Wikileaks Release Details Of Mass Surveillance In Russia

Wikileaks has released a new cache of documents which it claims detail surveillance apparatus used by the Russian state to spy on Internet and mobile users. 

The whistle-blowing website published documents on Tuesday 19th September, stating that a Russian billing company, PETER-SERVICE had provided the country's security services with metadata on subscribers of mobile operators in order to get new "commercial opportunities." 

The release contains a total of 209 documents from the PETER-SERVICE dated between 2007 and 2015. It’s the first time the organisation has leaked (what it claims is) material directly pertaining to the Russian state.

As ever, nothing is straightforward when it comes to Wikileaks. And founder Julian Assange continues to face charges that his ‘radical transparency’ organisation is a front for Kremlin agents (charges that stepped up after Wikileaks released a massive trove of hacked emails from the DNC last year at a key moment in the US presidential election).

So it’s entirely possible Wikileaks/Assange is here trying to deflect from such charges by finally dumping something on Russia.

It’s not possible at this point to verify the veracity and/or value of the documents Wikileaks is releasing. 

Spy Files Russia

Writing a summary of the cache of mostly Russian-language documents, Wikileaks claims they show how a long-established Russian company which supplies software to telcos is also installing infrastructure, under state mandate, that enables Russian state agencies to tap into, search and spy on citizens’ digital activity, suggesting a similar state-funded mass surveillance program to the one utilised by the US’s NSA or by GCHQ in the UK (both of which were detailed in the 2013 Snowden disclosures).

The documents which Wikileaks has published (there are just 34 “base documents” in this leak) relate to a St. Petersburg-based company, called Peter-Service, which it claims is a contractor for Russian state surveillance. The company was set up in 1992 to provide billing solutions before going on to become a major supplier of software to the mobile telecoms industry.
One of Wikileaks’ initially stated media partners for the release, the Italian newspaper La Repubblica, reports that the documents cover “an extended timespan from 2007 to June 2015”, and describes the contents as “extremely technical”.
It also has a few caveats, noting the documents do not mention Russia’s spy agency, the FSB, but rather “speak only of state agencies”, a formula it asserts “certainly includes law enforcement, who use metadata for legal interception”. It also says the documents do “not clarify what other state apparatus accesses those data through the solution of the St. Petersburg company”.

Wikileaks says that under Russia law operators must maintain a Data Retention System (DRS), which can store data for up to three years. La Repubblica reports that Peter-Service’s DRS stores telephone traffic data and “allows Russian state agencies to query the database of all stored data in search of information”, which it specifies can include calls made by a certain telephone company’s customer; payment systems used; the cell phone number to which a user is calling.
“The manuals published by WikiLeaks contain the images of interfaces that allow you to search within these huge data fields, so access is simple and intuitive,” it adds.

According to Wikileaks, Peter-Service’s DRS solution can handle 500,000,000 connections per day in one cluster. While the claimed average search time for subscriber related-records from a single day is ten seconds. “State intelligence authorities use the Protocol 538 adapter built into the DRS to access stored information,” it adds.

Peter-Service has also apparently developed a tool called TDM (Traffic Data Mart), which allows the database to be queried to determine “where users’ data traffic is stored in order to understand visited sites, forums, social media”, as well as how much time is spent on a certain site and the electronic device used to access it.

Wikileaks describes TDM as “a system that records and monitors IP traffic for all mobile devices registered with the operator”,  and says it maintains a list of categorised domain names, “which cover all areas of interest for the state. These categories include blacklisted sites, criminal sites, blogs, webmail, weapons, botnet, narcotics, betting, aggression, racism, terrorism and many more”.
“Based on the collected information the system allows the creation of reports for subscriber devices (identified by IMEI/TAC, brand, model) for a specified time range: Top categories by volume, top sites by volume, top sites by time spent, protocol usage (browsing, mail, telephony, bit-torrent) and traffic/time distribution,” it adds.

Wikileaks points to a 2013 Peter-Service slideshow presentation (it says this also appears to be publicly available on the company’s website), which it claims is targeted not at telco customers but at state entities such as Russia’s FSB and Interior Ministry (despite this document apparently being in the public domain), in which the company focuses on a new product, called DPI*GRID; which it says is a hardware device for Deep Packet Inspection that takes the form of “black boxes” apparently able to handle 10Gb/s traffic per unit. “The national providers are aggregating Internet traffic in their infrastructure and are redirecting/duplicating the full stream to DPI*GRID units,” writes Wikileaks. 

“The units inspect and analyse traffic (the presentation does not describe that process in much detail); the resulting metadata and extracted information are collected in a database for further investigation. A similar, yet smaller solution called MDH/DRS is available for regional providers who send aggregated IP traffic via a 10Gb/s connection to MDH for processing.”

Wikileaks also makes a point of noting that the presentation was written “just a few months after Edward Snowden disclosed the NSA mass surveillance program and its cooperation with private US IT-corporations such as Google and Facebook”.

“Drawing specifically on the NSA Prism program, the presentation offers law enforcement, intelligence and other interested parties, to join an alliance in order to establish equivalent data-mining operations in Russia,” it adds, sticking its boot firmly back into US government mass surveillance programs.

TechCrunch:      Sputnik News:  

You Might Also Read:

WikiLeaks: The Biter Bit:

WikiLeaks  Has Published The CIA’s Secrets For Infecting Windows:

Does Russia Benefit When Assange Reveals Secrets?:

 

« Is A Cyberattack An Act of War?
Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

it-sa 365

it-sa 365

it-sa 365 is a digital platform for connecting IT security vendors and experts with those who bear responsibility for IT security in management and technology.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Be Cyber Aware At Sea

Be Cyber Aware At Sea

Be Cyber Aware At Sea is a global maritime and offshore industry initiative to raise awareness and educate crew members and the offshore workforce.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Exponential-e

Exponential-e

Exponential-e provide Cloud and Unified Communications services and world-class Managed IT Services including Cybersecurity.

Japan Cybersecurity Innovation Committee (JCIC)

Japan Cybersecurity Innovation Committee (JCIC)

JCIC is an independent and not-for-profit thinktank to establish a secure and safe digital society.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.