WikiLeaks on Tuesday released files detailing a mass surveillance system the Russian government has allegedly deployed against its domestic population for years.
The data dump, which WikiLeaks dubbed “Spy Files Russia,” includes 209 documents allegedly dating between 2007 and 2015. Many of the documents are in Russian.
Fifth Domain could not immediately verify the authenticity of the files with Russian government officials, but WikiLeaks has an established record of publishing authentic documents.
The latest WikiLeaks release centers around PETER-SERVICE (Петер-Сервис), a Russian company founded in St. Petersburg in 1992 to provide billing solutions to Russian telecoms. The business quickly expanded by creating software for Russia’s mobile telecom industry and currently employs 1,000 people.
Documents contained in Spy Files Russia appear to show broad cooperation between PETER-SERVICE and the Russian Federal Security Service, known as FSB, the Interior Ministry of Russia and Russian surveillance contractors such as national telcoms. WikiLeaks notes: “The technologies developed and deployed by PETER-SERVICE today go far beyond the classical billing process and extend into the realms of surveillance and control.”
The documents appear to show that government and commercial entities partnered to build and continue to provide ongoing operations and maintenance of the so-called SORM (Система Оперативно-Розыскных Мероприятий), which WikiLeaks characterizes as “the technical infrastructure for surveillance in Russia.”
According to documents, the surveillance infrastructure consists of three distinct components. The first, referred to as the Traffic Data Mart, WikiLeaks describes as “a system that records and monitors IP traffic for all mobile devices registered with the operator.” The system works partly based on a categorized list of domain names that “cover all areas of interest for the state,” including blacklisted sites, criminal sites, blogs, webmail, weapons, botnets, narcotics, betting, aggression, racism, terrorism and more. The data collected by TDM can be used to create reports for subscribed devices, according to documents.
The second component is the Data Retention System, which WikiLeaks notes is “a mandatory component for operators by law; it stores all communication (meta-)data locally for three years.” Using a Protocol 538 adapter, the DRS can access stored data on users. PETER-SERVICE claims its DRS solution can accommodate 500,000,000 connections per day, with an average search time for subscriber-related records of 10 seconds.
The third major component is called Service (СП-ПУ), which is a data-exchange interface that “receives search requests from state intelligence authorities and delivers results back to the initiator.” The search requests are claimed to be for “lawful interceptions (based on a court order).” However, WikiLeaks notes that recently passed Russian laws — notably the so-called Yarovaya law — “make literally no distinction between Lawful Interception and mass surveillance by state intelligence authorities without court orders.”
The data dump includes an alleged 2013 presentation by Valery Syssik, PETER-SERVICE’s director of development. According to WikiLeaks, the audience was not PETER-SERVICE’s usual telecommunications customers. Instead, WikiLeaks characterizes the intended audience as “a closed group of people from the ФСБ (FSB, Russian Federal Security Service), МВД (Interior ministry of Russia) and the три ветви власти (‘three pillars of Power’ — legislature, executive and judiciary).”
The presentation appears to have been written shortly after former U.S. National Security Agency contractor Edward Snowden disclosed details of a U.S. government mass surveillance program in 2013. WikiLeaks writes: “Drawing specifically on the NSA Prism program, the [PETER-SERVICE] presentation offers law enforcement, intelligence and other interested parties, to join an alliance in order to establish equivalent data-mining operations in Russia.”
In the presentation, PETER-SERVICE claims it already had access to “a majority of all phone call records as well as Internet traffic in Russia,” which includes “not just the headings of IP packets, but the contents of whole series.”
The ability to “read” the contents of internet traffic, in addition to metadata, is called deep-packet inspection, or DPI.
The 2013 PETER-SERVICE presentation goes on to introduce a new product, which the company called DPI*GRID. The company claims DPI*GRID is a hardware solution capable of providing DPI at a rate of 10 gigabytes per second per hardware unit. The presentation claims Russian telecoms were already indiscriminately aggregating broad swaths of Russian internet traffic and passing it through DPI*GRID units.
Russia’s SORM program dates to 1995 and has evolved through three major iterations, according to WikiLeaks. The first iteration focused on capturing telephone communications. The second, rolled out in 1999, intercepted internet traffic. The current iteration, referred to as SORM-3, was expanded in 2014 to include social media platforms and to provide DPI.
WikiLeaks notes that Russian law requires domestic communication providers to install SORM, as provided by the FSB, at the companies’ own expense.
In 2015, Russia’s SORM legislation was ruled to violate the European Convention on Human Rights by the European Court of Human Rights.
WikiLeaks’ motivation for the contents and timing of this latest dump is unclear. Since its founding in 2006, the organization has published stolen U.S. military and intelligence documents in several high-profile dumps. In recent months, WikiLeaks has focused much of its activities around Vault 7, a series of disclosures revealing various aspects of the CIA’s alleged cyber operations.
Julian Assange, the founder and current head of WikiLeaks, has been criticized by U.S. government officials for years. In April, during his first public speech as CIA director, Mike Pompeo labeled “Assange and his ilk” as a “hostile intelligence service.”
More recently, the House of Representatives in July passed, and the Senate Intelligence Committee approved, by a vote of 14-1, the Intelligence Authorization Act for Fiscal Year 2018. Section 623 of the proposed bill includes draft language labeling WikiLeaks as a “non-state hostile intelligence service often abetted by state actors and should be treated as such.” A vote by the full Senate is pending.