NEWSLINK: In Ex-Soviet States, Russian Spy Tech Still Watches You

FSB Headquarters Building file photo

[In Ex-Soviet States, Russian Spy Tech Still Watches You – wired.com – Andrei Soldatov and Irina Borogan – December 21, 2012 – http://www.wired.com/dangerroom/2012/12/russias-hand/all/]

Wired.com reports on Russian security services spying on citizens, with the Russian legal system deeming citizen activities such as opposition protests to be extremist and a justification for surveillance:

On November 12, the Russian Supreme Court okayed the wiretapping of an opposition activist. The Court ruled that spying on Maxim Petlin, a regional opposition leader in Yekaterinburg, was lawful, since he had taken part in rallies where calls against extending the powers of Russia’s security services were heard. The court decided that these were demands for “extremist actions” and approved surveillance carried out by the national interception system, known as SORM.

The FSB reportedly has upgraded a system known as the “System of Operative Search Measures” (SORM) to parse new types of data, such as land-line calls, mobile calls, internet traffic, VOIP and social media.  Even legally authorized telephone intercepts have doubled.

Manned by the country’s main security service, the FSB, this “System of Operative Search Measures” has been in use for more than two decades. But recently, SORM has been upgraded. It is ingesting new types of data. It is being used as Moscow’s main tool for spying on the country’s political protesters. And it has become extremely useful in the quest to make sure that the Kremlin’s influence in the former Soviet Union continues long into the second regime of Vladimir Putin.

* * * SORM’s tactical and technical foundations were developed by a KGB research institute in the mid-1980s. Initially SORM was installed on analogue telephone lines. As new technologies developed, SORM did, as well.

Today SORM-1 intercepts telephone traffic, including mobile networks, while SORM-2 is responsible for intercepting internet traffic, including VoIP. SORM-3 gathers information from all communication media, and offers long-term storage (three years), providing access to all data on subscribers. In addition, SORM enables the use of mobile control points, a laptop that can be plugged directly into communication hubs and immediately intercept and record the operator’s traffic.

SORM also proved essential to spy on social networks based in Russia. “We can use SORM to take stuff off their servers behind their backs,” an FSB official told us. According to figures published by Russia’s Supreme Court, over the last five years the number of legal telephone intercepts alone has almost doubled, from 265,937 intercepts and recordings of phone calls and e-mails to 466,152 in 2011.

While Russia does have a system of warrants for the FSB, the government agents are not required to show the warrant to anyone, and apparently have a system whereby they can simply switch the surveillance on, for example using infrastructure billed to an internet service provider:

In Russia, an FSB operative is also required to get an eavesdropping warrant, but he is not obliged to show it to anyone. Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes.

Thus, the FSB does not need to contact the ISP’s staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network. This system is copied all over the country: In every Russian town there are protected underground cables, which connect the HQ of the local FSB department with all ISPs and telecom providers in the region.
The difference is that according to the European Telecommunications Standards Institute, the operator gets an order to start the interception, and the provider/operator immediately knows who is being intercepted. “On the Russian requirements, a provider/operator provides a pass for SORM, and he does not know who is intercepted,” e-mails Boris Goldstein, a professor at the St. Peterburg Telecommunications Institute and a leading Russian authority on technical issues of SORM.

In short, the Russian approach is far more flexible and intrusive than the Western one: if the FSB needs to add new phone numbers or e-mail addresses to the intercept list, it does not need to repeat the whole procedure, as in the West. The FSB just updates the requirements list in the SORM control device, known as a Punkt Upravlenia, or PU.

Electronic surveillance, as well as the publicizing of content, reportedly has been used against opposition figures:

That SORM might be used against opposition leaders became clear already in December 2011, during the first post-election anti-Putin protest rallies. On December 19, 2011, records of nine taped phone calls between Boris Nemtsov, former deputy prime minister and opposition leader, and other activists were posted on the Kremlin-friendly website lifenews.ru. The lifenews.ru has put the records on its website five days before one of the biggest protest rallies, “For Fair Elections,” on December 24, at Sakharov avenue in Moscow.  Since then the leaks of video-footage and audio records of opposition activists appeared almost regularly on the Internet and in pro government media.

Boris Nemtsov was convinced that the FSB was behind the tapping.

“They’ve been tapping my phone all my life,” said the politician. “On the instructions of Putin, the KGB people and [Vladislav] Surkov (then the First Deputy Chief of the Kremlin Administration), they’ve been eavesdropping on my conversations and leaking everything on the Internet. Their goal was simple: they wanted to divide us in the run-up to the rally but the opposition didn’t fall for it.”

Other former Soviet states reportedly are employing similar technology, such as Belarus, Ukraine and Kyrgyzstan:

Russia was not the only country of the former Soviet Union that has put more thought into SORM regulations in the two years since the Arab spring. Countries like Belarus, Ukraine and Kyrgyztan have all updated their national interception systems, modeled after the Russian SORM, and Russian suppliers were ready at hand.

In March 2010, Belarusian president Alexander Lukashenko signed an order introducing SORM to the country. In April 2012, the national telecom operator Beltelecom reported that it had installed SORM on its byfly data network. There is no official information about the supplier, but according to our information, Beltelecom used the equipment of the Russian company Digiton in many of its SORM projects.

In late 2010, Ukraine updated its national requirements for SORM equipment ­ and in April 2011 the Russian company Iskratel  was happy to announce that its SORM device was tested successfully under the new requirements and had been approved by the SBU (Ukraine’s Security Service).

And in August 2012 the Kyrgyz’s State Committee of National Security put on its website the draft of a national regulation that is almost identical to the Russian interception system. The interests of Russian suppliers were guaranteed when the Kyrgyz parliament’s Defense and Security Committee stated in an economic analysis of the proposed SORM legislation that the Russian-made connection device linking SORM equipment and the PU would be three times cheaper than that of the Israeli firm Verint.

Moscow hardly misses these opportunities to extend its intelligence positions on the soil of the former Soviet Union. Nevertheless, that option is clearly considered as a minor evil by the governments of these countries.
In November 2012 the Radio Liberty’s Kyrgyz Service reported that Russian-made interception equipment could have been used to intercept phone conversations of Kyrgyz politicians which were leaked online two years ago.

The Kyrgyz “telephone gate” scandal greatly embarrassed the provisional government as it exposed how the positions and money were distributed. Making matters worse, the Russian producers tapping gear ­ Moscow’s Oniks-Line and Novosibirsk’s Signatek ­ were accused of retaining backdoors in the equipment. “We shipped the interception equipment to Kyrgyzstan, it was an intergovernmental decision,” admitted Sergei Pykhtunov, deputy director of the Sygnatek. But he said he was not aware of the scandal and dismissed the accusation. Sergei Bogotskoi, CEO of Oniks-Line, took the same line. The scandal did not cause the national government to change the approach to the national interception rules.

Click here for full article: http://www.wired.com/dangerroom/2012/12/russias-hand/all/

Comment