Wikileaks, the ever reliable source of leaked controversial information, does it again. This time, it’s all about the ever-powerful Russian spy network–which might be a bit bigger than everyone had originally thought.
The leak is a cache of documents that detail the organization and structure of the Russian surveillance apparatus that is used to spy both on mobile and internet users. The leak claims that this is the first time information has leaked that pertains directly to the Russian state.
Some speculate that Wikileaks is trying to spread information just to cover their Russian affiliation which has caused a major uproar on Twitter–because, why not? Of course, it’s not possible to verify these documents at all, but the information does seem interesting and pertinent.
Wikileaks summarizes the Russian documents by claiming that a Russian company is covertly working within the state mandate as a security network. The company sort of “fronts” as a software provider company, but really works as an organization to spy on citizen activity that is on the same level as the American NSA, or the GCHQ in the UK.
The leak contains 34 base documents which relate to the security company in question, which is called “Peter-Service”. The company claims it is a contractor for Russian state surveillance. The company started in 1992 as a billing solution company, but then it became a major supplier of software to mobile telecom companies.The Wikileaks summaries explain that Peter-Service’s unique history has given it a wide market with huge visibility, and that its expanded heavily into surveillance and control.
“The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control.”
However, it doesn’t seem to just be a “contractor” to the Russian security department, but it also actively pursues opportunities with Russian state intelligence.
“Although compliance to the strict surveillance laws is mandatory in Russia, rather than being forced to comply PETER-SERVICE appears to be quite actively pursuing partnership and commercial opportunities with the state intelligence apparatus.As a matter of fact PETER-SERVICE is uniquely placed as a surveillance partner due to the remarkable visibility their products provide into the data of Russian subscribers of mobile operators, which expose to PETER-SERVICE valuable metadata, including phone and message records, device identifiers (IMEI, MAC addresses), network identifiers (IP addresses), cell tower information and much more. This enriched and aggregated metadata is of course of interest to Russian authorities, whose access became a core component of the system architecture.”
The Wikileaks summaries explain that the documents do not explicitly mention the FSB, Russian’s Spy Agency, but rather that they speak of state agencies. The summaries also explain that the documents do “not clarify what other state apparatus accesses those data through the solution of the St. Petersburg company.”
Under Russian law, ISPs are required to maintain data for up to three years. Under the Peter-Service company, Russian authorities can easily search databases using customer phone numbers and payments.
“The manuals published by WikiLeaks contain the images of interfaces that allow you to search within these huge data fields, so access is simple and intuitive,” Wikileaks explains. According to the Wikileak’s leak, Peter-Service’s DRS solution can handle 500,000,000 connections per day in one cluster. The average search time per query for a single day of results is only around 10 seconds. “State intelligence authorities use the Protocol 538 adapter built into the DRS to access stored information,” it adds.
Not only does the company allow for a huge database that is easily searchable with phone records, but Peter-service has developed specific systems that are super powerful and efficient to track information how Russian users use the internet. This information is also stored within the database. One of their tools, dubbed “TDM” for Traffic Data Mart, allows for the database to queried with what websites are visited, and how much time is spent on certain sites, as well as the device used to access it. Wikileaks describes TDM as a tool that allows the recording and monitoring of IP traffic registered with an operator–which is basically everyone.
In 2013, Peter-Service was developing a new product selling it to Spy agencies like the Russia FSB. The company demoed the product in a slideshow presentation. The new product, dubbed DPI*GRID, is a hardware device that allows for heavy deep packet inspection which can handle 10GB/s traffic per unit.
“The national providers are aggregating Internet traffic in their infrastructure and are redirecting/duplicating the full stream to DPI*GRID units,” writes Wikileaks. “The units inspect and analyse traffic (the presentation does not describe that process in much detail); the resulting metadata and extracted information are collected in a database for further investigation. A similar, yet smaller solution called MDH/DRS is available for regional providers who send aggregated IP traffic via a 10Gb/s connection to MDH for processing.”
Wikileaks also surmises that the presentation also presented an alliance of sorts between all law enforcement, intelligence, and other parties in Russia to form something similar as the NSA Prism program in the US.
So are you surprised? With how much Russia is cracking down on VPN encryption, it would make sense that this is a logical next plan of attack if they already have access to so much data that is easily searchable and queried in these huge systems provided alongside companies like Peter-Service.