source Protection: Use secure methods to receive information from sources, such as encrypted drop-boxes or secure messaging apps with disappearing message features. Minimize the digital trail connecting you to your sources and avoid discussing sensitive details over insecure channels.
- Compartmentalization: Use separate devices, accounts, and even online personas for high-risk work versus personal activities. This can help contain the damage if one of your accounts or devices is compromised.
- Situational Awareness: Understand the specific legal and physical threats in your operating environment. The laws in countries like Russia are intentionally vague and can be applied retroactively to criminalize standard journalistic practices.
The accusation against Elena Glushkova is a stark reminder that in modern hybrid warfare, information is a weapon, and those who report it are on the front lines. By labeling journalistic inquiry as cyber warfare, the Kremlin is not only trying to control a narrative but is also attempting to legally and morally justify its assault on press freedom.
