Martin Zeis, 19.09.2017
Im Folgenden werden Auszüge aus einem Bericht auf zerohedge zu den heute von WikiLeaks veröffentlichten Dokumenten über die Ausspähpraxis und dazugehörige technische Infrastruktur der Russisichen Föderation wiedergegeben.
Einleitend schreibt WikiLeaks:
Spy Files Russia
This publication continues WikiLeaks‘ Spy Files series with releases about surveillance contractors in Russia.
While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia’s laws – especially the new Yarovaya Law – make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities (SIAs) without court orders. Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.
- PETER-SERVICE – 19 September, 2017
… One of Wikileaks’ media partners for the release, the Italian newspaper La Repubblica reports that the documents cover “an extended timespan from 2007 to June 2015”, and describes the contents as “extremely technical”. It also caveats that the documents do not mention Russia’s spy agency, the FSB, but rather “speak only of state agencies”, a formula it asserts “certainly includes law enforcement, who use metadata for legal interception”. It also says the documents do “not clarify what other state apparatus accesses those data through the solution of the St. Petersburg company”.
Wikileaks says that under Russia law operators must maintain a Data Retention System (DRS), which can store data for up to three years. La Repubblica reports that Peter-Service’s DRS stores telephone traffic data and “allows Russian state agencies to query the database of all stored data in search of information” — which it specifies can include calls made by a certain telephone company’s customer; payment systems used; the cell phone number to which a user is calling.
“The manuals published by WikiLeaks contain the images of interfaces that allow you to search within these huge data fields, so access is simple and intuitive,” it adds.
Some technical details:
- According to Wikileaks, Peter-Service’s DRS solution can handle 500,000,000 connections per day in one cluster. While the claimed average search time for subscriber related-records from a single day is ten seconds. “State intelligence authorities use the Protocol 538 adapter built into the DRS to access stored information,” it adds.
- Peter-Service has also apparently developed a tool called TDM (Traffic Data Mart) — which allows the database to be queried to determine “where users’ data traffic is stored in order to understand visited sites, forums, social media”, as well as how much time is spent on a certain site and the electronic device used to access it.
- Wikileaks describes TDM as “a system that records and monitors IP traffic for all mobile devices registered with the operator”, and says it maintains a list of categorized domain names — “which cover all areas of interest for the state. These categories include blacklisted sites, criminal sites, blogs, webmail, weapons, botnet, narcotics, betting, aggression, racism, terrorism and many more”.
- “Based on the collected information the system allows the creation of reports for subscriber devices (identified by IMEI/TAC, brand, model) for a specified time range: Top categories by volume, top sites by volume, top sites by time spent, protocol usage (browsing, mail, telephony, bittorrent) and traffic/time distribution,” it adds.
Wikileaks points to a 2013 Peter-Service slideshow presentation (it says this also appears to be publicly available on the company’s website), which it claims is targeted not at telco customers but at state entities such as Russia’s FSB and Interior Ministry (despite this document apparently being in the public domain) — in which the company focuses on a new product, called DPI*GRID; which it says is a hardware device for Deep Packet Inspection that takes the form of “black boxes” apparently able to handle 10Gb/s traffic per unit.
Wikileaks adds that “the national providers are aggregating Internet traffic in their infrastructure and are redirecting/duplicating the full stream to DPI*GRID units. The units inspect and analyse traffic (the presentation does not describe that process in much detail); the resulting metadata and extracted information are collected in a database for further investigation. A similar, yet smaller solution called MDH/DRS is available for regional providers who send aggregated IP traffic via a 10Gb/s connection to MDH for processing.”
Wikileaks also makes a point of noting that the presentation was written “just a few months after Edward Snowden disclosed the NSA mass surveillance program and its cooperation with private U.S. IT-corporations such as Google and Facebook”.
“Drawing specifically on the NSA Prism program, the presentation offers law enforcement, intelligence and other interested parties, to join an alliance in order to establish equivalent data-mining operations in Russia,” it adds — sticking its boot firmly back into U.S. government mass surveillance programs.“