UpGuard Australian company specializing in solutions in the field of security, has published a detailed report on large-scale data leakage from the server of the Russian operator MTS. It is not about the numbers of subscribers, and detailed information about the location of the SORM system of technical means to ensure the operational-search activities, that is, of spying on citizens and wiretapping.
One of the network drives the company until recently was located on the rsync server in the public domain. Copy posted data to the user, the company said. The information contained on the drive, was connected with the installation on the servers of MTS of the equipment themselves.
Network resource contained 1.7 TB of internal information MTS: photographs of equipment, logins, passwords from accounts, names of employees and sub-contractors, phone numbers and other contact information, including the city, which housed the servers, according to 4pda.ru. The server kept: 578 thousands of photos, 245 GB Outlook file format PST 197 and 343 of the PDF file, multiple text documents, spreadsheets, etc.
It turned out that the system equipment for wiretapping and other investigative activities has been established in the following cities of Russia: Vladimir, Voronezh, Ivanovo, Kaluga, Kostroma, Bryansk, Smolensk, Ryazan, Belgorod, Voronezh, Kursk, Orel, Tula, Tver, Tambov and Yaroslavl.
As writes the edition , The Village, for anybody not a secret that Telecom operators in Russia are obliged to install on its system equipment for wiretapping and other investigative measures. But the performance of this technique was nothing really unknown.
Now, when the Network leaked documents, it allows you to take a new look at how the authorities are listening to Russians for example, clients of MTS.
According to the documents, Nokia has provided MTS technical basis for wiretaps, and in 2016-2017 proposed to upgrade the equipment to match the latest amendments to the legislation. Nokia data indicate that in each telephony network device SORM have access to all the telephone conversations, messages and other data.
In the leaked documents also mention a SS7 network Protocol that allows telephone networks to provide calls and messages. Moreover, this Protocol is considered insecure to hacking.
Nokia stated that they have no relation to the storage and processing of captured data and only provide the technical basis for the connection of equipment from other manufacturers such as Malvin Systems. In Malvin Systems and MTS to queries of journalists he said nothing.
As the expert explains “Roskomsnab” Alexander Isavnin, SORM – a system of total interception. Many countries have technical capabilities to intercept the call, but in Russia, where there are problems with human rights, the specific application of laws about wiretapping causes concern.
If in the US, for example, the company is required to review the case of wiretapping, the Russian operators have no control over the intercepted information, said Isavnin only the FSB know what data they collect.
Agrees with him Director of the “society for the protection of the Internet” Michael Klimarev. “SORM is a black box, which nobody can control. FSB can do anything at all on this equipment, to listen to anyone.” And this problem concerns not only MTS.
I wonder what FSB SORM spends a penny. All of this is built by Telecom operators, which have no interest to keep the system running. So it often doesn’t work: a lot of cases where all these great glands just dead for different reasons, and none of the FSB was not addressed for months. The FSB potentially have control only over semi-open means of communication: phone calls, SMS, and old sites that don’t use encryption. Hence in General raises the question of whether the existence of such systems and to evaluate their effectiveness.
However, the question arises why such secret systems does Western company Nokia. B how is it that the former Deputy Minister of communications Rashid Ismailov, who had access to all orders, is now head of the service business unit of Nokia in Eastern Europe.
According to The Village, if Western intelligence really spying in Russia, the best way to obtain access to communications than that a company simply does not exist.