Forbes’ Zak Doffman reports that Russia’s Federal Security Service, the FSB, has been hacked. The FSB, similar to our FBI, is Russia’s main successor agency to the KGB.
BBC Russia reports this as “the largest data leak in the history of the work of Russian special services on the Internet.”
According to Forbes, on July 13, a hacking group using the name Ov1ru$ is said to have stolen 7.5 terabytes of data from SyTech, a “major FSB contractor working on a range of live and exploratory internet projects.” This revealed “secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.” Hackers left behind a smiling Yoba face on the homepage of the company’s website.
(Notes: De-anonymization is a data-mining technique where unidentified data is matched with publicly available information to determine the source’s identity; A Yoba face is a symbol used in Russian internet slang to denote trolling; One terabyte can hold 200,000 5-minute songs, or 500 hours worth of movies.)
Ov1ru$ “passed the data itself to the larger hacking group Digital Revolution, which shared the files with various media outlets and the headlines with Twitter—taunting FSB that the agency should maybe rename one of its breached activities “Project Collander.” It is believed that none of the files sent to journalists had been edited or changed in any way.
Doffman said he had received a link to the Digital Revolution site where an initial tranche of breached documents was “published two months ago… as part of that 7.5 terabytes.”
Ov1ru$ detailed the project names: “Arion”, “Relation”, “Hryvnia,” alongside the names of the SyTech project managers.
The projects themselves appear to be a mix of social media scraping (Nautilus), targeted collection against internet users seeking to anonymize their activities (Nautilus-S), data collection targeting Russian enterprises (Mentor), and projects that seem to relate to Russia’s ongoing initiative to build an option to separate the internal internet from the world wide web (Hope and Tax-3). The BBC claims that SyTech’s projects were mostly contracted with Military Unit 71330, part of FSB’s 16th Directorate which handles signals intelligence, the same group accused of emailing spyware to Ukranian intelligence officers in 2015.
Nautilus-S, the Tor de-anonymization project, was actually launched in 2012 under the remit of Russia’s Kvant Research Institute, which comes under FSB’s remit. Russia has been looking for ways to compromise nodes within Tor’s structure to either prevent off-grid communications or intercept those communications. None of which is new news. It is believed that some progress has been made under this project. Digital Revolution claims to have hacked the Kvant Research Institute before
The preparatory activities for splitting off a “Russian internet,” follow Russian President Vladimir Putin signing into law provisions for “the stable operation of the Russian Internet (Runet) in case it is disconnected from the global infrastructure of the World Wide Web.” The law set in train plans for an alternative domain name system (DNS) for Russia in the event that it is disconnected from the World Wide Web, or, one assumes, in the event that its politicians deem disconnection to be beneficial. Internet service providers would be compelled to disconnect from any foreign servers, relying on Russia’s DNS instead.
The BBC Report, which is written in Russian, states that no actual state secrets were exposed. But the mere fact that hackers had so easily been able to breach SyTech’s server is the surprise.
Doffman notes that “contractors remain the weak link in the chain for intelligence agencies worldwide.” Breaching government contractors is a common way for hackers to steal government information. It’s been tried against U.S. government contractors as well.
In January, I posted that the US electric grid had been hacked by the targeting of hundreds of small government contractors and subcontractors here.
Unfortunately, safeguards will be added which will make it more difficult to repeat a similar breach. But it makes for an interesting story anyway.
Doffman notes that the FSB has declined to comment on the breach.