Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia's Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.
FSB is Russia's primary security agency with parallels with the FBI and MI5, but its remit stretches beyond domestic intelligence to include electronic surveillance overseas and significant intelligence-gathering oversight. It is the primary successor agency to the infamous KGB, reporting directly to Russia's president.
A week ago, on July 13, a hacking group under the name 0v1ru$ that had reportedly breached SyTech, a major FSB contractor working on a range of live and exploratory internet projects, left a smiling Yoba Face on SyTech's homepage alongside pictures purporting to showcase the breach. 0v1ru$ had passed the data itself to the larger hacking group Digital Revolution, which shared the files with various media outlets and the headlines with Twitter—taunting FSB that the agency should maybe rename one of its breached activities "Project Collander."
I received a link to the Digital Revolution site where an initial tranche of breached documents was "published two months ago... as part of that 7.5 terabytes." I won't publish the link here for obvious reasons. Digital Revolution has targeted FSB before. It is unknown how tightly the two hacking groups are linked.
BBC Russia broke the news that 0v1ru$ had breached SyTech's servers and shared details of contentious cyber projects, projects that included social media scraping (including Facebook and LinkedIn), targeted collection and the "de-anonymization of users of the Tor browser." The BBC described the breach as possibly "the largest data leak in the history of Russian intelligence services."
As well as defacing SyTech's homepage with the Yoba Face, 0v1ru$ also detailed the project names exposed: "Arion", "Relation", "Hryvnia," alongside the names of the SyTech project managers. The BBC report claims that no actual state secrets were exposed.
The projects themselves appear to be a mix of social media scraping (Nautilus), targeted collection against internet users seeking to anonymize their activities (Nautilus-S), data collection targeting Russian enterprises (Mentor), and projects that seem to relate to Russia's ongoing initiative to build an option to separate the internal internet from the world wide web (Hope and Tax-3). The BBC claims that SyTech's projects were mostly contracted with Military Unit 71330, part of FSB's 16th Directorate which handles signals intelligence, the same group accused of emailing spyware to Ukranian intelligence officers in 2015.
Nautilus-S, the Tor de-anonymization project, was actually launched in 2012 under the remit of Russia's Kvant Research Institute, which comes under FSB's remit. Russia has been looking for ways to compromise nodes within Tor's structure to either prevent off-grid communications or intercept those communications. None of which is new news. It is believed that some progress has been made under this project. Digital Revolution claims to have hacked the Kvant Research Institute before
The preparatory activities for splitting off a "Russian internet," follow Russian President Vladimir Putin signing into law provisions for "the stable operation of the Russian Internet (Runet) in case it is disconnected from the global infrastructure of the World Wide Web." The law set in train plans for an alternative domain name system (DNS) for Russia in the event that it is disconnected from the World Wide Web, or, one assumes, in the event that its politicians deem disconnection to be beneficial. Internet service providers would be compelled to disconnect from any foreign servers, relying on Russia's DNS instead.
There is nothing newsworthy in the projects exposed here, everything was known or expected. The fact of the breach itself, its scale and apparent ease is of more note. Contractors remain the weak link in the chain for intelligence agencies worldwide—to emphasize the point, just last week, a former NSA contractor was jailed in the U.S. for stealing secrets over two decades. And the fallout from Edward Snowden continues to this day.
Digital Revolution passed the information to journalists without anything being edited, removed or changed—they said. Little is known about 0v1ru$ and the group has not come forward with any comment.
Neither, unsurprisingly, has FSB.
On 12 May 2020 the Chișinău Appeals Court barred Danube Logistics SRL from transferring funds to its Dutch shareholder Danube Logistics Holding BV. Danube Logistics SRL is the operator of Giurgiulești International Free Port located on the maritime section of the Danube.( ) Read all
On the building that once housed the local headquarters of the Soviet secret police in the Russian city of Tver, where 80 years ago thousands of Polish prisoners of war were murdered, plaques commemorating the victims of Stalinist crimes were today removed.( ) Read all
That is the message the country's Constitutional Court sent to the European Union on Tuesday as it delivered a landmark ruling on the legality of the European Central Bank’s bond-buying programs, a decision many observers say challenges both the independence of the ECB and the...( ) Read all
The cost of a three-course meal at Bord For En (Table For One), a pop-up restaurant in Sweden opening May 10, is left to the diner's discretion. And that is diner, singular, just like the restaurant's name suggests.( ) Read all
A new virus, SARS-CoV-2, emerged in the Chinese city of Wuhan at the end of 2019. Infected persons developed an atypical form of pneumonia, later known as COVID-19. The pathogen created a pandemic, with fatalities throughout the world, and also led to the adoption of restrictive measures...( ) Read all
The two powers amplify discredited conspiracy theories and sow division as they look to undermine the United States. China and Russia have both seized on the novel coronavirus to wage disinformation campaigns that seek to sow doubts about the United States’ handling of the crisis and...( ) Read all
Opinion polls and authoritarian systems don’t go together. However professional or independent the pollster, any results are necessarily skewed as people weigh their responses — especially to questions about the regime — against potential consequences. Political scientists...( ) Read all
The 15-year-old boy from the Yanomami indigenous tribe lived in a remote village such as this one. (CNN) A teenager from an isolated Amazonian tribe who tested positive for Covid-19 has died, raising concerns about the coronavirus' impact on the region's indigenous people.( ) Read all
(CNN)The body of Maeve Kennedy Townsend McKean has been found by divers, police said. Members of a dive and rescue team found the body in 25 feet of water, about 2.5 miles from her mother's residence, around 5:31 p.m. Monday, the Maryland Natural Resources Police said in a statement.( ) Read all
Spain has recorded another 864 deaths related to coronavirus, the highest in one day, as the total number of deaths across Europe has gone beyond 30,000. More than 9,000 people have died in Spain, which is second only to Italy in fatalities caused by the virus. Confirmed cases in the country...( ) Read all
A 13-year-old boy who tested positive for coronavirus has died, a London hospital trust has said. Ismail Mohamed Abdulwahab, from Brixton in south London, died in King's College Hospital early on Monday. He is thought to be the youngest person to have died with the virus in the UK.( ) Read all
An elderly Catholic priest reportedly died from the COVID-19 coronavirus after refusing a ventilator so that a younger patient could use it instead. Don Giuseppe Berardelli, 72, died March 15 at a hospital in Lovere, Italy after declining to use the medical equipment that his parishioners were...( ) Read all