Putin's 'Vulnerable' Computer: Does The Russian President Really Use Windows XP?
A Russian news site has claimed that President Vladimir Putin uses a vulnerable operating system, Windows XP, on his computers both at work and at home. After analyzing photographs of President Putin, published by the Kremlin press office, Open Media concluded that he “really uses an outdated version” of the Microsoft OS. The photographs, showing Putin at his desk and the computer sporting a Kremlin desktop theme, were looked at by Mikhail Klimaryov, the head of Russia’s independent Internet Protection Society, according to the Open Media report. Klimaryov is reported as confirming that the computer was running Windows XP, an operating system that Microsoft stopped supporting by way of releasing regular security updates back in April 2014.
There have been the odd security updates released by Microsoft since then, most notably in May 2019, when a patch for the BlueKeep vulnerability that led to the U.S. Government issuing “update now” warnings was released. That said, Windows XP remains an unsupported and, for most intents and purposes, obsolete operating system. So why would President Putin be using such an insecure and vulnerable system? Indeed, if President Putin is actually using computers driven by Windows XP, both at work in the Kremlin and at his Novo-Ogaryovo residence to the west of Moscow, is this a cybersecurity risk for Russia? These are the questions I put to people with a lot more hands-on knowledge regarding military intelligence and nation-state security matters than myself.
Maskirovka: Russian military deception
Philip Ingram MBE, a former Colonel in British Military Intelligence and now a journalist specializing in security and intelligence matters told me that photos of Vladimir Putin at a computer that is “supposed to be in his office with another allegedly at his residence” and “suggesting he is using Windows XP” are interesting in many ways. Those caveats are essential here, as Ingram points out that we cannot be sure the situation is actually as portrayed by the published photography.
Get started on your cybersecurity degree at American Military University.
“The Russian messaging machinery is always very careful in images they release to the world,” Ingrams says, “especially images of leading politicians and what is in the background of those images.” That the computer screen was so clearly positioned within the photographs, would likely have been factored into the framing of those images according to Ingram. “The question is why the Russians would want to highlight that their computers are allegedly using a non-patched operating system?” Ingram says, “the bottom line is we are not sure if this is real.”
There is a concept within the Russian military called maskirovka: a doctrine of deception. “Maskirovka is all about masking, giving out deceptive information, and it is engrained in all of their activities,” Ingram says. And he suspects the publication of these photographs is quite possibly another maskirovka attempt “to see what the reaction in the West and elsewhere would be.”
So, does Vladimir Putin use Windows XP?
Ian Thornton-Trump, a cyber threat intelligence expert and CompTIA global faculty member, served in the Military Intelligence Branch of the Canadian Forces. “I would have thought Putin would be rolling with some high-security Linux distribution with extra FSB cybersecurity sauce,” Thornton-Trump says. Putin himself was a former director of the Federal Security Service of the Russian Federation, the FSB. To imagine that the FSB would not have some input into securing computer usage at this highest of levels is somewhat naive. The Linux distribution remark is also worth noting as “the Russians have an inherent mistrust of Microsoft, as they see it feeding the US intelligence machinery,” Ingram says. Indeed, they are “in the process of rolling out their own Linux based operating system and Putin has ordered greater controls over Internet use in Russia,” says Ingram.
We should also bear in mind, according to Ingram, that at this level, “the Russians don’t routinely have their systems connected to the internet,” which means “even for an unpatched system, if it is air-gapped, the risks are much lower.” Thornton-Trump agrees and says that the idea that Windows XP has to be an insecure option is wrong. “With a defense in depth approach, and system hardening work, Windows XP can be a very tough nut to crack,” Thornton-Trump says. “Millions of XP boxes still exist in industrial control system environments,” Thornton-Trump continues, “if the FSB cyber defenders know this OS the best, then they can probably lock it down tight.”
The truth is that we will likely never know what computers and operating systems, President Putin is rocking. What we can be pretty sure of is that whatever those systems are, they are going to be well secured.
I have reached out to the Russian Presidential Press and Information Office for an official statement regarding President Putin’s alleged use of Windows XP. I will update this story if one is forthcoming.