Spy Files Russia

It’s time for Russia. After reading about Snowden and the NSA and writing about hacking tools and malware frameworks, it seems it’s time for the Russian government because Spy Files Russia are coming from WikiLeaks. I’m also wondering how this information are going to be published because Edward Snowden is living in Russia today and I don’t think he is the whistleblower this time but there must be another one, who? Maybe the government of the EEUU? Who knows!

Documents from WikiLeaks speak about the System for Operative Investigative Activities (SORM) of the Russian government which is a system for mass surveillance in Russia. There are three versions of SORM. The first one, SORM-1, was able to monitor users’ communications metadata and content like phone calls, email traffic and web browsing activity. The second one, SORM-2, was also able to track all credit card transactions and monitoring social networks, chats and forums. The last version, SORM-3, also supports IPv6 and Deep Packet Inspection (DPI) capability.

Internet backbone infrastructure in Russia

SORM has three main components. The Data Retention System (DRS) which is a mandatory component for operators by law and it stores all communication metadata locally for three years. The Traffic Data Mart (TDM) which is an IP traffic analysis system that allows the creation of reports for a specified time range. Finally, the Service СП-ПУ is a data exchange interface based on HTTPS which receives search requests from state intelligence authorities and delivers results back to the initiator.

Components of PETER-SERVICE software
According to WikiLeaks, the Russian mass surveillance system has been implemented with the help of firm Peter-Service which is a Russian company who works for government agencies. This firm has a product called DPI*GRID which is a hardware solution for “Deep Packet Inspection” allowing to inspect and analyse traffic up to 10 Gbps per unit where resulting metadata and extracted information are collected in a database for further investigation.

Hационaлbнbiй oпepaтop

Another company who maybe is working on SORM is an Israeli firm called Cellebrite, that one who was hacked 900 GB of data at the beginning of this year, who is working with the Italian company Hacking Team and who has recently changed his name to Mobilogy. They sell products and services for data extraction, transfer and analysis of mobile devices whose products and services about phone hacking technology have been sold to countries such as Russia and Turkey according to data stolen.

Cellebrite Touch
We’ll be alert about next Spy Files Russia but, once again, we see Internet is not as free as it used to be because terrorism is a real threat and espionage is everywhere, meanwhile our communications are intercepted.

Best regards my friends and keep alert!