Documents found on an unprotected backup drive have given new insight into both the scope and scale of Russia's system for operative investigative activities or SORM that is used for state surveillance of citizens' calls, messages and data.
Director of cyber risk research at the security firm UpGuard, Chris Vickery first discovered the exposed files on a drive owned by an employee of Nokia Networks which maintains and upgrades the network of the country's largest telecom Mobile TeleSystems (MTS). Nokia Network is also responsible for ensuring MTS' compliance with SORM.
According to UpGuard, Nokia secured the exposed drive just four days after Vickery reported finding it. In a statement, Nokia spokesperson Katja Antila provided further details on the discovery of the drive, saying:
- WhatsApp attack allowed hackers to install surveillance tech
- Russia’s Sovereign Internet Bill explained
- Apple, WhatsApp criticize GCHQ surveillance plans
“A current employee connected a USB drive that contained old work documents to his home computer. Due to a configuration mistake, his PC and the USB drive connected to it was accessible from the internet without authentication. After this came to our attention, we contacted the employee and the machine was disconnected and brought to Nokia.”
While the exposed data contained on the drive contained mostly internal Nokia files, there were also documents which revealed Nokia's involvement in providing lawful intercept capabilities to Russian phone and internet providers.
SORM was first developed in 1995 as a lawful intercept system that allowed the country's Federal Security Services (FSB) to access telecoms data such as the call logs and contents of its citizens. However, changes to Russian law over the last decade led to the expansion of the government's surveillance powers to include internet providers and web companies. These businesses were required to install SORM equipment to allow for web traffic and emails to be intercepted.
The documents contained on the drive show that between 2016 and 2017, Nokia proposed changes to MST's network as part of its modernization effort. These changes included upgrades to local MTS-owned phone exchanges which would allow the telecom to comply with the latest changes to Russia's surveillance laws.
After reviewing the documents, TechCrunch discovered floor plans that showed SORM devices were installed on each phone network to give the government direct access to all of the data that passed through each phone exchange including calls, messages and data.
Russian state surveillance is nothing new but the exposed drive gives us a better idea of just how extensive the country's SORM system is and how much data it is able to collect on citizens.
- Also check out the best VPN services of 2019