Russia’s FSB Hacked, Worst Data Breach in Russian Intelligence History

Moscow-based internet security giant Kaspersky has estimated that there are over 1,000 hackers in Russia specialising in financial crime
AFP/File Kirill Kudryavtsev

News broke over the weekend that Russia’s Federal Security Service (FSB), the agency that took over domestic security after the dissolution of the KGB, was targeted by hackers over the past two months.

The size of the data files posted online by the hackers suggests it was the worst data breach ever suffered by a Russian intelligence agency.

A hacking group which calls itself “0v1ru$” targeted a major FSB contractor called SyTech. The hackers left behind a little digital vandalism on SyTech’s web page and made off with 7.5 terabytes of data about FSB projects, which it handed off to a larger group called Digital Revolution for posting online.

Forbes described the data as somewhat embarrassing because it detailed sensitive projects undertaken for the FSB by SyTech, but it reportedly did not contain any top-secret information:

The projects themselves appear to be a mix of social media scraping (Nautilus), targeted collection against internet users seeking to anonymize their activities (Nautilus-S), data collection targeting Russian enterprises (Mentor), and projects that seem to relate to Russia’s ongoing initiative to build an option to separate the internal internet from the world wide web (Hope and Tax-3). 

The BBC claims that SyTech’s projects were mostly contracted with Military Unit 71330, part of FSB’s 16th Directorate which handles signals intelligence, the same group accused of emailing spyware to Ukranian intelligence officers in 2015.

Nautilus-S, the Tor de-anonymization project, was actually launched in 2012 under the remit of Russia’s Kvant Research Institute, which comes under FSB’s remit. Russia has been looking for ways to compromise nodes within Tor’s structure to either prevent off-grid communications or intercept those communications. None of which is new news. It is believed that some progress has been made under this project. Digital Revolution claims to have hacked the Kvant Research Institute before.

“There is nothing newsworthy in the projects exposed here, everything was known or expected. The fact of the breach itself, its scale and apparent ease is of more note,” Forbes concluded.

The project to “de-anonymize” Tor, the preferred browser for the dark web, was supposed to pepper the network of Tor relays with servers controlled by the FSB that could monitor and intercept traffic across the system and inject disinformation when needed. 

There is some evidence that Russia was able to get at least a few phony Tor relays up and running by 2014. The BBC noted on Monday that Tor is very popular in Russia as a means of using the Internet without government surveillance, and penetrating it secrecy is a high priority for Russian intelligence, but Tor technicians do not believe the effort described in the leaked SyTech data would have been very effective at compromising it.

According to the BBC, other projects SyTech apparently worked on were intended to spy on email servers, collect information about social media users, and penetrate the BitTorrent file-sharing system.

Digital Revolution said it was posting the files stolen by 0v1ru$ to “protect our future” and make sure the FSB cannot “drown our voices.”

“Thank you all for support in our struggle with the Kremlin’s lawlessness. Our movement is growing. We will continue to expose the projects, showing how our government trying to shove us all under the hood answered the FSB-related control,” the group told its supporters on Monday.

.

Please let us know if you're having issues with commenting.