BBC Russia, which reported the breach, said “it’s possible that this is the largest data leak in the history of the work of Russian special services on the Internet.”
The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.
A Tor network routes internet traffic through random relays across the world, allowing users to conceal their location and internet usage from anyone conducting network surveillance or traffic analysis.
The added anonymity and encryption protections have made Tor a valuable tool for people like journalists and activists to circumvent censorship. De-anonymizing internet traffic would, therefore, make it easier for Russia to uncover their identities.
The contractor’s server was breached on July 13 by a group of hackers called 0v1ru$, who stole 7.5 terabytes of data from the company’s network. They also defaced the company’s website with a “yoba face,” an emoji that’s synonymous with “trolling.”
Большое спасибо всем, особенно @0V1ru$ ! Нет ничего невозможного, когда мы вместе! Если вы хотите поделиться дополнительной информацией об этой компании и их сотрудниках, свяжитесь с нами. https://t.co/bDQEACgJ3s
— DigitalRevolution (@D1G1R3V) July 19, 2019
Digital Revolution subsequently circulated the stolen files on its Twitter account, many of which detail at least 20 non-public projects the company had been working for FSB unit 71330. Some of them include:
- Nautilus: Collecting data about social media users on platforms like MySpace, Facebook, and LinkedIn.
- Nautilus-S: De-anonymizing Tor traffic with the help of malicious Tor exit nodes to decrypt internet traffic. Work on the project started in 2012.
- Reward: Exploit vulnerabilities and penetrate peer-to-peer (P2P) networks to spy on torrent users.
- Mentor: Monitor and search email communications of Russian companies.
- Hope: Build its own internet. Early this February, Russia unveiled plans for an internet “kill switch” to protect itself against cyberwars.
- Tax-3: Intranet to store information of high-profile Russia government and civil figures that’s inaccessible from the rest of the state’s IT networks.
Эй, ФСБ, как там у вас получается с Натиском-2? Может стоило бы поменять название проекта на Дуршлаг-1? @Dobrokhotov @RuBlackListNET @leonidvolkov @msvetov @shaveddinov @kozlyuk @RuHackersNews @the_ins_ru @tjournal @kmartynov @bbcrussian pic.twitter.com/RjKCFnXWlT
— DigitalRevolution (@D1G1R3V) July 18, 2019
It’s not immediately clear how many of these projects are being actively worked on. While the magnitude of the breach is undoubtedly big, the data stolen from SyTech doesn’t appear to contain any government secrets.
“SyTech performed work on at least 20 non-public IT projects ordered by Russian special services and departments. These papers do not contain state secrets,” BBC Russia reported.