What just happened? Russia’s notorious Federal Security Service (FSB) has been accused of being behind numerous hacks, but now the tables have turned. SyTech, a contractor for the intelligence service, has been breached and had several of its projects exposed.
On July 13, a hacking group using the name 0v1ru$ broke into SyTech’s Active Directory server and from there breached the entire network, including a JIRA instance, reports ZDNet. They stole 7.5TB of data and added a ‘YOBA face,’ which is what Russians call the Comfy Guy meme, to the company’s website.
0v1ru$ shared the information with fellow hacking group Digital Revolution, which in turn shared it on Twitter and with Russian journalists.
Все мы, журналисты, студенты и даже пенсионеры, находимся под навлюдением ФСБ. Присоединяйтесь к нам, как и 0V1ru$, защищая наше будущее! Они не заглушат наши голоса! @tjournal @Dobrokhotov @bbcrussian @unkn0wnerror pic.twitter.com/HUYDas7FSN— DigitalRevolution (@D1G1R3V) July 18, 2019
The most notable of the uncovered projects was Nautilus-S, which aims to deanonymize Tor traffic using rogue Tor servers, presumable to identify political dissidents, writes Engadget.
Other projects include Nautilus (no ‘-S’ on this one), which collects data on social media users. There’s also Reward, a project for accessing P2P networks; Mentor, which monitors and searches Russian companies’ email communications on their servers; Hope, a project that maps the Russian internet and how it connects to other countries; and Tax-3, a closed intranet for storing key information on “highly-sensitive state figures, judges, and local administration officials.” Other files indicated that the FSB was tracking students and pensioners.
BBC Russia reports that the leak may be the “largest in the history of the work of Russian special services on the Internet.”
SyTech has reportedly taken down its website and is refusing to answer media inquiries.
Back in May, Russia signed a law that requires ISPs to be able to disconnect from the outside internet. Internet providers must install equipment that routes traffic through Russia-based servers, which will be overseen by censorship body Roskomnazor.