- The data included information about several ongoing Russian projects, including operations to deanonymize Tor and scrape data from social media users.
- Little is know about the hacker group, which goes by the name 0v1ru$.
- Earlier this year, Russia briefly disconnected itself from global internet serves.
A group of hackers stole 7.5 terabytes of data from SyTech, a contractor of Russia’s main security agency, the Federal Security Service (FSB).
The hack — first reported by BBC Russia — became apparent on July 13 when hackers with a group called 0v1ru$ posted the “Comfy Guy” meme to the SyTech website. The hackers reportedly first broke into the active directory server of SyTech, and then the entire network. ZDNet reported:
“Hackers posted screenshots of the company’s servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor. This second hacker group shared the stolen files in greater detail on their Twitter account, on Thursday, July 18, and with Russian journalists afterward.”
The stolen data includes information about several years-long Russian intelligence projects, which included, as ZDNet reported:
- Nautilus — a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
- Nautilus-S — a project for deanonymizing Tor traffic with the help of rogue Tor servers.
- Reward — a project to covertly penetrate P2P networks, like the one used for torrents.
- Mentor — a project to monitor and search email communications on the servers of Russian companies.
- Hope — a project to investigate the topology of the Russian internet and how it connects to other countries’ network.
- Tax-3 — a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks.
The hackers also posted screenshots of the SyTech interface, which showed the names of these projects alongside names of SyTech employees. The motive for the hack remains unclear, and little is known about the 0v1ru$ group.
“It seems that the group is small,” Digital Revolution told BBC Russia. “Regardless of their number, we welcome their contribution. We are glad that there are people who do not spare their free time, who risk their freedom and help us.”
Russia’s 2019 disconnect test
Earlier this year, Russia ran brief tests during which it disconnected its national internet from global servers. The test was designed to provide feedback on a proposed law, dubbed the Digital Economy National Program, which aims to bolster the self-sufficiency of Russian internet space. The law would require Russian internet providers to implement the technical means to reroute international internet traffic to local, state-approved exchange points, in the event a foreign actor tries to disrupt Russia’s connection to global server.
In addition to protecting itself from global cyber threats, Russia’s plan could signal a desire of the Kremlin to build a censored and surveilled internet system. After all, Russia recently began requiring ISPs to store data on all users for at least six months, and it’s tried to force American tech companies, such as Facebook and Google, to store data inside the nation so state officials can demand for it to be handed over.