Data breach at Nokia provides insight into Russian mass surveillance of providers

By admin On Sep 19, 2019

Spread the love

A Nokia server containing 1.7TB of data about Russia’s SORM mass surveillance system was accessible via the Internet. The data shows extensively how Russia eavesdrops on internet and telephone traffic in its own country.

Providers and internet companies in Russia are required by law to cooperate with SORM, or the system for operative investigative activities. Through this system, the Russian secret service FSB and other government agencies gain insight into the data traffic of providers.

Security firm UpGuard stumbled upon an rsync server containing 1.7TB of SORM implementation data at Mobile TeleSystems, the largest provider in Russia with more than 100 million customers. The server comes from Nokia, the company that installed the hardware that makes eavesdropping possible.

According to UpGuard, the data shows in detail how SORM hardware was installed by Nokia Siemens Networks in collaboration with provider MTS between 2014 and 2016. Dozens of other companies were involved as subcontractors. A document titled AllProjects.xlsx lists 64 companies.

Of the 1.7TB of data that was found, 700GB consists of JPEGs. It concerns 578,000 photos of Russian network infrastructure, ranging from photos from data centers to photos of antennas. The surveillance hardware consists of server racks with specialized software that are installed at various points in the infrastructure of providers.

UpGuard states that the data provides extensive details about the installation of the equipment in 16 Russian cities. Login details of SORM administration platforms were also visible. Furthermore, there are thousands of PDFs among the data with contracts between providers and the suppliers of the SORM hardware.

After finding the data in early September, UpGuard informed Nokia. A few days later, Nokia disabled access to the server. Nokia explains to TechCrunch that an employee had connected a USB drive with documents to his computer at home and that the data could be found on the internet due to a configuration error without authentication. Nokia is still conducting an internal investigation.