Hackers compromised SyTech — a Russian FSB contractor — here’s the scoop on what Russia’s intelligence agency is working on
ZDNet Recently reported that a group of hackers compromised SyTech, A subcontractor to the Russian state intelligence/spy organization — the FSB.
What was recovered was 7.5 TB of data comprising details of ongoing Russian Internet, spy and disinformation projects:
ZDnet notes the following active projects in play:
FSB’S SECRET PROJECTS
Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:
Nautilus — a project for collecting data about social media users (such as Facebook and LinkedIn).
Nautilus-S — a project for deanonymizing Tor traffic with the help of rogue Tor servers.
Reward — a project to covertly penetrate P2P networks, like the one used for torrents.
Mentor — a project to monitor and search email communications on the servers of Russian companies.
Hope — a project to investigate the topology of the Russian internet and how it connects to other countries’ network.
Tax-3 — a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks.
This discovery raises the number of Concerns including the fact that the Russian state intelligence agency is focused on data collection — as well as potentially disinformation and propaganda through both the social media and dark web.
Most of these projects I haven’t been directly tied to use cases on the Internet however of the trove of data which was reviewed by BBC Russia concluded the following live activity:
The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.
Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.
The second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the internet.
What’s curious about the test run that occurred in the Nordic countries — Is it coincidental timing with a Russian troll run that targeted a Finnish journalist.
As I reported in this Quarter’s #USARMY Cyber Defense Review:
…what the attacks on Finland have under- scored is the larger Russian agenda to target western Europe — specifically Germany. The case of the false ‘Lisa Story’ in Germany from January 2016 is often cited as a textbook example of Moscow’s modern in- formation capabilities. Russian-language media re- ported allegations that a 13-year old Russian-German girl had been raped by migrants in Berlin before local authorities had time to verify the information. Those Russian reports were then picked up by mainstream news media in Germany and elsewhere. The false “Lisa Story” played out significantly across social me- dia beyond Germany, most notably on Facebook, Twit- ter, and Reddit, where it was shared and re-shared with a significant impact. In the ‘Lisa Case’ we see ev- idence, for the first time, of several Russian elements of influence that are described in this article working in a coordinated way:
- A journalist from the First Russian TV channel picked up the case of the Russian-German girl and brought it to the main news in Russia;
- Russian foreign media like RT, Sputnik, and RT Deutsch reported on the case;
- Social media, as well as right wing groups, distributed the information on the Internet;
- Demonstrations were organized via Facebook involving representatives of the German-Russian minority (Deutschland Russen) as well as neo-Nazi groups;
- Russian foreign media in Germany reported from these demonstrations, which brought it to the German mainstream media;
- Finally, at the top political level, Russian Foreign Minister Sergey Lavrov made two public state- ments about his concerns about the inability of the German police and legal system to take such cases seriously because of political correctness.
What the FSB hack Clarifies is — that There are a significant number of big data operations, as well as theater operations focused at social, Russian corporations and citizens, as well as the dark web.
One could presume — that since tests have already been run — that there are operating use cases for the FSB to utilize the technology in a forward facing campaign manner.
The longer-term results and impacts of this hack — as well as the clarification of these types of operational systems and data collection capabilities, should be something that gives us a reason for pause.
It does raise a number of questions about hegemony — and forward facing data warfare and propaganda operations.
It also paints a clear picture — that the world of intelligence gathering Has jumped from the Hollywood stereotype of a James Bond film — into something far more cyberpunk.
