Wikileaks Spy File Russia – the surveillance apparatus implemented by firm Peter-Service
September 19, 2017
Wikileaks has released a batch of documents, dubbed Spy File Russia, that detail the surveillance infrastructure implemented by Russia. The Kremlin’s surveillance apparatus allows the Russian agencies to spy online activities and mobile devices.
According to the Italian Wikileaks media partners, the Italian newspaper La Repubblica, the documents cover “an extended timespan from 2007 to June 2015”.
This is the first time Wikileaks has leaked material related to the Russian state, documents report of a Russian company which supplies software to telecommunication companies that is also installing equipment used by Russian state agencies to tap into.
It is a surveillance apparatus that enable the Russian intelligence to search and spy on citizens’ digital activity,
“As a matter of fact PETER-SERVICE is uniquely placed as a surveillance partner due to the remarkable visibility their products provide into the data of Russian subscribers of mobile operators, which expose to PETER-SERVICE valuable metadata, including phone and message records, device identifiers (IMEI, MAC addresses), network identifiers (IP addresses), cell tower information and much more. This enriched and aggregated metadata is of course of interest to Russian authorities, whose access became a core component of the system architecture.”
It is interesting to note that the leaked documents never reference the Russia intelligence agency, the FSB, but “speak only of state agencies.”
Under Russia law operators must maintain a Data Retention System (DRS) that allows them to store data for up to three years.
“The Peter-Service DRS system allows Russian state agencies to query the database of all stored data to search for information such as calls made by a certain telephone company customer, the payment systems used, the cell that served the specific mobile. The manuals published by WikiLeaks contain the images of the interfaces that allow agents to search within this huge trove of data, so access is simple and intuitive.” wrote Stefania Maurizi, on the Italian media outlet La Repubblica.
According to Wikileaks, Peter-Service’s DRS solution can handle 500,000,000 connections per day in just one cluster, the system has high performance, the claimed average search time for subscriber related-records from a single day is ten seconds.
“The data retention system is a mandatory component for operators by law; it stores all communication (meta-)data locally for three years. State intelligence authorities use the Protocol 538 adapter built into the DRS to access stored information.” continues Wikileaks.
The Peter-Service has also developed a system called TDM (Traffic Data Mart), that records and monitors IP traffic for all mobile devices registered with the operator.
The system enables Russian agencies to track online activity of the targets, including visited sites, forums, social media.
The TDM maintains a list of categorized domain names — “which cover all areas of interest for the state. These categories include blacklisted sites, criminal sites, blogs, webmail, weapons, botnet, narcotics, betting, aggression, racism, terrorism and many more”.
“Based on the collected information the system allows the creation of reports for subscriber devices (identified by IMEI/TAC, brand, model) for a specified time range: Top categories by volume, top sites by volume, top sites by time spent, protocol usage (browsing, mail, telephony, bittorrent) and traffic/time distribution,”.
Wikileaks points to a 2013 Peter-Service slideshow presentation that was published on the company website that focuses on a new product, called DPI*GRID; The product is a hardware equipment for Deep Packet Inspection that takes the form of “black boxes” apparently able to handle 10Gb/s traffic per unit.
“However, the core of the presentation is about a new product (2013) called DPI*GRID – a hardware solution for “Deep Packet Inspection” that comes literally as “black boxes” that are able to handle 10Gb/s traffic per unit.” continues Wikileaks.”The national providers are aggregating Internet traffic in their infrastructure and are redirecting/duplicating the full stream to DPI*GRID units. The units inspect and analyse traffic (the presentation does not describe that process in much detail); the resulting metadata and extracted information are collected in a database for further investigation. A similar, yet smaller solution called MDH/DRS is available for regional providers who send aggregated IP traffic via a 10Gb/s connection to MDH for processing.”
Peter-Service argues that Moscow must be able to make better use of the power of data and reliance on itself. “Who controls the information, controls the world,” concludes Peter-Service, pointing out how much President Obama’s power of America is based on NSA’s mass surveillance, as revealed by Snowden.
“Drawing specifically on the NSA Prism program, the presentation offers law enforcement, intelligence and other interested parties, to join an alliance in order to establish equivalent data-mining operations in Russia,” it adds — sticking its boot firmly back into U.S. government mass surveillance programs.
(Security Affairs – Peter-Service, Russia)