WikiLeaks recently released documents that reportedly detail a mass surveillance system used by the Russian state to spy on Russian Internet users.
The whistleblowing group WikiLeaks has released new documents that the group claims outlines a mass surveillance system used by the Russian state to spy on Internet and mobile device users. The latest release, titled “Spy Files,” claims that a well-known Russian company that provides software to telecommunication companies is also, under state orders, installing infrastructure enabling the Russian government to spy on citizen’s digital activity.
In the summary of the leak series, WikiLeaks writes, “While the surveillance of communication traffic is a global phenomena, the legal and technological framework of its operation is different for each country. Russia’s laws —especially the new Yarovaya Law — make literally no distinction between lawful interception and mass surveillance by state intelligence authorities (SIAs) without court orders.” The summary continues to say, “Russian communication providers are required by Russian law to install the so-called SORM ( Система Оперативно-Розыскных Мероприятий) components for surveillance provided by the FSB at their own expense. The SORM infrastructure is developed and deployed in Russia with close cooperation between the FSB, the Interior Ministry of Russia and Russian surveillance contractors.”
The documents published by WikiLeaks focus on a St. Petersburg based company called Peter-Service which WikiLeaks claims is a contractor for Russian state surveillance. Peter-Service was founded in 1992 to provide billing solutions but soon went on to supply telecommunications software to major mobile providers and companies. WikiLeaks states:
The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control. Although compliance to the strict surveillance laws is mandatory in Russia, rather than being forced to comply PETER-SERVICE appears to be quite actively pursuing partnership and commercial opportunities with the state intelligence apparatus.
As a matter of fact PETER-SERVICE is uniquely placed as a surveillance partner due to the remarkable visibility their products provide into the data of Russian subscribers of mobile operators, which expose to PETER-SERVICE valuable metadata, including phone and message records, device identifiers (IMEI, MAC addresses), network identifiers (IP addresses), cell tower information and much more. This enriched and aggregated metadata is of course of interest to Russian authorities, whose access became a core component of the system architecture.
WikiLeaks media partner La Repubblica reports that the Spy Files release covers, “an extended timespan from 2007 to June 2015”, and describes the contents as “extremely technical.” The documents do however not mention the Russian spy agency FSB but rather “speaks only of state agencies” which according to La Repubblica, “certainly includes law enforcement, who use metadata for legal interception.” The documents also do, “not clarify what other state apparatus access those data through the solution of the St. Petersburg company.”
La Repubblica notes that, “the manuals published by WikiLeaks contain the images of interfaces that allow you to search within these huge data fields, so access is simple and intuitive.” WikiLeaks notes that under Russian law, telecommunications companies must employ a Data Retention System (DRS) which can store data for up to three years. Peter-Services DSR system stores telephone traffic data which “allows Russian state agencies to query the database of all stored data in search of information.” WikiLeaks claims that Peter-Services DRS solution can handle 500,000,000 connections per day in one cluster. This information can include calls made by certain telephone companies specific customer, payment systems used and the phone number to which the customer is calling.
Read the full release here.