Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Expert found Russia’s SORM surveillance equipment leaking user data

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. The Russian researcher Leonid Evdokimov has found that hardware wiretapping equipment used by the Kremlin as part of the SORM surveillance system (Russian: Система оперативно-разыскных мероприятий, lit. ‘System for Operative Investigative Activities’) had been leaking data online. The […]

sorm anonymous

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data.

The Russian researcher Leonid Evdokimov has found that hardware wiretapping equipment used by the Kremlin as part of the SORM surveillance system (Russian: Система оперативно-разыскных мероприятий, lit. ‘System for Operative Investigative Activities’) had been leaking data online.

The Russian Government obliges national ISPs to purchase and install the probes used by SORM system that allows the Federal Security Service (FSB) to monitor Internet traffic including online communications.

SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.

sorm-2

Leonid Evdokimov shared his findings at the “Chaos Constructions” IT conference in St. Petersburg on August 25, technical details of his study are reported a paper titled “SORM Defects.”

He found 30 SORM devices installed on the network of 20 Russian ISPs that were running unsecured FTP servers. The servers contained traffic logs related to surveillance activities conducted by the authorities.

“Using the open-source security scanner “ZMap,” Evdokimov found 30 more “suspicious packet sniffers” in the networks of at least 20 Russian Internet providers.”  reads the post published by Meduza.io website.

“On these devices’ IP addresses, Evdokimov found open FTP (File Transfer Protocol) servers, as well as certain “live traffic,” where — among other data — he discovered “something very similar” to the mobile phone numbers of the providers’ clients, their logins, email addresses, network addresses, messenger numbers, and even the GPS coordinates clearly transmitted by inadequately protected smartphones running outdated firmware.”

“All these data make it possible to determine exactly whose traffic this is, and which clients they are,” Evdokimov concluded.

Evdokimov discovered the wiretapping equipment on April 2018 and since June 2018 he worked with ISPs to secure the SORM equipment.

Data found by the expert on the unsecured FTP servers included:

  • GPS coordinates for residents of Sarov that hosts Russia’s center for nuclear research;
  • ICQ instant messenger usernames, IMEI numbers, and telephone numbers belonging to hundred mobile phones across Moscow;
  • MAC addresses of the routers and GPS coordinates for people living in the village of Novosilske;
  • GPS coordinates from smartphones running outdated firmware, from multiple locations.

The 30 SORM devices remained unsecured online until Evdokimov made his presentation at the conference.

Some of the SORM devices found by the researcher were manufactured by the Russian MFI Soft. But, while other surveillance equipments were created by other vendors.

“In correspondence with Evdokimov, staff at MFI Soft refused to believe that the company’s hardware was the source of the data leaks, and attributed them instead to the “corporate information security systems” operated by the telecoms’ clients.” continues Meduza.

According to Meduza, of all the SORM equipment suppliers, MFI Soft had the best performance last year, with revenues soaring 294 percent to 10.3 billion rubles ($154.5 million), and profits jumping 298 percent to almost 2.1 billion rubles ($31.5 million). 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SORM, surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]