Russian Intelligence Hacked of 7.5TB of Data: What We Learned of Their Cyber Plans

I’m not sure why this story did not receive more attention than it did. This was a huge hack that gathered data about all the plans that Russia’s main intelligence agency, the FSB (the modern version of the KGB), has for the future. On the other hand, BBC Russia, which was the first to break the story, claimed that nothing new was exposed. Maybe, but it certainly highlighted the direction that the Russian government is taking in the cyber realm at a time when they don’t need any more negative press. It’s this that I will focus on in this post.

Briefly, the FSB was hacked through a contractor, SyTech. The hackers, a group known as 0v1ru$, must have been on the FSB network for quite some time for them to cull so much data. The fact that they were able to do this at all makes the cybersecurity world wonder if others may not have been able to do the same thing. In other words, nation-states may have already infiltrated the FSB network and learned what plans it had. So, here are the cyber operations that the Russians have been working on. It’s safe to assume that these areas are still under attack by Russian intelligence.

Subvert the Tor Browser

 The hacked documents leave no doubt that the Russian government is obsessed with undermining privacy. They don’t like the fact that Tor allows users to browse anonymously and they want that to stop. The FSB is attempting to control Tor by taking over its nodes. This has been done before by a number of government intelligence agencies. The FSB is especially interested in controlling exit nodes and creating false exit nodes through which they can gather information. Back in 2014, Sweden’s Karlstad University reported the discovery of 19 compromised exit nodes, 18 of which were controlled by Russia.

But the Russian government’s goal is not simply to gather Tor user information. It is to ruin the reputation of Tor itself. It wants users to doubt whether Tor can really keep them anonymous and, thus, discourage people from using it in the first place.

Control Facebook and LinkedIn

 The hack also exposed the Russian government’s concern about social media. The FSB had a program, Nautilus-S, which would mine social media sites for data. They found these sites to be a treasure trove of information that could be used in any number of ways. This would lead one to suspect that the FSB was not really interested in banning these sites but in controlling them in some way.

To this end, the Russian government now requires that these sites store all of their information on servers inside Russia. Failing to do so will result in fines, such as those recently levied against Facebook. They also threaten to ban sites that don’t comply with this regulation. LinkedIn, for example, failed to comply and has been banned in Russia since 2016. That said, it can still be accessed through a VPN and continues to amass Russian users.

The Russian government doesn’t like these social media sites because they have been used to plan anti-government rallies. Whenever this occurs, the government blocks the sites. But Facebook has not sat idly by. They have, in turn, taken down 364 sites connected to the Russian government’s propaganda news site, Sputnik. Twitter has also removed a number of its accounts based in Russia. So the battle wages on.

If you want to know if a site is blocked in Russia, Comparitech gives you an interface that will allow you to type in the URL you’re interested in and see if it is operating. As of this morning, Facebook, Twitter, and LinkedIn all came up as blocked. This may be because of the anti-government protests now going on in Moscow.

blocked

Spy on Torrent Users and P2P Messenger Sites

 ‘Reward’ was the name of the FSB program used to spy on peer-to-peer (P2P) file sharing sites back in 2013-2014. The details on how they would do this are unknown, but it would seem fairly easy for the FSB to put up a file with a RAT (Remote Access Trojan) to spy on unsuspecting downloaders. Everyone knows that such sites have been attacked by various law enforcement agencies for years for what they suggest is illegal file sharing. This is why these sites often suggest accessing their content through a VPN; otherwise, individual downloaders can be identified through their IP addresses. The Russian government just wants to see who’s sharing what with whom. For them, it’s all about surveillance.

The same is true for encrypted messenger sites like Jabber. Jabber is often used by journalists because of its high level of encryption. In the eyes of the FSB, why would anyone want to use encrypted communication unless they had some devious plan? In the eyes of the FSB, all encrypted messenger services are suspect and should be undermined at every opportunity. And let’s keep this in mind. The FSB is not the only government intelligence agency interested in keeping their eyes on such messaging. Jabber, in fact, was previously hacked by U.S. intelligence operatives. This fact was recently exposed in the affidavit filed by the U.S. government against Julian Assange. His decrypted communications with Chelsea Manning through Jabber were displayed for all to see.

Just because the Reward program ended in 2014, don’t believe for a second that the FSB isn’t concerning itself with encrypted messenger services. They have recently been waging a war against Telegram, the most popular encrypted messenger service for those wanting to hide their communications from government surveillance. In fact, it is believed that many of the recent protests against the Russian government were organized using Telegram.

telegram

Building Runet: The Russia-Only Internet

 The hacked documents show that the Russian government has been planning to disconnect from the World Wide Web for some time. This effort to make a Russia-only internet is termed, Runet. Although the idea may sound crazy to many, President Putin just signed it into law a few months ago. He did this despite the fact that only 23 percent of the public support the idea. Here are the results from an April 2019 poll.

chart2

The following chart shows the increase in negative attitudes towards the internet among Russian citizens over time. Clearly, the idea of an isolated Russian internet is doing nothing to increase this trust.

chart

The plan will come into effect in November. All telecom services must comply with the terms of this new internet by 2021.

The Russian government claims that this new system will protect Russian internet users from foreign attacks. But, as ZDNet points out, “as far as civil liberties activists are concerned, the censorship aspects of this centralization drive are the real goal here, rather than countering the imagined threat of an outside force that wants to cut off the Russian internet.” Good move, Russia. You’ve just aligned yourself with such freedom loving countries as North Korea, China, and Iran.

The good news for Russian citizens is that there is still no good policy for dealing with VPNs. The bad news is that setting up Runet will cost them hundreds of millions of dollars. It’s not clear what the cost will be for businesses, especially those relying on foreign customers. This looks like a a no-win situation for all concerned.

In the end, it appears that Russia has become a paranoia state. They seem well on their way to sliding down the slippery slope to complete oppression. Whether Runet will come with any social backlash will become apparent this fall when it is implemented and people begin to realize what freedoms they have actually lost. Stay tuned.

 

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s