Exposed Files Leak Details on SORM, Russia's Pervasive Domestic Surveillance System

By Dell Cameron on at

A US-based security company on Wednesday revealed its researchers had discovered more than 1.7 terabytes of proprietary telecommunications data left publicly online, including hardware specifications for a lawful surveillance device used throughout the Russian Federation.

TechCrunch first reported on the exposed files, which were discovered by data breach hunters working at UpGuard. Among the cache are reportedly documents detailing a major infrastructure project involving the installation of lawful intercept devices used by Russian authorities to surreptitiously collect phone and internet communications. The documents appear to primarily concern Mobile TeleSystems (MTS), Russia’s largest telecom company, and Nokia, which maintains and updates MTS’s network.

The devices – known in the West as “SORM” or “System for Operative Investigative Activities” – are a key facet of Russian domestic surveillance. Approved for use by the FSB, Russia’s federal security service (formerly known as the KGB), Russian law mandates that telecom operators install and maintain the devices, the first of which was developed in 1995. The latest version of SORM, which was rolled out in 2014, reportedly includes a deep packet inspection capability.

Various other Russian agencies may also tap into the data collected by SORM, including the SBP, President Vladimir Putin’s personal security service. Work related to SORM is typically classified, an expert at Russian digital-rights told TechCrunch.

Laws in many other countries require telecom providers to implement similar technologies, though privacy protections are more strict in some. With the 2016 passage of the Yarovaya law in Russia, telecoms are required to store text messages, phone conversations, and other communications, for up to six months and metadata for up to three years. Russian authorities are then able to access that data without a court order.

An exposed document showing Nokia’s involvement in installing SORM devices. (Screenshot: UpGuard)

UpGuard reports that the exposed data was stored on an unprotected backup device and that it appeared to belong mostly to Nokia, which later confirmed that a Nokia employee handed the data over to an unnamed third party who “failed to follow his company’s business processes, security policies, and his personal responsibility to protect it,” according to UpGuard.

UpGuard reported that the data was no longer exposed as of 13 September.

“Exposing any data related to a system with the power and secrecy of SORM to the public internet is an event,” UpGuard said in a statement. “Leaking what appears to be an inventory of the most recent generation of installed hardware for a nation’s largest telecom provider is unprecedented.”

Read the full UpGuard report here.

Featured image: Screenshot: UpGuard