A Russian intelligence contractor known as Sytech has been breached by a group of hackers known as 0v1ru$.
These hackers discovered that SyTech had been engaging in several questionable activities, including one project named Nautilus-S, which was attempting to de-anonymise traffic on the web browser, Tor.
Tor is an anonymous internet browser typically used to gain access to the dark web or to avoid surveillance from government agencies, making it extremely popular in the Russian Federation where the state is known to invade the privacy of the people who live there.
SyTech were engaged as a military contractor for Russia’s FSB Federal Security Service, but lost 7.5 terabytes of data to the 0v1ru$ attack, including sensitive information concerning many of their Big Brother style projects including .
It is not yet clear how successful SyTech’s Nautilus-S project was before the attack, since the method they were using typically relies on luck, by hoping to connect Tor users to rogue servers.
The hack occurred on the 13th of July, and to add insult to injury the group replaced SyTech’s homepage with an emoji known as ‘yobi face’ – an image typically used to mean ‘trolling’.
News of this hack was then shared by the group with journalists and other hackers.
Attacking the Network from Within
In order to hack Tor, SyTech’s Nautilus-S project actively engaged with the browser and became a part of its network. The moment a person connects to the Tor network, ISPs can see that the browser is being utilised. This data is then requested by the FSB as well as other state agencies.
However, ISPs are unable to see which websites are being visited— all they can see is that the system is being accessed.
To get around this SyTech needed to create a impact to the network referred to as an exit node. This exit node is the last system a signal goes through before getting to a website.
If, for some reason, a user goes through SyTech’s node rather than Tor’s, then the contractor would be able to tell which site was being visited. However, it still wouldn’t be able to tell who the user was.
This situation brings up prospective risks: mixing the ISP information of the user utilising the network and the types of sites they visit at particular times, could, in theory, identify someone — but only if SyTech is lucky enough to have someone exit the network via their node.
SyTech’s Other Projects
While Sytech’s attempts to hack Tor are arguably the most newsworthy, there were other projects carried out by the contractor that were just as shady.
- Mentor: Designed to monitor and search the email servers of major Russian companies.
- Reward: This project aimed to discover a defect in the source code of BitTorrent, a peer to peer system utilised by millions of people all over the world to share and download games, movies, and more, and then covertly gain access.
- Nautilus: This is another variant of Nautilus-S, that was created to collate user information from social media platforms.
- Hope: A project to investigate how the Russian internet connects to other countries’ network, a look into its topology.
- Tax-3: The creation of a closed intranet where the information of highly-sensitive state figures, judges, and local admin officials could be stored separately from the rest of the state’s IT networks.
There were at least 20 other “private” projects found in the hacked data too; most of these projects were commissioned by an FSB-related military unit.
The Russian state’s interest in Tor isn’t surprising considering that Russia broke the record for Tor browser connections, with more than 600,000 Tor users recorded on the 11th of July.
This is more than doubled the number of users recorded at the beginning of the year, so it was sure to catch the Kremlin’s attention. The median number of Russian users accessing the site on a daily basis has gone above the 400,000 mark for the last 3 months, and that is a lot of people to keep tabs on.