BBC: Russia is working on a Tor de-anonymization project

BBC: Russia is working on a Tor de-anonymization project

Hackers have stolen a massive trove of sensitive data and defaced the website of SyTech, a major contractor working for Russian intelligence agency FSB (Federal Security Service).

BBC Russia, which reported the breach, said “it’s possible that this is the largest data leak in the history of the work of Russian special services on the Internet.”

The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.

A Tor network routes internet traffic through random relays across the world, allowing users to conceal their location and internet usage from anyone conducting network surveillance or traffic analysis.

The added anonymity and encryption protections have made Tor a valuable tool for people like journalists and activists to circumvent censorship. De-anonymizing internet traffic would, therefore, make it easier for Russia to uncover their identities.

The contractor’s server was breached on July 13 by a group of hackers called 0v1ru$, who stole 7.5 terabytes of data from the company’s network. They also defaced the company’s website with a “yoba face,” an emoji that’s synonymous with “trolling.”

Aside from stealing the information, the hackers shared the documents with Digital Revolution, a separate hacking group who breached another FSB contractor Quantum last year.

Digital Revolution subsequently circulated the stolen files on its Twitter account, many of which detail at least 20 non-public projects the company had been working for FSB unit 71330. Some of them include:

  • Nautilus: Collecting data about social media users on platforms like MySpace, Facebook, and LinkedIn.
  • Nautilus-S: De-anonymizing Tor traffic with the help of malicious Tor exit nodes to decrypt internet traffic. Work on the project started in 2012.
  • Reward: Exploit vulnerabilities and penetrate peer-to-peer (P2P) networks to spy on torrent users.
  • Mentor: Monitor and search email communications of Russian companies.
  • Hope: Build its own internet. Early this February, Russia unveiled plans for an internet “kill switch” to protect itself against cyberwars.
  • Tax-3: Intranet to store information of high-profile Russia government and civil figures that’s inaccessible from the rest of the state’s IT networks.

It’s not immediately clear how many of these projects are being actively worked on. While the magnitude of the breach is undoubtedly big, the data stolen from SyTech doesn’t appear to contain any government secrets.

“SyTech performed work on at least 20 non-public IT projects ordered by Russian special services and departments. These papers do not contain state secrets,” BBC Russia reported.

Details about 0v1ru$ are unknown, and its Twitter handle no longer exists. SyTech, for its part, has pulled its website, and remains inaccessible as of now.

Read next: Who's responsible for domestic abuse witnessed by online tutors?