Russia’s Federal Security Service (FSB, formerly the KGB) was hit by a massive hack – after 7.5 terabytes of data was extracted from a major contractor.
The breach exposed several secret FSB projects, including efforts to de-anonymize the Tor browser, scrape social media, and help Russia to sever its internet from the rest of the world, according to Forbes.
A week ago, on July 13, hackers under the name 0v1ru$ reportedly breached SyTech, a major FSB contractor working on a range of live and exploratory internet projects. With the data stolen, 0v1ru$ left a smiling Yoba Face on SyTech’s homepage alongside pictures purporting to showcase the breach. 0v1ru$ then passed the data itself to the larger hacking group Digital Revolution, which shared the files with various media outlets and the headlines with Twitter—taunting FSB that the agency should maybe rename one of its breached activities “Project Collander.” –Forbes
This isn’t the first time Digital Revolution has targeted the FSB, however this is the most successful hack to date – with the BBC suggesting that it was possibly “the largest data leak in the history of Russian intelligence services.“
As well as defacing SyTech’s homepage with the Yoba Face, 0v1ru$ also detailed the project names exposed: “Arion”, “Relation”, “Hryvnia,” alongside the names of the SyTech project managers. The BBC report claims that no actual state secrets were exposed. –Forbes
The hack revealed that the Kremlin’s ‘Nautilus’ program is designed to ‘scrape’ user information from social media, while the ‘Nautilus-S’ program is a data-collection effort designed to de-anonymize internet users. Meanwhile, the ‘Mentor’ program collects data on Russian corporations, while the ‘Hope and Tax-3’ project appears to be related to Russia’s effort to disentangle itself from the global internet, and to identify and manually remove information from people under state protection.
According to the BBC, contractor SyTech’s projects were almost exclusively conducted for Military Unite 71330 – a component of the FSB’s 16th Directorate responsible for signals intelligence.
Nautilus-S, the Tor de-anonymization project, was actually launched in 2012 under the remit of Russia’s Kvant Research Institute, which comes under FSB’s remit. Russia has been looking for ways to compromise nodes within Tor’s structure to either prevent off-grid communications or intercept those communications. None of which is new news. It is believed that some progress has been made under this project. Digital Revolution claims to have hacked the Kvant Research Institute before
The preparatory activities for splitting off a “Russian internet,” follow Russian President Vladimir Putin signing into law provisions for “the stable operation of the Russian Internet (Runet) in case it is disconnected from the global infrastructure of the World Wide Web.” The law set in train plans for an alternative domain name system (DNS) for Russia in the event that it is disconnected from the World Wide Web, or, one assumes, in the event that its politicians deem disconnection to be beneficial. Internet service providers would be compelled to disconnect from any foreign servers, relying on Russia’s DNS instead. –Forbes
Forbes notes that while the hacks concern projects which were already ‘known or expected,’ the scale of the hack and ease with which the contractor’s systems were penetrated is ‘more of note.’
“Contractors remain the weak link in the chain for intelligence agencies worldwide—to emphasize the point, just last week, a former NSA contractor was jailed in the U.S. for stealing secrets over two decades. And the fallout from Edward Snowden continues to this day,” reads the report.
Little is known about the 0v1ru$ group, which has not come forth with a statement.