Hackers broke into the FSB contractor, and expose Tor de-anonymization project, and more

✨ Megiddo

✨ President ✨
Staff member
May 15, 2016
The hackers broke into SyTech, the contractor for the FSB, the Russian national intelligence service, from which they stole information about internal projects that the company worked on behalf of the agency, including de-anonymizing Tor traffic.

The hacking took place last weekend, July 13, when a group of hackers named 0v1ru $ hacked into the SyTech Active Directory server, from where they got access to the company's entire IT network, including a copy of JIRA (Error Tracking System).

The hackers stole 7.5 TB of data from the contractor’s network, and they also decorated the company’s website with the “face of a yob,” an emoticon popular with Russian users, which means “trolling”.

Hackers posted screenshots of the company's servers on Twitter, and then shared the stolen data with Digital Revolution, another hacker group that last year broke into Quantum, another FSB contractor.

This second hacker group shared in more detail the stolen files in their Twitter account on Thursday, July 18, and subsequently with Russian journalists.

Secret projects of the FSB

According to various reports in the Russian media, the files indicate that SyTech has been working on a number of projects since 2009 for the FSB unit of the military sector 71330 and for the analogous contractor Quantum. Projects include:

1. Nautilus - a project to collect data about users of social networks (such as Facebook, MySpace and LinkedIn).
2. Nautilus-S - a project for de-anonymization of Tor traffic using fictitious Tor servers.
3. Reward - a project for hidden penetration into P2P networks, similar to that used for torrents.
4. Mentor - a project for monitoring and searching mail messages on servers of Russian companies.
5. Hope - a project to study the topology of the Russian Internet and how it connects to the network of other countries.
6. Tax-3 - a project to create a closed intranet for storing information about important statesmen: judges and officials, separately from other IT networks of the state.

BBC Russia, which received a full package of documents, claims that there were other older projects for the study of other network protocols, such as Jabber (instant messaging), ED2K (eDonkey) and OpenFT (transfer of corporate files).

Other files tweeted by Digital Revolution claimed that the FSB also tracked students and retirees. But while most projects simply look like a study of modern technologies that all intelligence services perform, there are two that seem to have been tested in the real world.

The first was Nautilus-S, to de-anonymize Tor traffic. BBC Russia indicated that work on the Nautilus-S began in 2012. Two years later, in 2014, scientists from Karlstad University in Sweden published a document detailing the use of fictitious Tor output nodes that attempted to decipher Tor traffic.

The researchers identified 25 malicious servers, 18 of which were located in Russia, and worked with Tor version, the same described in detail in the leaked files.

The second project is “Hope”, which analyzed the structure and structure of the Russian Internet segment.

Earlier this year, Russia conducted tests in which it disconnected its national segment from the rest of the Internet.

The hacked company SyTech closed its website after hacking and refused requests from the media.
Top Bottom