U.S. cybersecurity company UpGuard announced on September 18 that it found the specification of a legitimate surveillance system used across Russia through a file over 1.7TB.
According to the findings this time, there is also a description of an eavesdropping device that secretly collects communication data such as telephone and internet by Russian authorities. The document mainly contains information about Nokia, which has signed a contract to maintain and renew the MTS network with Mobile TeleSystems (MTS), the largest telecommunications operator in Russia. Known in the West as SORM or espionage investigation activity system, these interceptors play an important role in Russian domestic surveillance. The Russian security agency FSB, the former KGB, approves the use, and installation and maintenance of the device is entrusted to the telecommunications operator in accordance with the law.
The initial device was developed in 1995. The latest version developed in 2014 also has a deep packing inspection DPI function that inspects, logs, and inspects communication data in detail. Putin’s bodyguards, SBP, and other agencies can also use the data collected by SORM. SORM-related work in Russia is said to be an area of special treatment.
In fact, many countries require telecommunications companies to install technology that can hold certain data or intercept in real time. The scope of data privacy protection varies from country to country. Some countries have strong data protection, while others allow police access to data without rules. With the passing of the Yarovaya law in 2016, Russian telecommunications operators were obliged to store text messages, phone conversations and other communications for up to six months. As for metadata, it’s up to 3 years. The authorities do not need a court order to access this information.
In the United States, except in some special cases, warrants are required before law enforcement agencies can access the same information. An exemption for certain national security reasons allows organizations such as the FBI to collect Internet or telephone data without a warrant. Another pattern is that emails stored on the server for more than 181 days can be accessed without a warrant under the SCA (Stored Communications Act), a statute that regulates the protection of personal information for online stored information.
The data released this time was stored in a backup device that is not secured. Most of them are Nokia related. Upgard said it was a big deal to disclose data related to the SORM system with influence and confidentiality on the public Internet, and it was unprecedented that information thought to be the latest hardware list installed in Russia’s largest telecommunications operator was leaked. The company’s report can be found here .
Add comment