On 13 July 2019, hackers going by the name 0v1ru$
hacked SyTech servers, releasing information of secret research projects conducted
on behalf of Russia’s Federal Security Service to the media. The projects
sought to scrape social media, de-anonymize Tor browsing, and assist the country
split its internet away from the rest of the globe.
SyTech is a contractor for Russia’s national intelligence service, the FSB, a Russian security agency equivalent to MI5 or the FBI .
Hackers stole information on projects SyTech
was working on behalf of the FSB – including one investigating deanonymizing
traffic. Reporting directly to the Russian president, FSB is the key successor
to the KGB.
The hackers breached SyTech’s Active
Directory server and gained access to the firm’s entire IT network.
After stealing 7.5TB of data, they then
defaced the company’s website with a “yoba face,”. This is an emoji
Russian users adopt for “trolling.”
Their abuse did not stop there.
Using Twitter, the hackers posted several screenshots of SyTech’s servers and then shared the stolen data with the Digital Revolution. This is another hacking team who only last year breached Quantum, also an FSB contractor. It is not clear as to how, or if, the hacking teams are linked.
By 18 July 2019, Quantum had shared the
stolen files on their Twitter account and then with Russian journalists.
Many reports on the information obtained have flooded the Russian media. The hackers exposed the names of SyTech project managers as well as project names.
The data indicate that SyTech worked for
the FSB unit since 2009 on multiple projects and also for fellow contractor
Quantum. Those projects were reported to include:
Hope: A project investigating the Russian internet topology and how it connected to the networks of other countries.
Mentor: A project that monitored and searched email communications on Russian companies servers.
Tax-3: A project creating a closed intranet that stored information on highly-sensitive state figures, like judges or local administration officials, separate to the rest of the state’s IT network.
Nautilus: A project where data was collected on social media users (like Facebook, LinkedIn, and MySpace).
Nautilus-S: A project that used rogue Tor servers to de-anonymize Tor traffic.
Reward: A project to stealthily infiltrate P2P networks, like those used for torrents.
BBC Russia received
the full trove of documents stating that this was possibly the most significant
data leak in the history of the Russian intelligence service. However, they
also noted that no state secrets were exposed.
The BBC added that SyTech’s projects were mainly
contracted with the Military Unit 71330, which is part of FSB’s 16th
Directorate. This division handles signals intelligence and is the same group,
accused in 2015, of emailing spyware to Ukranian intelligence officials.
The BBC alleged that there were additional
older projects, researching different network protocols like Jabber (instant
messaging), OpenFT (enterprise file transfer) and ED2K (eDonkey).
Some files posted on the Digital Revolution Twitter account alleged that the FSB was also monitoring student and pensioner data.
It is important to note that all
intelligence services conduct research on modern technology. SyTech were doing
the same. However, two of their projects went further and looked as if they
were tested in the real world.
Firstly the one for deanonymizing Tor
traffic named Nautilus-S.
BBC Russia stated that work on Nautilus-S began
in 2012. By 2014, academic minds from Karlstad University, Sweden, published a
paper (available here in
PDF format) describing the use of unfriendly Tor exit nodes that were trying to
decrypt Tor traffic.
The researchers had identified 25 malicious
servers. Eighteen of these servers were situated in Russia and operating Tor
version 0.2.2.37, the same version noted in the leaked files.
The second was the one analyzing the
assembly and structure of the Russian segment of the internet, project Hope.
Russia
ran tests earlier this year during which it disconnected its state segment
internet from the remainder of the globe.
Hacked SyTech has removed
its website since the attack and has refused to comment to the media.
the dump furniture store hours cardable sites no cvv 2021