The Russian researcher Leonid Evdokimov has found that
The Russian Government obliges national ISPs to purchase and install the probes used by SORM system that allows the Federal Security Service (FSB) to monitor Internet traffic including online communications.
SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.
Leonid Evdokimov shared his findings at the “Chaos Constructions” IT conference in St. Petersburg on August 25, technical details of his study are reported a paper titled “SORM Defects.”
He found 30 SORM devices installed on the network of 20 Russian ISPs that were running unsecured FTP servers. The servers contained traffic logs related to surveillance activities conducted by the authorities.
“On these devices’ IP addresses, Evdokimov found open FTP (File Transfer Protocol) servers, as well as certain “live traffic,” where — among other data — he discovered “something very similar” to the mobile phone numbers of the providers’ clients, their logins, email addresses, network addresses, messenger numbers, and even the GPS coordinates clearly transmitted by inadequately protected smartphones running outdated firmware.”
“All these data make it possible to determine exactly whose traffic this is, and which clients they are,” Evdokimov concluded.
Data found by the expert on the unsecured FTP servers included:
The 30 SORM devices remained unsecured online until Evdokimov made his presentation at the conference.
Some of the SORM devices found by the researcher were manufactured by the Russian MFI Soft. But, while other surveillance equipments were created by other vendors.
“In correspondence with Evdokimov, staff at MFI Soft refused to believe that the company’s hardware was the source of the data leaks, and attributed them instead to the “corporate information security systems” operated by the telecoms’ clients.” continues Meduza.
According to Meduza, of all the SORM equipment suppliers, MFI Soft had the best performance last year, with revenues soaring 294 percent to 10.3 billion rubles ($154.5 million), and profits jumping 298 percent to almost 2.1 billion rubles ($31.5 million).
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.